Marcus Updateinfo to OVAL Converter5.52022-04-29T06:20:08Security update for ImageMagickSUSE Linux Enterprise Desktop 11 SP2
ImageMagick has been updated to fix an integer overflow (CVE-2012-3438).
Also a slowness in 'convert' when resizing JPEG images has been addressed
(bnc#754481).
SUSE bug 754481SUSE bug 773612CVE-2012-3438cpe:/o:suse:suse_sled:11:sp2Security update for MesaSUSE Linux Enterprise Desktop 11 SP2
This update of Mesa fixes multiple integer overflows.
Security Issue reference:
* CVE-2013-1993
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1993>
SUSE bug 815451SUSE bug 821855CVE-2013-1993cpe:/o:suse:suse_sled:11:sp2Security update for Mozilla FirefoxSUSE Linux Enterprise Desktop 11 SP2
This update to Firefox 17.0.9esr (bnc#840485) addresses:
* MFSA 2013-91 User-defined properties on DOM proxies get the wrong
'this' object
o (CVE-2013-1737)
* MFSA 2013-90 Memory corruption involving scrolling
o use-after-free in mozilla::layout::ScrollbarActivity
(CVE-2013-1735)
o Memory corruption in nsGfxScrollFrameInner::IsLTR()
(CVE-2013-1736)
* MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
o buffer overflow at nsFloatManager::GetFlowArea() with multicol,
list, floats (CVE-2013-1732)
* MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
o compartment mismatch in nsXBLBinding::DoInitJSClass
(CVE-2013-1730)
* MFSA 2013-83 Mozilla Updater does not lock MAR file after signature
verification
o MAR signature bypass in Updater could lead to downgrade
(CVE-2013-1726)
* MFSA 2013-82 Calling scope for new Javascript objects can lead to
memory corruption
o ABORT: bad scope for new JSObjects: ReparentWrapper /
document.open (CVE-2013-1725)
* MFSA 2013-79 Use-after-free in Animation Manager during stylesheet
cloning
o Heap-use-after-free in nsAnimationManager::BuildAnimations
(CVE-2013-1722)
* MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 /
rv:17.0.9)
o Memory safety bugs fixed in Firefox 17.0.9 and Firefox 24.0
(CVE-2013-1718)
* MFSA 2013-65 Buffer underflow when generating CRMF requests
o ASAN heap-buffer-overflow (read 1) in
cryptojs_interpret_key_gen_type (CVE-2013-1705)
Security Issue references:
* CVE-2013-1737
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1737>
* CVE-2013-1735
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1735>
* CVE-2013-1736
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1736>
* CVE-2013-1732
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1732>
* CVE-2013-1730
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1730>
* CVE-2013-1726
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1726>
* CVE-2013-1725
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1725>
* CVE-2013-1722
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1722>
* CVE-2013-1718
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1718>
* CVE-2013-1705
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1705>
SUSE bug 840485CVE-2013-1705CVE-2013-1718CVE-2013-1722CVE-2013-1725CVE-2013-1726CVE-2013-1730CVE-2013-1732CVE-2013-1735CVE-2013-1736CVE-2013-1737cpe:/o:suse:suse_sled:11:sp2Security update for acroreadSUSE Linux Enterprise Desktop 11 SP2
Adobe has discontinued the support of Adobe Reader for Linux in June 2013.
Newer security problems and bugs are no longer fixed.
As the Adobe Reader is binary only software and we cannot provide a
replacement, SUSE declares the acroread package of Adobe Reader as being
out of support and unmaintained.
If you do not need Acrobat Reader, we recommend to uninstall the 'acroread'
package.
This update removes the Acrobat Reader PDF plugin to avoid automatic
exploitation by clicking on web pages with embedded PDFs.
The stand alone 'acroread' binary is still available, but again, we do not
recommend to use it.
SUSE bug 843835cpe:/o:suse:suse_sled:11:sp2Security update for bindSUSE Linux Enterprise Desktop 11 SP2
This update fixes a DoS vulnerability in bind when handling malformed
NSEC3-signed zones. CVE-2014-0591 has been assigned to this issue.
Security Issue references:
* CVE-2014-0591
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591>
SUSE bug 858639CVE-2014-0591cpe:/o:suse:suse_sled:11:sp2Security update for bogofilterSUSE Linux Enterprise Desktop 11 SP2
A heap corruption in bogofilter's base64 decoding function, caused by
incomplete multibyte characters, could have resulted in a Denial of Service
(App. crash) or potentially allowed the execution of arbitrary code. This
has been fixed.
Security Issue reference:
* CVE-2012-5468
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5468>
SUSE bug 792939CVE-2012-5468cpe:/o:suse:suse_sled:11:sp2Security update for MonoSUSE Linux Enterprise Desktop 11 SP2
Mono was updated to fix a cross site scripting attack in the System.Web
class 'forbidden extensions' filtering has been fixed. (CVE-2012-3382)
Security Issue reference:
* CVE-2012-3382
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3382>
SUSE bug 769799CVE-2012-3382cpe:/o:suse:suse_sled:11:sp2Security update for SambaSUSE Linux Enterprise Desktop 11 SP2
This update fixes the following security issues with Samba:
* bnc#844720: DCERPC frag_len not checked (CVE-2013-4408)
* bnc#853347: winbind pam security problem (CVE-2012-6150)
* bnc#848101: No access check verification on stream files
(CVE-2013-4475)
And fixes the following non-security issues:
* bnc#853021: libsmbclient0 package description contains comments
* bnc#817880: rpcclient adddriver and setdrive do not set all needed
registry entries
* bnc#838472: Client trying to delete print job fails: Samba returns:
WERR_INVALID_PRINTER_NAME
* bnc#854520 and bnc#849226: various upstream fixes
Security Issue references:
* CVE-2012-6150
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6150>
* CVE-2013-4408
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408>
* CVE-2013-4475
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475>
SUSE bug 817880SUSE bug 838472SUSE bug 844720SUSE bug 848101SUSE bug 849226SUSE bug 853021SUSE bug 853347SUSE bug 854520CVE-2012-6150CVE-2013-4408CVE-2013-4475cpe:/o:suse:suse_sled:11:sp2Security update for clamavSUSE Linux Enterprise Desktop 11 SP2
This update contains clamav 0.97.8 which fixes security issues
(bnc#816865):
* CVE-2013-2020: Fix heap corruption
* CVE-2013-2021: Fix overflow due to PDF key length computation.
Security Issue references:
* CVE-2013-2020
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2020>
* CVE-2013-2021
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2021>
SUSE bug 816865CVE-2013-2020CVE-2013-2021cpe:/o:suse:suse_sled:11:sp2Security update for compat-openssl097gSUSE Linux Enterprise Desktop 11 SP2
This compat-openssl097g rollup update contains various security fixes:
* CVE-2012-2131,CVE-2012-2110: incorrect integer conversions in OpenSSL
could have resulted in memory corruption during buffer management
operations.
Security Issue reference:
* CVE-2012-2110
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110>
SUSE bug 758060CVE-2012-2110cpe:/o:suse:suse_sled:11:sp2Security update for coreutilsSUSE Linux Enterprise Desktop 11 SP2
This coreutils update fixes three minor security issues.
* #798538 - VUL-1: CVE-2013-0221: segmentation fault in 'sort -d' and
'sort -M' with long line input
* #796243 - VUL-1: CVE-2013-0222: segmentation fault in 'uniq' with
long line input
* #798541 - VUL-1: CVE-2013-0223: segmentation fault in 'join -i' with
long line input
Security Issue references:
* CVE-2013-0221
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0221>
* CVE-2013-0222
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0222>
* CVE-2013-0223
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0223>
SUSE bug 796243SUSE bug 798538SUSE bug 798541CVE-2013-0221CVE-2013-0222CVE-2013-0223cpe:/o:suse:suse_sled:11:sp2Security update for CUPSSUSE Linux Enterprise Desktop 11 SP2
The following security issue has been fixed in the CUPS print daemon
CVE-2012-5519:
The patch adds better default protection against misuse of privileges by
normal users who have been specifically allowed by root to do cupsd
configuration changes
The new ConfigurationChangeRestriction cupsd.conf directive specifies the
level of restriction for cupsd.conf changes that happen via HTTP/IPP
requests to the running cupsd (e.g. via CUPS web interface or via the
cupsctl command).
By default certain cupsd.conf directives that deal with filenames, paths,
and users can no longer be changed via requests to the running cupsd but
only by manual editing the cupsd.conf file and its default file permissions
permit only root to write the cupsd.conf file.
Those directives are: ConfigurationChangeRestriction, AccessLog,
BrowseLDAPCACertFile, CacheDir, ConfigFilePerm, DataDir, DocumentRoot,
ErrorLog, FileDevice, FontPath, Group, LogFilePerm, PageLog, Printcap,
PrintcapFormat, PrintcapGUI, RemoteRoot, RequestRoot, ServerBin,
ServerCertificate, ServerKey, ServerRoot, StateDir, SystemGroup,
SystemGroupAuthKey, TempDir, User.
The default group of users who are allowed to do cupsd configuration
changes
via requests to the running cupsd (i.e. the SystemGroup directive in
cupsd.conf) is set to 'root' only.
Additionally the following bug has been fixed:
* strip trailing '@REALM' from username for Kerberos authentication
(CUPS STR#3972 bnc#827109)
Security Issue reference:
* CVE-2012-5519
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5519>
SUSE bug 789566SUSE bug 827109CVE-2012-5519cpe:/o:suse:suse_sled:11:sp2Security update for curlSUSE Linux Enterprise Desktop 11 SP2
This update fixes the re-use of wrong HTTP NTLM connections in libcurl.
(CVE-2014-0015)
Security Issue reference:
* CVE-2014-0015
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015>
SUSE bug 858673CVE-2014-0015cpe:/o:suse:suse_sled:11:sp2Security update for dhcpSUSE Linux Enterprise Desktop 11 SP2
The ISC DHCP server had a denial of service issue in handling specific DDNS
requests which could cause a out of memory usage situation. (CVE-2013-2266)
This update also adds a dhcp6-server service template for SuSEfirewall2
(bnc#783002)
Security Issues:
* CVE-2013-2266
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266>
SUSE bug 783002SUSE bug 811934CVE-2013-2266cpe:/o:suse:suse_sled:11:sp2Security update for pidginSUSE Linux Enterprise Desktop 11 SP2
pidgin was updated to fix 4 security issues:
* Fixed a crash when receiving UPnP responses with abnormally long
values. (CVE-2013-0274, bnc#804742)
* Fixed a crash in Sametime protocol when a malicious server sends us
an abnormally long user ID. (CVE-2013-0273, bnc#804742)
* Fixed a bug where the MXit server or a man-in-the-middle could
potentially send specially crafted data that could overflow a buffer
and lead to a crash or remote code execution.(CVE-2013-0272,
bnc#804742)
* Fixed a bug where a remote MXit user could possibly specify a local
file path to be written to. (CVE-2013-0271, bnc#804742)
Security Issue references:
* CVE-2013-0271
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0271>
* CVE-2013-0272
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0272>
* CVE-2013-0273
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0273>
* CVE-2013-0274
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0274>
SUSE bug 804742CVE-2013-0271CVE-2013-0272CVE-2013-0273CVE-2013-0274cpe:/o:suse:suse_sled:11:sp2Security update for Mozilla FirefoxSUSE Linux Enterprise Desktop 11 SP2
MozillaFirefox was updated to 10.0.7ESR release, fixing a lot of bugs and
security problems.
The following security issues have been addressed:
*
MFSA 2012-57: Mozilla developers identified and fixed several memory
safety bugs in the browser engine used in Firefox and other
Mozilla-based products. Some of these bugs showed evidence of memory
corruption under certain circumstances, and we presume that with
enough effort at least some of these could be exploited to run
arbitrary code.
In general these flaws cannot be exploited through email in the
Thunderbird and SeaMonkey products because scripting is disabled, but
are potentially a risk in browser or browser-like contexts in those
products.
*
CVE-2012-1971: Gary Kwong, Christian Holler, Jesse Ruderman, Steve
Fink, Bob Clary, Andrew Sutherland, and Jason Smith reported memory
safety problems and crashes that affect Firefox 14.
*
CVE-2012-1970: Gary Kwong, Christian Holler, Jesse Ruderman, John
Schoenick, Vladimir Vukicevic and Daniel Holbert reported memory
safety problems and crashes that affect Firefox ESR 10 and Firefox
14.
*
MFSA 2012-58: Security researcher Abhishek Arya (Inferno) of Google
Chrome Security Team discovered a series of use-after-free issues
using the Address Sanitizer tool. Many of these issues are
potentially exploitable, allowing for remote code execution.
o Heap-use-after-free in nsHTMLEditor::CollapseAdjacentTextNodes
CVE-2012-1972
o Heap-use-after-free in nsObjectLoadingContent::LoadObject
CVE-2012-1973
o Heap-use-after-free in gfxTextRun::CanBreakLineBefore
CVE-2012-1974
o Heap-use-after-free in PresShell::CompleteMove CVE-2012-1975
o Heap-use-after-free in nsHTMLSelectElement::SubmitNamesValues
CVE-2012-1976
o Heap-use-after-free in MediaStreamGraphThreadRunnable::Run()
CVE-2012-3956
o Heap-buffer-overflow in nsBlockFrame::MarkLineDirty
CVE-2012-3957
o Heap-use-after-free in nsHTMLEditRules::DeleteNonTableElements
CVE-2012-3958
o Heap-use-after-free in nsRangeUpdater::SelAdjDeleteNode
CVE-2012-3959
o Heap-use-after-free in mozSpellChecker::SetCurrentDictionary
CVE-2012-3960
o Heap-use-after-free in RangeData::~RangeData CVE-2012-3961
o Bad iterator in text runs CVE-2012-3962
o use after free in js::gc::MapAllocToTraceKind CVE-2012-3963
o Heap-use-after-free READ 8 in gfxTextRun::GetUserData
CVE-2012-3964
*
MFSA 2012-59 / CVE-2012-1956: Security researcher Mariusz Mlynski
reported that it is possible to shadow the location object using
Object.defineProperty. This could be used to confuse the current
location to plugins, allowing for possible cross-site scripting (XSS)
attacks.
*
MFSA 2012-60 / CVE-2012-3965: Security researcher Mariusz Mlynski
reported that when a page opens a new tab, a subsequent window can
then be opened that can be navigated to about:newtab, a chrome
privileged page. Once about:newtab is loaded, the special context can
potentially be used to escalate privilege, allowing for arbitrary
code execution on the local system in a maliciously crafted attack.
*
MFSA 2012-61 / CVE-2012-3966: Security researcher Frederic Hoguin
reported two related issues with the decoding of bitmap (.BMP) format
images embedded in icon (.ICO) format files. When processing a
negative 'height' header value for the bitmap image, a memory
corruption can be induced, allowing an attacker to write random
memory and cause a crash. This crash may be potentially exploitable.
*
MFSA 2012-62: Security researcher miaubiz used the Address Sanitizer
tool to discover two WebGL issues. The first issue is a
use-after-free when WebGL shaders are called after being destroyed.
The second issue exposes a problem with Mesa drivers on Linux,
leading to a potentially exploitable crash.
o
use after free, webgl fragment shader deleted by accessor
CVE-2012-3968
o
stack scribbling with 4-byte values choosable among a few
values, when using more than 16 sampler uniforms, on Mesa, with
all drivers CVE-2012-3967
*
MFSA 2012-63: Security researcher Arthur Gerkis used the Address
Sanitizer tool to find two issues involving Scalable Vector Graphics
(SVG) files. The first issue is a buffer overflow in Gecko's SVG
filter code when the sum of two values is too large to be stored as a
signed 32-bit integer, causing the function to write past the end of
an array. The second issue is a use-after-free when an element with a
'requiredFeatures' attribute is moved between documents. In that
situation, the internal representation of the 'requiredFeatures'
value could be freed prematurely. Both issues are potentially
exploitable.
o
Heap-buffer-overflow in nsSVGFEMorphologyElement::Filter
CVE-2012-3969
o
Heap-use-after-free in nsTArray_base::Length() CVE-2012-3970
*
MFSA 2012-64 / CVE-2012-3971: Using the Address Sanitizer tool,
Mozilla security researcher Christoph Diehl discovered two memory
corruption issues involving the Graphite 2 library used in Mozilla
products. Both of these issues can cause a potentially exploitable
crash. These problems were fixed in the Graphite 2 library, which has
been updated for Mozilla products.
*
MFSA 2012-65 / CVE-2012-3972: Security research Nicolas Gregoire used
the Address Sanitizer tool to discover an out-of-bounds read in the
format-number feature of XSLT, which can cause inaccurate formatting
of numbers and information leakage. This is not directly exploitable.
*
MFSA 2012-66 / CVE-2012-3973: Mozilla security researcher Mark
Goodwin discovered an issue with the Firefox developer tools'
debugger. If remote debugging is disabled, but the experimental
HTTPMonitor extension has been installed and enabled, a remote user
can connect to and use the remote debugging service through the port
used by HTTPMonitor. A remote-enabled flag has been added to resolve
this problem and close the port unless debugging is explicitly
enabled.
*
MFSA 2012-67 / CVE-2012-3974: Security researcher Masato Kinugawa
reported that if a crafted executable is placed in the root partition
on a Windows file system, the Firefox and Thunderbird installer will
launch this program after a standard installation instead of Firefox
or Thunderbird, running this program with the user's privileges.
*
MFSA 2012-68 / CVE-2012-3975: Security researcher vsemozhetbyt
reported that when the DOMParser is used to parse text/html data in a
Firefox extension, linked resources within this HTML data will be
loaded. If the data being parsed in the extension is untrusted, it
could lead to information leakage and can potentially be combined
with other attacks to become exploitable.
*
MFSA 2012-69 / CVE-2012-3976: Security researcher Mark Poticha
reported an issue where incorrect SSL certificate information can be
displayed on the addressbar, showing the SSL data for a previous site
while another has been loaded. This is caused by two onLocationChange
events being fired out of the expected order, leading to the
displayed certificate data to not be updated. This can be used for
phishing attacks by allowing the user to input form or other data on
a newer, attacking, site while the credentials of an older site
appear on the addressbar.
*
MFSA 2012-70 / CVE-2012-3978: Mozilla security researcher
moz_bug_r_a4 reported that certain security checks in the location
object can be bypassed if chrome code is called content in a specific
manner. This allowed for the loading of restricted content. This can
be combined with other issues to become potentially exploitable.
*
MFSA 2012-71 / CVE-2012-3979: Mozilla developer Blake Kaplan reported
that __android_log_print is called insecurely in places. If a
malicious web page used a dump() statement with a specially crafted
string, it can trigger a potentially exploitable crash.
This vulnerability only affects Firefox for Android.
*
MFSA 2012-72 / CVE-2012-3980: Security researcher Colby Russell
discovered that eval in the web console can execute injected code
with chrome privileges, leading to the running of malicious code in a
privileged context. This allows for arbitrary code execution through
a malicious web page if the web console is invoked by the user.
SUSE bug 777588CVE-2012-1956CVE-2012-1970CVE-2012-1971CVE-2012-1972CVE-2012-1973CVE-2012-1974CVE-2012-1975CVE-2012-1976CVE-2012-3956CVE-2012-3957CVE-2012-3958CVE-2012-3959CVE-2012-3960CVE-2012-3961CVE-2012-3962CVE-2012-3963CVE-2012-3964CVE-2012-3965CVE-2012-3966CVE-2012-3967CVE-2012-3968CVE-2012-3969CVE-2012-3970CVE-2012-3971CVE-2012-3972CVE-2012-3973CVE-2012-3974CVE-2012-3975CVE-2012-3976CVE-2012-3978CVE-2012-3979CVE-2012-3980cpe:/o:suse:suse_sled:11:sp2Security update for Mozilla FirefoxSUSE Linux Enterprise Desktop 11 SP2
MozillaFirefox was updated to the 10.0.9ESR security release which fixes
bugs and security issues:
*
MFSA 2012-73 / CVE-2012-3977: Security researchers Thai Duong and
Juliano Rizzo reported that SPDY's request header compression leads
to information leakage, which can allow the extraction of private
data such as session cookies, even over an encrypted SSL connection.
(This does not affect Firefox 10 as it does not feature the SPDY
extension. It was silently fixed for Firefox 15.)
*
MFSA 2012-74: Mozilla developers identified and fixed several memory
safety bugs in the browser engine used in Firefox and other
Mozilla-based products. Some of these bugs showed evidence of memory
corruption under certain circumstances, and we presume that with
enough effort at least some of these could be exploited to run
arbitrary code.
In general these flaws cannot be exploited through email in the
Thunderbird and SeaMonkey products because scripting is disabled, but
are potentially a risk in browser or browser-like contexts in those
products.
*
CVE-2012-3983: Henrik Skupin, Jesse Ruderman and moz_bug_r_a4
reported memory safety problems and crashes that affect Firefox 15.
*
CVE-2012-3982: Christian Holler and Jesse Ruderman reported memory
safety problems and crashes that affect Firefox ESR 10 and Firefox
15.
*
MFSA 2012-75 / CVE-2012-3984: Security researcher David Bloom of Cue
discovered that 'select' elements are always-on-top chromeless
windows and that navigation away from a page with an active 'select'
menu does not remove this window.When another menu is opened
programmatically on a new page, the original 'select' menu can be
retained and arbitrary HTML content within it rendered, allowing an
attacker to cover arbitrary portions of the new page through absolute
positioning/scrolling, leading to spoofing attacks. Security
researcher Jordi Chancel found a variation that would allow for
click-jacking attacks was well.
In general these flaws cannot be exploited through email in the
Thunderbird and SeaMonkey products because scripting is disabled, but
are potentially a risk in browser or browser-like contexts in those
products. References
Navigation away from a page with an active 'select' dropdown menu can
be used for URL spoofing, other evil
Firefox 10.0.1 : Navigation away from a page with multiple active
'select' dropdown menu can be used for Spoofing And ClickJacking with
XPI using window.open and geolocalisation
*
MFSA 2012-76 / CVE-2012-3985: Security researcher Collin Jackson
reported a violation of the HTML5 specifications for document.domain
behavior. Specified behavior requires pages to only have access to
windows in a new document.domain but the observed violation allowed
pages to retain access to windows from the page's initial origin in
addition to the new document.domain. This could potentially lead to
cross-site scripting (XSS) attacks.
*
MFSA 2012-77 / CVE-2012-3986: Mozilla developer Johnny Stenback
discovered that several methods of a feature used for testing
(DOMWindowUtils) are not protected by existing security checks,
allowing these methods to be called through script by web pages. This
was addressed by adding the existing security checks to these
methods.
*
MFSA 2012-78 / CVE-2012-3987: Security researcher Warren He reported
that when a page is transitioned into Reader Mode in Firefox for
Android, the resulting page has chrome privileges and its content is
not thoroughly sanitized. A successful attack requires user enabling
of reader mode for a malicious page, which could then perform an
attack similar to cross-site scripting (XSS) to gain the privileges
allowed to Firefox on an Android device. This has been fixed by
changing the Reader Mode page into an unprivileged page.
This vulnerability only affects Firefox for Android.
*
MFSA 2012-79 / CVE-2012-3988: Security researcher Soroush Dalili
reported that a combination of invoking full screen mode and
navigating backwards in history could, in some circumstances, cause a
hang or crash due to a timing dependent use-after-free pointer
reference. This crash may be potentially exploitable.
*
MFSA 2012-80 / CVE-2012-3989: Mozilla community member Ms2ger
reported a crash due to an invalid cast when using the instanceof
operator on certain types of JavaScript objects. This can lead to a
potentially exploitable crash.
*
MFSA 2012-81 / CVE-2012-3991: Mozilla community member Alice White
reported that when the GetProperty function is invoked through JSAPI,
security checking can be bypassed when getting cross-origin
properties. This potentially allowed for arbitrary code execution.
*
MFSA 2012-82 / CVE-2012-3994: Security researcher Mariusz Mlynski
reported that the location property can be accessed by binary plugins
through top.location and top can be shadowed by Object.defineProperty
as well. This can allow for possible cross-site scripting (XSS)
attacks through plugins.
*
MFSA 2012-83: Security researcher Mariusz Mlynski reported that when
InstallTrigger fails, it throws an error wrapped in a Chrome Object
Wrapper (COW) that fails to specify exposed properties. These can
then be added to the resulting object by an attacker, allowing access
to chrome privileged functions through script.
While investigating this issue, Mozilla security researcher
moz_bug_r_a4 found that COW did not disallow accessing of properties
from a standard prototype in some situations, even when the original
issue had been fixed.
These issues could allow for a cross-site scripting (XSS) attack or
arbitrary code execution.
*
CVE-2012-3993: XrayWrapper pollution via unsafe COW
*
CVE-2012-4184: ChromeObjectWrapper is not implemented as intended
*
MFSA 2012-84 / CVE-2012-3992: Security researcher Mariusz Mlynski
reported an issue with spoofing of the location property. In this
issue, writes to location.hash can be used in concert with scripted
history navigation to cause a specific website to be loaded into the
history object. The baseURI can then be changed to this stored site,
allowing an attacker to inject a script or intercept posted data
posted to a location specified with a relative path.
*
MFSA 2012-85: Security researcher Abhishek Arya (Inferno) of the
Google Chrome Security Team discovered a series of use-after-free,
buffer overflow, and out of bounds read issues using the Address
Sanitizer tool in shipped software. These issues are potentially
exploitable, allowing for remote code execution. We would also like
to thank Abhishek for reporting two additional use-after-free flaws
introduced during Firefox 16 development and fixed before general
release.
*
CVE-2012-3995: Out of bounds read in IsCSSWordSpacingSpace
*
CVE-2012-4179: Heap-use-after-free in
nsHTMLCSSUtils::CreateCSSPropertyTxn
*
CVE-2012-4180: Heap-buffer-overflow in
nsHTMLEditor::IsPrevCharInNodeWhitespace
*
CVE-2012-4181: Heap-use-after-free in
nsSMILAnimationController::DoSample
*
CVE-2012-4182: Heap-use-after-free in nsTextEditRules::WillInsert
*
CVE-2012-4183: Heap-use-after-free in
DOMSVGTests::GetRequiredFeatures
*
MFSA 2012-86: Security researcher Atte Kettunen from OUSPG reported
several heap memory corruption issues found using the Address
Sanitizer tool. These issues are potentially exploitable, allowing
for remote code execution.
*
CVE-2012-4185: Global-buffer-overflow in nsCharTraits::length
*
CVE-2012-4186: Heap-buffer-overflow in nsWaveReader::DecodeAudioData
*
CVE-2012-4187: Crash with ASSERTION: insPos too small
*
CVE-2012-4188: Heap-buffer-overflow in Convolve3x3
*
MFSA 2012-87 / CVE-2012-3990: Security researcher miaubiz used the
Address Sanitizer tool to discover a use-after-free in the IME State
Manager code. This could lead to a potentially exploitable crash.
*
MFSA 2012-89 / CVE-2012-4192 / CVE-2012-4193: Mozilla security
researcher moz_bug_r_a4 reported a regression where security wrappers
are unwrapped without doing a security check in defaultValue(). This
can allow for improper access access to the Location object. In
versions 15 and earlier of affected products, there was also the
potential for arbitrary code execution.
Security Issue reference:
* CVE-2012-3977
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3977>
* CVE-2012-3982
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982>
* CVE-2012-3983
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3983>
* CVE-2012-3984
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3984>
* CVE-2012-3985
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3985>
* CVE-2012-3986
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986>
* CVE-2012-3987
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3987>
* CVE-2012-3988
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988>
* CVE-2012-3989
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3989>
* CVE-2012-3990
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990>
* CVE-2012-3991
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991>
* CVE-2012-3992
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992>
* CVE-2012-3993
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993>
* CVE-2012-3994
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994>
* CVE-2012-3995
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995>
* CVE-2012-4179
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179>
* CVE-2012-4180
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180>
* CVE-2012-4181
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181>
* CVE-2012-4182
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182>
* CVE-2012-4183
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183>
* CVE-2012-4184
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184>
* CVE-2012-4185
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185>
* CVE-2012-4186
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186>
* CVE-2012-4187
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187>
* CVE-2012-4188
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188>
* CVE-2012-4192
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192>
* CVE-2012-4193
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193>
SUSE bug 783533CVE-2012-3977CVE-2012-3982CVE-2012-3983CVE-2012-3984CVE-2012-3985CVE-2012-3986CVE-2012-3987CVE-2012-3988CVE-2012-3989CVE-2012-3990CVE-2012-3991CVE-2012-3992CVE-2012-3993CVE-2012-3994CVE-2012-3995CVE-2012-4179CVE-2012-4180CVE-2012-4181CVE-2012-4182CVE-2012-4183CVE-2012-4184CVE-2012-4185CVE-2012-4186CVE-2012-4187CVE-2012-4188CVE-2012-4192CVE-2012-4193cpe:/o:suse:suse_sled:11:sp2Security update for Mozilla FirefoxSUSE Linux Enterprise Desktop 11 SP2
MozillaFirefox was updated to the 10.0.10ESR security release.
The following issue has been fixed:
*
MFSA 2012-90: Mozilla has fixed a number of issues related to the
Location object in order to enhance overall security. Details for
each of the current fixed issues are below.
Thunderbird is only affected by window.location issues through RSS
feeds and extensions that load web content.
*
CVE-2012-4194: Security researcher Mariusz Mlynski reported that the
true value of window.location could be shadowed by user content
through the use of the valueOf method, which can be combined with
some plugins to perform a cross-site scripting (XSS) attack on users.
*
CVE-2012-4195: Mozilla security researcher moz_bug_r_a4 discovered
that the CheckURL function in window.location can be forced to return
the wrong calling document and principal, allowing a cross-site
scripting (XSS) attack. There is also the possibility of gaining
arbitrary code execution if the attacker can take advantage of an
add-on that interacts with the page content.
*
CVE-2012-4196: Security researcher Antoine Delignat-Lavaud of the
PROSECCO research team at INRIA Paris reported the ability to use
property injection by prototype to bypass security wrapper
protections on the Location object, allowing the cross-origin reading
of the Location object.
SUSE bug 786522CVE-2012-4194CVE-2012-4195CVE-2012-4196cpe:/o:suse:suse_sled:11:sp2Security update for Mozilla FirefoxSUSE Linux Enterprise Desktop 11 SP2
Mozilla Firefox has been updated to the 10.0.11 ESR security release, which
fixes various bugs and security issues.
*
MFSA 2012-106: Security researcher miaubiz used the Address Sanitizer
tool to discover a series critically rated of use-after-free, buffer
overflow, and memory corruption issues in shipped software. These
issues are potentially exploitable, allowing for remote code
execution. We would also like to thank miaubiz for reporting two
additional use-after-free and memory corruption issues introduced
during Firefox development that have been fixed before general
release.
In general these flaws cannot be exploited through email in the
Thunderbird and SeaMonkey products because scripting is disabled, but
are potentially a risk in browser or browser-like contexts in those
products. References
The following issues have been fixed in Firefox 17 and ESR 10.0.11:
o use-after-free when loading html file on osx (CVE-2012-5830)
o Mesa crashes on certain texImage2D calls involving level>0
(CVE-2012-5833)
o integer overflow, invalid write w/webgl bufferdata
(CVE-2012-5835)
The following issues have been fixed in Firefox 17:
o crash in copyTexImage2D with image dimensions too large for
given level (CVE-2012-5838)
*
MFSA 2012-105: Security researcher Abhishek Arya (Inferno) of the
Google Chrome Security Team discovered a series critically rated of
use-after-free and buffer overflow issues using the Address Sanitizer
tool in shipped software. These issues are potentially exploitable,
allowing for remote code execution. We would also like to thank
Abhishek for reporting five additional use-after-free, out of bounds
read, and buffer overflow flaws introduced during Firefox development
that have been fixed before general release.
In general these flaws cannot be exploited through email in the
Thunderbird and SeaMonkey products because scripting is disabled, but
are potentially a risk in browser or browser-like contexts in those
products. References
The following issues have been fixed in Firefox 17 and ESR 10.0.11:
o Heap-use-after-free in nsTextEditorState::PrepareEditor
(CVE-2012-4214)
o Heap-use-after-free in nsPlaintextEditor::FireClipboardEvent
(CVE-2012-4215)
o Heap-use-after-free in gfxFont::GetFontEntry (CVE-2012-4216)
o Heap-buffer-overflow in nsWindow::OnExposeEvent (CVE-2012-5829)
o heap-buffer-overflow in
gfxShapedWord::CompressedGlyph::IsClusterStart
o CVE-2012-5839
o Heap-use-after-free in nsTextEditorState::PrepareEditor
(CVE-2012-5840)
The following issues have been fixed in Firefox 17:
o Heap-use-after-free in XPCWrappedNative::Mark (CVE-2012-4212)
o Heap-use-after-free in nsEditor::FindNextLeafNode
(CVE-2012-4213)
o Heap-use-after-free in nsViewManager::ProcessPendingUpdates
(CVE-2012-4217)
o Heap-use-after-free BuildTextRunsScanner::BreakSink::SetBreaks
(CVE-2012-4218)
*
MFSA 2012-104 / CVE-2012-4210: Security researcher Mariusz Mlynski
reported that when a maliciously crafted stylesheet is inspected in
the Style Inspector, HTML and CSS can run in a chrome privileged
context without being properly sanitized first. This can lead to
arbitrary code execution.
*
MFSA 2012-103 / CVE-2012-4209: Security researcher Mariusz Mlynski
reported that the location property can be accessed by binary plugins
through top.location with a frame whose name attribute's value is set
to 'top'. This can allow for possible cross-site scripting (XSS)
attacks through plugins.
In general these flaws cannot be exploited through email in the
Thunderbird and SeaMonkey products because scripting is disabled, but
are potentially a risk in browser or browser-like contexts in those
products.
*
MFSA 2012-102 / CVE-2012-5837: Security researcher Masato Kinugawa
reported that when script is entered into the Developer Toolbar, it
runs in a chrome privileged context. This allows for arbitrary code
execution or cross-site scripting (XSS) if a user can be convinced to
paste malicious code into the Developer Toolbar.
*
MFSA 2012-101 / CVE-2012-4207: Security researcher Masato Kinugawa
found when HZ-GB-2312 charset encoding is used for text, the '~'
character will destroy another character near the chunk delimiter.
This can lead to a cross-site scripting (XSS) attack in pages encoded
in HZ-GB-2312.
*
MFSA 2012-100 / CVE-2012-5841: Mozilla developer Bobby Holley
reported that security wrappers filter at the time of property
access, but once a function is returned, the caller can use this
function without further security checks. This affects cross-origin
wrappers, allowing for write actions on objects when only read
actions should be properly allowed. This can lead to cross-site
scripting (XSS) attacks.
In general these flaws cannot be exploited through email in the
Thunderbird and SeaMonkey products because scripting is disabled, but
are potentially a risk in browser or browser-like contexts in those
products.
*
MFSA 2012-99 / CVE-2012-4208: Mozilla developer Peter Van der Beken
discovered that same-origin XrayWrappers expose chrome-only
properties even when not in a chrome compartment. This can allow web
content to get properties of DOM objects that are intended to be
chrome-only.
In general these flaws cannot be exploited through email in the
Thunderbird and SeaMonkey products because scripting is disabled, but
are potentially a risk in browser or browser-like contexts in those
products.
*
MFSA 2012-98 / CVE-2012-4206: Security researcher Robert Kugler
reported that when a specifically named DLL file on a Windows
computer is placed in the default downloads directory with the
Firefox installer, the Firefox installer will load this DLL when it
is launched. In circumstances where the installer is run by an
administrator privileged account, this allows for the downloaded DLL
file to be run with administrator privileges. This can lead to
arbitrary code execution from a privileged account.
*
MFSA 2012-97 / CVE-2012-4205: Mozilla developer Gabor Krizsanits
discovered that XMLHttpRequest objects created within sandboxes have
the system principal instead of the sandbox principal. This can lead
to cross-site request forgery (CSRF) or information theft via an
add-on running untrusted code in a sandbox.
*
MFSA 2012-96 / CVE-2012-4204: Security researcher Scott Bell of
Security-Assessment.com used the Address Sanitizer tool to discover a
memory corruption in str_unescape in the Javascript engine. This
could potentially lead to arbitrary code execution.
In general these flaws cannot be exploited through email in the
Thunderbird and SeaMonkey products because scripting is disabled, but
are potentially a risk in browser or browser-like contexts in those
products.
*
MFSA 2012-95 / CVE-2012-4203: Security researcher kakzz.ng@gmail.com
reported that if a javascript: URL is selected from the list of
Firefox 'new tab' page, the script will inherit the privileges of the
privileged 'new tab' page. This allows for the execution of locally
installed programs if a user can be convinced to save a bookmark of a
malicious javascript: URL.
*
MFSA 2012-94 / CVE-2012-5836: Security researcher Jonathan Stephens
discovered that combining SVG text on a path with the setting of CSS
properties could lead to a potentially exploitable crash.
*
MFSA 2012-93 / CVE-2012-4201: Mozilla security researcher
moz_bug_r_a4 reported that if code executed by the evalInSandbox
function sets location.href, it can get the wrong subject principal
for the URL check, ignoring the sandbox's Javascript context and
gaining the context of evalInSandbox object. This can lead to
malicious web content being able to perform a cross-site scripting
(XSS) attack or stealing a copy of a local file if the user has
installed an add-on vulnerable to this attack.
*
MFSA 2012-92 / CVE-2012-4202: Security researcher Atte Kettunen from
OUSPG used the Address Sanitizer tool to discover a buffer overflow
while rendering GIF format images. This issue is potentially
exploitable and could lead to arbitrary code execution.
*
MFSA 2012-91: Mozilla developers identified and fixed several memory
safety bugs in the browser engine used in Firefox and other
Mozilla-based products. Some of these bugs showed evidence of memory
corruption under certain circumstances, and we presume that with
enough effort at least some of these could be exploited to run
arbitrary code.
In general these flaws cannot be exploited through email in the
Thunderbird and SeaMonkey products because scripting is disabled, but
are potentially a risk in browser or browser-like contexts in those
products. References
Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey,
Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, and Bill
McCloskey reported memory safety problems and crashes that affect
Firefox 16. (CVE-2012-5843)
Jesse Ruderman, Andrew McCreight, Bob Clary, and Kyle Huey reported
memory safety problems and crashes that affect Firefox ESR 10 and
Firefox 16. (CVE-2012-5842)
SUSE bug 790140CVE-2012-4201CVE-2012-4202CVE-2012-4203CVE-2012-4204CVE-2012-4205CVE-2012-4206CVE-2012-4207CVE-2012-4208CVE-2012-4209CVE-2012-4210CVE-2012-4212CVE-2012-4213CVE-2012-4214CVE-2012-4215CVE-2012-4216CVE-2012-4217CVE-2012-4218CVE-2012-5829CVE-2012-5830CVE-2012-5833CVE-2012-5835CVE-2012-5836CVE-2012-5837CVE-2012-5838CVE-2012-5839CVE-2012-5840CVE-2012-5841CVE-2012-5842CVE-2012-5843cpe:/o:suse:suse_sled:11:sp2Security update for MozillaFirefoxSUSE Linux Enterprise Desktop 11 SP2
Mozilla Firefox was updated to the 10.0.12ESR release.
*
MFSA 2013-01: Mozilla developers identified and fixed several memory
safety bugs in the browser engine used in Firefox and other
Mozilla-based products. Some of these bugs showed evidence of memory
corruption under certain circumstances, and we presume that with
enough effort at least some of these could be exploited to run
arbitrary code.
o Christoph Diehl, Christian Holler, Mats Palmgren, and Chiaki
Ishikawa reported memory safety problems and crashes that
affect Firefox ESR 10, Firefox ESR 17, and Firefox 17. (
CVE-2013-0769
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0769>
)
o Bill Gianopoulos, Benoit Jacob, Christoph Diehl, Christian
Holler, Gary Kwong, Robert O'Callahan, and Scoobidiver reported
memory safety problems and crashes that affect Firefox ESR 17
and Firefox 17. (CVE-2013-0749
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0749>
)
o Jesse Ruderman, Christian Holler, Julian Seward, and
Scoobidiver reported memory safety problems and crashes that
affect Firefox 17. (CVE-2013-0770
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0770>
)
*
MFSA 2013-02: Security researcher Abhishek Arya (Inferno) of the
Google Chrome Security Team discovered a series critically rated of
use-after-free, out of bounds read, and buffer overflow issues using
the Address Sanitizer tool in shipped software. These issues are
potentially exploitable, allowing for remote code execution. We would
also like to thank Abhishek for reporting three additional
user-after-free and out of bounds read flaws introduced during
Firefox development that were fixed before general release.
The following issue was fixed in Firefox 18:
o Global-buffer-overflow in
CharDistributionAnalysis::HandleOneChar (CVE-2013-0760
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760>
)
The following issues were fixed in Firefox 18, ESR 17.0.1, and ESR
10.0.12:
o Heap-use-after-free in imgRequest::OnStopFrame (CVE-2013-0762
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0762>
)
o Heap-use-after-free in ~nsHTMLEditRules (CVE-2013-0766
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0766>
)
o Out of bounds read in nsSVGPathElement::GetPathLengthScale (
CVE-2013-0767
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0767>
)
The following issues were fixed in Firefox 18 and ESR 17.0.1:
o Heap-use-after-free in mozilla::TrackUnionStream::EndTrack (
CVE-2013-0761
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0761>
)
o Heap-use-after-free in Mesa, triggerable by resizing a WebGL
canvas (CVE-2013-0763
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0763>
)
o Heap-buffer-overflow in gfxTextRun::ShrinkToLigatureBoundaries
(CVE-2013-0771
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0771>
)
The following issue was fixed in Firefox 18 and in the earlier ESR
10.0.11 release:
o Heap-buffer-overflow in nsWindow::OnExposeEvent (CVE-2012-5829
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829>
)
*
MFSA 2013-03: Security researcher miaubiz used the Address Sanitizer
tool to discover a buffer overflow in Canvas when specific bad height
and width values were given through HTML. This could lead to a
potentially exploitable crash. (CVE-2013-0768
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0768> )
Miaubiz also found a potentially exploitable crash when 2D and 3D
content was mixed which was introduced during Firefox development and
fixed before general release.
*
MFSA 2013-04: Security researcher Masato Kinugawa found a flaw in
which the displayed URL values within the addressbar can be spoofed
by a page during loading. This allows for phishing attacks where a
malicious page can spoof the identify of another site. (
CVE-2013-0759
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0759> )
*
MFSA 2013-05: Using the Address Sanitizer tool, security researcher
Atte Kettunen from OUSPG discovered that the combination of large
numbers of columns and column groups in a table could cause the array
containing the columns during rendering to overwrite itself. This can
lead to a user-after-free causing a potentially exploitable crash. (
CVE-2013-0744
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0744> )
*
MFSA 2013-06: Mozilla developer Wesley Johnston reported that when
there are two or more iframes on the same HTML page, an iframe is
able to see the touch events and their targets that occur within the
other iframes on the page. If the iframes are from the same origin,
they can also access the properties and methods of the targets of
other iframes but same-origin policy (SOP) restricts access across
domains. This allows for information leakage and possibilities for
cross-site scripting (XSS) if another vulnerability can be used to
get around SOP restrictions. (CVE-2013-0751
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0751> )
*
MFSA 2013-07: Mozilla community member Jerry Baker reported a
crashing issue found through Thunderbird when downloading messages
over a Secure Sockets Layer (SSL) connection. This was caused by a
bug in the networking code assuming that secure connections were
entirely handled on the socket transport thread when they can occur
on a variety of threads. The resulting crash was potentially
exploitable. (CVE-2013-0764
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0764> )
*
MFSA 2013-08: Mozilla developer Olli Pettay discovered that the
AutoWrapperChanger class fails to keep some javascript objects alive
during garbage collection. This can lead to an exploitable crash
allowing for arbitrary code execution. (CVE-2013-0745
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0745> )
*
MFSA 2013-09: Mozilla developer Boris Zbarsky reported reported a
problem where jsval-returning quickstubs fail to wrap their return
values, causing a compartment mismatch. This mismatch can cause
garbage collection to occur incorrectly and lead to a potentially
exploitable crash. (CVE-2013-0746
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0746> )
*
MFSA 2013-10: Mozilla security researcher Jesse Ruderman reported
that events in the plugin handler can be manipulated by web content
to bypass same-origin policy (SOP) restrictions. This can allow for
clickjacking on malicious web pages. (CVE-2013-0747
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0747> )
*
MFSA 2013-11: Mozilla security researcher Jesse Ruderman discovered
that using the toString function of XBL objects can lead to
inappropriate information leakage by revealing the address space
layout instead of just the ID of the object. This layout information
could potentially be used to bypass ASLR and other security
protections. (CVE-2013-0748
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0748> )
*
MFSA 2013-12: Security researcher pa_kt reported a flaw via
TippingPoint's Zero Day Initiative that an integer overflow is
possible when calculating the length for a Javascript string
concatenation, which is then used for memory allocation. This results
in a buffer overflow, leading to a potentially exploitable memory
corruption. (CVE-2013-0750
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0750> )
*
MFSA 2013-13: Security researcher Sviatoslav Chagaev reported that
when using an XBL file containing multiple XML bindings with SVG
content, a memory corruption can occur. In concern with remote XUL,
this can lead to an exploitable crash. (CVE-2013-0752
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0752> )
*
MFSA 2013-14: Security researcher Mariusz Mlynski reported that it is
possible to change the prototype of an object and bypass Chrome
Object Wrappers (COW) to gain access to chrome privileged functions.
This could allow for arbitrary code execution. (CVE-2013-0757
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0757> )
*
MFSA 2013-15: Security researcher Mariusz Mlynski reported that it is
possible to open a chrome privileged web page through plugin objects
through interaction with SVG elements. This could allow for arbitrary
code execution. (CVE-2013-0758
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0758> )
*
MFSA 2013-16: Security researcher regenrecht reported, via
TippingPoint's Zero Day Initiative, a use-after-free in XMLSerializer
by the exposing of serializeToStream to web content. This can lead to
arbitrary code execution when exploited. (CVE-2013-0753
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753> )
*
MFSA 2013-17: Security researcher regenrecht reported, via
TippingPoint's Zero Day Initiative, a use-after-free within the
ListenerManager when garbage collection is forced after data in
listener objects have been allocated in some circumstances. This
results in a use-after-free which can lead to arbitrary code
execution. (CVE-2013-0754
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0754> )
*
MFSA 2013-18: Security researcher regenrecht reported, via
TippingPoint's Zero Day Initiative, a use-after-free using the domDoc
pointer within Vibrate library. This can lead to arbitrary code
execution when exploited. (CVE-2013-0755
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0755> )
*
MFSA 2013-19: Security researcher regenrecht reported, via
TippingPoint's Zero Day Initiative, a garbage collection flaw in
Javascript Proxy objects. This can lead to a use-after-free leading
to arbitrary code execution. (CVE-2013-0756
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0756> )
*
MFSA 2013-20: Google reported to Mozilla that TURKTRUST, a
certificate authority in Mozilla's root program, had mis-issued two
intermediate certificates to customers. The issue was not specific to
Firefox but there was evidence that one of the certificates was used
for man-in-the-middle (MITM) traffic management of domain names that
the customer did not legitimately own or control. This issue was
resolved by revoking the trust for these specific mis-issued
certificates. (CVE-2013-0743
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0743> )
SUSE bug 796895CVE-2012-5829CVE-2013-0743CVE-2013-0744CVE-2013-0745CVE-2013-0746CVE-2013-0747CVE-2013-0748CVE-2013-0749CVE-2013-0750CVE-2013-0751CVE-2013-0752CVE-2013-0753CVE-2013-0754CVE-2013-0755CVE-2013-0756CVE-2013-0757CVE-2013-0758CVE-2013-0759CVE-2013-0760CVE-2013-0761CVE-2013-0762CVE-2013-0763CVE-2013-0764CVE-2013-0766CVE-2013-0767CVE-2013-0768CVE-2013-0769CVE-2013-0770CVE-2013-0771cpe:/o:suse:suse_sled:11:sp2Security update for Mozilla FirefoxSUSE Linux Enterprise Desktop 11 SP2
MozillaFirefox has been updated to the 17.0.4ESR release which fixes one
important security issue:
* MFSA 2013-29 / CVE-2013-0787: VUPEN Security, via TippingPoint's Zero
Day Initiative, reported a use-after-free within the HTML editor when
content script is run by the document.execCommand() function while
internal editor operations are occurring. This could allow for
arbitrary code execution.
Security Issue reference:
* CVE-2013-0787
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0787>
SUSE bug 808243CVE-2013-0787cpe:/o:suse:suse_sled:11:sp2Security update for Mozilla FirefoxSUSE Linux Enterprise Desktop 11 SP2
MozillaFirefox has been updated to the 17.0.5ESR release fixing bugs and
security issues.
Also Mozilla NSS has been updated to version 3.14.3 and Mozilla NSPR to
4.9.6.
*
MFSA 2013-30: Mozilla developers identified and fixed several memory
safety bugs in the browser engine used in Firefox and other
Mozilla-based products. Some of these bugs showed evidence of memory
corruption under certain circumstances, and we presume that with
enough effort at least some of these could be exploited to run
arbitrary code.
Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan
Sreckovic, and Joe Drew reported memory safety problems and crashes
that affect Firefox ESR 17, and Firefox 19. (CVE-2013-0788)
Andrew McCreight, Randell Jesup, Gary Kwong, Jesse Ruderman,
Christian Holler, and Mats Palmgren reported memory safety problems
and crashes that affect Firefox 19. (CVE-2013-0789)
Jim Chen reported a memory safety problem that affects Firefox for
Android
*
(CVE-2013-0790)
*
MFSA 2013-31 / CVE-2013-0800: Security researcher Abhishek Arya
(Inferno) of the Google Chrome Security Team used the Address
Sanitizer tool to discover an out-of-bounds write in Cairo graphics
library. When certain values are passed to it during rendering, Cairo
attempts to use negative boundaries or sizes for boxes, leading to a
potentially exploitable crash in some instances.
*
MFSA 2013-32 / CVE-2013-0799: Security researcher Frederic Hoguin
discovered that the Mozilla Maintenance Service on Windows was
vulnerable to a buffer overflow. This system is used to update
software without invoking the User Account Control (UAC) prompt. The
Mozilla Maintenance Service is configured to allow unprivileged users
to start it with arbitrary arguments. By manipulating the data passed
in these arguments, an attacker can execute arbitrary code with the
system privileges used by the service. This issue requires local file
system access to be exploitable.
*
MFSA 2013-33 / CVE-2013-0798: Security researcher Shuichiro Suzuki of
the Fourteenforty Research Institute reported the app_tmp directory
is set to be world readable and writeable by Firefox for Android.
This potentially allows for third party applications to replace or
alter Firefox add-ons when downloaded because they are temporarily
stored in the app_tmp directory before installation.
This vulnerability only affects Firefox for Android.
*
MFSA 2013-34 / CVE-2013-0797: Security researcher Ash reported an
issue with the Mozilla Updater. The Mozilla Updater can be made to
load a malicious local DLL file in a privileged context through
either the Mozilla Maintenance Service or independently on systems
that do not use the service. This occurs when the DLL file is placed
in a specific location on the local system before the Mozilla Updater
is run. Local file system access is necessary in order for this issue
to be exploitable.
*
MFSA 2013-35 / CVE-2013-0796: Security researcher miaubiz used the
Address Sanitizer tool to discover a crash in WebGL rendering when
memory is freed that has not previously been allocated. This issue
only affects Linux users who have Intel Mesa graphics drivers. The
resulting crash could be potentially exploitable.
*
MFSA 2013-36 / CVE-2013-0795: Security researcher Cody Crews reported
a mechanism to use the cloneNode method to bypass System Only
Wrappers (SOW) and clone a protected node. This allows violation of
the browser's same origin policy and could also lead to privilege
escalation and the execution of arbitrary code.
*
MFSA 2013-37 / CVE-2013-0794: Security researcher shutdown reported a
method for removing the origin indication on tab-modal dialog boxes
in combination with browser navigation. This could allow an
attacker's dialog to overlay a page and show another site's content.
This can be used for phishing by allowing users to enter data into a
modal prompt dialog on an attacking, site while appearing to be from
the displayed site.
*
MFSA 2013-38 / CVE-2013-079: Security researcher Mariusz Mlynski
reported a method to use browser navigations through history to load
an arbitrary website with that page's baseURI property pointing to
another site instead of the seemingly loaded one. The user will
continue to see the incorrect site in the addressbar of the browser.
This allows for a cross-site scripting (XSS) attack or the theft of
data through a phishing attack.
*
MFSA 2013-39 / CVE-2013-0792: Mozilla community member Tobias Schula
reported that if gfx.color_management.enablev4 preference is enabled
manually in about:config, some grayscale PNG images will be rendered
incorrectly and cause memory corruption during PNG decoding when
certain color profiles are in use. A crafted PNG image could use this
flaw to leak data through rendered images drawing from random memory.
By default, this preference is not enabled.
*
MFSA 2013-40 / CVE-2013-0791: Mozilla community member Ambroz Bizjak
reported an out-of-bounds array read in the CERT_DecodeCertPackage
function of the Network Security Services (NSS) libary when decoding
a certificate. When this occurs, it will lead to memory corruption
and a non-exploitable crash.
Security Issue references:
* CVE-2013-0788
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788>
* CVE-2013-0789
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0789>
* CVE-2013-0790
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0790>
* CVE-2013-0791
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791>
* CVE-2013-0792
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0792>
* CVE-2013-0794
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0794>
* CVE-2013-0795
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795>
* CVE-2013-0796
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796>
* CVE-2013-0797
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0797>
* CVE-2013-0798
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0798>
* CVE-2013-0799
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0799>
* CVE-2013-0800
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800>
SUSE bug 813026CVE-2013-0788CVE-2013-0789CVE-2013-0790CVE-2013-0791CVE-2013-0792CVE-2013-0794CVE-2013-0795CVE-2013-0796CVE-2013-0797CVE-2013-0798CVE-2013-0799CVE-2013-0800cpe:/o:suse:suse_sled:11:sp2Security update for Mozilla FirefoxSUSE Linux Enterprise Desktop 11 SP2
Mozilla Firefox has been updated to the17.0.6ESR security release.
*
MFSA 2013-30: Mozilla developers identified and fixed several memory
safety bugs in the browser engine used in Firefox and other
Mozilla-based products. Some of these bugs showed evidence of memory
corruption under certain circumstances, and we presume that with
enough effort at least some of these could be exploited to run
arbitrary code.
Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan
Sreckovic, and Joe Drew reported memory safety problems and crashes
that affect Firefox ESR 17, and Firefox 19. (CVE-2013-0788)
*
MFSA 2013-31 / CVE-2013-0800: Security researcher Abhishek Arya
(Inferno) of the Google Chrome Security Team used the Address
Sanitizer tool to discover an out-of-bounds write in Cairo graphics
library. When certain values are passed to it during rendering, Cairo
attempts to use negative boundaries or sizes for boxes, leading to a
potentially exploitable crash in some instances.
*
MFSA 2013-32 / CVE-2013-0799: Security researcher Frederic Hoguin
discovered that the Mozilla Maintenance Service on Windows was
vulnerable to a buffer overflow. This system is used to update
software without invoking the User Account Control (UAC) prompt. The
Mozilla Maintenance Service is configured to allow unprivileged users
to start it with arbitrary arguments. By manipulating the data passed
in these arguments, an attacker can execute arbitrary code with the
system privileges used by the service. This issue requires local file
system access to be exploitable.
*
MFSA 2013-34 / CVE-2013-0797: Security researcher Ash reported an
issue with the Mozilla Updater. The Mozilla Updater can be made to
load a malicious local DLL file in a privileged context through
either the Mozilla Maintenance Service or independently on systems
that do not use the service. This occurs when the DLL file is placed
in a specific location on the local system before the Mozilla Updater
is run. Local file system access is necessary in order for this issue
to be exploitable.
*
MFSA 2013-35 / CVE-2013-0796: Security researcher miaubiz used the
Address Sanitizer tool to discover a crash in WebGL rendering when
memory is freed that has not previously been allocated. This issue
only affects Linux users who have Intel Mesa graphics drivers. The
resulting crash could be potentially exploitable.
*
MFSA 2013-36 / CVE-2013-0795: Security researcher Cody Crews reported
a mechanism to use the cloneNode method to bypass System Only
Wrappers (SOW) and clone a protected node. This allows violation of
the browser's same origin policy and could also lead to privilege
escalation and the execution of arbitrary code.
*
MFSA 2013-37 / CVE-2013-0794: Security researcher shutdown reported a
method for removing the origin indication on tab-modal dialog boxes
in combination with browser navigation. This could allow an
attacker's dialog to overlay a page and show another site's content.
This can be used for phishing by allowing users to enter data into a
modal prompt dialog on an attacking, site while appearing to be from
the displayed site.
*
MFSA 2013-38 / CVE-2013-0793: Security researcher Mariusz Mlynski
reported a method to use browser navigations through history to load
an arbitrary website with that page's baseURI property pointing to
another site instead of the seemingly loaded one. The user will
continue to see the incorrect site in the addressbar of the browser.
This allows for a cross-site scripting (XSS) attack or the theft of
data through a phishing attack.
*
MFSA 2013-39 / CVE-2013-0792: Mozilla community member Tobias Schula
reported that if gfx.color_management.enablev4 preference is enabled
manually in about:config, some grayscale PNG images will be rendered
incorrectly and cause memory corruption during PNG decoding when
certain color profiles are in use. A crafted PNG image could use this
flaw to leak data through rendered images drawing from random memory.
By default, this preference is not enabled.
*
MFSA 2013-40 / CVE-2013-0791: Mozilla community member Ambroz Bizjak
reported an out-of-bounds array read in the CERT_DecodeCertPackage
function of the Network Security Services (NSS) libary when decoding
a certificate. When this occurs, it will lead to memory corruption
and a non-exploitable crash.
Security Issue references:
* CVE-2013-0788
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788>
* CVE-2013-0791
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791>
* CVE-2013-0792
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0792>
* CVE-2013-0793
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793>
* CVE-2013-0794
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0794>
* CVE-2013-0795
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795>
* CVE-2013-0796
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796>
* CVE-2013-0797
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0797>
* CVE-2013-0799
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0799>
* CVE-2013-0800
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800>
SUSE bug 792432SUSE bug 819204CVE-2013-0788CVE-2013-0791CVE-2013-0792CVE-2013-0793CVE-2013-0794CVE-2013-0795CVE-2013-0796CVE-2013-0797CVE-2013-0799CVE-2013-0800cpe:/o:suse:suse_sled:11:sp2Security update for Mozilla FirefoxSUSE Linux Enterprise Desktop 11 SP2
Mozilla Firefox has been updated to the 17.0.7 ESR version, fixing bugs and
security fixes.
*
MFSA 2013-49: Mozilla developers identified and fixed several memory
safety bugs in the browser engine used in Firefox and other
Mozilla-based products. Some of these bugs showed evidence of memory
corruption under certain circumstances, and we presume that with
enough effort at least some of these could be exploited to run
arbitrary code.
Gary Kwong, Jesse Ruderman, and Andrew McCreight reported memory
safety problems and crashes that affect Firefox ESR 17, and Firefox
21. (CVE-2013-1682)
*
MFSA 2013-50: Security researcher Abhishek Arya (Inferno) of the
Google Chrome Security Team used the Address Sanitizer tool to
discover a series of use-after-free problems rated critical as
security issues in shipped software. Some of these issues are
potentially exploitable, allowing for remote code execution. We would
also like to thank Abhishek for reporting additional use-after-free
and buffer overflow flaws in code introduced during Firefox
development. These were fixed before general release.
o Heap-use-after-free in
mozilla::dom::HTMLMediaElement::LookupMediaElementURITable
(CVE-2013-1684)
o Heap-use-after-free in nsIDocument::GetRootElement
(CVE-2013-1685)
o Heap-use-after-free in mozilla::ResetDir (CVE-2013-1686)
*
MFSA 2013-51 / CVE-2013-1687: Security researcher Mariusz Mlynski
reported that it is possible to compile a user-defined function in
the XBL scope of a specific element and then trigger an event within
this scope to run code. In some circumstances, when this code is run,
it can access content protected by System Only Wrappers (SOW) and
chrome-privileged pages. This could potentially lead to arbitrary
code execution. Additionally, Chrome Object Wrappers (COW) can be
bypassed by web content to access privileged methods, leading to a
cross-site scripting (XSS) attack from privileged pages.
*
MFSA 2013-53 / CVE-2013-1690: Security researcher Nils reported that
specially crafted web content using the onreadystatechange event and
reloading of pages could sometimes cause a crash when unmapped memory
is executed. This crash is potentially exploitable.
*
MFSA 2013-54 / CVE-2013-1692: Security researcher Johnathan Kuskos
reported that Firefox is sending data in the body of XMLHttpRequest
(XHR) HEAD requests, which goes agains the XHR specification. This
can potentially be used for Cross-Site Request Forgery (CSRF) attacks
against sites which do not distinguish between HEAD and POST
requests.
*
MFSA 2013-55 / CVE-2013-1693: Security researcher Paul Stone of
Context Information Security discovered that timing differences in
the processing of SVG format images with filters could allow for
pixel values to be read. This could potentially allow for text values
to be read across domains, leading to information disclosure.
*
MFSA 2013-59 / CVE-2013-1697: Mozilla security researcher
moz_bug_r_a4 reported that XrayWrappers can be bypassed to call
content-defined toString and valueOf methods through DefaultValue.
This can lead to unexpected behavior when privileged code acts on the
incorrect values.
Security Issue references:
* CVE-2013-1682
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1682>
* CVE-2013-1684
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1684>
* CVE-2013-1685
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1685>
* CVE-2013-1686
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1686>
* CVE-2013-1687
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1687>
* CVE-2013-1690
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690>
* CVE-2013-1692
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1692>
* CVE-2013-1693
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1693>
* CVE-2013-1697
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1697>
SUSE bug 825935CVE-2013-1682CVE-2013-1684CVE-2013-1685CVE-2013-1686CVE-2013-1687CVE-2013-1690CVE-2013-1692CVE-2013-1693CVE-2013-1697cpe:/o:suse:suse_sled:11:sp2Security update for MozillaFirefoxSUSE Linux Enterprise Desktop 11 SP2
Mozilla Firefox was updated to the 17.0.10ESR release, fixing various bugs
and security issues:
MFSA 2013-93: Mozilla developers identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least some
of these could be exploited to run arbitrary code.
Jesse Ruderman and Christoph Diehl reported memory safety problems and
crashes that affect Firefox ESR 17, Firefox ESR 24, and Firefox 24.
(CVE-2013-5590)
Carsten Book reported a crash fixed in the NSS library used by
Mozilla-based products fixed in Firefox 25, Firefox ESR 24.1, and Firefox
ESR 17.0.10.(CVE-2013-1739)
MFSA 2013-95 / CVE-2013-5604: Security researcher Abhishek Arya (Inferno)
of the Google Chrome Security Team used the Address Sanitizer tool to
discover an access violation due to uninitialized data during Extensible
Stylesheet Language Transformation (XSLT) processing. This leads to a
potentially exploitable crash.
MFSA 2013-96 / CVE-2013-5595: Compiler Engineer Dan Gohman of Google
discovered a flaw in the JavaScript engine where memory was being
incorrectly allocated for some functions and the calls for allocations were
not always properly checked for overflow, leading to potential buffer
overflows. When combined with other vulnerabilities, these flaws could be
potentially exploitable.
MFSA 2013-98 / CVE-2013-5597: Security researcher Byoungyoung Lee of
Georgia Tech Information Security Center (GTISC) used the Address Sanitizer
tool to discover a use-after-free during state change events while updating
the offline cache. This leads to a potentially exploitable crash.
MFSA 2013-100: Security researcher Nils used the Address Sanitizer tool
while fuzzing to discover missing strong references in browsing engine
leading to use-after-frees. This can lead to a potentially exploitable
crash.
* ASAN heap-use-after-free in nsIPresShell::GetPresContext() with
canvas, onresize and mozTextStyle (CVE-2013-5599)
* ASAN use-after-free in nsIOService::NewChannelFromURIWithProxyFlags
with Blob URL (CVE-2013-5600)
* ASAN use-after free in GC allocation in
nsEventListenerManager::SetEventHandler (CVE-2013-5601)
MFSA 2013-101 / CVE-2013-5602: Security researcher Nils used the Address
Sanitizer tool while fuzzing to discover a memory corruption issue with the
JavaScript engine when using workers with direct proxies. This results in a
potentially exploitable crash.
Security Issues:
* CVE-2013-1739
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739>
SUSE bug 847708CVE-2013-1739cpe:/o:suse:suse_sled:11:sp2Security update for flash-playerSUSE Linux Enterprise Desktop 11 SP2
This update resolves an integer underflow vulnerability that could have
been exploited to execute arbitrary code on the affected system
(CVE-2014-0497).
More information:
http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
<http://helpx.adobe.com/security/products/flash-player/apsb14-04.html>
Security Issue references:
* CVE-2014-0497
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0497>
SUSE bug 862288CVE-2014-0497cpe:/o:suse:suse_sled:11:sp2Security update for freetype2SUSE Linux Enterprise Desktop 11 SP2
This update fixes:
* OOB access in bdf_free_font() and _bdf_parse_glyphs() (CVE-2012-5668
and CVE-2012-5669)
As well as the following non-security bugs:
* [bdf] Savannah bug #37905.
o src/bdf/bdflib.c (_bdf_parse_start): Reset `props_size' to zero
in case of allocation error; this value gets used in a loop in
* [bdf] Fix Savannah bug #37906.
o src/bdf/bdflib.c (_bdf_parse_glyphs): Use correct array size
for checking `glyph_enc'.
Security Issue references:
* CVE-2012-5668
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5668>
* CVE-2012-5669
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5669>
SUSE bug 795826CVE-2012-5668CVE-2012-5669cpe:/o:suse:suse_sled:11:sp2Security update for ghostscriptSUSE Linux Enterprise Desktop 11 SP2
This update fixes an array index error leading to a heap-based buffer
overflow in ghostscript-library. CVE-2012-4405 has been assigned to this
issue.
Security Issue reference:
* CVE-2012-4405
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4405>
SUSE bug 779700CVE-2012-4405cpe:/o:suse:suse_sled:11:sp2Security update for glibcSUSE Linux Enterprise Desktop 11 SP2
This update for glibc contains the following fixes:
* Fix integer overflows in malloc (CVE-2013-4332, bnc#839870)
* Fix buffer overflow in glob (bnc#691365)
* Fix buffer overflow in strcoll (CVE-2012-4412, bnc#779320)
* Update mount flags in <sys/mount.h> (bnc#791928)
* Fix buffer overrun in regexp matcher (CVE-2013-0242, bnc#801246)
* Fix memory leaks in dlopen (bnc#811979)
* Fix stack overflow in getaddrinfo with many results (CVE-2013-1914,
bnc#813121)
* Fix check for XEN build in glibc_post_upgrade that causes missing
init re-exec (bnc#818628)
* Don't raise UNDERFLOW in tan/tanf for small but normal argument
(bnc#819347)
* Properly cross page boundary in SSE4.2 implementation of strcmp
(bnc#822210)
* Fix robust mutex handling after fork (bnc#827811)
* Fix missing character in IBM-943 charset (bnc#828235)
* Fix use of alloca in gaih_inet (bnc#828637)
* Initialize pointer guard also in static executables (CVE-2013-4788,
bnc#830268)
* Fix readdir_r with long file names (CVE-2013-4237, bnc#834594).
Security Issues:
* CVE-2012-4412
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412>
* CVE-2013-0242
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242>
* CVE-2013-1914
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1914>
* CVE-2013-4237
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237>
* CVE-2013-4332
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332>
* CVE-2013-4788
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788>
SUSE bug 691365SUSE bug 779320SUSE bug 791928SUSE bug 801246SUSE bug 811979SUSE bug 813121SUSE bug 818628SUSE bug 819347SUSE bug 822210SUSE bug 827811SUSE bug 828235SUSE bug 828637SUSE bug 830268SUSE bug 834594SUSE bug 839870CVE-2012-4412CVE-2013-0242CVE-2013-1914CVE-2013-4237CVE-2013-4332CVE-2013-4788cpe:/o:suse:suse_sled:11:sp2Security update for GnuTLSSUSE Linux Enterprise Desktop 11 SP2
This update of GnuTLS fixes a regression introduced by the previous update
that could have resulted in a Denial of Service (application crash).
Security Issue reference:
* CVE-2013-2116
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116>
SUSE bug 821818CVE-2013-2116cpe:/o:suse:suse_sled:11:sp2Security update for gpg2SUSE Linux Enterprise Desktop 11 SP2
This GnuPG update fixes two security issues:
* CVE-2013-4351: GnuPG treated no-usage-permitted keys as
all-usages-permitted.
* CVE-2013-4402: An infinite recursion in the compressed packet parser
was fixed.
Security Issue reference:
* CVE-2013-4351
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4351>
* CVE-2013-4402
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402>
SUSE bug 840510SUSE bug 844175CVE-2013-4351CVE-2013-4402cpe:/o:suse:suse_sled:11:sp2Security update for gtk2SUSE Linux Enterprise Desktop 11 SP2
The following issue has been fixed:
* Specially crafted GIF and XBM files could have crashed gtk2
(CVE-2012-2370,CVE-2011-2485)
Security Issue references:
* CVE-2012-2370
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2370>
* CVE-2011-2485
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2485>
SUSE bug 702028SUSE bug 762735CVE-2011-2485CVE-2012-2370cpe:/o:suse:suse_sled:11:sp2Security update for hplipSUSE Linux Enterprise Desktop 11 SP2
hplip was updated to fix three security issues:
*
CVE-2013-0200: Some local file overwrite problems via predictable
/tmp filenames were fixed.
*
CVE-2013-4325: hplip used an insecure polkit DBUS API (polkit-process
subject race condition) which could lead to local privilege
escalation.
*
CVE-2013-6402: hplip uses arbitrary file creation/overwrite (via
hardcoded file name /tmp/hp-pkservice.log)
Security Issue references:
* CVE-2013-4325
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4325>
* CVE-2013-0200
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0200>
* CVE-2013-6402
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6402>
SUSE bug 808355SUSE bug 835827SUSE bug 836937SUSE bug 852368CVE-2013-0200CVE-2013-4325CVE-2013-6402cpe:/o:suse:suse_sled:11:sp2Security update for icedtea-webSUSE Linux Enterprise Desktop 11 SP2
This icedtea-web update adds a missing fix for an off-by-one heap-based
buffer overflow.
bnc#840572: CVE-2013-4349: icedtea-web 1.4.1 fixes the missing patch for
CVE-2012-4540.
Security Issues:
* CVE-2012-4540
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4540>
* CVE-2013-4349
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4349>
SUSE bug 840572CVE-2012-4540CVE-2013-4349cpe:/o:suse:suse_sled:11:sp2Security update for icuSUSE Linux Enterprise Desktop 11 SP2
This update is rereleased because some architectures were missed on the
first try. It fixes the following security issues:
* Specially crafted strings could cause a buffer overflow in icu (
CVE-2011-4599
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4599> )
* An integer overflow in the getSymbol() function could crash
applications using icu (CVE-2010-4409
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4409> )
SUSE bug 657910SUSE bug 736146CVE-2011-4599cpe:/o:suse:suse_sled:11:sp2Security update for inkscapeSUSE Linux Enterprise Desktop 11 SP2
inkscape was updated to fix a XXE (Xml eXternal Entity) attack during
rasterization of SVG images (CVE-2012-5656), where the rendering of
malicious SVG images could have connected from inkscape to internal hosts.
Also inkscape would have loaded .EPS files from untrusted /tmp occasionaly
instead from the current directory. (CVE-2012-6076)
Security Issue references:
* CVE-2012-6076
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6076>
* CVE-2012-5656
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5656>
SUSE bug 794958SUSE bug 796306CVE-2012-5656CVE-2012-6076cpe:/o:suse:suse_sled:11:sp2Security update for OpenJDK 1.6SUSE Linux Enterprise Desktop 11 SP2
OpenJDK 1.6 was updated to the new Icedtea release 1.12.7, which includes
many fixes for bugs and security issues:
* S8006900, CVE-2013-3829: Add new date/time capability
* S8008589: Better MBean permission validation
* S8011071, CVE-2013-5780: Better crypto provider handling
* S8011081, CVE-2013-5772: Improve jhat
* S8011157, CVE-2013-5814: Improve CORBA portablility
* S8012071, CVE-2013-5790: Better Building of Beans
* S8012147: Improve tool support
* S8012277: CVE-2013-5849: Improve AWT DataFlavor
* S8012425, CVE-2013-5802: Transform TransformerFactory
* S8013503, CVE-2013-5851: Improve stream factories
* S8013506: Better Pack200 data handling
* S8013510, CVE-2013-5809: Augment image writing code
* S8013514: Improve stability of cmap class
* S8013739, CVE-2013-5817: Better LDAP resource management
* S8013744, CVE-2013-5783: Better tabling for AWT
* S8014085: Better serialization support in JMX classes
* S8014093, CVE-2013-5782: Improve parsing of images
* S8014102, CVE-2013-5778: Improve image conversion
* S8014341, CVE-2013-5803: Better service from Kerberos servers
* S8014349, CVE-2013-5840: (cl) Class.getDeclaredClass problematic in
some class loader configurations
* S8014530, CVE-2013-5825: Better digital signature processing
* S8014534: Better profiling support
* S8014987, CVE-2013-5842: Augment serialization handling
* S8015614: Update build settings
* S8015731: Subject java.security.auth.subject to improvements
* S8015743, CVE-2013-5774: Address internet addresses
* S8016256: Make finalization final
* S8016653, CVE-2013-5804: javadoc should ignore ignoreable characters
in names
* S8016675, CVE-2013-5797: Make Javadoc pages more robust
* S8017196, CVE-2013-5850: Ensure Proxies are handled appropriately
* S8017287, CVE-2013-5829: Better resource disposal
* S8017291, CVE-2013-5830: Cast Proxies Aside
* S8017298, CVE-2013-4002: Better XML support
* S8017300, CVE-2013-5784: Improve Interface Implementation
* S8017505, CVE-2013-5820: Better Client Service
* S8019292: Better Attribute Value Exceptions
* S8019617: Better view of objects
* S8020293: JVM crash
* S8021290, CVE-2013-5823: Better signature validation
* S8022940: Enhance CORBA translations
* S8023683: Enhance class file parsing
Security issue references:
* CVE-2013-3829
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829>
* CVE-2013-5780
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780>
* CVE-2013-5772
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772>
* CVE-2013-5814
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814>
* CVE-2013-5790
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790>
* CVE-2013-5849
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849>
* CVE-2013-5802
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802>
* CVE-2013-5851
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5851>
* CVE-2013-5809
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809>
* CVE-2013-5817
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817>
* CVE-2013-5783
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783>
* CVE-2013-5782
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782>
* CVE-2013-5778
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778>
* CVE-2013-5803
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803>
* CVE-2013-5840
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840>
* CVE-2013-5825
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825>
* CVE-2013-5842
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842>
* CVE-2013-5774
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774>
* CVE-2013-5804
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804>
* CVE-2013-5797
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797>
* CVE-2013-5850
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850>
* CVE-2013-5829
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829>
* CVE-2013-5830
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830>
* CVE-2013-4002
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002>
* CVE-2013-5784
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784>
* CVE-2013-5820
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820>
* CVE-2013-5823
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823>
SUSE bug 852367CVE-2013-3829CVE-2013-4002CVE-2013-5772CVE-2013-5774CVE-2013-5778CVE-2013-5780CVE-2013-5782CVE-2013-5783CVE-2013-5784CVE-2013-5790CVE-2013-5797CVE-2013-5802CVE-2013-5803CVE-2013-5804CVE-2013-5809CVE-2013-5814CVE-2013-5817CVE-2013-5820CVE-2013-5823CVE-2013-5825CVE-2013-5829CVE-2013-5830CVE-2013-5840CVE-2013-5842CVE-2013-5849CVE-2013-5850CVE-2013-5851cpe:/o:suse:suse_sled:11:sp2Security update for kdelibs4SUSE Linux Enterprise Desktop 11 SP2
This kdelibs4 update fixes several security issues related to
khtml/konqueror.
* Fix security issues and null pointer references in khtml/konqueror
(bnc#787520) (CVE-2012-4512, CVE-2012-4513, CVE-2012-4515)
Security Issue references:
* CVE-2012-4512
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4512>
* CVE-2012-4513
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4513>
* CVE-2012-4515
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4515>
SUSE bug 787520CVE-2012-4512CVE-2012-4513CVE-2012-4515cpe:/o:suse:suse_sled:11:sp2Security update for Linux kernelSUSE Linux Enterprise Desktop 11 SP2
The SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to fix a
regression introduced by the previous update:
* scsi_dh_alua: Incorrect reference counting in the SCSI ALUA
initialization code lead to system crashes on boot (bnc#858831).
As the update introducing the regression was marked security, this is also
marked security even though this bug is not security relevant.
SUSE bug 858831cpe:/o:suse:suse_sled:11:sp2Security update for krb5SUSE Linux Enterprise Desktop 11 SP2
This update for krb5 fixes the following security issue:
* If a KDC serves multiple realms, certain requests could cause
setup_server_realm() to dereference a null pointer, crashing the KDC.
(CVE-2013-1418)
Security Issues:
* CVE-2013-1418
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418>
SUSE bug 849240CVE-2013-1418cpe:/o:suse:suse_sled:11:sp2Security update for KVMSUSE Linux Enterprise Desktop 11 SP2
This update fixes a file permission issue with qga (the QEMU Guest Agent)
from the qemu/kvm package and includes several bug-fixes.
(bnc#818182) (CVE-2013-2007) (bnc#786813) (bnc#725008) (bnc#712137)
(bnc#824340)
Security Issues:
* CVE-2013-2007
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2007>
SUSE bug 712137SUSE bug 725008SUSE bug 786813SUSE bug 818182SUSE bug 824340CVE-2013-2007cpe:/o:suse:suse_sled:11:sp2Security update for lcmsSUSE Linux Enterprise Desktop 11 SP2
The lcms userland utilities were updated to fix stack overflows.
* CVE-2013-4276: Multiple stack-based buffer overflows in LittleCMS
allowed remote attackers to cause a denial of service (crash) via a
crafted (1) ICC color profile to the icctrans utility or (2) TIFF
image to the tiffdiff utility.
Security Issues:
* CVE-2013-4276
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4276>
SUSE bug 843716CVE-2013-4276cpe:/o:suse:suse_sled:11:sp2Security update for SambaSUSE Linux Enterprise Desktop 11 SP2
This update of Samba fixes one security issue and several bugs.
The security fix is:
* Ensure that users cannot hand out their own privileges to everyone,
only administrators are allowed to do that. (CVE-2012-2111
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2111> )
The non-security bug fixes merged from upstream Samba are:
* Fix default name resolve order. (docs-xml, bso#7564).
* Fix a segfault in vfs_aio_fork. (s3-aio-fork, bso#8836).
* Remove whitespace in example samba.ldif. (docs, bso#8789)
* Move print_backend_init() behind init_system_info(). (s3-smbd,
bso#8845)
* Prepend '/' to filename argument. (s3-docs, bso#8826)
SUSE bug 757576CVE-2012-2111cpe:/o:suse:suse_sled:11:sp2Security update for libqt4SUSE Linux Enterprise Desktop 11 SP2
libqt4 has been updated to fix several security issues.
* An information disclosure via QSharedMemory was fixed which allowed
local attackers to read information (e.g. bitmap content) from the
attacked user (CVE-2013-0254).
* openssl-incompatibility-fix.diff: Fix wrong error reporting when
using a binary incompatible version of openSSL (bnc#797006,
CVE-2012-6093)
* Various compromised SSL root certificates were blacklisted.
Also a non-security bugfix has been applied:
* Add fix for qdbusviewer not matching args (bnc#784197)
Security Issue reference:
* CVE-2013-0254
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0254>
SUSE bug 784197SUSE bug 797006SUSE bug 802634CVE-2013-0254cpe:/o:suse:suse_sled:11:sp2Security update for PostgreSQLSUSE Linux Enterprise Desktop 11 SP2
This update to version 9.1.9 fixes:
* CVE-2013-1899: Fix insecure parsing of server command-line switches.
* CVE-2013-1900: Reset OpenSSL randomness state in each postmaster
child process.
* CVE-2013-1901: Make REPLICATION privilege checks test current user
not authenticated user.
Security Issue references:
* CVE-2013-1899
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899>
* CVE-2013-1900
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900>
* CVE-2013-1901
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901>
SUSE bug 812525CVE-2013-1899CVE-2013-1900CVE-2013-1901cpe:/o:suse:suse_sled:11:sp2Security update for libgcryptSUSE Linux Enterprise Desktop 11 SP2
This update of libgcrypt mitigates the Yarom/Falkner flush+reload
side-channel attack on RSA secret keys (CVE-2013-4242).
Security Issue reference:
* CVE-2013-4242
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242>
SUSE bug 831359CVE-2013-4242cpe:/o:suse:suse_sled:11:sp2Security update for MySQLSUSE Linux Enterprise Desktop 11 SP2
A stack-based buffer overflow in MySQL has been fixed that could have
caused a Denial of Service or potentially allowed the execution of
arbitrary code (CVE-2012-5611).
Security Issue references:
* CVE-2012-5615
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615>
* CVE-2012-5615
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615>
* CVE-2012-5613
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5613>
* CVE-2012-5612
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5612>
* CVE-2012-5611
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5611>
SUSE bug 792444CVE-2012-5611CVE-2012-5612CVE-2012-5613CVE-2012-5615cpe:/o:suse:suse_sled:11:sp2Security update for OpenSSLSUSE Linux Enterprise Desktop 11 SP2
OpenSSL has been updated to fix several security issues:
* CVE-2012-4929: Avoid the openssl CRIME attack by disabling SSL
compression by default. Setting the environment variable
'OPENSSL_NO_DEFAULT_ZLIB' to 'no' enables compression again.
* CVE-2013-0169: Timing attacks against TLS could be used by physically
local attackers to gain access to transmitted plain text or private
keymaterial. This issue is also known as the 'Lucky-13' issue.
* CVE-2013-0166: A OCSP invalid key denial of service issue was fixed.
Security Issue references:
* CVE-2013-0169
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169>
* CVE-2013-0166
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166>
SUSE bug 779952SUSE bug 802648SUSE bug 802746CVE-2013-0166CVE-2013-0169cpe:/o:suse:suse_sled:11:sp2Security update for libotrSUSE Linux Enterprise Desktop 11 SP2
This update fixes various heap overflows in libotr. CVE-2012-3461 has been
assigned to this issue.
Security Issue reference:
* CVE-2012-3461
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3461>
SUSE bug 777468CVE-2012-3461cpe:/o:suse:suse_sled:11:sp2Security update for pcpSUSE Linux Enterprise Desktop 11 SP2
pcp was updated to version 3.6.10 which fixes security issues and also
brings a lot of new features.
*
Update to pcp-3.6.10.
o Transition daemons to run under an unprivileged account.
o Fixes for security advisory CVE-2012-5530: tmpfile flaws;
(bnc#782967).
o Fix pcp(1) command short-form pmlogger reporting.
o Fix pmdalogger error handling for directory files.
o Fix pmstat handling of odd corner case in CPU metrics.
o Correct the python ctype used for pmAtomValue 32bit ints.
o Add missing RPM spec dependency for python-ctypes.
o Corrections to pmdamysql metrics units.
o Add pmdamysql slave status metrics.
o Improve pmcollectl error messages.
o Parameterize pmcollectl CPU counts in interrupt subsys.
o Fix generic RPM packaging for powerpc builds.
o Fix python API use of reentrant libpcp string routines.
o Python code backporting for RHEL5 in qa and pmcollectl.
o Fix edge cases in capturing interrupt error counts.
*
Update to pcp-3.6.9.
o Python wrapper for the pmimport API
o Make sar2pcp work with the sysstat versions from RHEL5, RHEL6,
and all recent Fedora versions (which is almost all current
versions of sysstat verified).
o Added a number of additional metrics into the importer for
people starting to use it to analyse sar data from real
customer incidents.
o Rework use of C99 'restrict' keyword in pmdalogger (Debian bug:
689552)
o Alot of work on the PCP QA suite, special thanks to Tomas
Dohnalek for all his efforts there.
o Win32 build updates
o Add 'raw' disk active metrics so that existing tools like
iostat can be emulated
o Allow sar2pcp to accept XML input directly (.xml suffix),
allowing it to not have to run on the same platform as the
sadc/sadf that originally generated it.
o Add PMI error codes into the PCP::LogImport perl module.
o Fix a typo in pmiUnits man page synopsis section
o Resolve pmdalinux ordering issue in NUMA/CPU indom setup
(Redhat bug: 858384)
o Remove unused pmcollectl imports (Redhat bug: 863210)
o Allow event traces to be used in libpcp interpolate mode
*
Update to pcp-3.6.8.
o Corrects the disk/partition identification for the MMC driver,
which makes disk indom handling correct on the Raspberry Pi
(http://www.raspberrypi.org/)
o Several minor/basic fixes for pmdaoracle.
o Improve pmcollectl compatibility.
o Make a few clarifications to pmcollectl.1.
o Improve python API test coverage.
o Numerous updates to the test suite in general.
o Allow pmda Install scripts to specify own dso name again.
o Reconcile spec file differences between PCP flavours.
o Fix handling of multiple contexts with a remote namespace.
o Core socket interface abstractions to support NSS (later).
o Fix man page SYNOPSIS section for pmUnpackEventRecords.
o Add --disable-shared build option for static builds.
*
Update to pcp-3.6.6.
o Added the python PMAPI bindings and an initial python client in
pmcollectl. Separate, new package exists for python libs for
those platforms that split out packages (rpm, deb).
o Added a pcp-testsuite package for those platforms that might
want this (rpm, deb again, mainly)
o Re-introduced the pcp/qa subdirectory in pcp and deprecated the
external pcpqa git tree.
o Fix potential buffer overflow in pmlogger host name handling.
o Reworked the configure --prefix handling to be more like the
rest of the open source world.
o Ensure the __pmDecodeText ident parameter is always set
Resolves Red Hat bugzilla bug #841306.
Security Issue references:
* CVE-2012-3418
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3418>
* CVE-2012-3419
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3419>
* CVE-2012-3420
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3420>
* CVE-2012-3421
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3421>
SUSE bug 732763SUSE bug 775009SUSE bug 775010SUSE bug 775011SUSE bug 775013SUSE bug 782967CVE-2012-3418CVE-2012-3419CVE-2012-3420CVE-2012-3421cpe:/o:suse:suse_sled:11:sp2Security update for pixmanSUSE Linux Enterprise Desktop 11 SP2
This update fixes the following security issue with pixman:
* Integer underflow when handling trapezoids. (bnc#853824,
CVE-2013-6425)
Security Issues:
* CVE-2013-6425
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6425>
SUSE bug 853824CVE-2013-6425cpe:/o:suse:suse_sled:11:sp2Security update for popplerSUSE Linux Enterprise Desktop 11 SP2
This update of poppler fixes the following vulnerabilities:
* CVE-2013-1788: Various invalid memory issues could be used by
attackers supplying PDFs to crash the PDF viewer or potentially
execute code.
* CVE-2013-1789: A crash in poppler could be used by attackers
providing PDFs to crash the PDF viewer.
* CVE-2013-1790: An uninitialized memory read could be used by
attackers providing PDFs to crash the PDF viewer.
Security Issue references:
* CVE-2013-1788
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1788>
* CVE-2013-1789
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1789>
* CVE-2013-1790
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1790>
SUSE bug 806793CVE-2013-1788CVE-2013-1789CVE-2013-1790cpe:/o:suse:suse_sled:11:sp2Security update for libproxySUSE Linux Enterprise Desktop 11 SP2
This update for libproxy fixes a heap-based buffer overflow that could have
allowed remote servers to have an unspecified impact via a crafted
Content-Length size in an HTTP response header for a proxy.pac file request
(CVE-2012-4505).
Additionally, it fixes parsing of the $no_proxy environment variable when
it contains more than one URL separated by white-spaces.
Security Issue reference:
* CVE-2012-4505
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4505>
SUSE bug 761626SUSE bug 784523CVE-2012-4505cpe:/o:suse:suse_sled:11:sp2Security update for LibreOfficeSUSE Linux Enterprise Desktop 11 SP2
LibreOffice was updated to SUSE 3.5 bugfix release 13 (based on upstream
3.5.6-rc2) which fixes a lot of bugs.
The following bugs have been fixed:
* polygon fill rule (bnc#759172)
* open XML in Writer (bnc#777181)
* undo in text objects (fdo#36138)
* broken numbering level (bnc#760019)
* better MathML detection (bnc#774921)
* pictures in DOCX import (bnc#772094)
* collapsing border painting (fdo#39415)
* better DOCX text box export (fdo#45724)
* hidden text in PPTX import (bnc#759180)
* slide notes in PPTX import (bnc#768027)
* RTL paragraphs in DOC import (fdo#43398)
* better vertical text imports (bnc#744510)
* HYPERLINK field in DOCX import (fdo#51034)
* shadow color on partial redraw (bnc#773515)
* floating objects in DOCX import (bnc#775899)
* graphite2 hyphenation regression (fdo#49486)
* missing shape position and size (bnc#760997)
* page style attributes in ODF import (fdo#38056)
* browsing in Template dialog crasher (fdo#46249)
* wrong master slide shape being used (bnc#758565)
* page borders regression in ODT import (fdo#38056)
* invalidate bound rect after drag&drop (fdo#44534)
* rotated shape margins in PPTX import (bnc#773048)
* pasting into more than 1 sheet crasher (fdo#47311)
* crashers in PPT/PPTX import (bnc#768027, bnc#774167
* missing footnote in DOCX/DOC/RTF export (fdo#46020)
* checkbox no-label behaviour (fdo#51336, bnc#757602)
* try somewhat harder to read w:position (bnc#773061)
* FormatNumber can handle sal_uInt32 values (fdo#51793)
* rectangle-paragraph tables in DOCX import (bnc#775899)
* header and bullet in slideshow transition (bnc#759172)
* default background color in DOC/DOCX export (fdo#45724)
* font name / size attributes in DOCX import (bnc#774681)
* zero rect. size causing wrong line positions (fdo#47434)
* adjusted display of Bracket/BracePair in PPT (bnc#741480)
* use Unicode functions for QuickStarter tooltip (fdo#52143)
* TabRatio API and detect macro at group shape fixes (bnc#770708)
* indented text in DOCX file does not wrap correctly (bnc#775906)
* undocked toolbars do not show all icons in special ratio (fdo#47071)
* cross-reference text when Caption order is Numbering first
(fdo#50801)
* bullet color same as following text by default (bnc#719988,
bnc#734733)
* misc RTF import fixes (rhbz#819304, fdo#49666, bnc#774681, fdo#51772,
fdo#48033, fdo#52066, fdo#48335, fdo#48446, fdo#49892, fdo#46966)
* libvisio was updated to 0.0.19:
* file displays as blank page in Draw (fdo#50990)
* Use the vendor SUSE instead of Novell, Inc.
* Some NULL pointer dereferences were fixed. (CVE-2012-4233)
Security Issue reference:
* CVE-2012-4233
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4233>
SUSE bug 719988SUSE bug 734733SUSE bug 741480SUSE bug 744510SUSE bug 757602SUSE bug 758565SUSE bug 759172SUSE bug 759180SUSE bug 760019SUSE bug 760997SUSE bug 768027SUSE bug 770708SUSE bug 772094SUSE bug 773048SUSE bug 773061SUSE bug 773515SUSE bug 774167SUSE bug 774681SUSE bug 774921SUSE bug 775899SUSE bug 775906SUSE bug 777181SUSE bug 778669CVE-2012-4233cpe:/o:suse:suse_sled:11:sp2Security update for libssh2SUSE Linux Enterprise Desktop 11 SP2
This update of libssh fixes multiple integer overflows. CVE-2012-4562 has
been assigned to this issue.
Security Issue reference:
* CVE-2012-4562
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4562>
SUSE bug 789827CVE-2012-4562cpe:/o:suse:suse_sled:11:sp2Security update for libtiffSUSE Linux Enterprise Desktop 11 SP2
This tiff update fixes several security issues.
* bnc#834477: CVE-2013-4232 CVE-2013-4231: tiff: buffer overflows/use
after free problem
* bnc#834779: CVE-2013-4243: libtiff (gif2tiff): heap-based buffer
overflow in readgifimage()
* bnc#834788: CVE-2013-4244: libtiff (gif2tiff): OOB Write in LZW
decompressor
Security Issue references:
* CVE-2013-4232
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4232>
* CVE-2013-4231
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4231>
* CVE-2013-4243
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4243>
* CVE-2013-4244
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4244>
SUSE bug 834477SUSE bug 834779SUSE bug 834788CVE-2013-4231CVE-2013-4232CVE-2013-4243CVE-2013-4244cpe:/o:suse:suse_sled:11:sp2Security update for libvirtSUSE Linux Enterprise Desktop 11 SP2
This libvirt update fixes a security issue.
* bnc#838638: CVE-2013-4296: EMBARGOED: libvirt: Fix crash in
remoteDispatchDomainMemoryStats
* bnc#817008: Regression: vm-install fails to display on SLES 11 SP2
UV2000
Security Issue reference:
* CVE-2013-4296
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4296>
SUSE bug 817008SUSE bug 838638CVE-2013-4296cpe:/o:suse:suse_sled:11:sp2Security update for libvirtSUSE Linux Enterprise Desktop 11 SP2
libvirt received security and bugfixes:
* CVE-2012-4423: Fixed a libvirt remote denial of service (crash)
problem.
The following bugs have been fixed:
* qemu: Fix probing for guest capabilities
* xen-xm: Generate UUID if not specified
* xenParseXM: don't dereference NULL pointer when script is empty
Security Issue references:
* CVE-2012-4539
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539>
* CVE-2012-3497
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3497>
* CVE-2012-4411
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4411>
* CVE-2012-4535
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535>
* CVE-2012-4537
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537>
* CVE-2012-4536
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4536>
* CVE-2012-4538
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4538>
* CVE-2012-4539
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539>
* CVE-2012-4544
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4544>
SUSE bug 772586SUSE bug 773621SUSE bug 773626SUSE bug 780432CVE-2012-3497CVE-2012-4411CVE-2012-4535CVE-2012-4536CVE-2012-4537CVE-2012-4538CVE-2012-4539CVE-2012-4544cpe:/o:suse:suse_sled:11:sp2Security update for libxml2SUSE Linux Enterprise Desktop 11 SP2
This update fixes a DoS vulnerability in libxml2. CVE-2013-2877 has been
assigned to this issue.
Security Issue reference:
* CVE-2013-2877
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877>
SUSE bug 829077SUSE bug 854869CVE-2013-2877cpe:/o:suse:suse_sled:11:sp2Security update for libxsltSUSE Linux Enterprise Desktop 11 SP2
libxslt received a security update to fix a security issue:
* CVE-2013-4520: The XSL implementation in libxslt allowed remote
attackers to cause a denial of service (crash) via an invalid DTD.
(addendum due to incomplete fix for CVE-2012-2825)
Security Issue references:
* CVE-2012-6139
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6139>
* CVE-2012-2825
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825>
* CVE-2011-3970
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3970>
SUSE bug 849019CVE-2011-3970CVE-2012-2825CVE-2012-6139cpe:/o:suse:suse_sled:11:sp2Security update for Mozilla NSSSUSE Linux Enterprise Desktop 11 SP2
Mozilla NSS has been updated to 3.15.2 (bnc#847708) bringing various
features and bugfixes:
The main feature is TLS 1.2 support and its dependent algorithms.
* Support for AES-GCM ciphersuites that use the SHA-256 PRF
* MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs
* Add PK11_CipherFinal macro
* sizeof() used incorrectly
* nssutil_ReadSecmodDB() leaks memory
* Allow SSL_HandshakeNegotiatedExtension to be called before the
handshake is finished.
* Deprecate the SSL cipher policy code
* Avoid uninitialized data read in the event of a decryption failure.
(CVE-2013-1739)
Changes coming with version 3.15.1:
* TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246
and RFC 5289) are supported, allowing TLS to be used without MD5 and
SHA-1.
Note the following limitations:
The hash function used in the signature for TLS 1.2 client
authentication must be the hash function of the TLS 1.2 PRF, which is
always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet
supported.
o some bugfixes and improvements
Changes with version 3.15
* New Functionality
o Support for OCSP Stapling (RFC 6066, Certificate Status
Request) has been added for both client and server sockets. TLS
client applications may enable this via a call to
SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
o Added function SECITEM_ReallocItemV2. It replaces function
SECITEM_ReallocItem, which is now declared as obsolete.
o Support for single-operation (eg: not multi-part) symmetric key
encryption and decryption, via PK11_Encrypt and PK11_Decrypt.
o certutil has been updated to support creating name constraints
extensions.
Security Issue reference:
* CVE-2013-1739
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739>
SUSE bug 847708CVE-2013-1739cpe:/o:suse:suse_sled:11:sp2Security update for mozilla-nspr, mozilla-nssSUSE Linux Enterprise Desktop 11 SP2
Mozilla NSPR and NSS were updated to fix various security bugs that could
be used to crash the browser or potentially execute code.
Mozilla NSPR 4.10.2 has the following bug fixes:
* Bug 770534: Possible pointer overflow in PL_ArenaAllocate(). Fixed by
Pascal Cuoq and Kamil Dudka.
* Bug 888546: ptio.c:PR_ImportUDPSocket doesn't work. Fixed by Miloslav
Trmac.
* Bug 915522: VS2013 support for NSPR. Fixed by Makoto Kato.
* Bug 927687: Avoid unsigned integer wrapping in PL_ArenaAllocate.
(CVE-2013-5607)
Mozilla NSS 3.15.3 is a patch release for NSS 3.15 and includes the
following bug fixes:
* Bug 925100: Ensure a size is <= half of the maximum PRUint32 value.
(CVE-2013-1741)
* Bug 934016: Handle invalid handshake packets. (CVE-2013-5605)
* Bug 910438: Return the correct result in CERT_VerifyCert on failure,
if a verifyLog isn't used. (CVE-2013-5606)
Security Issue references:
* CVE-2013-1741
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741>
* CVE-2013-5605
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5605>
* CVE-2013-5606
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5606>
* CVE-2013-5607
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607>
SUSE bug 850148CVE-2013-1741CVE-2013-5605CVE-2013-5606CVE-2013-5607cpe:/o:suse:suse_sled:11:sp2Security update for libfreebl3SUSE Linux Enterprise Desktop 11 SP2
Mozilla NSS has been updated to the 3.15.3.1 security release.
The update blacklists an intermediate CA that was abused to create man in
the middle certificates.
SUSE bug 854367cpe:/o:suse:suse_sled:11:sp2Security update for OpenSSHSUSE Linux Enterprise Desktop 11 SP2
This update for OpenSSH provides the following fixes:
* Implement remote denial of service hardening. (bnc#802639,
CVE-2010-5107)
* Use only FIPS 140-2 approved algorithms when FIPS mode is detected.
(bnc#755505, bnc#821039)
* Do not link OpenSSH binaries with LDAP libraries. (bnc#826906)
Security Issue reference:
* CVE-2010-5107
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5107>
SUSE bug 755505SUSE bug 802639SUSE bug 821039SUSE bug 826906CVE-2010-5107cpe:/o:suse:suse_sled:11:sp2Security update for openssl-certsSUSE Linux Enterprise Desktop 11 SP2
openssl-certs was updated with the current certificate data available from
mozilla.org.
Changes:
* Updated certificates to revision 1.95
* Distrust a sub-ca that issued google.com certificates. 'Distrusted AC
DG Tresor SSL' (bnc#854367)
Many CA updates from Mozilla:
* new: CA_Disig_Root_R1:2.9.0.195.3.154.238.80.144.110.40.crt server
auth, code signing, email signing
* new: CA_Disig_Root_R2:2.9.0.146.184.136.219.176.138.193.99.crt server
auth, code signing, email signing
* new:
China_Internet_Network_Information_Center_EV_Certificates_Root:2.4.72.159.0.1.crt
server auth
* changed:
Digital_Signature_Trust_Co._Global_CA_1:2.4.54.112.21.150.crt removed
code signing and server auth abilities
* changed:
Digital_Signature_Trust_Co._Global_CA_3:2.4.54.110.211.206.crt
removed code signing and server auth abilities
* new: D-TRUST_Root_Class_3_CA_2_2009:2.3.9.131.243.crt server auth
* new: D-TRUST_Root_Class_3_CA_2_EV_2009:2.3.9.131.244.crt server auth
* removed:
Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.185.102.crt
* new: Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.222.248.crt
* removed: Equifax_Secure_eBusiness_CA_2:2.4.55.112.207.181.crt
* new: PSCProcert:2.1.11.crt server auth, code signing, email signing
* new:
Swisscom_Root_CA_2:2.16.30.158.40.232.72.242.229.239.195.124.74.30.90.24.103.182.crt
server auth, code signing, email signing
* new:
Swisscom_Root_EV_CA_2:2.17.0.242.250.100.226.116.99.211.141.253.16.29.4.31.118.202.88.crt
server auth, code signing
* changed:
TC_TrustCenter_Universal_CA_III:2.14.99.37.0.1.0.2.20.141.51.21.2.228.108.244.crt
removed all abilities
* new: TURKTRUST_Certificate_Services_Provider_Root_2007:2.1.1.crt
server auth, code signing
* changed: TWCA_Root_Certification_Authority:2.1.1.crt added code
signing ability
* new 'EE Certification Centre Root CA'
* new 'T-TeleSec GlobalRoot Class 3'
* revoke mis-issued intermediate CAs from TURKTRUST.
SUSE bug 796628SUSE bug 854367cpe:/o:suse:suse_sled:11:sp2Security update for openvpnSUSE Linux Enterprise Desktop 11 SP2
OpenVPN used a non-constant-time memcmp in HMAC comparison in
openvpn_decrypt that might have allowed remote attackers to gain knowledge
of plaintext data. (CVE-2013-2061)
Security Issues:
* CVE-2013-2061
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2061>
SUSE bug 843509CVE-2013-2061cpe:/o:suse:suse_sled:11:sp2Security update for PerlSUSE Linux Enterprise Desktop 11 SP2
This update of Perl 5 fixes the following security issues:
* fix rehash DoS [bnc#804415] [CVE-2013-1667]
* improve CGI crlf escaping [bnc#789994] [CVE-2012-5526]
* fix glob denial of service [bnc#796014] [CVE-2011-2728]
* sanitize input in Maketext.pm [bnc#797060] [CVE-2012-6329]
Security Issue references:
* CVE-2013-1667
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667>
SUSE bug 789994SUSE bug 796014SUSE bug 797060SUSE bug 804415CVE-2013-1667cpe:/o:suse:suse_sled:11:sp2Security update for PostgreSQLSUSE Linux Enterprise Desktop 11 SP2
PostgreSQL has been updated to version 8.3.23 which fixes various bugs and
one security issue.
The security issue fixed in this release, CVE-2013-0255, allowed a
previously authenticated user to crash the server by calling an internal
function with invalid arguments. This issue was discovered by independent
security researcher Sumit Soni this week and reported via Secunia SVCRP,
and we are grateful for their efforts in making PostgreSQL more secure.
More information can be found at
http://www.postgresql.org/about/news/1446/
<http://www.postgresql.org/about/news/1446/>
Security Issue reference:
* CVE-2013-0255
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0255>
SUSE bug 802679CVE-2013-0255cpe:/o:suse:suse_sled:11:sp2Security update for puppetSUSE Linux Enterprise Desktop 11 SP2
This update for puppet fixes a remote code execution vulnerability in the
'resource_type' service. (CVE-2013-4761)
Additionally, the update prevents puppet from executing initialization
scripts that could trigger a system reboot when handling 'puppet resource
service' calls.
Security Issue reference:
* CVE-2013-4761
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761>
SUSE bug 835122SUSE bug 853982CVE-2013-4761cpe:/o:suse:suse_sled:11:sp2Security update for PythonSUSE Linux Enterprise Desktop 11 SP2
This python update fixes a certificate hostname issue.
* bnc#834601: CVE-2013-4238: python: SSL module does not handle
certificates that contain hostnames with NULL bytes
Security Issue reference:
* CVE-2013-4238
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238>
SUSE bug 834601CVE-2013-4238cpe:/o:suse:suse_sled:11:sp2Security update for rubySUSE Linux Enterprise Desktop 11 SP2
The following security issue has been fixed:
* CVE-2013-4164: heap overflow in float point parsing
Security Issue references:
* CVE-2013-4164
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164>
* CVE-2009-0689
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689>
SUSE bug 851803CVE-2009-0689CVE-2013-4164cpe:/o:suse:suse_sled:11:sp2Security update for strongswanSUSE Linux Enterprise Desktop 11 SP2
This strongswan update fixes security issues and bugs:
* CVE-2013-5018: Specially crafted XAuth usernames and EAP identities
can cause a crash in strongswan.
* CVE-2013-6075: A crafted ID packet can be used by remote attackers to
crash the server or potentially gain authentication privileges under
certain circumstances.
Also a bug with route recursion limits was fixed:
* Charon SEGFAULT when left=%any / recursion limit. (bnc#840826)
Security Issues:
* CVE-2013-5018
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5018>
SUSE bug 833278SUSE bug 840826SUSE bug 847506CVE-2013-5018cpe:/o:suse:suse_sled:11:sp2Security update for sudoSUSE Linux Enterprise Desktop 11 SP2
This update fixes the following security issues which allowed to bypass the
sudo authentication: CVE-2013-1775, CVE-2013-1776, CVE-2013-2776 and
CVE-2013-2777.
Security Issue references:
* CVE-2013-1775
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1775>
* CVE-2013-1776
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1776>
* CVE-2013-2776
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2776>
* CVE-2013-2777
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2777>
SUSE bug 806919SUSE bug 806921SUSE bug 817349SUSE bug 817350CVE-2013-1775CVE-2013-1776CVE-2013-2776CVE-2013-2777cpe:/o:suse:suse_sled:11:sp2Security update for telepathy-gabbleSUSE Linux Enterprise Desktop 11 SP2
telepathy-gabble was updated to fix several remotely-triggerable NULL
crashes (CVE-2013-1769)
Security Issues:
* CVE-2013-1769
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1769>
SUSE bug 807449CVE-2013-1769cpe:/o:suse:suse_sled:11:sp2Security update for telepathy-idleSUSE Linux Enterprise Desktop 11 SP2
Telepathy-idle did not check SSL certificates. CVE-2007-6746 was assigned
to this issue.
Security Issue reference:
* CVE-2007-6746
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6746>
SUSE bug 817120CVE-2007-6746cpe:/o:suse:suse_sled:11:sp2Security update for usbmuxdSUSE Linux Enterprise Desktop 11 SP2
This update of usbmuxd fixes a heap-based buffer overflow which could be
triggered via an overly long 'SerialNumber' field (CVE-2012-0065).
Security Issue reference:
* CVE-2012-0065
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0065>
SUSE bug 742546CVE-2012-0065cpe:/o:suse:suse_sled:11:sp2Security update for vinoSUSE Linux Enterprise Desktop 11 SP2
vino has been updated to fix a remote denial of service problem where
remote attackers could have caused a infinite loop in vino (CPU
consumption). (CVE-2013-5745)
Security Issue reference:
* CVE-2013-5745
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5745>
SUSE bug 843174CVE-2013-5745cpe:/o:suse:suse_sled:11:sp2Security update for wiresharkSUSE Linux Enterprise Desktop 11 SP2
wireshark was updated to security update version 1.8.12, fixing bugs and
security issues.
* The SIP dissector could go into an infinite loop.
wnpa-sec-2013-66 CVE-2013-7112
* The NTLMSSP v2 dissector could crash. Discovered by Garming Sam.
wnpa-sec-2013-68 CVE-2013-7114
Further bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.8.12.html
<https://www.wireshark.org/docs/relnotes/wireshark-1.8.12.html>
Security Issue references:
* CVE-2013-7112
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7112>
* CVE-2013-7113
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7113>
* CVE-2013-7114
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7114>
SUSE bug 855980SUSE bug 856496SUSE bug 856498CVE-2013-7112CVE-2013-7113CVE-2013-7114cpe:/o:suse:suse_sled:11:sp2Security update for XenSUSE Linux Enterprise Desktop 11 SP2
XEN has been updated to fix various bugs and security issues:
*
CVE-2013-0153: (XSA 36) To avoid an erratum in early hardware, the
Xen AMD IOMMU code by default choose to use a single interrupt
remapping table for the whole system. This sharing implied that any
guest with a passed through PCI device that is bus mastering capable
can inject interrupts into other guests, including domain 0. This has
been disabled for AMD chipsets not capable of it.
*
CVE-2012-6075: qemu: The e1000 had overflows under some conditions,
potentially corrupting memory.
*
CVE-2013-0154: (XSA 37) Hypervisor crash due to incorrect ASSERT
(debug build only)
*
CVE-2012-5634: (XSA-33) A VT-d interrupt remapping source validation
flaw was fixed.
Also the following bugs have been fixed:
* bnc#805094 - xen hot plug attach/detach fails
* bnc#802690 - domain locking can prevent a live migration from
completing
* bnc#797014 - no way to control live migrations
o fix logic error in stdiostream_progress
o restore logging in xc_save
o add options to control migration tunables
* bnc#806736: enabling xentrace crashes hypervisor
* Upstream patches from Jan 26287-sched-credit-pick-idle.patch
26501-VMX-simplify-CR0-update.patch
26502-VMX-disable-SMEP-when-not-paging.patch
26516-ACPI-parse-table-retval.patch (Replaces
CVE-2013-0153-xsa36.patch) 26517-AMD-IOMMU-clear-irtes.patch
(Replaces CVE-2013-0153-xsa36.patch)
26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch (Replaces
CVE-2013-0153-xsa36.patch)
26519-AMD-IOMMU-perdev-intremap-default.patch (Replaces
CVE-2013-0153-xsa36.patch) 26526-pvdrv-no-devinit.patch
26531-AMD-IOMMU-IVHD-special-missing.patch (Replaces
CVE-2013-0153-xsa36.patch)
* bnc#798188 - Add $network to xend initscript dependencies
* bnc#799694 - Unable to dvd or cdrom-boot DomU after xen-tools update
Fixed with update to Xen version 4.1.4
* bnc#800156 - L3: HP iLo Generate NMI function not working in XEN
kernel
* Upstream patches from Jan 26404-x86-forward-both-NMI-kinds.patch
26427-x86-AMD-enable-WC+.patch
* bnc#793927 - Xen VMs with more than 2 disks randomly fail to start
* Upstream patches from Jan 26332-x86-compat-show-guest-stack-mfn.patch
26333-x86-get_page_type-assert.patch (Replaces
CVE-2013-0154-xsa37.patch)
26340-VT-d-intremap-verify-legacy-bridge.patch (Replaces
CVE-2012-5634-xsa33.patch) 26370-libxc-x86-initial-mapping-fit.patch
* Update to Xen 4.1.4 c/s 23432
* Update xenpaging.guest-memusage.patch add rule for xenmem to avoid
spurious build failures
* Upstream patches from Jan 26179-PCI-find-next-cap.patch
26183-x86-HPET-masking.patch 26188-x86-time-scale-asm.patch
26200-IOMMU-debug-verbose.patch 26203-x86-HAP-dirty-vram-leak.patch
26229-gnttab-version-switch.patch (Replaces
CVE-2012-5510-xsa26.patch) 26230-x86-HVM-limit-batches.patch
(Replaces CVE-2012-5511-xsa27.patch)
26231-memory-exchange-checks.patch (Replaces
CVE-2012-5513-xsa29.patch) 26232-x86-mark-PoD-error-path.patch
(Replaces CVE-2012-5514-xsa30.patch) 26233-memop-order-checks.patch
(Replaces CVE-2012-5515-xsa31.patch)
26235-IOMMU-ATS-max-queue-depth.patch
26272-x86-EFI-makefile-cflags-filter.patch
26294-x86-AMD-Fam15-way-access-filter.patch CVE-2013-0154-xsa37.patch
* Restore c/s 25751 in 23614-x86_64-EFI-boot.patch. Modify the EFI
Makefile to do additional filtering.
Security Issue references:
* CVE-2013-0153
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0153>
* CVE-2012-6075
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6075>
* CVE-2012-5634
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5634>
SUSE bug 793927SUSE bug 794316SUSE bug 797014SUSE bug 797031SUSE bug 797523SUSE bug 798188SUSE bug 799694SUSE bug 800156SUSE bug 800275SUSE bug 802690SUSE bug 805094SUSE bug 806736CVE-2012-5634CVE-2012-6075CVE-2013-0153cpe:/o:suse:suse_sled:11:sp2Security update for Xen and libvirtSUSE Linux Enterprise Desktop 11 SP2
Xen was updated to fix several security issues:
*
CVE-2012-3433: A xen HVM guest destroy p2m teardown host DoS
vulnerability was fixed, where malicious guest could lock/crash the
host.
*
CVE-2012-3432: A xen HVM guest user mode MMIO emulation DoS was
fixed.
*
CVE-2012-2625: The xen pv bootloader doesn't check the size of the
bzip2 or lzma compressed kernel, leading to denial of service
(crash).
Also the following bug in XEN has been fixed:
* bnc#746702 - Xen HVM DomU crash during Windows Server 2008 R2
install, when maxmem > memory
This update also included bugfixes for:
*
vm-install: - bnc#762963 - ReaR: Unable to recover a paravirtualized
XEN guest
*
virt-manager - SLE11-SP2 ONLY
* bnc#764982 - virt-manager fails to start after upgrade to SLES11 SP2
from SLES10
Security Issue reference:
* CVE-2012-3432
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3432>
SUSE bug 746702SUSE bug 762484SUSE bug 762963SUSE bug 764982SUSE bug 766283SUSE bug 773393SUSE bug 773401SUSE bug 773955CVE-2012-3432cpe:/o:suse:suse_sled:11:sp2Security update for XenSUSE Linux Enterprise Desktop 11 SP2
XEN was updated 4.1.3 to fix multiple bugs and security issues.
The following security issues have been fixed:
* CVE-2012-3494: xen: hypercall set_debugreg vulnerability (XSA-12)
* CVE-2012-3495: xen: hypercall physdev_get_free_pirq vulnerability
(XSA-13)
* CVE-2012-3496: xen: XENMEM_populate_physmap DoS vulnerability
(XSA-14)
* CVE-2012-3498: xen: PHYSDEVOP_map_pirq index vulnerability (XSA-16)
* CVE-2012-3515: xen: Qemu VT100 emulation vulnerability (XSA-17)
Also the following bugs have been fixed:
* pvscsi support of attaching Luns - bnc#776995
The following related bugs in vm-install 0.5.12 have been fixed:
* bnc#776300 - vm-install does not pass --extra-args in --upgrade
* Add for support Open Enterprise Server 11
* Add support for Windows 8 and Windows Server 2012
* Add support for Ubuntu 12 (Precise Pangolin)
Security Issue references:
* CVE-2012-3496
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3496>
* CVE-2012-3494
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3494>
* CVE-2012-3495
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3495>
* CVE-2012-3498
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3498>
* CVE-2012-3515
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3515>
SUSE bug 776300SUSE bug 776995SUSE bug 777084SUSE bug 777086SUSE bug 777088SUSE bug 777090SUSE bug 777091CVE-2012-3494CVE-2012-3495CVE-2012-3496CVE-2012-3498CVE-2012-3515cpe:/o:suse:suse_sled:11:sp2Security update for XenSUSE Linux Enterprise Desktop 11 SP2
XEN was updated to fix various bugs and security issues:
The following security issues have been fixed:
* CVE-2012-4544: xen: Domain builder Out-of-memory due to malicious
kernel/ramdisk (XSA 25)
* CVE-2012-4411: XEN / qemu: guest administrator can access qemu
monitor console (XSA-19)
* CVE-2012-4535: xen: Timer overflow DoS vulnerability (XSA 20)
* CVE-2012-4536: xen: pirq range check DoS vulnerability (XSA 21)
* CVE-2012-4537: xen: Memory mapping failure DoS vulnerability (XSA 22)
* CVE-2012-4538: xen: Unhooking empty PAE entries DoS vulnerability
(XSA 23)
* CVE-2012-4539: xen: Grant table hypercall infinite loop DoS
vulnerability (XSA 24)
* CVE-2012-3497: xen: multiple TMEM hypercall vulnerabilities (XSA-15)
Also the following bugs have been fixed and upstream patches have been
applied:
*
bnc#784087 - L3: Xen BUG at io_apic.c:129
26102-x86-IOAPIC-legacy-not-first.patch
*
Upstream patches merged:
26054-x86-AMD-perf-ctr-init.patch
26055-x86-oprof-hvm-mode.patch
26056-page-alloc-flush-filter.patch
26061-x86-oprof-counter-range.patch
26062-ACPI-ERST-move-data.patch
26063-x86-HPET-affinity-lock.patch
26093-HVM-PoD-grant-mem-type.patch
25931-x86-domctl-iomem-mapping-checks.patch
25952-x86-MMIO-remap-permissions.patch
25808-domain_create-return-value.patch
25814-x86_64-set-debugreg-guest.patch
25815-x86-PoD-no-bug-in-non-translated.patch
25816-x86-hvm-map-pirq-range-check.patch
25833-32on64-bogus-pt_base-adjust.patch
25834-x86-S3-MSI-resume.patch
25835-adjust-rcu-lock-domain.patch
25836-VT-d-S3-MSI-resume.patch
25850-tmem-xsa-15-1.patch
25851-tmem-xsa-15-2.patch
25852-tmem-xsa-15-3.patch
25853-tmem-xsa-15-4.patch
25854-tmem-xsa-15-5.patch
25855-tmem-xsa-15-6.patch
25856-tmem-xsa-15-7.patch
25857-tmem-xsa-15-8.patch
25858-tmem-xsa-15-9.patch
25859-tmem-missing-break.patch
25860-tmem-cleanup.patch
25883-pt-MSI-cleanup.patch
25927-x86-domctl-ioport-mapping-range.patch
25929-tmem-restore-pool-version.patch
*
bnc#778105 - first XEN-PV VM fails to spawn
xend: Increase wait time for disk to appear in host bootloader
Modified existing xen-domUloader.diff
25752-ACPI-pm-op-valid-cpu.patch
25754-x86-PoD-early-access.patch
25755-x86-PoD-types.patch
25756-x86-MMIO-max-mapped-pfn.patch
Security Issue references:
* CVE-2012-4539
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539>
* CVE-2012-3497
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3497>
* CVE-2012-4411
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4411>
* CVE-2012-4535
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535>
* CVE-2012-4537
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537>
* CVE-2012-4536
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4536>
* CVE-2012-4538
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4538>
* CVE-2012-4539
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539>
* CVE-2012-4544
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4544>
SUSE bug 777890SUSE bug 778105SUSE bug 779212SUSE bug 784087SUSE bug 786516SUSE bug 786517SUSE bug 786518SUSE bug 786519SUSE bug 786520SUSE bug 787163CVE-2012-3497CVE-2012-4411CVE-2012-4535CVE-2012-4536CVE-2012-4537CVE-2012-4538CVE-2012-4539CVE-2012-4544cpe:/o:suse:suse_sled:11:sp2Security update for XenSUSE Linux Enterprise Desktop 11 SP2
XEN has been updated to 4.1.5 c/s 23509 to fix various bugs and security
issues.
The following security issues have been fixed:
*
CVE-2013-1918: Certain page table manipulation operations in Xen
4.1.x, 4.2.x, and earlier were not preemptible, which allowed local
PV kernels to cause a denial of service via vectors related to deep
page table traversal.
*
CVE-2013-1952: Xen 4.x, when using Intel VT-d for a bus mastering
capable PCI device, did not properly check the source when accessing
a bridge devices interrupt remapping table entries for MSI
interrupts, which allowed local guest domains to cause a denial of
service (interrupt injection) via unspecified vectors.
*
CVE-2013-2076: A information leak in the XSAVE/XRSTOR instructions
could be used to determine state of floating point operations in
other domains.
*
CVE-2013-2077: A denial of service (hypervisor crash) was possible
due to missing exception recovery on XRSTOR, that could be used to
crash the machine by PV guest users.
*
CVE-2013-2078: A denial of service (hypervisor crash) was possible
due to missing exception recovery on XSETBV, that could be used to
crash the machine by PV guest users.
*
CVE-2013-2072: Systems which allow untrusted administrators to
configure guest vcpu affinity may be exploited to trigger a buffer
overrun and corrupt memory.
*
CVE-2013-1917: Xen 3.1 through 4.x, when running 64-bit hosts on
Intel CPUs, did not clear the NT flag when using an IRET after a
SYSENTER instruction, which allowed PV guest users to cause a denial
of service (hypervisor crash) by triggering a #GP fault, which is not
properly handled by another IRET instruction.
*
CVE-2013-1919: Xen 4.2.x and 4.1.x did not properly restrict access
to IRQs, which allowed local stub domain clients to gain access to
IRQs and cause a denial of service via vectors related to
'passed-through IRQs or PCI devices.'
*
CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is
running 'under memory pressure' and the Xen Security Module (XSM) is
enabled, used the wrong ordering of operations when extending the
per-domain event channel tracking table, which caused a
use-after-free and allowed local guest kernels to inject arbitrary
events and gain privileges via unspecified vectors.
*
CVE-2013-1964: Xen 4.0.x and 4.1.x incorrectly released a grant
reference when releasing a non-v1, non-transitive grant, which
allowed local guest administrators to cause a denial of service (host
crash), obtain sensitive information, or possible have other impacts
via unspecified vectors.
Bugfixes:
*
Upstream patches from Jan
26956-x86-mm-preemptible-cleanup.patch
27071-x86-IO-APIC-fix-guest-RTE-write-corner-cases.patch
27072-x86-shadow-fix-off-by-one-in-MMIO-permission-check.patch
27079-fix-XSA-46-regression-with-xend-xm.patch
27083-AMD-iommu-SR56x0-Erratum-64-Reset-all-head-tail-pointers.patch
*
Update to Xen 4.1.5 c/s 23509
There were many xen.spec file patches dropped as now being included
in the 4.1.5 tarball.
*
bnc#809662 - can't use pv-grub to start domU (pygrub does work)
xen.spec
*
Upstream patches from Jan
26702-powernow-add-fixups-for-AMD-P-state-figures.patch
26704-x86-MCA-suppress-bank-clearing-for-certain-injected-events.patch
26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iommu-mappings.patch
26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.patch
26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-messages.patch
26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.patch
26737-ACPI-APEI-Add-apei_exec_run_optional.patch
26742-IOMMU-properly-check-whether-interrupt-remapping-is-enabled.patch
26743-VT-d-deal-with-5500-5520-X58-errata.patch
26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping.patch
26749-x86-reserve-pages-when-SandyBridge-integrated-graphics.patch
26765-hvm-Clean-up-vlapic_reg_write-error-propagation.patch
26770-x86-irq_move_cleanup_interrupt-must-ignore-legacy-vectors.patch
26771-x86-S3-Restore-broken-vcpu-affinity-on-resume.patch
26772-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-mode.patch
26773-x86-mm-shadow-spurious-warning-when-unmapping-xenheap-pages.patch
26799-x86-don-t-pass-negative-time-to-gtime_to_gtsc.patch
26851-iommu-crash-Interrupt-remapping-is-also-disabled-on-crash.patch
*
bnc#814709 - Unable to create XEN virtual machines in SLED 11 SP2 on
Kyoto
xend-cpuinfo-model-name.patch
*
Upstream patches from Jan
26536-xenoprof-div-by-0.patch
26578-AMD-IOMMU-replace-BUG_ON.patch
26656-x86-fix-null-pointer-dereference-in-intel_get_extended_msrs.patch
26659-AMD-IOMMU-erratum-746-workaround.patch
26660-x86-fix-CMCI-injection.patch
26672-vmx-fix-handling-of-NMI-VMEXIT.patch
26673-Avoid-stale-pointer-when-moving-domain-to-another-cpupool.patch
26676-fix-compat-memory-exchange-op-splitting.patch
26677-x86-make-certain-memory-sub-ops-return-valid-values.patch
26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch
26679-x86-defer-processing-events-on-the-NMI-exit-path.patch
26683-credit1-Use-atomic-bit-operations-for-the-flags-structure.patch
26692-x86-MSI-fully-protect-MSI-X-table.patch
Security Issue references:
* CVE-2013-1917
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1917>
* CVE-2013-1918
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918>
* CVE-2013-1919
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1919>
* CVE-2013-1920
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1920>
* CVE-2013-1952
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1952>
* CVE-2013-1964
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1964>
* CVE-2013-2072
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2072>
* CVE-2013-2076
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076>
* CVE-2013-2077
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077>
* CVE-2013-2078
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2078>
SUSE bug 801663SUSE bug 809662SUSE bug 813673SUSE bug 813675SUSE bug 813677SUSE bug 814709SUSE bug 816156SUSE bug 816159SUSE bug 816163SUSE bug 819416SUSE bug 820917SUSE bug 820919SUSE bug 820920CVE-2013-1917CVE-2013-1918CVE-2013-1919CVE-2013-1920CVE-2013-1952CVE-2013-1964CVE-2013-2072CVE-2013-2076CVE-2013-2077CVE-2013-2078cpe:/o:suse:suse_sled:11:sp2Security update for XenSUSE Linux Enterprise Desktop 11 SP2
XEN has been updated to version 4.1.6 which fixes various bugs and security
issues.
* CVE-2013-4416: XSA-72: Fixed ocaml xenstored that mishandled
oversized message replies.
* CVE-2013-4355: XSA-63: Fixed information leaks through I/O
instruction emulation
* CVE-2013-4361: XSA-66: Fixed information leak through fbld
instruction emulation
* CVE-2013-4368: XSA-67: Fixed information leak through outs
instruction emulation
* CVE-2013-1442: XSA-62: Fixed information leak on AVX and/or LWP
capable CPUs
* CVE-2013-4329: XSA-61: libxl partially sets up HVM passthrough even
with disabled iommu
* CVE-2013-1432: XSA-58: x86: fix page refcount handling in page table
pin error path
* CVE-2013-2211: XSA-57: libxl allows guest write access to sensitive
console related xenstore keys
* xen: XSA-55: Multiple vulnerabilities in libelf PV kernel handling
(CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)
Various bugs have also been fixed:
* Improvements to block-dmmd script (bnc#828623)
* MTU size on Dom0 gets reset when booting DomU with e1000 device
(bnc#840196)
* In HP's UEFI x86_64 platform and with xen environment, in booting
stage ,xen hypervisor will panic. (bnc#833251)
* Xen: migration broken from xsave-capable to xsave-incapable host
(bnc#833796)
* In xen, 'shutdown -y 0 -h' cannot power off system (bnc#834751)
* In HP's UEFI x86_64 platform and sles11sp3 with xen environment, xen
hypervisor will panic on multiple blades nPar. (bnc#839600)
* Failed to setup devices for vm instance when start multiple vms
simultaneously (bnc#824676)
* migrate.py support of short options dropped by PTF (bnc#824676)
* after live migration rcu_sched_state detected stalls add new option
xm migrate --min_remaing (bnc#803712)
* various upstream fixes have been included
Security Issue references:
* CVE-2013-1432
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432>
* CVE-2013-1442
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442>
* CVE-2013-2194
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194>
* CVE-2013-2195
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195>
* CVE-2013-2196
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196>
* CVE-2013-2211
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211>
* CVE-2013-4329
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329>
* CVE-2013-4355
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355>
* CVE-2013-4361
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361>
* CVE-2013-4368
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368>
* CVE-2013-4416
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4416>
SUSE bug 803712SUSE bug 823011SUSE bug 823608SUSE bug 823786SUSE bug 824676SUSE bug 826882SUSE bug 828623SUSE bug 833251SUSE bug 833796SUSE bug 834751SUSE bug 839596SUSE bug 839600SUSE bug 839618SUSE bug 840196SUSE bug 840592SUSE bug 841766SUSE bug 842511SUSE bug 845520CVE-2013-1432CVE-2013-1442CVE-2013-2194CVE-2013-2195CVE-2013-2196CVE-2013-2211CVE-2013-4329CVE-2013-4355CVE-2013-4361CVE-2013-4368CVE-2013-4416cpe:/o:suse:suse_sled:11:sp2Security update for XenSUSE Linux Enterprise Desktop 11 SP2
Xen has been updated to fix a security issue and a bug:
* CVE-2013-4494: XSA-73: A lock order reversal between page allocation
and grant table locks could lead to host crashes or even host code
execution.
A non-security bug has also been fixed:
* It is possible to start a VM twice on the same node (bnc#840997)
Security Issue references:
* CVE-2013-4494
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494>
SUSE bug 840997SUSE bug 848657CVE-2013-4494cpe:/o:suse:suse_sled:11:sp2Security update for xorg-x11-serverSUSE Linux Enterprise Desktop 11 SP2
This update fixes the following security issue with xorg-x11-server:
* bnc#853846: integer underflow when handling trapezoids
(CVE-2013-6424)
Security Issue reference:
* CVE-2013-6424
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6424>
SUSE bug 853846CVE-2013-6424cpe:/o:suse:suse_sled:11:sp2Security update for xorg-x11SUSE Linux Enterprise Desktop 11 SP2
This update fixes a stack buffer overflow in xorg-x11 in the
bdfReadCharacters() function. CVE-2013-6462 has been assigned to this
issue.
Security Issue reference:
* CVE-2013-6462
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462>
SUSE bug 854915CVE-2013-6462cpe:/o:suse:suse_sled:11:sp2Security update for xorg-x11-libX11SUSE Linux Enterprise Desktop 11 SP2
This update of xorg-x11-libX11 fixes several security issues (bnc#815451,
bnc#821664).
Security Issue references:
* CVE-2013-1981
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1981>
* CVE-2013-1997
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1997>
* CVE-2013-2004
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2004>
SUSE bug 815451SUSE bug 821664CVE-2013-1981CVE-2013-1997CVE-2013-2004cpe:/o:suse:suse_sled:11:sp2Security update for xorg-x11-libXextSUSE Linux Enterprise Desktop 11 SP2
This update of xorg-x11-libXext fixes several integer overflow issues
(bnc#815451, bnc#821665, CVE-2013-1982)
Security Issue reference:
* CVE-2013-1982
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1982>
SUSE bug 815451SUSE bug 821665CVE-2013-1982cpe:/o:suse:suse_sled:11:sp2Security update for xorg-x11-libXfixesSUSE Linux Enterprise Desktop 11 SP2
This update of xorg-x11-libXfixes fixes a integer overflow issue
(bnc#815451, bnc#821667, CVE-2013-1983).
Security Issue reference:
* CVE-2013-1983
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1983>
SUSE bug 815451SUSE bug 821667CVE-2013-1983cpe:/o:suse:suse_sled:11:sp2Security update for xorg-x11-libXpSUSE Linux Enterprise Desktop 11 SP2
This update of xorg-x11-libXp fixes several integer overflow issues
(bnc#815451, bnc#821668, CVE-2013-2062).
Security Issue reference:
* CVE-2013-2062
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2062>
SUSE bug 815451SUSE bug 821668CVE-2013-2062cpe:/o:suse:suse_sled:11:sp2Security update for xorg-x11-libXrenderSUSE Linux Enterprise Desktop 11 SP2
This update of xorg-x11-libXrender fixes several integer overflow issues
(bnc#815451, bnc#821669, CVE-2013-1987).
Security Issue reference:
* CVE-2013-1987
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1987>
SUSE bug 815451SUSE bug 821669CVE-2013-1987cpe:/o:suse:suse_sled:11:sp2Security update for xorg-x11-libXtSUSE Linux Enterprise Desktop 11 SP2
This update of xorg-x11-libXt fixes several integer and buffer overflow
issues (bnc#815451, bnc#821670, CVE-2013-2002, CVE-2013-2005).
Security Issue references:
* CVE-2013-2002
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2002>
* CVE-2013-2005
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2005>
SUSE bug 815451SUSE bug 821670CVE-2013-2002CVE-2013-2005cpe:/o:suse:suse_sled:11:sp2Security update for xorg-x11-libXvSUSE Linux Enterprise Desktop 11 SP2
This update of xorg-x11-libXv fixes several integer and buffer overflow
issues (bnc#815451, bnc#821671, CVE-2013-1989, CVE-2013-2066).
Security Issue references:
* CVE-2013-1989
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1989>
* CVE-2013-2066
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2066>
SUSE bug 815451SUSE bug 821671CVE-2013-1989CVE-2013-2066cpe:/o:suse:suse_sled:11:sp2Security update for xorg-x11-libxcbSUSE Linux Enterprise Desktop 11 SP2
This update for xorg-x11-libxcb addresses the following security issues:
* Fix a deadlock with multi-threaded applications running on real time
kernels. (bnc#818829)
* Fix an integer overflow in read_packet(). (bnc#821584, CVE-2013-2064)
Security Issues:
* CVE-2013-2064
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2064>
SUSE bug 818829SUSE bug 821584CVE-2013-2064cpe:/o:suse:suse_sled:11:sp2Security update for zypperSUSE Linux Enterprise Desktop 11 SP2
The following issue has been fixed:
* The zypper setuid wrapper linked against libzypp. This is not needed
and added unnecessary attack vectors. CVE-2012-0420 has been assigned
to this issue.
Security Issue reference:
* CVE-2012-0420
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0420>
SUSE bug 770630CVE-2012-0420cpe:/o:suse:suse_sled:11:sp2Security update for MozillaFirefoxSUSE Linux Enterprise Desktop 11 SP3
MozillaFirefox was updated to version 24.6.0 to fix six security issues:
* Miscellaneous memory safety hazards. (CVE-2014-1533, CVE-2014-1534)
* Use-after-free and out of bounds issues found using Address
Sanitizer. (CVE-2014-1536, CVE-2014-1537, CVE-2014-1538)
* Use-after-free with SMIL Animation Controller. (CVE-2014-1541)
mozilla-nspr was updated to version 4.10.6 to fix one security issue:
* Out of bounds write in NSPR. (CVE-2014-1545)
Further information can be found at
https://www.mozilla.org/security/announce/
<https://www.mozilla.org/security/announce/> .
Security Issues references:
* CVE-2014-1533
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1533>
* CVE-2014-1534
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1534>
* CVE-2014-1536
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1536>
* CVE-2014-1537
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1537>
* CVE-2014-1538
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1538>
* CVE-2014-1541
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1541>
* CVE-2014-1545
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545>
SUSE bug 881874CVE-2014-1533CVE-2014-1534CVE-2014-1536CVE-2014-1537CVE-2014-1538CVE-2014-1541CVE-2014-1545cpe:/o:suse:suse_sled:11:sp3Security update for Image MagickSUSE Linux Enterprise Desktop 11 SP3
ImageMagick has been updated to fix four security issues:
* Crafted jpeg file could have lead to a Denial of Service
(CVE-2014-8716).
* Out-of-bounds memory access in resize code (CVE-2014-8354)
* Out-of-bounds memory access in PCX parser (CVE-2014-8355).
* Out-of-bounds memory error in DCM decode (CVE-2014-8562).
Security Issues:
* CVE-2014-8716
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8716>
* CVE-2014-8355
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8355>
* CVE-2014-8354
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8354>
* CVE-2014-8562
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8562>
SUSE bug 903204SUSE bug 903216SUSE bug 903638SUSE bug 905260CVE-2014-8354CVE-2014-8355CVE-2014-8562CVE-2014-8716cpe:/o:suse:suse_sled:11:sp3Security update for Mozilla FirefoxSUSE Linux Enterprise Desktop 11 SP3
This update to Firefox 17.0.9esr (bnc#840485) addresses:
* MFSA 2013-91 User-defined properties on DOM proxies get the wrong
'this' object
o (CVE-2013-1737)
* MFSA 2013-90 Memory corruption involving scrolling
o use-after-free in mozilla::layout::ScrollbarActivity
(CVE-2013-1735)
o Memory corruption in nsGfxScrollFrameInner::IsLTR()
(CVE-2013-1736)
* MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
o buffer overflow at nsFloatManager::GetFlowArea() with multicol,
list, floats (CVE-2013-1732)
* MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
o compartment mismatch in nsXBLBinding::DoInitJSClass
(CVE-2013-1730)
* MFSA 2013-83 Mozilla Updater does not lock MAR file after signature
verification
o MAR signature bypass in Updater could lead to downgrade
(CVE-2013-1726)
* MFSA 2013-82 Calling scope for new Javascript objects can lead to
memory corruption
o ABORT: bad scope for new JSObjects: ReparentWrapper /
document.open (CVE-2013-1725)
* MFSA 2013-79 Use-after-free in Animation Manager during stylesheet
cloning
o Heap-use-after-free in nsAnimationManager::BuildAnimations
(CVE-2013-1722)
* MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 /
rv:17.0.9)
o Memory safety bugs fixed in Firefox 17.0.9 and Firefox 24.0
(CVE-2013-1718)
* MFSA 2013-65 Buffer underflow when generating CRMF requests
o ASAN heap-buffer-overflow (read 1) in
cryptojs_interpret_key_gen_type (CVE-2013-1705)
Security Issue references:
* CVE-2013-1737
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1737>
* CVE-2013-1735
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1735>
* CVE-2013-1736
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1736>
* CVE-2013-1732
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1732>
* CVE-2013-1730
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1730>
* CVE-2013-1726
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1726>
* CVE-2013-1725
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1725>
* CVE-2013-1722
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1722>
* CVE-2013-1718
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1718>
* CVE-2013-1705
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1705>
SUSE bug 840485CVE-2013-1705CVE-2013-1718CVE-2013-1722CVE-2013-1725CVE-2013-1726CVE-2013-1730CVE-2013-1732CVE-2013-1735CVE-2013-1736CVE-2013-1737cpe:/o:suse:suse_sled:11:sp3Security update for MozillaFirefox (Critical)SUSE Linux Enterprise Desktop 11 SP3
This security update (bsc#940918) fixes the following issues:
* MFSA 2015-78 (CVE-2015-4495, bmo#1178058): Same origin violation
* Remove PlayPreview registration from PDF Viewer (bmo#1179262)
CriticalSUSE bug 940918CVE-2015-4495cpe:/o:suse:suse_sled:11:sp3Security update for MozillaFirefox (Important)SUSE Linux Enterprise Desktop 11 SP3
MozillaFirefox was updated to version 38.5.0 esr to fix the following issues:
Following security issues were fixed:
* MFSA 2015-134/CVE-2015-7201/CVE-2015-7202
Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)
* MFSA 2015-138/CVE-2015-7210
Use-after-free in WebRTC when datachannel is used after being
destroyed
* MFSA 2015-139/CVE-2015-7212
Integer overflow allocating extremely large textures
* MFSA 2015-145/CVE-2015-7205
Underflow through code inspection
* MFSA 2015-146/CVE-2015-7213
Integer overflow in MP4 playback in 64-bit versions
* MFSA 2015-147/CVE-2015-7222
Integer underflow and buffer overflow processing MP4 metadata
in libstagefright
* MFSA 2015-149/CVE-2015-7214
Cross-site reading attack through data and view-source URIs
ImportantSUSE bug 959277CVE-2015-7201CVE-2015-7202CVE-2015-7205CVE-2015-7210CVE-2015-7212CVE-2015-7213CVE-2015-7214CVE-2015-7222cpe:/o:suse:suse_sled:11:sp3Security update for Mozilla FirefoxSUSE Linux Enterprise Desktop 11 SP3
This Mozilla Firefox and Mozilla NSS update to 24.5.0esr fixes the
following several security and non-security issues:
* MFSA 2014-34/CVE-2014-1518
Miscellaneous memory safety hazards
* MFSA 2014-37/CVE-2014-1523
Out of bounds read while decoding JPG images
* MFSA 2014-38/CVE-2014-1524
Buffer overflow when using non-XBL object as XBL
* MFSA 2014-42/CVE-2014-1529
Privilege escalation through Web Notification API
* MFSA 2014-43/CVE-2014-1530
Cross-site scripting (XSS) using history navigations
* MFSA 2014-44/CVE-2014-1531
Use-after-free in imgLoader while resizing images
* MFSA 2014-46/CVE-2014-1532
Use-after-free in nsHostResolver
Mozilla NSS has been updated to 3.16:
* required for Firefox 29
* CVE-2014-1492: In a wildcard certificate, the wildcard character
should not be embedded within the U-label of an internationalized
domain name. See the last bullet point in RFC 6125, Section 7.2.
* Update of root certificates.
Security Issue references:
* CVE-2014-1532
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1532>
* CVE-2014-1531
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1531>
* CVE-2014-1530
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1530>
* CVE-2014-1529
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1529>
* CVE-2014-1524
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1524>
* CVE-2014-1523
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1523>
* CVE-2014-1520
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1520>
* CVE-2014-1518
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1518>
SUSE bug 865539SUSE bug 869827SUSE bug 875378SUSE bug 875803CVE-2014-1518CVE-2014-1520CVE-2014-1523CVE-2014-1524CVE-2014-1529CVE-2014-1530CVE-2014-1531CVE-2014-1532cpe:/o:suse:suse_sled:11:sp3Security update for Mozilla FirefoxSUSE Linux Enterprise Desktop 11 SP3
Mozilla Firefox was updated to 31.6.0 ESR to fix five security issues.
The following vulnerabilities have been fixed:
* Miscellaneous memory safety hazards (MFSA
2015-30/CVE-2015-0814/CVE-2015-0815)
* Use-after-free when using the Fluendo MP3 GStreamer plugin (MFSA
2015-31/CVE-2015-0813)
* resource:// documents can load privileged pages (MFSA
2015-33/CVE-2015-0816)
* CORS requests should not follow 30x redirections after preflight
(MFSA 2015-37/CVE-2015-0807)
* Same-origin bypass through anchor navigation (MFSA
2015-40/CVE-2015-0801)
Security Issues:
* CVE-2015-0801
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0801>
* CVE-2015-0807
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0807>
* CVE-2015-0813
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0813>
* CVE-2015-0814
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0814>
* CVE-2015-0816
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0816>
SUSE bug 925368CVE-2015-0801CVE-2015-0807CVE-2015-0813CVE-2015-0814CVE-2015-0816cpe:/o:suse:suse_sled:11:sp3Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)SUSE Linux Enterprise Desktop 11 SP3
MozillaFirefox, mozilla-nspr and mozilla-nss were updated to fix 17 security issues.
For more details please check the changelogs.
These security issues were fixed:
- CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979).
- CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979).
- CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979).
- CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979).
- CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979).
- CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979).
- CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033).
- CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979).
This non-security issue was fixed:
- bsc#908275: Firefox did not print in landscape orientation.
ImportantSUSE bug 908275SUSE bug 935033SUSE bug 935979CVE-2015-2721CVE-2015-2722CVE-2015-2724CVE-2015-2725CVE-2015-2726CVE-2015-2728CVE-2015-2730CVE-2015-2733CVE-2015-2734CVE-2015-2735CVE-2015-2736CVE-2015-2737CVE-2015-2738CVE-2015-2739CVE-2015-2740CVE-2015-2743CVE-2015-4000cpe:/o:suse:suse_sled:11:sp3Security update for a2psSUSE Linux Enterprise Desktop 11 SP3
The text to postscript converter a2ps received a security update.
The fixps script did not call ghostscript with the -DSAFER option, allowing
command execution by attacker supplied postscript files.
Security Issue reference:
* CVE-2014-0466
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0466>
SUSE bug 871097CVE-2014-0466cpe:/o:suse:suse_sled:11:sp3Security update for acroreadSUSE Linux Enterprise Desktop 11 SP3
Adobe has discontinued the support of Adobe Reader for Linux in June 2013.
Newer security problems and bugs are no longer fixed.
As the Adobe Reader is binary only software and we cannot provide a
replacement, SUSE declares the acroread package of Adobe Reader as being
out of support and unmaintained.
If you do not need Acrobat Reader, we recommend to uninstall the 'acroread'
package.
This update removes the Acrobat Reader PDF plugin to avoid automatic
exploitation by clicking on web pages with embedded PDFs.
The stand alone 'acroread' binary is still available, but again, we do not
recommend to use it.
SUSE bug 843835cpe:/o:suse:suse_sled:11:sp3Security update for augeasSUSE Linux Enterprise Desktop 11 SP3
Augeas has been updated to fix a symlink overwrite problem (CVE-2012-0786,
CVE-2013-6412).
Also a bug has been fixed where 'augtool -s set was failing' (bnc#876044)
Additionally parsing the multipath configuration has been fixed. bnc#871323
Security Issues:
* CVE-2012-0786
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0786>
* CVE-2013-6412
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6412>
SUSE bug 853044SUSE bug 871323SUSE bug 876044SUSE bug 885003CVE-2012-0786CVE-2013-6412cpe:/o:suse:suse_sled:11:sp3Security update for augeas (Moderate)SUSE Linux Enterprise Desktop 11 SP3
This update fixes an untrusted argument escaping problem (CVE-2014-8119):
* new API - aug_escape_name() - which can be used to escape
untrusted inputs before using them as part of path expressions
* aug_match() is changed to return properly escaped output
ModerateSUSE bug 925225CVE-2014-8119cpe:/o:suse:suse_sled:11:sp3Security update for bashSUSE Linux Enterprise Desktop 11 SP3
The command-line shell 'bash' evaluates environment variables, which allows
the injection of characters and might be used to access files on the system
in some circumstances (CVE-2014-7169).
Please note that this issue is different from a previously fixed
vulnerability tracked under CVE-2014-6271 and is less serious due to the
special, non-default system configuration that is needed to create an
exploitable situation.
To remove further exploitation potential we now limit the
function-in-environment variable to variables prefixed with BASH_FUNC_.
This hardening feature is work in progress and might be improved in later
updates.
Additionally, two other security issues have been fixed:
* CVE-2014-7186: Nested HERE documents could lead to a crash of bash.
* CVE-2014-7187: Nesting of for loops could lead to a crash of bash.
Security Issues:
* CVE-2014-7169
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169>
* CVE-2014-7186
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186>
* CVE-2014-7187
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187>
SUSE bug 898346SUSE bug 898603SUSE bug 898604CVE-2014-7169CVE-2014-7186CVE-2014-7187cpe:/o:suse:suse_sled:11:sp3Security update for bindSUSE Linux Enterprise Desktop 11 SP3
This update fixes a DoS vulnerability in bind when handling malformed
NSEC3-signed zones. CVE-2014-0591 has been assigned to this issue.
Security Issue references:
* CVE-2014-0591
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591>
SUSE bug 858639CVE-2014-0591cpe:/o:suse:suse_sled:11:sp3Security update for bind (Important)SUSE Linux Enterprise Desktop 11 SP3
bind was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567)
Exposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling.
ImportantSUSE bug 939567CVE-2015-5477cpe:/o:suse:suse_sled:11:sp3Security update for bind (Important)SUSE Linux Enterprise Desktop 11 SP3
The nameserver bind was updated to fix a remote denial of service (crash) attack against
bind nameservers doing validation on DNSSEC signed records. (CVE-2015-5722, bsc#944066).
ImportantSUSE bug 944066CVE-2015-5722cpe:/o:suse:suse_sled:11:sp3Security update for bind (Important)SUSE Linux Enterprise Desktop 11 SP3
This update fixes the following security issue:
- CVE-2015-8000: Fix remote denial of service by misparsing incoming responses (bsc#958861).
It also fixes a bug:
- Fix a regression in caching entries with a TTL of 0 (bsc#923281).
ImportantSUSE bug 923281SUSE bug 958861CVE-2015-8000cpe:/o:suse:suse_sled:11:sp3Security update for bind (Important)SUSE Linux Enterprise Desktop 11 SP3
This update for bind fixes the following issues:
- CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations (bsc#962189)
ImportantSUSE bug 962189CVE-2015-8704cpe:/o:suse:suse_sled:11:sp3Security update for binutilsSUSE Linux Enterprise Desktop 11 SP3
binutils has been updated to fix eight security issues:
* Lack of range checking leading to controlled write in
_bfd_elf_setup_sections() (CVE-2014-8485).
* Invalid read flaw in libbfd (CVE-2014-8484).
* Write to uninitialized memory in the PE parser (CVE-2014-8501).
* Crash in the PE parser (CVE-2014-8502).
* Segfault in the ihex parser when it encounters a malformed ihex file
(CVE-2014-8503).
* Stack buffer overflow in srec_scan (CVE-2014-8504).
* Out-of-bounds memory write while processing a crafted 'ar' archive
(CVE-2014-8738).
* Directory traversal vulnerability allowing random file
deletion/creation (CVE-2014-8737).
Security Issues:
* CVE-2014-8501
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8501>
* CVE-2014-8502
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8502>
* CVE-2014-8503
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8503>
* CVE-2014-8504
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8504>
* CVE-2014-8485
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8485>
* CVE-2014-8738
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8738>
* CVE-2014-8484
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8484>
* CVE-2014-8737
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8737>
SUSE bug 902676SUSE bug 902677SUSE bug 903655SUSE bug 905735SUSE bug 905736CVE-2014-8484CVE-2014-8485CVE-2014-8501CVE-2014-8502CVE-2014-8503CVE-2014-8504CVE-2014-8737CVE-2014-8738cpe:/o:suse:suse_sled:11:sp3Security update for cabextractSUSE Linux Enterprise Desktop 11 SP3
cabextract was updated to fix two security issues:
* CVE-2010-2800: A potential endless loop in decoding files.
* CVE-2010-2801: Memory corruption due to integer overflows in buffer
read handling.
Security Issues references:
* CVE-2010-2800
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2800>
* CVE-2010-2801
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2801>
SUSE bug 627753CVE-2010-2800CVE-2010-2801cpe:/o:suse:suse_sled:11:sp3Security update for cabextract (Moderate)SUSE Linux Enterprise Desktop 11 SP3
This security update fixes the following issues:
- Fix possible infinite loop caused DoS (bsc919283, CVE-2014-9556)
- Fix zero dereference (bsc#934524, CVE-2014-9732)
- Fix off by one (bsc#934527, CVE-2015-4470)
- Fix buffer under-read crash (bsc#934528, CVE-2015-4471)
ModerateSUSE bug 934524SUSE bug 934527SUSE bug 934528CVE-2014-9556CVE-2014-9732CVE-2015-4470CVE-2015-4471cpe:/o:suse:suse_sled:11:sp3Security update for compat-openssl097gSUSE Linux Enterprise Desktop 11 SP3
OpenSSL was updated to fix several security issues:
* CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by
rejecting connections with DH parameters shorter than 1024 bits.
2048-bit DH parameters are now generated by default.
* CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.
* CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent
was fixed.
* Fixed a timing side channel in RSA decryption. (bsc#929678)
Additional changes:
* In the default SSL cipher string EXPORT ciphers are now disabled.
This will only get active if applications get rebuilt and actually
use this string. (bsc#931698)
Security Issues:
* CVE-2015-1789
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789>
* CVE-2015-1790
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790>
* CVE-2015-4000
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000>
SUSE bug 929678SUSE bug 931698SUSE bug 934489SUSE bug 934491CVE-2015-1789CVE-2015-1790CVE-2015-4000cpe:/o:suse:suse_sled:11:sp3Security update for compat-openssl097g (Moderate)SUSE Linux Enterprise Desktop 11 SP3
This update for compat-openssl097g fixes the following issues:
Security issue fixed:
- CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure
OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS
routines so any application which reads PKCS#7 or CMS data from untrusted
sources is affected. SSL/TLS is not affected. (bsc#957812)
A non security issue fixed:
- Prevent segfault in s_client with invalid options (bsc#952099)
ModerateSUSE bug 952099SUSE bug 957812CVE-2015-3195cpe:/o:suse:suse_sled:11:sp3Security update for compat-wireless, compat-wireless-debuginfo, compat-wireless-debugsource, compat-wireless-kmp-default, compat-wireless-kmp-pae, compat-wireless-kmp-trace, compat-wireless-kmp-xenSUSE Linux Enterprise Desktop 11 SP3
This update for the compat-wireless kernel modules provides many fixes and
enhancements:
* Fix potential crash problem in ath9k. (CVE-2014-2672, bnc#871148)
* Fix improper updates of MAC addresses in ath9k_htc. (bnc#851426,
CVE-2013-4579)
* Fix stability issues in iwlwifi. (bnc#865475)
* Improve support for Intel 7625 cards in iwlwifi. (bnc#51021)
Installation notes:
New driver modules may conflict with old modules, which are automatically
loaded from the initrd file after reboot. To apply this maintenance update
correctly, the following steps need to be executed on a SLEPOS system:
* Rebuild image
* Create specific scDistributionContainer with newly built initrd and
kernel
* Put the updated system image in it as a scPosImage object
Alternatively, you can use a kernel parameter to enforce using the kernel
from the system image:
* Rebuild image
* Set the kernel parameter FORCE_KEXEC, by adding the scPxeFileTemplate
object under the relevant scPosImage object, with the
scKernelParameters attribute containing 'FORCE_KEXEC=yes'.
Security Issue references:
* CVE-2014-2672
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2672>
* CVE-2013-4579
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4579>
SUSE bug 851021SUSE bug 851426SUSE bug 865475SUSE bug 871148SUSE bug 883209CVE-2013-4579CVE-2014-2672cpe:/o:suse:suse_sled:11:sp3Security update for cpioSUSE Linux Enterprise Desktop 11 SP3
This cpio update fixes the following security issue:
* bnc#907456: heap-based buffer overflow flaw in list_file()
(CVE-2014-9112)
Security Issues:
* CVE-2014-9112
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9112>
SUSE bug 907456CVE-2014-9112cpe:/o:suse:suse_sled:11:sp3Security update for CUPSSUSE Linux Enterprise Desktop 11 SP3
This update fixes various issues in CUPS.
* CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031: Various
insufficient symbolic link checking could have lead to privilege
escalation from the lp user to root.
Security Issues:
* CVE-2014-3537
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3537>
* CVE-2014-5029
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5029>
* CVE-2014-5030
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5030>
* CVE-2014-5031
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5031>
SUSE bug 887240CVE-2014-3537CVE-2014-5029CVE-2014-5030CVE-2014-5031cpe:/o:suse:suse_sled:11:sp3Security update for curlSUSE Linux Enterprise Desktop 11 SP3
This curl update fixes the following security issues:
* bnc#868627: wrong re-use of connections (CVE-2014-0138).
* bnc#868629: IP address wildcard certificate validation
(CVE-2014-0139).
* bnc#870444: --insecure option inappropriately enforcing security
safeguard.
Security Issue references:
* CVE-2014-0138
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138>
* CVE-2014-0139
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0139>
SUSE bug 868627SUSE bug 868629SUSE bug 870444CVE-2014-0138CVE-2014-0139cpe:/o:suse:suse_sled:11:sp3Security update for curl (Moderate)SUSE Linux Enterprise Desktop 11 SP3
This update for curl fixes the following issues:
- CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983)
The following non-security bugs were fixed:
- bsc#926511: Check for errors on the control connection during FTP transfers
The following tracked bugs only affect the test suite:
- bsc#962996: Expired cookie in test 46 caused test failures
ModerateSUSE bug 926511SUSE bug 962983SUSE bug 962996CVE-2016-0755cpe:/o:suse:suse_sled:11:sp3Security update for curlSUSE Linux Enterprise Desktop 11 SP3
This update fixes the following security issues:
*
CVE-2014-8150: URL request injection (bnc#911363)
When libcurl sends a request to a server via a HTTP proxy, it copies
the entire URL into the request and sends if off.
If the given URL contains line feeds and carriage returns those will
be sent along to the proxy too, which allows the program to for
example send a separate HTTP request injected embedded in the URL.
*
CVE-2014-3707: duphandle read out of bounds (bnc#901924)
*
CVE-2014-3613: libcurl cookie leaks (bnc#894575)
Additional bug fixed:
* curl_multi_remove_handle: don't crash on multiple removes
(bnc#897816)
Security Issues:
* CVE-2014-8150
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8150>
* CVE-2014-3613
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3613>
* CVE-2014-3707
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3707>
SUSE bug 870444SUSE bug 884698SUSE bug 885302SUSE bug 894575SUSE bug 897816SUSE bug 901924SUSE bug 911363CVE-2014-3613CVE-2014-3707CVE-2014-8150cpe:/o:suse:suse_sled:11:sp3Security update for dbus-1SUSE Linux Enterprise Desktop 11 SP3
Various denial of service issues were fixed in the DBUS service.
* CVE-2014-3638: dbus-daemon tracks whether method call messages expect
a reply, so that unsolicited replies can be dropped. As currently
implemented, if there are n parallel method calls in progress, each
method reply takes O(n) CPU time. A malicious user could exploit this
by opening the maximum allowed number of parallel connections and
sending the maximum number of parallel method calls on each one,
causing subsequent method calls to be unreasonably slow, a denial of
service.
* CVE-2014-3639: dbus-daemon allows a small number of 'incomplete'
connections (64 by default) whose identity has not yet been
confirmed. When this limit has been reached, subsequent connections
are dropped. Alban's testing indicates that one malicious process
that makes repeated connection attempts, but never completes the
authentication handshake and instead waits for dbus-daemon to time
out and disconnect it, can cause the majority of legitimate
connection attempts to fail.
Security Issues:
* CVE-2014-3638
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638>
* CVE-2014-3638
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638>
SUSE bug 896453CVE-2014-3638cpe:/o:suse:suse_sled:11:sp3Security update for dhcp (Moderate)SUSE Linux Enterprise Desktop 11 SP3
This update for dhcp fixes the following issues:
- CVE-2015-8605: A remote attacker could have used badly formed packets with an invalid IPv4 UDP length field to cause a DHCP server, client, or relay program to terminate abnormally (bsc#961305)
The following bugs were fixed:
- bsc#936923: Improper lease duration checking
- bsc#880984: Integer overflows in the date and time handling code
- bsc#947780: DHCP server could abort with 'Unable to set up timer: out of range' on very long or infinite timer intervals / lease lifetimes
- bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly
- bsc#928390: dhclient dit not expose next-server DHCPv4 option to script
- bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly
ModerateSUSE bug 880984SUSE bug 919959SUSE bug 926159SUSE bug 928390SUSE bug 936923SUSE bug 947780SUSE bug 961305CVE-2015-8605cpe:/o:suse:suse_sled:11:sp3Security update for dhcpcd (Important)SUSE Linux Enterprise Desktop 11 SP3
dhcpcd was updated to fix three security issues.
These security issues were fixed:
- CVE-2012-6698: A potential out of bounds write was fixed, which could lead to memory corruption, triggerable by network local attackers.
- CVE-2012-6699: A loop error was fixed that could lead out of bound reads, triggerable by network local attackers.
- CVE-2012-6700: An incorrect free could lead to crashes, triggerable by network local attackers.
ImportantSUSE bug 955762CVE-2012-6698CVE-2012-6699CVE-2012-6700cpe:/o:suse:suse_sled:11:sp3Security update for e2fsprogsSUSE Linux Enterprise Desktop 11 SP3
Two security issues were fixed in e2fsprogs:
* CVE-2015-0247: Various heap overflows were fixed in e2fsprogs (fsck,
dumpe2fs, e2image).
* CVE-2015-1572: Fixed a potential buffer overflow in closefs().
(bsc#918346)
Additionally, badblocks was enhanced to work with very large partitions.
(bsc#932539)
Security Issues:
* CVE-2015-0247
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0247>
* CVE-2015-1572
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1572>
SUSE bug 915402SUSE bug 918346SUSE bug 932539CVE-2015-0247CVE-2015-1572cpe:/o:suse:suse_sled:11:sp3Security update for ecryptfs-utils (Moderate)SUSE Linux Enterprise Desktop 11 SP3
This update for ecryptfs-utils fixes the following issues:
- CVE-2016-1572: A local user could have escalated privileges by mounting over special filesystems (bsc#962052)
- CVE-2014-9687: A default salt value reduced complexity of offline precomputation attacks (bsc#920160)
ModerateSUSE bug 920160SUSE bug 962052CVE-2014-9687CVE-2016-1572cpe:/o:suse:suse_sled:11:sp3Security update for elfutilsSUSE Linux Enterprise Desktop 11 SP3
elfutils has been updated to fix one security issue:
* CVE-2014-9447: Directory traversal vulnerability in the
read_long_names function in libelf/elf_begin.c in elfutils 0.152 and
0.161 allowed remote attackers to write to arbitrary files to the
root directory via a / (slash) in a crafted archive, as demonstrated
using the ar program (bnc#911662).
Security Issues:
* CVE-2014-9447
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9447>
SUSE bug 911662CVE-2014-9447cpe:/o:suse:suse_sled:11:sp3Security update for emacsSUSE Linux Enterprise Desktop 11 SP3
Emacs has been updated to fix the following issues:
* Several cases of insecure usage of temporary files. (CVE-2014-3421,
CVE-2014-3422, CVE-2014-3423, CVE-2014-3424)
* Use of vc-annotate for renamed files when using Git. (bnc#854683)
Security Issues:
* CVE-2014-3421
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3421>
* CVE-2014-3422
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3422>
* CVE-2014-3423
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3423>
* CVE-2014-3424
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3424>
SUSE bug 854683SUSE bug 876847CVE-2014-3421CVE-2014-3422CVE-2014-3423CVE-2014-3424cpe:/o:suse:suse_sled:11:sp3Security update for evolution-data-serverSUSE Linux Enterprise Desktop 11 SP3
evolution-data-server has been updated to disable support for SSLv3.
This security issues has been fixed:
* SSLv3 POODLE attack (CVE-2014-3566)
Security Issues:
* CVE-2014-3566
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>
SUSE bug 901553CVE-2014-3566cpe:/o:suse:suse_sled:11:sp3Security update for fileSUSE Linux Enterprise Desktop 11 SP3
file was updated to fix one security issue.
* An out-of-bounds read flaw file's donote() function. This could
possibly lead to file executable crash (CVE-2014-3710).
Security Issues:
* CVE-2014-3710
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710>
SUSE bug 902367CVE-2014-3710cpe:/o:suse:suse_sled:11:sp3Security update for finchSUSE Linux Enterprise Desktop 11 SP3
The pidgin Instant Messenger has been updated to fix various security
issues:
* CVE-2014-0020: Remotely triggerable crash in IRC argument parsing
* CVE-2013-6490: Buffer overflow in SIMPLE header parsing
* CVE-2013-6489: Buffer overflow in MXit emoticon parsing
* CVE-2013-6487: Buffer overflow in Gadu-Gadu HTTP parsing
* CVE-2013-6486: Pidgin uses clickable links to untrusted executables
* CVE-2013-6485: Buffer overflow parsing chunked HTTP responses
* CVE-2013-6484: Crash reading response from STUN server
* CVE-2013-6483: XMPP doesn't verify 'from' on some iq replies
* CVE-2013-6482: NULL pointer dereference parsing SOAP data in MSN
* CVE-2013-6482: NULL pointer dereference parsing OIM data in MSN
* CVE-2013-6482: NULL pointer dereference parsing headers in MSN
* CVE-2013-6481: Remote crash reading Yahoo! P2P message
* CVE-2013-6479: Remote crash parsing HTTP responses
* CVE-2013-6478: Crash when hovering pointer over a long URL
* CVE-2013-6477: Crash handling bad XMPP timestamp
* CVE-2012-6152: Yahoo! remote crash from incorrect character encoding
Security Issue references:
* CVE-2014-0020
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0020>
* CVE-2013-6490
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6490>
* CVE-2013-6489
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6489>
* CVE-2013-6487
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487>
* CVE-2013-6486
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6486>
* CVE-2013-6485
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6485>
* CVE-2013-6484
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6484>
* CVE-2013-6483
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6483>
* CVE-2013-6482
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6482>
* CVE-2013-6481
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6481>
* CVE-2013-6479
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6479>
* CVE-2013-6478
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6478>
* CVE-2013-6477
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6477>
* CVE-2012-6152
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6152>
SUSE bug 861019CVE-2012-6152CVE-2013-6477CVE-2013-6478CVE-2013-6479CVE-2013-6481CVE-2013-6482CVE-2013-6483CVE-2013-6484CVE-2013-6485CVE-2013-6486CVE-2013-6487CVE-2013-6489CVE-2013-6490CVE-2014-0020cpe:/o:suse:suse_sled:11:sp3Security update for Mozilla FirefoxSUSE Linux Enterprise Desktop 11 SP3
Mozilla Firefox has been updated to the 17.0.7 ESR version, which fixes
bugs and security fixes.
*
MFSA 2013-49: Mozilla developers identified and fixed several memory
safety bugs in the browser engine used in Firefox and other
Mozilla-based products. Some of these bugs showed evidence of memory
corruption under certain circumstances, and we presume that with
enough effort at least some of these could be exploited to run
arbitrary code.
Gary Kwong, Jesse Ruderman, and Andrew McCreight reported memory
safety problems and crashes that affect Firefox ESR 17, and Firefox
21. (CVE-2013-1682)
*
MFSA 2013-50: Security researcher Abhishek Arya (Inferno) of the
Google Chrome Security Team used the Address Sanitizer tool to
discover a series of use-after-free problems rated critical as
security issues in shipped software. Some of these issues are
potentially exploitable, allowing for remote code execution. We would
also like to thank Abhishek for reporting additional use-after-free
and buffer overflow flaws in code introduced during Firefox
development. These were fixed before general release.
o Heap-use-after-free in
mozilla::dom::HTMLMediaElement::LookupMediaElementURITable
(CVE-2013-1684)
o Heap-use-after-free in nsIDocument::GetRootElement
(CVE-2013-1685)
o Heap-use-after-free in mozilla::ResetDir (CVE-2013-1686)
*
MFSA 2013-51 / CVE-2013-1687: Security researcher Mariusz Mlynski
reported that it is possible to compile a user-defined function in
the XBL scope of a specific element and then trigger an event within
this scope to run code. In some circumstances, when this code is run,
it can access content protected by System Only Wrappers (SOW) and
chrome-privileged pages. This could potentially lead to arbitrary
code execution. Additionally, Chrome Object Wrappers (COW) can be
bypassed by web content to access privileged methods, leading to a
cross-site scripting (XSS) attack from privileged pages.
*
MFSA 2013-53 / CVE-2013-1690: Security researcher Nils reported that
specially crafted web content using the onreadystatechange event and
reloading of pages could sometimes cause a crash when unmapped memory
is executed. This crash is potentially exploitable.
*
MFSA 2013-54 / CVE-2013-1692: Security researcher Johnathan Kuskos
reported that Firefox is sending data in the body of XMLHttpRequest
(XHR) HEAD requests, which goes agains the XHR specification. This
can potentially be used for Cross-Site Request Forgery (CSRF) attacks
against sites which do not distinguish between HEAD and POST
requests.
*
MFSA 2013-55 / CVE-2013-1693: Security researcher Paul Stone of
Context Information Security discovered that timing differences in
the processing of SVG format images with filters could allow for
pixel values to be read. This could potentially allow for text values
to be read across domains, leading to information disclosure.
*
MFSA 2013-59 / CVE-2013-1697: Mozilla security researcher
moz_bug_r_a4 reported that XrayWrappers can be bypassed to call
content-defined toString and valueOf methods through DefaultValue.
This can lead to unexpected behavior when privileged code acts on the
incorrect values.
*
MFSA 2013-30: Mozilla developers identified and fixed several memory
safety bugs in the browser engine used in Firefox and other
Mozilla-based products. Some of these bugs showed evidence of memory
corruption under certain circumstances, and we presume that with
enough effort at least some of these could be exploited to run
arbitrary code.
Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan
Sreckovic, and Joe Drew reported memory safety problems and crashes
that affect Firefox ESR 17, and Firefox 19. (CVE-2013-0788)
*
MFSA 2013-31 / CVE-2013-0800: Security researcher Abhishek Arya
(Inferno) of the Google Chrome Security Team used the Address
Sanitizer tool to discover an out-of-bounds write in Cairo graphics
library. When certain values are passed to it during rendering, Cairo
attempts to use negative boundaries or sizes for boxes, leading to a
potentially exploitable crash in some instances.
*
MFSA 2013-32 / CVE-2013-0799: Security researcher Frederic Hoguin
discovered that the Mozilla Maintenance Service on Windows was
vulnerable to a buffer overflow. This system is used to update
software without invoking the User Account Control (UAC) prompt. The
Mozilla Maintenance Service is configured to allow unprivileged users
to start it with arbitrary arguments. By manipulating the data passed
in these arguments, an attacker can execute arbitrary code with the
system privileges used by the service. This issue requires local file
system access to be exploitable.
*
MFSA 2013-34 / CVE-2013-0797: Security researcher Ash reported an
issue with the Mozilla Updater. The Mozilla Updater can be made to
load a malicious local DLL file in a privileged context through
either the Mozilla Maintenance Service or independently on systems
that do not use the service. This occurs when the DLL file is placed
in a specific location on the local system before the Mozilla Updater
is run. Local file system access is necessary in order for this issue
to be exploitable.
*
MFSA 2013-35 / CVE-2013-0796: Security researcher miaubiz used the
Address Sanitizer tool to discover a crash in WebGL rendering when
memory is freed that has not previously been allocated. This issue
only affects Linux users who have Intel Mesa graphics drivers. The
resulting crash could be potentially exploitable.
*
MFSA 2013-36 / CVE-2013-0795: Security researcher Cody Crews reported
a mechanism to use the cloneNode method to bypass System Only
Wrappers (SOW) and clone a protected node. This allows violation of
the browser's same origin policy and could also lead to privilege
escalation and the execution of arbitrary code.
*
MFSA 2013-37 / CVE-2013-0794: Security researcher shutdown reported a
method for removing the origin indication on tab-modal dialog boxes
in combination with browser navigation. This could allow an
attacker's dialog to overlay a page and show another site's content.
This can be used for phishing by allowing users to enter data into a
modal prompt dialog on an attacking, site while appearing to be from
the displayed site.
*
MFSA 2013-38 / CVE-2013-0793: Security researcher Mariusz Mlynski
reported a method to use browser navigations through history to load
an arbitrary website with that page's baseURI property pointing to
another site instead of the seemingly loaded one. The user will
continue to see the incorrect site in the addressbar of the browser.
This allows for a cross-site scripting (XSS) attack or the theft of
data through a phishing attack.
*
MFSA 2013-39 / CVE-2013-0792: Mozilla community member Tobias Schula
reported that if gfx.color_management.enablev4 preference is enabled
manually in about:config, some grayscale PNG images will be rendered
incorrectly and cause memory corruption during PNG decoding when
certain color profiles are in use. A crafted PNG image could use this
flaw to leak data through rendered images drawing from random memory.
By default, this preference is not enabled.
*
MFSA 2013-40 / CVE-2013-0791: Mozilla community member Ambroz Bizjak
reported an out-of-bounds array read in the CERT_DecodeCertPackage
function of the Network Security Services (NSS) libary when decoding
a certificate. When this occurs, it will lead to memory corruption
and a non-exploitable crash.
*
MFSA 2013-41: Mozilla developers identified and fixed several memory
safety bugs in the browser engine used in Firefox and other
Mozilla-based products. Some of these bugs showed evidence of memory
corruption under certain circumstances, and we presume that with
enough effort at least some of these could be exploited to run
arbitrary code.
References
o Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy
Nikkel, and Jeff Walden reported memory safety problems and
crashes that affect Firefox ESR 17, and Firefox 20.
o Bob Clary, Ben Turner, Benoit Jacob, Bobby Holley, Christoph
Diehl, Christian Holler, Andrew McCreight, Gary Kwong, Jason
Orendorff, Jesse Ruderman, Matt Wobensmith, and Mats Palmgren
reported memory safety problems and crashes that affect Firefox
20.
*
MFSA 2013-42 / CVE-2013-1670: Security researcher Cody Crews reported
a method to call a content level constructor that allows for this
constructor to have chrome privileged accesss. This affects chrome
object wrappers (COW) and allows for write actions on objects when
only read actions should be allowed. This can lead to cross-site
scripting (XSS) attacks.
*
MFSA 2013-43 / CVE-2013-1671: Mozilla security researcher
moz_bug_r_a4 reported a mechanism to exploit the control when set to
the file type in order to get the full path. This can lead to
information leakage and could be combined with other exploits to
target attacks on the local file system.
*
MFSA 2013-44 / CVE-2013-1672: Security researcher Seb Patane reported
an issue with the Mozilla Maintenance Service on Windows. This issue
allows unprivileged users to local privilege escalation through the
system privileges used by the service when interacting with local
malicious software. This allows the user to bypass integrity checks
leading to local privilege escalation. Local file system access is
necessary in order for this issue to be exploitable and it cannot be
triggered through web content.
*
MFSA 2013-45: Security researcher Robert Kugler discovered that in
some instances the Mozilla Maintenance Service on Windows will be
vulnerable to some previously fixed privilege escalation attacks that
allowed for local privilege escalation. This was caused by the
Mozilla Updater not updating Windows Registry entries for the Mozilla
Maintenance Service, which fixed the earlier issues present if
Firefox 12 had been installed. New installations of Firefox after
version 12 are not affected by this issue. Local file system access
is necessary in order for this issue to be exploitable and it cannot
be triggered through web content. References: - old
MozillaMaintenance Service registry entry not updated leading to
Trusted Path Privilege Escalation (CVE-2013-1673) - Possible
Arbitrary Code Execution by Update Service (CVE-2012-1942)
*
MFSA 2013-46 / CVE-2013-1674: Security researcher Nils reported a
use-after-free when resizing video while playing. This could allow
for arbitrary code execution.
*
MFSA 2013-47 / CVE-2013-1675: Mozilla community member Ms2ger
discovered that some DOMSVGZoomEvent functions are used without being
properly initialized, causing uninitialized memory to be used when
they are called by web content. This could lead to a information
leakage to sites depending on the contents of this uninitialized
memory.
*
MFSA 2013-48: Security researcher Abhishek Arya (Inferno) of the
Google Chrome Security Team used the Address Sanitizer tool to
discover a series of use-after-free, out of bounds read, and invalid
write problems rated as moderate to critical as security issues in
shipped software. Some of these issues are potentially exploitable,
allowing for remote code execution. We would also like to thank
Abhishek for reporting additional use-after-free flaws in dir=auto
code introduced during Firefox development. These were fixed before
general release.
References
o Out of Bounds Read in SelectionIterator::GetNextSegment
(CVE-2013-1676)
o Out-of-bound read in gfxSkipCharsIterator::SetOffsets
(CVE-2013-1677))
o Invalid write in _cairo_xlib_surface_add_glyph (CVE-2013-1678)
o Heap-use-after-free in mozilla::plugins::child::_geturlnotify
(CVE-2013-1679)
o Heap-use-after-free in nsFrameList::FirstChild (CVE-2013-1680)
o Heap-use-after-free in nsContentUtils::RemoveScriptBlocker
(CVE-2013-1681)
*
CVE-2012-1942
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1942>
* CVE-2013-0788
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788>
* CVE-2013-0791
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791>
* CVE-2013-0792
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0792>
* CVE-2013-0793
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793>
* CVE-2013-0794
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0794>
* CVE-2013-0795
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795>
* CVE-2013-0796
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796>
* CVE-2013-0797
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0797>
* CVE-2013-0798
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0798>
* CVE-2013-0799
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0799>
* CVE-2013-0800
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800>
* CVE-2013-0801
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0801>
* CVE-2013-1669
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1669>
* CVE-2013-1670
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1670>
* CVE-2013-1671
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1671>
* CVE-2013-1672
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1672>
* CVE-2013-1673
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1673>
* CVE-2013-1674
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1674>
* CVE-2013-1675
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1675>
* CVE-2013-1676
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1676>
* CVE-2013-1677
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1677>
* CVE-2013-1678
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1678>
* CVE-2013-1679
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1679>
* CVE-2013-1680
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1680>
* CVE-2013-1681
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1681>
* CVE-2013-1682
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1682>
* CVE-2013-1684
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1684>
* CVE-2013-1685
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1685>
* CVE-2013-1686
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1686>
* CVE-2013-1687
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1687>
* CVE-2013-1690
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690>
* CVE-2013-1692
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1692>
* CVE-2013-1693
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1693>
* CVE-2013-1697
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1697>
SUSE bug 792432SUSE bug 813026SUSE bug 819204SUSE bug 825935CVE-2013-1682CVE-2013-1684CVE-2013-1685CVE-2013-1686CVE-2013-1687CVE-2013-1690CVE-2013-1692CVE-2013-1693CVE-2013-1697cpe:/o:suse:suse_sled:11:sp3Security update for Mozilla FirefoxSUSE Linux Enterprise Desktop 11 SP3
Mozilla Firefox has been updated to the 17.0.10ESR release, which fixes
various bugs and security issues:
*
MFSA 2013-93: Mozilla developers identified and fixed several memory
safety bugs in the browser engine used in Firefox and other
Mozilla-based products. Some of these bugs showed evidence of memory
corruption under certain circumstances, and we presume that with
enough effort at least some of these could be exploited to run
arbitrary code.
Jesse Ruderman and Christoph Diehl reported memory safety problems
and crashes that affect Firefox ESR 17, Firefox ESR 24, and Firefox
24. (CVE-2013-5590)
Carsten Book reported a crash fixed in the NSS library used by
Mozilla-based products fixed in Firefox 25, Firefox ESR 24.1, and
Firefox ESR 17.0.10.(CVE-2013-1739)
*
MFSA 2013-95 / CVE-2013-5604: Security researcher Abhishek Arya
(Inferno) of the Google Chrome Security Team used the Address
Sanitizer tool to discover an access violation due to uninitialized
data during Extensible Stylesheet Language Transformation (XSLT)
processing. This leads to a potentially exploitable crash.
*
MFSA 2013-96 / CVE-2013-5595: Compiler Engineer Dan Gohman of Google
discovered a flaw in the JavaScript engine where memory was being
incorrectly allocated for some functions and the calls for
allocations were not always properly checked for overflow, leading to
potential buffer overflows. When combined with other vulnerabilities,
these flaws could be potentially exploitable.
*
MFSA 2013-98 / CVE-2013-5597: Security researcher Byoungyoung Lee of
Georgia Tech Information Security Center (GTISC) used the Address
Sanitizer tool to discover a use-after-free during state change
events while updating the offline cache. This leads to a potentially
exploitable crash.
*
MFSA 2013-100: Security researcher Nils used the Address Sanitizer
tool while fuzzing to discover missing strong references in browsing
engine leading to use-after-frees. This can lead to a potentially
exploitable crash.
o ASAN heap-use-after-free in nsIPresShell::GetPresContext() with
canvas, onresize and mozTextStyle (CVE-2013-5599)
o ASAN use-after-free in
nsIOService::NewChannelFromURIWithProxyFlags with Blob URL
(CVE-2013-5600)
o ASAN use-after free in GC allocation in
nsEventListenerManager::SetEventHandler (CVE-2013-5601)
*
MFSA 2013-101 / CVE-2013-5602: Security researcher Nils used the
Address Sanitizer tool while fuzzing to discover a memory corruption
issue with the JavaScript engine when using workers with direct
proxies. This results in a potentially exploitable crash.
Security Issue reference:
* CVE-2013-1739
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739>
SUSE bug 847708CVE-2013-1739cpe:/o:suse:suse_sled:11:sp3Security update for MozillaFirefoxSUSE Linux Enterprise Desktop 11 SP3
This updates the Mozilla Firefox browser to the 24.3.0ESR security release.
The Mozilla NSS libraries are now on version 3.15.4.
The following security issues have been fixed:
*
MFSA 2014-01: Memory safety bugs fixed in Firefox ESR 24.3 and
Firefox 27.0 (CVE-2014-1477)(bnc#862345)
*
MFSA 2014-02: Using XBL scopes its possible to steal(clone) native
anonymous content (CVE-2014-1479)(bnc#862348)
*
MFSA 2014-03: Download 'open file' dialog delay is too quick, doesn't
prevent clickjacking (CVE-2014-1480)
*
MFSA 2014-04: Image decoding causing FireFox to crash with Goo Create
(CVE-2014-1482)(bnc#862356)
*
MFSA 2014-05: caretPositionFromPoint and elementFromPoint leak
information about iframe contents via timing information
(CVE-2014-1483)(bnc#862360)
*
MFSA 2014-06: Fennec leaks profile path to logcat (CVE-2014-1484)
*
MFSA 2014-07: CSP should block XSLT as script, not as style
(CVE-2014-1485)
*
MFSA 2014-08: imgRequestProxy Use-After-Free Remote Code Execution
Vulnerability (CVE-2014-1486)
*
MFSA 2014-09: Cross-origin information disclosure with error message
of Web Workers (CVE-2014-1487)
*
MFSA 2014-10: settings & history ID bug (CVE-2014-1489)
*
MFSA 2014-11: Firefox reproducibly crashes when using asm.js code in
workers and transferable objects (CVE-2014-1488)
*
MFSA 2014-12: TOCTOU, potential use-after-free in libssl's session
ticket processing (CVE-2014-1490)(bnc#862300) Do not allow p-1 as a
public DH value (CVE-2014-1491)(bnc#862289)
*
MFSA 2014-13: Inconsistent this value when invoking getters on window
(CVE-2014-1481)(bnc#862309)
Security Issue references:
* CVE-2014-1477
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1477>
* CVE-2014-1479
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1479>
* CVE-2014-1480
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1480>
* CVE-2014-1481
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1481>
* CVE-2014-1482
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1482>
* CVE-2014-1483
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1483>
* CVE-2014-1484
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1484>
* CVE-2014-1485
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1485>
* CVE-2014-1486
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1486>
* CVE-2014-1487
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1487>
* CVE-2014-1488
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1488>
* CVE-2014-1489
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1489>
* CVE-2014-1490
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1490>
* CVE-2014-1491
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1491>
SUSE bug 859055SUSE bug 861847CVE-2014-1477CVE-2014-1479CVE-2014-1480CVE-2014-1481CVE-2014-1482CVE-2014-1483CVE-2014-1484CVE-2014-1485CVE-2014-1486CVE-2014-1487CVE-2014-1488CVE-2014-1489CVE-2014-1490CVE-2014-1491cpe:/o:suse:suse_sled:11:sp3Security update for MozillaFirefoxSUSE Linux Enterprise Desktop 11 SP3
Mozilla Firefox was updated to 24.4.0ESR release, fixing various security
issues and bugs:
*
MFSA 2014-15: Mozilla developers and community identified identified
and fixed several memory safety bugs in the browser engine used in
Firefox and other Mozilla-based products. Some of these bugs showed
evidence of memory corruption under certain circumstances, and we
presume that with enough effort at least some of these could be
exploited to run arbitrary code.
*
Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman,
Dan Gohman, and Christoph Diehl reported memory safety problems and
crashes that affect Firefox ESR 24.3 and Firefox 27. (CVE-2014-1493)
*
Gregor Wagner, Olli Pettay, Gary Kwong, Jesse Ruderman, Luke Wagner,
Rob Fletcher, and Makoto Kato reported memory safety problems and
crashes that affect Firefox 27. (CVE-2014-1494)
*
MFSA 2014-16 / CVE-2014-1496: Security researcher Ash reported an
issue where the extracted files for updates to existing files are not
read only during the update process. This allows for the potential
replacement or modification of these files during the update process
if a malicious application is present on the local system.
*
MFSA 2014-17 / CVE-2014-1497: Security researcher Atte Kettunen from
OUSPG reported an out of bounds read during the decoding of WAV
format audio files for playback. This could allow web content access
to heap data as well as causing a crash.
*
MFSA 2014-18 / CVE-2014-1498: Mozilla developer David Keeler reported
that the crypto.generateCRFMRequest method did not correctly validate
the key type of the KeyParams argument when generating ec-dual-use
requests. This could lead to a crash and a denial of service (DOS)
attack.
*
MFSA 2014-19 / CVE-2014-1499: Mozilla developer Ehsan Akhgari
reported a spoofing attack where the permission prompt for a WebRTC
session can appear to be from a different site than its actual
originating site if a timed navigation occurs during the prompt
generation. This allows an attacker to potentially gain access to the
webcam or microphone by masquerading as another site and gaining user
permission through spoofing.
*
MFSA 2014-20 / CVE-2014-1500: Security researchers Tim Philipp
Schaefers and Sebastian Neef, the team of Internetwache.org, reported
a mechanism using JavaScript onbeforeunload events with page
navigation to prevent users from closing a malicious page's tab and
causing the browser to become unresponsive. This allows for a denial
of service (DOS) attack due to resource consumption and blocks the
ability of users to exit the application.
*
MFSA 2014-21 / CVE-2014-1501: Security researcher Alex Infuehr
reported that on Firefox for Android it is possible to open links to
local files from web content by selecting 'Open Link in New Tab' from
the context menu using the file: protocol. The web content would have
to know the precise location of a malicious local file in order to
exploit this issue. This issue does not affect Firefox on non-Android
systems.
*
MFSA 2014-22 / CVE-2014-1502: Mozilla developer Jeff Gilbert
discovered a mechanism where a malicious site with WebGL content
could inject content from its context to that of another site's WebGL
context, causing the second site to replace textures and similar
content. This cannot be used to steal data but could be used to
render arbitrary content in these limited circumstances.
*
MFSA 2014-23 / CVE-2014-1504: Security researcher Nicolas Golubovic
reported that the Content Security Policy (CSP) of data: documents
was not saved as part of session restore. If an attacker convinced a
victim to open a document from a data: URL injected onto a page, this
can lead to a Cross-Site Scripting (XSS) attack. The target page may
have a strict CSP that protects against this XSS attack, but if the
attacker induces a browser crash with another bug, an XSS attack
would occur during session restoration, bypassing the CSP on the
site.
*
MFSA 2014-26 / CVE-2014-1508: Security researcher Tyson Smith and
Jesse Schwartzentruber of the BlackBerry Security Automated Analysis
Team used the Address Sanitizer tool while fuzzing to discover an
out-of-bounds read during polygon rendering in MathML. This can allow
web content to potentially read protected memory addresses. In
combination with previous techniques used for SVG timing attacks,
this could allow for text values to be read across domains, leading
to information disclosure.
*
MFSA 2014-27 / CVE-2014-1509: Security researcher John Thomson
discovered a memory corruption in the Cairo graphics library during
font rendering of a PDF file for display. This memory corruption
leads to a potentially exploitable crash and to a denial of service
(DOS). This issues is not able to be triggered in a default
configuration and would require a malicious extension to be
installed.
*
MFSA 2014-28 / CVE-2014-1505: Mozilla developer Robert O'Callahan
reported a mechanism for timing attacks involving SVG filters and
displacements input to feDisplacementMap. This allows displacements
to potentially be correlated with values derived from content. This
is similar to the previously reported techniques used for SVG timing
attacks and could allow for text values to be read across domains,
leading to information disclosure.
*
MFSA 2014-29 / CVE-2014-1510 / CVE-2014-1511: Security researcher
Mariusz Mlynski, via TippingPoint's Pwn2Own contest, reported that it
is possible for untrusted web content to load a chrome-privileged
page by getting JavaScript-implemented WebIDL to call window.open().
A second bug allowed the bypassing of the popup-blocker without user
interaction. Combined these two bugs allow an attacker to load a
JavaScript URL that is executed with the full privileges of the
browser, which allows arbitrary code execution.
*
MFSA 2014-30 / CVE-2014-1512: Security research firm VUPEN, via
TippingPoint's Pwn2Own contest, reported that memory pressure during
Garbage Collection could lead to memory corruption of TypeObjects in
the JS engine, resulting in an exploitable use-after-free condition.
*
MFSA 2014-31 / CVE-2014-1513: Security researcher Jueri Aedla, via
TippingPoint's Pwn2Own contest, reported that TypedArrayObject does
not handle the case where ArrayBuffer objects are neutered, setting
their length to zero while still in use. This leads to out-of-bounds
reads and writes into the JavaScript heap, allowing for arbitrary
code execution.
*
MFSA 2014-32 / CVE-2014-1514: Security researcher George Hotz, via
TippingPoint's Pwn2Own contest, discovered an issue where values are
copied from an array into a second, neutered array. This allows for
an out-of-bounds write into memory, causing an exploitable crash
leading to arbitrary code execution.
SUSE bug 868603CVE-2014-1493CVE-2014-1494CVE-2014-1496CVE-2014-1497CVE-2014-1498CVE-2014-1499CVE-2014-1500CVE-2014-1501CVE-2014-1502CVE-2014-1504CVE-2014-1505CVE-2014-1508CVE-2014-1509CVE-2014-1510CVE-2014-1511CVE-2014-1512CVE-2014-1513CVE-2014-1514cpe:/o:suse:suse_sled:11:sp3Security update for Mozilla FirefoxSUSE Linux Enterprise Desktop 11 SP3
Mozilla Firefox has been updated to the 24.7ESR security release.
Security issues fixed in this release:
* CVE-2014-1544 -
https://www.mozilla.org/security/announce/2014/mfsa2014-63.html
<https://www.mozilla.org/security/announce/2014/mfsa2014-63.html>
* CVE-2014-1548 -
https://www.mozilla.org/security/announce/2014/mfsa2014-56.html
<https://www.mozilla.org/security/announce/2014/mfsa2014-56.html>
* CVE-2014-1549 -
https://www.mozilla.org/security/announce/2014/mfsa2014-57.html
<https://www.mozilla.org/security/announce/2014/mfsa2014-57.html>
* CVE-2014-1550 -
https://www.mozilla.org/security/announce/2014/mfsa2014-58.html
<https://www.mozilla.org/security/announce/2014/mfsa2014-58.html>
* CVE-2014-1551 -
https://www.mozilla.org/security/announce/2014/mfsa2014-59.html
<https://www.mozilla.org/security/announce/2014/mfsa2014-59.html>
* CVE-2014-1552 -
https://www.mozilla.org/security/announce/2014/mfsa2014-66.html
<https://www.mozilla.org/security/announce/2014/mfsa2014-66.html>
* CVE-2014-1555 -
https://www.mozilla.org/security/announce/2014/mfsa2014-61.html
<https://www.mozilla.org/security/announce/2014/mfsa2014-61.html>
* CVE-2014-1556 -
https://www.mozilla.org/security/announce/2014/mfsa2014-62.html
<https://www.mozilla.org/security/announce/2014/mfsa2014-62.html>
* CVE-2014-1557 -
https://www.mozilla.org/security/announce/2014/mfsa2014-64.html
<https://www.mozilla.org/security/announce/2014/mfsa2014-64.html>
* CVE-2014-1558,CVE-2014-1559,CVE-2014-1560 -
https://www.mozilla.org/security/announce/2014/mfsa2014-65.html
<https://www.mozilla.org/security/announce/2014/mfsa2014-65.html>
* CVE-2014-1561 -
https://www.mozilla.org/security/announce/2014/mfsa2014-60.html
<https://www.mozilla.org/security/announce/2014/mfsa2014-60.html>
Security Issues:
* CVE-2014-1557
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1557>
* CVE-2014-1547
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1547>
* CVE-2014-1548
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1548>
* CVE-2014-1556
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1556>
* CVE-2014-1544
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544>
* CVE-2014-1555
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1555>
SUSE bug 887746CVE-2014-1544CVE-2014-1547CVE-2014-1548CVE-2014-1555CVE-2014-1556CVE-2014-1557cpe:/o:suse:suse_sled:11:sp3Security update for MozillaFirefoxSUSE Linux Enterprise Desktop 11 SP3
Mozilla Firefox was updated to the 24.8.0ESR release, fixing security
issues and bugs.
Only some of the published security advisories affect the Mozilla Firefox
24ESR codestream:
* MFSA 2014-72 / CVE-2014-1567: Security researcher regenrecht
reported, via TippingPoint's Zero Day Initiative, a use-after-free
during text layout when interacting with the setting of text
direction. This results in a use-after-free which can lead to
arbitrary code execution.
* MFSA 2014-67: Mozilla developers and community identified and fixed
several memory safety bugs in the browser engine used in Firefox and
other Mozilla-based products. Some of these bugs showed evidence of
memory corruption under certain circumstances, and we presume that
with enough effort at least some of these could be exploited to run
arbitrary code.
* Jan de Mooij reported a memory safety problem that affects Firefox
ESR 24.7, ESR 31 and Firefox 31. (CVE-2014-1562)
More information is referenced on:
https://www.mozilla.org/security/announce/
<https://www.mozilla.org/security/announce/> .
Security Issues:
* CVE-2014-1562
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1562>
* CVE-2014-1567
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1567>
SUSE bug 894370CVE-2014-1562CVE-2014-1567cpe:/o:suse:suse_sled:11:sp3Security update for Mozilla FirefoxSUSE Linux Enterprise Desktop 11 SP3
Mozilla Firefox has been updated to the 31.3ESR release fixing bugs and
security issues.
*
MFSA 2014-83 / CVE-2014-1588 / CVE-2014-1587: Mozilla developers and
community identified and fixed several memory safety bugs in the
browser engine used in Firefox and other Mozilla-based products. Some
of these bugs showed evidence of memory corruption under certain
circumstances, and we presume that with enough effort at least some
of these could be exploited to run arbitrary code.
*
MFSA 2014-85 / CVE-2014-1590: Security researcher Joe Vennix from
Rapid7 reported that passing a JavaScript object to XMLHttpRequest
that mimics an input stream will a crash. This crash is not
exploitable and can only be used for denial of service attacks.
*
MFSA 2014-87 / CVE-2014-1592: Security researcher Berend-Jan Wever
reported a use-after-free created by triggering the creation of a
second root element while parsing HTML written to a document created
with document.open(). This leads to a potentially exploitable crash.
*
MFSA 2014-88 / CVE-2014-1593: Security researcher Abhishek Arya
(Inferno) of the Google Chrome Security Team used the Address
Sanitizer tool to discover a buffer overflow during the parsing of
media content. This leads to a potentially exploitable crash.
*
MFSA 2014-89 / CVE-2014-1594: Security researchers Byoungyoung Lee,
Chengyu Song, and Taesoo Kim at the Georgia Tech Information Security
Center (GTISC) reported a bad casting from the BasicThebesLayer to
BasicContainerLayer, resulting in undefined behavior. This behavior
is potentially exploitable with some compilers but no clear mechanism
to trigger it through web content was identified.
*
MFSA 2014-90 / CVE-2014-1595: Security researcher Kent Howard
reported an Apple issue present in OS X 10.10 (Yosemite) where log
files are created by the CoreGraphics framework of OS X in the /tmp
local directory. These log files contain a record of all inputs into
Mozilla programs during their operation. In versions of OS X from
versions 10.6 through 10.9, the CoreGraphics had this logging ability
but it was turned off by default. In OS X 10.10, this logging was
turned on by default for some applications that use a custom memory
allocator, such as jemalloc, because of an initialization bug in the
framework. This issue has been addressed in Mozilla products by
explicitly turning off the framework's logging of input events. On
vulnerable systems, this issue can result in private data such as
usernames, passwords, and other inputed data being saved to a log
file on the local system.
Security Issues:
* CVE-2014-1587
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1587>
* CVE-2014-1588
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1588>
* CVE-2014-1589
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1589>
* CVE-2014-1590
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1590>
* CVE-2014-1591
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1591>
* CVE-2014-1592
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1592>
* CVE-2014-1593
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1593>
* CVE-2014-1594
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1594>
* CVE-2014-1595
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1595>
SUSE bug 908009CVE-2014-1587CVE-2014-1588CVE-2014-1589CVE-2014-1590CVE-2014-1591CVE-2014-1592CVE-2014-1593CVE-2014-1594CVE-2014-1595cpe:/o:suse:suse_sled:11:sp3Security update for Mozilla FirefoxSUSE Linux Enterprise Desktop 11 SP3
Mozilla Firefox has been updated to the 31.4.0ESR release, fixing bugs and
security issues.
Mozilla NSS has been updated to 3.17.3, fixing a security issue and
updating the root certificate list.
For more information, please see
https://www.mozilla.org/en-US/security/advisories/
<https://www.mozilla.org/en-US/security/advisories/>
Security Issues:
* CVE-2014-1569
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1569>
* CVE-2014-8634
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8634>
* CVE-2014-8639
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8639>
* CVE-2014-8641
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8641>
* CVE-2014-8638
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8638>
* CVE-2014-8636
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8636>
* CVE-2014-8637
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8637>
* CVE-2014-8640
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8640>
SUSE bug 910647SUSE bug 910669SUSE bug 913064SUSE bug 913066SUSE bug 913067SUSE bug 913068SUSE bug 913102SUSE bug 913103SUSE bug 913104CVE-2014-1569CVE-2014-8634CVE-2014-8636CVE-2014-8637CVE-2014-8638CVE-2014-8639CVE-2014-8640CVE-2014-8641cpe:/o:suse:suse_sled:11:sp3Security update for Mozilla FirefoxSUSE Linux Enterprise Desktop 11 SP3
MozillaFirefox was updated to the 31.5.3ESR release to fix two security
vulnerabilities:
*
MFSA 2015-29 / CVE-2015-0817: Security researcher ilxu1a reported,
through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's
implementation of typed array bounds checking in JavaScript
just-in-time compilation (JIT) and its management of bounds checking
for heap access. This flaw can be leveraged into the reading and
writing of memory allowing for arbitary code execution on the local
system.
*
MFSA 2015-28 / CVE-2015-0818: Security researcher Mariusz Mlynski
reported, through HP Zero Day Initiative's Pwn2Own contest, a method
to run arbitrary scripts in a privileged context. This bypassed the
same-origin policy protections by using a flaw in the processing of
SVG format content navigation.
Security Issues:
* CVE-2015-0817
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817>
* CVE-2015-0818
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818>
SUSE bug 923534CVE-2015-0817CVE-2015-0818cpe:/o:suse:suse_sled:11:sp3Security update for MozillaFirefoxSUSE Linux Enterprise Desktop 11 SP3
This update to Firefox 31.7.0 ESR fixes the following issues:
*
MFSA 2015-46 (CVE-2015-2708, CVE-2015-2709): Miscellaneous memory
safety hazards (rv:38.0 / rv:31.7). Upstream references: bmo#1120655,
bmo#1143299, bmo#1151139, bmo#1152177, bmo#1111251, bmo#1117977,
bmo#1128064, bmo#1135066, bmo#1143194, bmo#1146101, bmo#1149526,
bmo#1153688, bmo#1155474.
*
MFSA 2015-47 (CVE-2015-0797): Buffer overflow parsing H.264 video
with Linux Gstreamer. Upstream references: bmo#1080995.
*
MFSA 2015-48 (CVE-2015-2710): Buffer overflow with SVG content and
CSS. Upstream references: bmo#1149542.
*
MFSA 2015-51 (CVE-2015-2713): Use-after-free during text processing
with vertical text enabled. Upstream references: bmo#1153478.
*
MFSA 2015-54 (CVE-2015-2716): Buffer overflow when parsing compressed
XML. Upstream references: bmo#1140537.
Security Issues:
* CVE-2015-0797
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0797>
* CVE-2015-2708
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2708>
* CVE-2015-2709
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2709>
* CVE-2015-2710
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2710>
* CVE-2015-2713
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2713>
* CVE-2015-2716
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716>
SUSE bug 930622CVE-2015-0797CVE-2015-2708CVE-2015-2709CVE-2015-2710CVE-2015-2713CVE-2015-2716cpe:/o:suse:suse_sled:11:sp3Security update for MozillaFirefox, mozilla-nspr (Important)SUSE Linux Enterprise Desktop 11 SP3
Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003),
fixing bugs and security issues.
* MFSA 2015-96/CVE-2015-4500/CVE-2015-4501
Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)
* MFSA 2015-101/CVE-2015-4506
Buffer overflow in libvpx while parsing vp9 format video
* MFSA 2015-105/CVE-2015-4511
Buffer overflow while decoding WebM video
* MFSA 2015-106/CVE-2015-4509
Use-after-free while manipulating HTML media content
* MFSA 2015-110/CVE-2015-4519
Dragging and dropping images exposes final URL after
redirects
* MFSA 2015-111/CVE-2015-4520
Errors in the handling of CORS preflight request headers
* MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522
CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177
CVE-2015-7180
Vulnerabilities found through code inspection
More details can be found on
https://www.mozilla.org/en-US/security/advisories/
The Mozilla NSPR library was updated to version 4.10.9, fixing various bugs.
ImportantSUSE bug 947003CVE-2015-4500CVE-2015-4501CVE-2015-4506CVE-2015-4509CVE-2015-4511CVE-2015-4517CVE-2015-4519CVE-2015-4520CVE-2015-4521CVE-2015-4522CVE-2015-7174CVE-2015-7175CVE-2015-7176CVE-2015-7177CVE-2015-7180cpe:/o:suse:suse_sled:11:sp3Security update for MozillaFirefox (Important)SUSE Linux Enterprise Desktop 11 SP3
Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003),
fixing bugs and security issues.
* MFSA 2015-96/CVE-2015-4500/CVE-2015-4501
Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)
* MFSA 2015-101/CVE-2015-4506
Buffer overflow in libvpx while parsing vp9 format video
* MFSA 2015-105/CVE-2015-4511
Buffer overflow while decoding WebM video
* MFSA 2015-106/CVE-2015-4509
Use-after-free while manipulating HTML media content
* MFSA 2015-110/CVE-2015-4519
Dragging and dropping images exposes final URL after
redirects
* MFSA 2015-111/CVE-2015-4520
Errors in the handling of CORS preflight request headers
* MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522
CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177
CVE-2015-7180
Vulnerabilities found through code inspection
More details can be found on
https://www.mozilla.org/en-US/security/advisories/
ImportantSUSE bug 947003CVE-2015-4500CVE-2015-4501CVE-2015-4506CVE-2015-4509CVE-2015-4511CVE-2015-4517CVE-2015-4519CVE-2015-4520CVE-2015-4521CVE-2015-4522CVE-2015-7174CVE-2015-7175CVE-2015-7176CVE-2015-7177CVE-2015-7180cpe:/o:suse:suse_sled:11:sp3Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)SUSE Linux Enterprise Desktop 11 SP3
This Mozilla Firefox, NSS and NSPR update fixes the following security
and non security issues.
- mozilla-nspr was updated to version 4.10.10 (bsc#952810)
* MFSA 2015-133/CVE-2015-7183
(bmo#1205157)
NSPR memory corruption issues
- mozilla-nss was updated to 3.19.2.1 (bsc#952810)
* MFSA 2015-133/CVE-2015-7181/CVE-2015-7182
(bmo#1192028, bmo#1202868)
NSS and NSPR memory corruption issues
- MozillaFirefox was updated to 38.4.0 ESR (bsc#952810)
* MFSA 2015-116/CVE-2015-4513
(bmo#1107011, bmo#1191942, bmo#1193038, bmo#1204580,
bmo#1204669, bmo#1204700, bmo#1205707, bmo#1206564,
bmo#1208665, bmo#1209471, bmo#1213979)
Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)
* MFSA 2015-122/CVE-2015-7188
(bmo#1199430)
Trailing whitespace in IP address hostnames can bypass
same-origin policy
* MFSA 2015-123/CVE-2015-7189
(bmo#1205900)
Buffer overflow during image interactions in canvas
* MFSA 2015-127/CVE-2015-7193
(bmo#1210302)
CORS preflight is bypassed when non-standard Content-Type
headers are received
* MFSA 2015-128/CVE-2015-7194
(bmo#1211262)
Memory corruption in libjar through zip files
* MFSA 2015-130/CVE-2015-7196
(bmo#1140616)
JavaScript garbage collection crash with Java applet
* MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
(bmo#1204061, bmo#1188010, bmo#1204155)
Vulnerabilities found through code inspection
* MFSA 2015-132/CVE-2015-7197
(bmo#1204269)
Mixed content WebSocket policy bypass through workers
* MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
(bmo#1202868, bmo#1192028, bmo#1205157)
NSS and NSPR memory corruption issues
- fix printing on landscape media (bsc#908275)
ImportantSUSE bug 908275SUSE bug 952810CVE-2015-4513CVE-2015-7181CVE-2015-7182CVE-2015-7183CVE-2015-7188CVE-2015-7189CVE-2015-7193CVE-2015-7194CVE-2015-7196CVE-2015-7197CVE-2015-7198CVE-2015-7199CVE-2015-7200cpe:/o:suse:suse_sled:11:sp3Security update for Mozilla FirefoxSUSE Linux Enterprise Desktop 11 SP3
MozillaFirefox has been updated to the 24.2.0 ESR security release.
This is a major upgrade from the 17 ESR release branch.
Security issues fixed:
* CVE-2013-5611 Application Installation doorhanger persists on
navigation (MFSA 2013-105)
* CVE-2013-5609 Miscellaneous memory safety hazards (rv:24.2) (MFSA
2013-104)
* CVE-2013-5610 Miscellaneous memory safety hazards (rv:26.0) (MFSA
2013-104)
* CVE-2013-5612 Character encoding cross-origin XSS attack (MFSA
2013-106)
* CVE-2013-5614 Sandbox restrictions not applied to nested object
elements (MFSA 2013-107)
* CVE-2013-5616 Use-after-free in event listeners (MFSA 2013-108)
* CVE-2013-5619 Potential overflow in JavaScript binary search
algorithms (MFSA 2013-110)
* CVE-2013-6671 Segmentation violation when replacing ordered list
elements (MFSA 2013-111)
* CVE-2013-6673 Trust settings for built-in roots ignored during EV
certificate validation (MFSA 2013-113)
* CVE-2013-5613 Use-after-free in synthetic mouse movement (MFSA
2013-114)
* CVE-2013-5615 GetElementIC typed array stubs can be generated outside
observed typesets (MFSA 2013-115)
* CVE-2013-6672 Linux clipboard information disclosure though selection
paste (MFSA 2013-112)
* CVE-2013-5618 Use-after-free during Table Editing (MFSA 2013-109)
Security Issue references:
* CVE-2013-5609
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5609>
* CVE-2013-5610
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5610>
* CVE-2013-5611
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5611>
* CVE-2013-5612
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5612>
* CVE-2013-5613
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5613>
* CVE-2013-5614
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5614>
* CVE-2013-5615
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5615>
* CVE-2013-5616
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5616>
* CVE-2013-5618
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5618>
* CVE-2013-5619
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5619>
* CVE-2013-6671
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6671>
* CVE-2013-6672
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6672>
* CVE-2013-6673
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6673>
SUSE bug 854367SUSE bug 854370CVE-2013-5609CVE-2013-5610CVE-2013-5611CVE-2013-5612CVE-2013-5613CVE-2013-5614CVE-2013-5615CVE-2013-5616CVE-2013-5618CVE-2013-5619CVE-2013-6671CVE-2013-6672CVE-2013-6673cpe:/o:suse:suse_sled:11:sp3Security update for MozillaFirefoxSUSE Linux Enterprise Desktop 11 SP3
This version update of Mozilla Firefox to 31.2.0ESR brings improvements,
stability fixes and also security fixes for the following CVEs:
CVE-2014-1574, CVE-2014-1575, CVE-2014-1576 ,CVE-2014-1577, CVE-2014-1578,
CVE-2014-1581, CVE-2014-1583, CVE-2014-1585, CVE-2014-1586
It also disables SSLv3 by default to mitigate the protocol downgrade attack
known as POODLE.
This update fixes some regressions introduced by the previously released
update.
Security Issues:
* CVE-2014-1574
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1574>
* CVE-2014-1575
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1575>
* CVE-2014-1576
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1576>
* CVE-2014-1577
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1577>
* CVE-2014-1578
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1578>
* CVE-2014-1581
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1581>
* CVE-2014-1583
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1583>
* CVE-2014-1585
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1585>
* CVE-2014-1586
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1586>
SUSE bug 900941SUSE bug 905056SUSE bug 905528CVE-2014-1574CVE-2014-1575CVE-2014-1576CVE-2014-1577CVE-2014-1578CVE-2014-1581CVE-2014-1583CVE-2014-1585CVE-2014-1586cpe:/o:suse:suse_sled:11:sp3Security update for MozillaFirefox, mozilla-nss (Important)SUSE Linux Enterprise Desktop 11 SP3
Mozilla Firefox is being updated to the current Firefox 38ESR branch (specifically the 38.2.0ESR release).
Security issues fixed:
- MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file stealing via PDF reader
- MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)
- MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file
- MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable JavaScript object properties
- MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright
- MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in JavaScript
- MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling bitmap images
- MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx when decoding WebM video
- MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489: Vulnerabilities found through code inspection
- MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with shared workers
This update also contains a lot of feature improvements and bug fixes from 31ESR to 38ESR.
Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which is what Firefox 38ESR uses.
ImportantSUSE bug 940806CVE-2015-4473CVE-2015-4474CVE-2015-4475CVE-2015-4478CVE-2015-4479CVE-2015-4484CVE-2015-4485CVE-2015-4486CVE-2015-4487CVE-2015-4488CVE-2015-4489CVE-2015-4491CVE-2015-4492CVE-2015-4495cpe:/o:suse:suse_sled:11:sp3Security update for flacSUSE Linux Enterprise Desktop 11 SP3
flac was updated to fix two security issues:
* Stack overflow may result in arbitrary code execution
(CVE-2014-8962).
* Heap overflow via specially crafted .flac files (CVE-2014-9028).
Security Issues:
* CVE-2014-8962
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8962>
* CVE-2014-9028
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9028>
SUSE bug 906831SUSE bug 907016CVE-2014-8962CVE-2014-9028cpe:/o:suse:suse_sled:11:sp3Security update for flash-playerSUSE Linux Enterprise Desktop 11 SP3
flash-player was updated to version 11.2.202.418 to fix 18 security issues:
* Memory corruption vulnerabilities that could lead to code execution
(CVE-2014-0576, CVE-2014-0581, CVE-2014-8440, CVE-2014-8441).
* Use-after-free vulnerabilities that could lead to code execution
(CVE-2014-0573, CVE-2014-0588, CVE-2014-8438).
* A double free vulnerability that could lead to code execution
(CVE-2014-0574).
* Type confusion vulnerabilities that could lead to code execution
(CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586,
CVE-2014-0590).
* Heap buffer overflow vulnerabilities that could lead to code
execution (CVE-2014-0582, CVE-2014-0589).
* An information disclosure vulnerability that could be exploited to
disclose session tokens (CVE-2014-8437).
* A heap buffer overflow vulnerability that could be exploited to
perform privilege escalation from low to medium integrity level
(CVE-2014-0583).
* A permission issue that could be exploited to perform privilege
escalation from low to medium integrity level (CVE-2014-8442).
Further information can be found at
http://helpx.adobe.com/security/products/flash-player/apsb14-24.html
<http://helpx.adobe.com/security/products/flash-player/apsb14-24.html> .
Security Issues:
* CVE-2014-0576
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0576>
* CVE-2014-0581
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0581>
* CVE-2014-8440
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8440>
* CVE-2014-8441
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8441>
* CVE-2014-0573
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0573>
* CVE-2014-0588
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0588>
* CVE-2014-8438
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8438>
* CVE-2014-0574
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0574>
* CVE-2014-0577
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0577>
* CVE-2014-0584
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0584>
* CVE-2014-0585
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0585>
* CVE-2014-0586
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0586>
* CVE-2014-0590
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0590>
* CVE-2014-0582
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0582>
* CVE-2014-0589
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0589>
* CVE-2014-8437
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8437>
* CVE-2014-0583
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0583>
* CVE-2014-8442
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8442>
SUSE bug 905032CVE-2014-0573CVE-2014-0574CVE-2014-0576CVE-2014-0577CVE-2014-0581CVE-2014-0582CVE-2014-0583CVE-2014-0584CVE-2014-0585CVE-2014-0586CVE-2014-0588CVE-2014-0589CVE-2014-0590CVE-2014-8437CVE-2014-8438CVE-2014-8440CVE-2014-8441CVE-2014-8442cpe:/o:suse:suse_sled:11:sp3Security update for flash-player (Critical)SUSE Linux Enterprise Desktop 11 SP3
flash-player was updated to fix 35 security issues.
These security issues were fixed:
- CVE-2015-3135, CVE-2015-4432, CVE-2015-5118: Heap buffer overflow vulnerabilities that could lead to code execution (bsc#937339).
- CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431: Memory corruption vulnerabilities that could lead to code execution (bsc#937339).
- CVE-2015-3126, CVE-2015-4429: Null pointer dereference issues (bsc#937339).
- CVE-2015-3114: A security bypass vulnerability that could lead to information disclosure (bsc#937339).
- CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433: Type confusion vulnerabilities that could lead to code execution (bsc#937339).
- CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119: Use-after-free vulnerabilities that could lead to code execution (bsc#937339).
- CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116: Vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure (bsc#937339).
CriticalSUSE bug 937339CVE-2014-0578CVE-2015-3114CVE-2015-3115CVE-2015-3116CVE-2015-3117CVE-2015-3118CVE-2015-3119CVE-2015-3120CVE-2015-3121CVE-2015-3122CVE-2015-3123CVE-2015-3124CVE-2015-3125CVE-2015-3126CVE-2015-3127CVE-2015-3128CVE-2015-3129CVE-2015-3130CVE-2015-3131CVE-2015-3132CVE-2015-3133CVE-2015-3134CVE-2015-3135CVE-2015-3136CVE-2015-3137CVE-2015-4428CVE-2015-4429CVE-2015-4430CVE-2015-4431CVE-2015-4432CVE-2015-4433CVE-2015-5116CVE-2015-5117CVE-2015-5118CVE-2015-5119cpe:/o:suse:suse_sled:11:sp3Security update for flash-player (Critical)SUSE Linux Enterprise Desktop 11 SP3
flash-player was updated to fix two security issues.
These security issues were fixed:
- CVE-2015-5123: Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function (bsc#937752).
- CVE-2015-5122: Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property (bsc#937752).
CriticalSUSE bug 937752CVE-2015-5122CVE-2015-5123cpe:/o:suse:suse_sled:11:sp3Security update for flash-player (Critical)SUSE Linux Enterprise Desktop 11 SP3
This security update to 11.2.202.508 (bsc#941239) fixes the
following issues:
* APSB15-19: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125,
CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130,
CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134,
CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544,
CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548,
CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552,
CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556,
CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560,
CVE-2015-5561, CVE-2015-5562, CVE-2015-5563
CriticalSUSE bug 941239CVE-2015-3107CVE-2015-5124CVE-2015-5125CVE-2015-5127CVE-2015-5128CVE-2015-5129CVE-2015-5130CVE-2015-5131CVE-2015-5132CVE-2015-5133CVE-2015-5134CVE-2015-5539CVE-2015-5540CVE-2015-5541CVE-2015-5544CVE-2015-5545CVE-2015-5546CVE-2015-5547CVE-2015-5548CVE-2015-5549CVE-2015-5550CVE-2015-5551CVE-2015-5552CVE-2015-5553CVE-2015-5554CVE-2015-5555CVE-2015-5556CVE-2015-5557CVE-2015-5558CVE-2015-5559CVE-2015-5560CVE-2015-5561CVE-2015-5562CVE-2015-5563cpe:/o:suse:suse_sled:11:sp3Security update for flash-player (Important)SUSE Linux Enterprise Desktop 11 SP3
Adobe Flash Player was updated to 11.2.202.521 (APSB15-23 bsc#946880) fixing several security issues:
More information can be found on:
https://helpx.adobe.com/security/products/flash-player/apsb15-23.html
ImportantSUSE bug 946880CVE-2015-5567CVE-2015-5568CVE-2015-5570CVE-2015-5571CVE-2015-5572CVE-2015-5573CVE-2015-5574CVE-2015-5575CVE-2015-5576CVE-2015-5577CVE-2015-5578CVE-2015-5579CVE-2015-5580CVE-2015-5581CVE-2015-5582CVE-2015-5584CVE-2015-5587CVE-2015-5588CVE-2015-6676CVE-2015-6677CVE-2015-6678CVE-2015-6679CVE-2015-6682cpe:/o:suse:suse_sled:11:sp3Security update for flash-player (Important)SUSE Linux Enterprise Desktop 11 SP3
flash-player was updated to version 11.2.202.535 to fix 13 security issues (bsc#950169).
These security issues were fixed:
- A vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2015-7628).
- A defense-in-depth feature in the Flash broker API (CVE-2015-5569).
- Use-after-free vulnerabilities that could lead to code execution (CVE-2015-7629, CVE-2015-7631, CVE-2015-7643, CVE-2015-7644).
- A buffer overflow vulnerability that could lead to code execution (CVE-2015-7632).
- Memory corruption vulnerabilities that could lead to code execution (CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, CVE-2015-7634).
ImportantSUSE bug 950169CVE-2015-5569CVE-2015-7625CVE-2015-7626CVE-2015-7627CVE-2015-7628CVE-2015-7629CVE-2015-7630CVE-2015-7631CVE-2015-7632CVE-2015-7633CVE-2015-7634CVE-2015-7643CVE-2015-7644cpe:/o:suse:suse_sled:11:sp3Security update for flash-player (Critical)SUSE Linux Enterprise Desktop 11 SP3
flash-player was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-7645: Critical vulnerability affecting 11.2.202.535 used in Pawn Storm (APSA15-05) (bsc#950474).
CriticalSUSE bug 950474CVE-2015-7645cpe:/o:suse:suse_sled:11:sp3Security update for flash-player (Moderate)SUSE Linux Enterprise Desktop 11 SP3
The flash-player package was updated to fix the following security issues:
- Security update to 11.2.202.548 (bsc#954512):
* APSB15-28, CVE-2015-7651, CVE-2015-7652, CVE-2015-7653,
CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657,
CVE-2015-7658, CVE-2015-7659, CVE-2015-7660, CVE-2015-7661,
CVE-2015-7662, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043,
CVE-2015-8044, CVE-2015-8046
ModerateSUSE bug 954512CVE-2015-7651CVE-2015-7652CVE-2015-7653CVE-2015-7654CVE-2015-7655CVE-2015-7656CVE-2015-7657CVE-2015-7658CVE-2015-7659CVE-2015-7660CVE-2015-7661CVE-2015-7662CVE-2015-7663CVE-2015-8042CVE-2015-8043CVE-2015-8044CVE-2015-8046cpe:/o:suse:suse_sled:11:sp3Security update for flash-player (Important)SUSE Linux Enterprise Desktop 11 SP3
This update for flash-player to version 11.2.202.554 fixes the following security issues
in Adobe security advisory APSB15-32.
* These updates resolve heap buffer overflow vulnerabilities that could
lead to code execution (CVE-2015-8438, CVE-2015-8446).
* These updates resolve memory corruption vulnerabilities that could
lead to code execution (CVE-2015-8444, CVE-2015-8443, CVE-2015-8417,
CVE-2015-8416, CVE-2015-8451, CVE-2015-8047, CVE-2015-8455, CVE-2015-8045,
CVE-2015-8418, CVE-2015-8060, CVE-2015-8419, CVE-2015-8408).
* These updates resolve security bypass vulnerabilities (CVE-2015-8453,
CVE-2015-8440, CVE-2015-8409).
* These updates resolve a stack overflow vulnerability that could lead
to code execution (CVE-2015-8407).
* These updates resolve a type confusion vulnerability that could lead
to code execution (CVE-2015-8439).
* These updates resolve an integer overflow vulnerability that could
lead to code execution (CVE-2015-8445).
* These updates resolve a buffer overflow vulnerability that could lead
to code execution (CVE-2015-8415)
* These updates resolve use-after-free vulnerabilities that could
lead to code execution (CVE-2015-8050, CVE-2015-8049, CVE-2015-8437,
CVE-2015-8450, CVE-2015-8449, CVE-2015-8448, CVE-2015-8436, CVE-2015-8452,
CVE-2015-8048, CVE-2015-8413, CVE-2015-8412, CVE-2015-8410, CVE-2015-8411,
CVE-2015-8424, CVE-2015-8422, CVE-2015-8420, CVE-2015-8421, CVE-2015-8423,
CVE-2015-8425, CVE-2015-8433, CVE-2015-8432, CVE-2015-8431, CVE-2015-8426,
CVE-2015-8430, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8434,
CVE-2015-8435, CVE-2015-8414, CVE-2015-8454, CVE-2015-8059, CVE-2015-8058,
CVE-2015-8055, CVE-2015-8057, CVE-2015-8056, CVE-2015-8061, CVE-2015-8067,
CVE-2015-8066, CVE-2015-8062, CVE-2015-8068, CVE-2015-8064, CVE-2015-8065,
CVE-2015-8063, CVE-2015-8405, CVE-2015-8404, CVE-2015-8402, CVE-2015-8403,
CVE-2015-8071, CVE-2015-8401, CVE-2015-8406, CVE-2015-8069, CVE-2015-8070,
CVE-2015-8441, CVE-2015-8442, CVE-2015-8447).
Please also see
https://helpx.adobe.com/security/products/flash-player/apsb15-32.html
ImportantSUSE bug 958324CVE-2015-8045CVE-2015-8047CVE-2015-8048CVE-2015-8049CVE-2015-8050CVE-2015-8055CVE-2015-8056CVE-2015-8057CVE-2015-8058CVE-2015-8059CVE-2015-8060CVE-2015-8061CVE-2015-8062CVE-2015-8063CVE-2015-8064CVE-2015-8065CVE-2015-8066CVE-2015-8067CVE-2015-8068CVE-2015-8069CVE-2015-8070CVE-2015-8071CVE-2015-8401CVE-2015-8402CVE-2015-8403CVE-2015-8404CVE-2015-8405CVE-2015-8406CVE-2015-8407CVE-2015-8408CVE-2015-8409CVE-2015-8410CVE-2015-8411CVE-2015-8412CVE-2015-8413CVE-2015-8414CVE-2015-8415CVE-2015-8416CVE-2015-8417CVE-2015-8418CVE-2015-8419CVE-2015-8420CVE-2015-8421CVE-2015-8422CVE-2015-8423CVE-2015-8424CVE-2015-8425CVE-2015-8426CVE-2015-8427CVE-2015-8428CVE-2015-8429CVE-2015-8430CVE-2015-8431CVE-2015-8432CVE-2015-8433CVE-2015-8434CVE-2015-8435CVE-2015-8436CVE-2015-8437CVE-2015-8438CVE-2015-8439CVE-2015-8440CVE-2015-8441CVE-2015-8442CVE-2015-8443CVE-2015-8444CVE-2015-8445CVE-2015-8446CVE-2015-8447CVE-2015-8448CVE-2015-8449CVE-2015-8450CVE-2015-8451CVE-2015-8452CVE-2015-8453CVE-2015-8454CVE-2015-8455cpe:/o:suse:suse_sled:11:sp3Security update for flash-player (Important)SUSE Linux Enterprise Desktop 11 SP3
This update for flash-player fixes the following issues:
- CVE-2015-8644: Type confusion vulnerability that could lead to code execution.
- CVE-2015-8651: Integer overflow vulnerability that could lead to code execution.
- CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650: Use-after-free vulnerabilities that could lead to code execution.
- CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645: Memory corruption vulnerabilities that could lead to code execution.
ImportantSUSE bug 960317CVE-2015-8459CVE-2015-8460CVE-2015-8634CVE-2015-8635CVE-2015-8636CVE-2015-8638CVE-2015-8639CVE-2015-8640CVE-2015-8641CVE-2015-8642CVE-2015-8643CVE-2015-8644CVE-2015-8645CVE-2015-8646CVE-2015-8647CVE-2015-8648CVE-2015-8649CVE-2015-8650CVE-2015-8651cpe:/o:suse:suse_sled:11:sp3Security update for foomatic-filters (Moderate)SUSE Linux Enterprise Desktop 11 SP3
This update fixes the following security issues:
CVE-2015-8327: adds backtick and semicolon to the list of illegal shell escape characters (bsc#957531).
CVE-2015-8560: fixed code execution via improper escaping of ; (bsc#957531).
ModerateSUSE bug 957531CVE-2015-8327CVE-2015-8560cpe:/o:suse:suse_sled:11:sp3Security update for freetype2SUSE Linux Enterprise Desktop 11 SP3
The font rendering library freetype2 has been updated to fix various
security issues.
Security Issues:
* CVE-2014-9656
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656>
* CVE-2014-9657
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657>
* CVE-2014-9658
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658>
* CVE-2014-9660
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660>
* CVE-2014-9661
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661>
* CVE-2014-9662
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9662>
* CVE-2014-9667
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667>
* CVE-2014-9666
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666>
* CVE-2014-9665
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9665>
* CVE-2014-9664
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664>
* CVE-2014-9663
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663>
* CVE-2014-9659
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9659>
* CVE-2014-9668
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9668>
* CVE-2014-9669
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669>
* CVE-2014-9670
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670>
* CVE-2014-9671
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671>
* CVE-2014-9672
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672>
* CVE-2014-9673
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673>
* CVE-2014-9674
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9674>
* CVE-2014-9675
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675>
SUSE bug 916856SUSE bug 916857SUSE bug 916858SUSE bug 916859SUSE bug 916861SUSE bug 916863SUSE bug 916864SUSE bug 916865SUSE bug 916870SUSE bug 916871SUSE bug 916872SUSE bug 916873SUSE bug 916874SUSE bug 916879SUSE bug 916881CVE-2014-9656CVE-2014-9657CVE-2014-9658CVE-2014-9659CVE-2014-9660CVE-2014-9661CVE-2014-9662CVE-2014-9663CVE-2014-9664CVE-2014-9665CVE-2014-9666CVE-2014-9667CVE-2014-9668CVE-2014-9669CVE-2014-9670CVE-2014-9671CVE-2014-9672CVE-2014-9673CVE-2014-9674CVE-2014-9675cpe:/o:suse:suse_sled:11:sp3Security update for FUSESUSE Linux Enterprise Desktop 11 SP3
This update for FUSE fixes the following security issue:
* CVE-2015-3202: FUSE did not clear the environment upon execution of
external programs.
Security Issues:
* CVE-2015-3202
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3202>
SUSE bug 931452CVE-2015-3202cpe:/o:suse:suse_sled:11:sp3Security update for gdSUSE Linux Enterprise Desktop 11 SP3
The graphics drawing library gd has been updated to fix one security issue:
* possible buffer read overflow (CVE-2014-9709)
Security Issues:
* CVE-2014-9709
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709>
SUSE bug 923945CVE-2014-9709cpe:/o:suse:suse_sled:11:sp3Security update for giflib (Moderate)SUSE Linux Enterprise Desktop 11 SP3
This update for giflib fixes the following issues:
- CVE-2015-7555: Heap overflow in giffix (bsc#960319)
ModerateSUSE bug 960319CVE-2015-7555cpe:/o:suse:suse_sled:11:sp3Security update for gimpSUSE Linux Enterprise Desktop 11 SP3
This update fixes the following security issues with gimp:
* bnc#853423: XWD plugin g_new() integer overflow (CVE-2013-1913)
* bnc#853425: XWD plugin color map heap-based buffer overflow
(CVE-2013-1978)
* bnc#791372: memory corruption via XWD files (CVE-2012-5576)
Security Issue references:
* CVE-2013-1913
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1913>
* CVE-2012-5576
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5576>
* CVE-2013-1978
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1978>
SUSE bug 791372SUSE bug 853423SUSE bug 853425CVE-2012-5576CVE-2013-1913CVE-2013-1978cpe:/o:suse:suse_sled:11:sp3Security update for glibcSUSE Linux Enterprise Desktop 11 SP3
This glibc update fixes a critical privilege escalation problem and two
non-security issues:
* bnc#892073: An off-by-one error leading to a heap-based buffer
overflow was found in __gconv_translit_find(). An exploit that
targets the problem is publicly available. (CVE-2014-5119)
* bnc#892065: setenv-alloca.patch: Avoid unbound alloca in setenv.
* bnc#888347: printf-multibyte-format.patch: Don't parse %s format
argument as multi-byte string.
Security Issues:
* CVE-2014-5119
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119>
SUSE bug 888347SUSE bug 892065SUSE bug 892073CVE-2014-5119cpe:/o:suse:suse_sled:11:sp3Security update for glibc (Important)SUSE Linux Enterprise Desktop 11 SP3
This update for glibc provides fixes for security and non-security issues.
These security issues have been fixed:
- CVE-2015-1781: Buffer length after padding in resolv/nss_dns/dns-host.c. (bsc#927080)
- CVE-2013-2207: pt_chown did not properly check permissions for tty files, which allowed
local users to change the permission on the files and obtain access to arbitrary
pseudo-terminals by leveraging a FUSE file system. (bsc#830257)
- CVE-2014-8121: DB_LOOKUP in the Name Service Switch (NSS) did not properly check if a
file is open, which allowed remote attackers to cause a denial of service (infinite loop)
by performing a look-up while the database is iterated over the database, which triggers
the file pointer to be reset. (bsc#918187)
- Fix read past end of pattern in fnmatch. (bsc#920338)
These non-security issues have been fixed:
- Fix locking in _IO_flush_all_lockp() to prevent deadlocks in applications. (bsc#851280)
- Record TTL also for DNS PTR queries. (bsc#928723)
- Fix invalid free in ld.so. (bsc#932059)
- Make PowerPC64 default to non-executable stack. (bsc#933770)
- Fix floating point exceptions in some circumstances with exp() and friends. (bsc#933903)
- Fix bad TEXTREL in glibc.i686. (bsc#935286)
ImportantSUSE bug 830257SUSE bug 851280SUSE bug 918187SUSE bug 920338SUSE bug 927080SUSE bug 928723SUSE bug 932059SUSE bug 933770SUSE bug 933903SUSE bug 935286CVE-2013-2207CVE-2014-8121CVE-2015-1781cpe:/o:suse:suse_sled:11:sp3Security update for glibc (Important)SUSE Linux Enterprise Desktop 11 SP3
This update for glibc fixes the following issues:
- CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721)
- CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944)
- CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736)
- CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737)
- CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738)
- CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739)
The following non-security bugs were fixed:
- bsc#930721: Accept leading and trailing spaces in getdate input string
- bsc#942317: Recognize power8 platform
- bsc#950944: Always enable pointer guard
- bsc#956988: Fix deadlock in __dl_iterate_phdr
ImportantSUSE bug 930721SUSE bug 942317SUSE bug 950944SUSE bug 956988SUSE bug 961721SUSE bug 962736SUSE bug 962737SUSE bug 962738SUSE bug 962739CVE-2014-9761CVE-2015-7547CVE-2015-8776CVE-2015-8777CVE-2015-8778CVE-2015-8779cpe:/o:suse:suse_sled:11:sp3Security update for gnutlsSUSE Linux Enterprise Desktop 11 SP3
GnuTLS has been patched to ensure proper parsing of session ids during the
TLS/SSL handshake. Additionally, three issues inherited from libtasn1 have
been fixed.
Further information is available at
http://www.gnutls.org/security.html#GNUTLS-SA-2014-3
<http://www.gnutls.org/security.html#GNUTLS-SA-2014-3>
These security issues have been fixed:
* Possible memory corruption during connect (CVE-2014-3466)
* Multiple boundary check issues could allow DoS (CVE-2014-3467)
* asn1_get_bit_der() can return negative bit length (CVE-2014-3468)
* Possible DoS by NULL pointer dereference (CVE-2014-3469)
Security Issue references:
* CVE-2014-3466
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466>
SUSE bug 880730SUSE bug 880910CVE-2014-3466cpe:/o:suse:suse_sled:11:sp3Security update for gnutls (Moderate)SUSE Linux Enterprise Desktop 11 SP3
This security update of gnutls fixes the following issues:
- use minimal padding for CBC, the default random length padding
causes problems with some servers (bsc#925499)
* added gnutls-use_minimal_cbc_padding.patch
- use the default DH minimum for gnutls-cli instead of hardcoding 512
* CVE-2015-4000 (Logjam) (bsc#932026)
* added gnutls-CVE-2015-4000-logjam-use_the_default_DH_min_for_cli.patch
ModerateSUSE bug 925499SUSE bug 932026CVE-2015-4000cpe:/o:suse:suse_sled:11:sp3Security update for gnutls (Moderate)SUSE Linux Enterprise Desktop 11 SP3
This update for gnutls fixes the following security issues:
- CVE-2015-8313: First byte of the padding in CBC mode is not checked (bsc#957568)
- CVE-2015-2806: Two-byte stack overflow in asn1_der_decoding (bsc#924828)
ModerateSUSE bug 924828SUSE bug 947271SUSE bug 957568CVE-2015-2806CVE-2015-8313cpe:/o:suse:suse_sled:11:sp3Security update for GPG2SUSE Linux Enterprise Desktop 11 SP3
GPG2 has been updated to fix a possible denial of service.
This security issue has been fixed:
* Denial of service through infinite loop with garbled compressed data
packets (CVE-2014-4617)
Security Issues:
* CVE-2014-4617
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4617>
SUSE bug 884130CVE-2014-4617cpe:/o:suse:suse_sled:11:sp3Security update for gpg2 (Moderate)SUSE Linux Enterprise Desktop 11 SP3
This update for gpg2 fixes the following issues:
- Fix cve-2015-1606 (bsc#918089)
* Invalid memory read using a garbled keyring
* 0001-Gpg-prevent-an-invalid-memory-read-using-a-garbled-k.patch
- Fix cve-2015-1607 (bsc#918090)
* Memcpy with overlapping ranges
* 0001-Use-inline-functions-to-convert-buffer-data-to-scala.patch
ModerateSUSE bug 918089SUSE bug 918090CVE-2015-1606CVE-2015-1607cpe:/o:suse:suse_sled:11:sp3Security update for gpgmeSUSE Linux Enterprise Desktop 11 SP3
This gpgme update fixes the following security issue:
* bnc#890123: Fix possible overflow in gpgsm and uiserver engines
(CVE-2014-3564)
Security Issues:
* CVE-2014-3564
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3564>
SUSE bug 890123CVE-2014-3564cpe:/o:suse:suse_sled:11:sp3Security update for grub2 (Important)SUSE Linux Enterprise Desktop 11 SP3
This update for grub2 provides the following fixes:
A security issues with a bufferoverflow when reading username and password was fixed (bsc#956631, CVE-2015-8370)
Bugs fixed:
- Expand list of grub.cfg search path in PV Xen guests for systems installed on btrfs
snapshots. (bsc#946148, bsc#952539)
- Add grub.xen config searching path on boot partition. (bsc#884828)
- Add linux16 and initrd16 to grub.xen. (bsc#884830)
ImportantSUSE bug 884828SUSE bug 884830SUSE bug 946148SUSE bug 952539SUSE bug 954592SUSE bug 956631CVE-2015-8370cpe:/o:suse:suse_sled:11:sp3Security update for gstreamer-0_10-plugins-badSUSE Linux Enterprise Desktop 11 SP3
gstreamer-0_10-plugins-bad was updated to fix a security issue, a buffer
overflow in mp4 parsing (bnc#927559 CVE-2015-0797).
Security Issues:
* CVE-2015-0797
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0797>
SUSE bug 927559CVE-2015-0797cpe:/o:suse:suse_sled:11:sp3Security update for gtk2 (Moderate)SUSE Linux Enterprise Desktop 11 SP3
gtk2 was updated to fix two security issues.
These security issues were fixed:
- CVE-2015-4491: Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, allowed remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that were mishandled during scaling (bsc#942801).
- CVE-2015-7674: Fix overflow when scaling GIF files (bsc#948791).
This non-security issue was fixed:
- Add the script which generates gdk-pixbuf64.loaders to the spec file (bsc#922741).
ModerateSUSE bug 922741SUSE bug 942801SUSE bug 948791CVE-2015-4491CVE-2015-7674cpe:/o:suse:suse_sled:11:sp3Security update for gdk2 (Moderate)SUSE Linux Enterprise Desktop 11 SP3
This update for gdk2 fixes the following security issues:
- CVE-2015-7552: various overflows, including heap overflow in flipping bmp files (bsc#958963)
The following non-security issues were fixed:
- bsc#960155: fix a possible divide by zero ModerateSUSE bug 958963SUSE bug 960155CVE-2015-7552cpe:/o:suse:suse_sled:11:sp3Security update for hplipSUSE Linux Enterprise Desktop 11 SP3
hplip was updated to fix three security issues:
*
CVE-2013-0200: Some local file overwrite problems via predictable
/tmp filenames were fixed.
*
CVE-2013-4325: hplip used an insecure polkit DBUS API (polkit-process
subject race condition) which could lead to local privilege
escalation.
*
CVE-2013-6402: hplip uses arbitrary file creation/overwrite (via
hardcoded file name /tmp/hp-pkservice.log).
Security Issue references:
* CVE-2013-4325
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4325>
* CVE-2013-0200
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0200>
* CVE-2013-6402
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6402>
SUSE bug 808355SUSE bug 835827SUSE bug 836937SUSE bug 852368CVE-2013-0200CVE-2013-4325CVE-2013-6402cpe:/o:suse:suse_sled:11:sp3Security update for icedtea-webSUSE Linux Enterprise Desktop 11 SP3
The OpenJDK Java Plugin IcedTea Web was released to fix a temporary file
access problem.
Changes:
* Dialogs center on screen before becoming visible.
* Support for u45 new manifest attributes (Application-Name).
* Custom applet permission policies panel in itweb-settings control
panel.
* Plugin fixes:
o PR1271: icedtea-web does not handle 'javascript:'-protocol URLs
o RH976833: Multiple applets on one page cause deadlock
o Enabled javaconsole.
* Security fixes:
o CVE-2013-6493/RH1010958: Insecure temporary file use flaw in
LiveConnect implementation.
* Additional fixes and changes:
o Christmas splashscreen extension
o Fixed classloading deadlocks
o Cleaned code from warnings
o Pipes moved to XDG runtime dir.
Security Issue references:
* CVE-2013-6493
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6493>
SUSE bug 864364CVE-2013-6493cpe:/o:suse:suse_sled:11:sp3Security update for icuSUSE Linux Enterprise Desktop 11 SP3
This update fixes the following security issue in icu:
* CVE-2014-9654: insufficient size limit checks in regular expression
compiler (bsc#917129)
Security Issues:
* CVE-2014-9654
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9654>
SUSE bug 917129CVE-2014-9654cpe:/o:suse:suse_sled:11:sp3Security update for jasperSUSE Linux Enterprise Desktop 11 SP3
This update for jasper fixes the following security issues:
*
CVE-2014-8137: Double free in jas_iccattrval_destroy(). Double call
to free() allowed attackers to cause a denial of service or possibly
have unspecified other impact via unknown vectors. (bsc#909474)
*
CVE-2014-8138: Heap overflow in jas_decode(). This could be used to
do an arbitrary write and could result in arbitrary code execution.
(bsc#909475)
*
CVE-2014-8157: Off-by-one error in the jpc_dec_process_sot(). Could
allow remote attackers to cause a denial of service (crash) or
possibly execute arbitrary code via a crafted JPEG 2000 image, which
triggers a heap-based buffer overflow. (bsc#911837)
*
CVE-2014-8158: Multiple stack-based buffer overflows in jpc_qmfb.c.
Could allow remote attackers to cause a denial of service (crash) or
possibly execute arbitrary code via a crafted JPEG 2000 image.
(bsc#911837)
Security Issues:
* CVE-2014-8138
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8138>
* CVE-2014-8137
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8137>
* CVE-2014-8157
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8157>
* CVE-2014-8158
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8158>
SUSE bug 909474SUSE bug 909475SUSE bug 911837CVE-2014-8137CVE-2014-8138cpe:/o:suse:suse_sled:11:sp3Security update for Java OpenJDKSUSE Linux Enterprise Desktop 11 SP3
Oracle Critical Patch Update Advisory - October 2014
Description:
A Critical Patch Update (CPU) is a collection of patches for multiple
security vulnerabilities.
Find more information here:
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
<http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html>
SUSE bug 901242CVE-2014-4288CVE-2014-6456CVE-2014-6457CVE-2014-6458CVE-2014-6466CVE-2014-6468CVE-2014-6476CVE-2014-6485CVE-2014-6492CVE-2014-6493CVE-2014-6502CVE-2014-6503CVE-2014-6504CVE-2014-6506CVE-2014-6511CVE-2014-6512CVE-2014-6513CVE-2014-6515CVE-2014-6517CVE-2014-6519CVE-2014-6527CVE-2014-6531CVE-2014-6532CVE-2014-6558CVE-2014-6562cpe:/o:suse:suse_sled:11:sp3Security update for java-1_7_0-openjdk (Important)SUSE Linux Enterprise Desktop 11 SP3
OpenJDK was updated to 2.6.1 - OpenJDK 7u85 to fix security issues and bugs.
The following vulnerabilities were fixed:
* CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-2596: Difficult to exploit vulnerability in the Hotspot component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data.
* CVE-2015-2597: Easily exploitable vulnerability in the Install component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
* CVE-2015-2613: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.
* CVE-2015-2619: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
* CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
* CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
* CVE-2015-2627: Very difficult to exploit vulnerability in the Install component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
* CVE-2015-2628: Easily exploitable vulnerability in the CORBA component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
* CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
* CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data.
* CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data.
* CVE-2015-4729: Very difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data.
* CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-4736: Difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS).
* CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. ImportantSUSE bug 938248CVE-2015-2590CVE-2015-2596CVE-2015-2597CVE-2015-2601CVE-2015-2613CVE-2015-2619CVE-2015-2621CVE-2015-2625CVE-2015-2627CVE-2015-2628CVE-2015-2632CVE-2015-2637CVE-2015-2638CVE-2015-2664CVE-2015-2808CVE-2015-4000CVE-2015-4729CVE-2015-4731CVE-2015-4732CVE-2015-4733CVE-2015-4736CVE-2015-4748CVE-2015-4749CVE-2015-4760cpe:/o:suse:suse_sled:11:sp3Security update for java-1_7_0-openjdk (Important)SUSE Linux Enterprise Desktop 11 SP3
java-1_7_0-openjdk was updated to version 7u91 to fix 17 security issues.
These security issues were fixed:
- CVE-2015-4843: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (bsc#951376).
- CVE-2015-4842: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via vectors related to JAXP (bsc#951376).
- CVE-2015-4840: Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via unknown vectors related to 2D (bsc#951376).
- CVE-2015-4872: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect integrity via unknown vectors related to Security (bsc#951376).
- CVE-2015-4860: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883 (bsc#951376).
- CVE-2015-4844: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (bsc#951376).
- CVE-2015-4883: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860 (bsc#951376).
- CVE-2015-4893: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911 (bsc#951376).
- CVE-2015-4911: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893 (bsc#951376).
- CVE-2015-4882: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect availability via vectors related to CORBA (bsc#951376).
- CVE-2015-4881: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835 (bsc#951376).
- CVE-2015-4734: Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via vectors related to JGSS (bsc#951376).
- CVE-2015-4806: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries (bsc#951376).
- CVE-2015-4805: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization (bsc#951376).
- CVE-2015-4803: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911 (bsc#951376).
- CVE-2015-4835: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881 (bsc#951376).
- CVE-2015-4903: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via vectors related to RMI (bsc#951376).
ImportantSUSE bug 951376CVE-2015-4734CVE-2015-4803CVE-2015-4805CVE-2015-4806CVE-2015-4835CVE-2015-4840CVE-2015-4842CVE-2015-4843CVE-2015-4844CVE-2015-4860CVE-2015-4872CVE-2015-4881CVE-2015-4882CVE-2015-4883CVE-2015-4893CVE-2015-4903CVE-2015-4911cpe:/o:suse:suse_sled:11:sp3Security update for java-1_7_0-openjdk (Critical)SUSE Linux Enterprise Desktop 11 SP3
java-1_7_0-openjdk was updated to version 7u95 to fix 9 security issues. (bsc#962743)
- CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed
- CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996)
- CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays
- CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix
- CVE-2016-0402: Vulnerability in the Networking component related to URL processing
- CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing
- CVE-2016-0466: Vulnerability in the JAXP component, related to limits
- CVE-2016-0483: Vulnerability in the AWT component related to image decoding
- CVE-2016-0494: Vulnerability in 2D component related to font actions
CriticalSUSE bug 960996SUSE bug 962743CVE-2015-4871CVE-2015-7575CVE-2015-8126CVE-2015-8472CVE-2016-0402CVE-2016-0448CVE-2016-0466CVE-2016-0483CVE-2016-0494cpe:/o:suse:suse_sled:11:sp3Security update for kdebase4-workspaceSUSE Linux Enterprise Desktop 11 SP3
This kdebase4-workspace update fixes two security issues:
* NULL pointer dereference in KDM and KCheckPass. (CVE-2013-4132)
* Memory leak that could lead to a denial of service. (CVE-2013-4133)
Security Issues references:
* CVE-2013-4132
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4132>
* CVE-2013-4133
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4133>
SUSE bug 829857CVE-2013-4132CVE-2013-4133cpe:/o:suse:suse_sled:11:sp3Security update for kdebase4-runtimeSUSE Linux Enterprise Desktop 11 SP3
kdebase4-runtime has been updated to fix one security issue:
* CVE-2013-7252: Added gpg based encryption support to kwallet
(bnc#857200).
Security Issues:
* CVE-2013-7252
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7252>
SUSE bug 857200CVE-2013-7252cpe:/o:suse:suse_sled:11:sp3Security update for kdebase4-workspace (Moderate)SUSE Linux Enterprise Desktop 11 SP3
This update for kdebase4-workspace fixes the following issues:
- CVE-2014-8651: Privilege escalation via KDE Clock KCM helper when non-default polkit settings are used (bsc#904625)
The following non-security bugs were fixed:
- bsc#929718: Make kdm recognize an IPv6 localhost address as localhost
ModerateSUSE bug 904625SUSE bug 929718CVE-2014-8651cpe:/o:suse:suse_sled:11:sp3Security update for kdelibs4SUSE Linux Enterprise Desktop 11 SP3
This update of the kdelibs4 KSSL interface makes it select a set of default
ciphers that is recommended for current usage. This update is needed for
Konqueror to restrict its cipher set when using https.
SUSE bug 865241cpe:/o:suse:suse_sled:11:sp3Security update for kdirstatSUSE Linux Enterprise Desktop 11 SP3
The following security issue has been fixed:
* #868682: CVE-2014-2527 CVE-2014-2528: kdirstat: command injection in
kcleanup
Security Issues:
* CVE-2014-2527
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2527>
* CVE-2014-2528
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2528>
SUSE bug 868682CVE-2014-2527CVE-2014-2528cpe:/o:suse:suse_sled:11:sp3Security update for Linux kernelSUSE Linux Enterprise Desktop 11 SP3
The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix
various bugs and security issues.
The following security bugs have been fixed:
*
CVE-2014-1739: The media_device_enum_entities function in
drivers/media/media-device.c in the Linux kernel before 3.14.6 does
not initialize a certain data structure, which allows local users to
obtain sensitive information from kernel memory by leveraging
/dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call
(bnc#882804).
*
CVE-2014-4171: mm/shmem.c in the Linux kernel through 3.15.1 does not
properly implement the interaction between range notification and
hole punching, which allows local users to cause a denial of service
(i_mutex hold) by using the mmap system call to access a hole, as
demonstrated by interfering with intended shmem activity by blocking
completion of (1) an MADV_REMOVE madvise call or (2) an
FALLOC_FL_PUNCH_HOLE fallocate call (bnc#883518).
*
CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through
3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and
the sep CPU feature flag is set, allows local users to cause a denial
of service (OOPS and system crash) via an invalid syscall number, as
demonstrated by number 1000 (bnc#883724).
*
CVE-2014-4667: The sctp_association_free function in
net/sctp/associola.c in the Linux kernel before 3.15.2 does not
properly manage a certain backlog value, which allows remote
attackers to cause a denial of service (socket outage) via a crafted
SCTP packet (bnc#885422).
*
CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the
Linux kernel through 3.15.6 allows local users to gain privileges by
leveraging data-structure differences between an l2tp socket and an
inet socket (bnc#887082).
*
CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c
in the Linux kernel through 3.15.8, when SCTP authentication is
enabled, allows remote attackers to cause a denial of service (NULL
pointer dereference and OOPS) by starting to establish an association
between two endpoints immediately after an exchange of INIT and INIT
ACK chunks to establish an earlier association between these
endpoints in the opposite direction (bnc#889173).
*
CVE-2014-5471: Stack consumption vulnerability in the
parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the
Linux kernel through 3.16.1 allows local users to cause a denial of
service (uncontrolled recursion, and system crash or reboot) via a
crafted iso9660 image with a CL entry referring to a directory entry
that has a CL entry. (bnc#892490)
*
CVE-2014-5472: The parse_rock_ridge_inode_internal function in
fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users
to cause a denial of service (unkillable mount process) via a crafted
iso9660 image with a self-referential CL entry. (bnc#892490)
*
CVE-2014-2706: Race condition in the mac80211 subsystem in the Linux
kernel before 3.13.7 allows remote attackers to cause a denial of
service (system crash) via network traffic that improperly interacts
with the WLAN_STA_PS_STA state (aka power-save mode), related to
sta_info.c and tx.c. (bnc#871797)
*
CVE-2014-4027: The rd_build_device_space function in
drivers/target/target_core_rd.c in the Linux kernel before 3.14 does
not properly initialize a certain data structure, which allows local
users to obtain sensitive information from ramdisk_mcp memory by
leveraging access to a SCSI initiator. (bnc#882639)
*
CVE-2014-3153 The futex_requeue function in kernel/futex.c in the
Linux kernel through 3.14.5 does not ensure that calls have two
different futex addresses, which allows local users to gain
privileges via a crafted FUTEX_REQUEUE command that facilitates
unsafe waiter modification. (bnc#880892)
*
CVE-2014-6410: Avoid infinite loop when processing indirect ICBs
(bnc#896689)
The following non-security bugs have been fixed:
* ACPI / PAD: call schedule() when need_resched() is true (bnc#866911).
* ACPI: Fix bug when ACPI reset register is implemented in system
memory (bnc#882900).
* ACPI: Limit access to custom_method (bnc#884333).
* ALSA: hda - Enabling Realtek ALC 671 codec (bnc#891746).
* Add option to automatically enforce module signatures when in Secure
Boot mode (bnc#884333).
* Add secure_modules() call (bnc#884333).
* Add wait_on_atomic_t() and wake_up_atomic_t() (bnc#880344).
* Backported new patches of Lock down functions for UEFI secure boot
Also updated series.conf and removed old patches.
* Btrfs: Return EXDEV for cross file system snapshot.
* Btrfs: abort the transaction when we does not find our extent ref.
* Btrfs: avoid warning bomb of btrfs_invalidate_inodes.
* Btrfs: cancel scrub on transaction abortion.
* Btrfs: correctly set profile flags on seqlock retry.
* Btrfs: does not check nodes for extent items.
* Btrfs: fix a possible deadlock between scrub and transaction
committing.
* Btrfs: fix corruption after write/fsync failure + fsync + log
recovery (bnc#894200).
* Btrfs: fix csum tree corruption, duplicate and outdated checksums
(bnc#891619).
* Btrfs: fix double free in find_lock_delalloc_range.
* Btrfs: fix possible memory leak in btrfs_create_tree().
* Btrfs: fix use of uninit 'ret' in end_extent_writepage().
* Btrfs: free delayed node outside of root->inode_lock (bnc#866864).
* Btrfs: make DEV_INFO ioctl available to anyone.
* Btrfs: make FS_INFO ioctl available to anyone.
* Btrfs: make device scan less noisy.
* Btrfs: make sure there are not any read requests before stopping
workers.
* Btrfs: more efficient io tree navigation on wait_extent_bit.
* Btrfs: output warning instead of error when loading free space cache
failed.
* Btrfs: retrieve more info from FS_INFO ioctl.
* Btrfs: return EPERM when deleting a default subvolume (bnc#869934).
* Btrfs: unset DCACHE_DISCONNECTED when mounting default subvol
(bnc#866615).
* Btrfs: use right type to get real comparison.
* Btrfs: wake up @scrub_pause_wait as much as we can.
* Btrfs: wake up transaction thread upon remount.
* CacheFiles: Add missing retrieval completions (bnc#880344).
* CacheFiles: Does not try to dump the index key if the cookie has been
cleared (bnc#880344).
* CacheFiles: Downgrade the requirements passed to the allocator
(bnc#880344).
* CacheFiles: Fix the marking of cached pages (bnc#880344).
* CacheFiles: Implement invalidation (bnc#880344).
* CacheFiles: Make some debugging statements conditional (bnc#880344).
* Drivers: hv: util: Fix a bug in the KVP code (bnc#886840).
* Drivers: hv: vmbus: Fix a bug in the channel callback dispatch code
(bnc#886840).
* FS-Cache: Add transition to handle invalidate immediately after
lookup (bnc#880344).
* FS-Cache: Check that there are no read ops when cookie relinquished
(bnc#880344).
* FS-Cache: Clear remaining page count on retrieval cancellation
(bnc#880344).
* FS-Cache: Convert the object event ID #defines into an enum
(bnc#880344).
* FS-Cache: Does not sleep in page release if __GFP_FS is not set
(bnc#880344).
* FS-Cache: Does not use spin_is_locked() in assertions (bnc#880344).
* FS-Cache: Exclusive op submission can BUG if there is been an I/O
error (bnc#880344).
* FS-Cache: Fix __wait_on_atomic_t() to call the action func if the
counter != 0 (bnc#880344).
* FS-Cache: Fix object state machine to have separate work and wait
states (bnc#880344).
* FS-Cache: Fix operation state management and accounting (bnc#880344).
* FS-Cache: Fix signal handling during waits (bnc#880344).
* FS-Cache: Initialise the object event mask with the calculated mask
(bnc#880344).
* FS-Cache: Limit the number of I/O error reports for a cache
(bnc#880344).
* FS-Cache: Make cookie relinquishment wait for outstanding reads
(bnc#880344).
* FS-Cache: Mark cancellation of in-progress operation (bnc#880344).
* FS-Cache: One of the write operation paths doeses not set the object
state (bnc#880344).
* FS-Cache: Provide proper invalidation (bnc#880344).
* FS-Cache: Simplify cookie retention for fscache_objects, fixing oops
(bnc#880344).
* FS-Cache: The retrieval remaining-pages counter needs to be atomic_t
(bnc#880344).
* FS-Cache: Uninline fscache_object_init() (bnc#880344).
* FS-Cache: Wrap checks on object state (bnc#880344).
* HID: usbhid: add always-poll quirk (bnc#888607).
* HID: usbhid: enable always-poll quirk for Elan Touchscreen
(bnc#888607).
* IB/iser: Add TIMEWAIT_EXIT event handling (bnc#890297).
* Ignore 'flags' change to event_constraint (bnc#876114).
* Ignore data_src/weight changes to perf_sample_data (bnc#876114).
* NFS: Allow more operations in an NFSv4.1 request (bnc#890513).
* NFS: Clean up helper function nfs4_select_rw_stateid() (bnc#888968).
* NFS: Does not copy read delegation stateids in setattr (bnc#888968).
* NFS: Does not use a delegation to open a file when returning that
delegation (bnc#888968, bnc#892200, bnc#893596, bnc#893496)
* NFS: Fixes for NFS RCU-walk support in line with code going upstream
* NFS: Use FS-Cache invalidation (bnc#880344).
* NFS: allow lockless access to access_cache (bnc#866130).
* NFS: avoid mountpoint being displayed as ' (deleted)' in /proc/mounts
(bnc#888591).
* NFS: nfs4_do_open should add negative results to the dcache
(bnc#866130).
* NFS: nfs_migrate_page() does not wait for FS-Cache to finish with a
page (bnc#880344).
* NFS: nfs_open_revalidate: only evaluate parent if it will be used
(bnc#866130).
* NFS: prepare for RCU-walk support but pushing tests later in code
(bnc#866130).
* NFS: support RCU_WALK in nfs_permission() (bnc#866130).
* NFS: teach nfs_lookup_verify_inode to handle LOOKUP_RCU (bnc#866130).
* NFS: teach nfs_neg_need_reval to understand LOOKUP_RCU (bnc#866130).
* NFSD: Does not hand out delegations for 30 seconds after recalling
them (bnc#880370).
* NFSv4 set open access operation call flag in nfs4_init_opendata_res
(bnc#888968, bnc#892200, bnc#893596, bnc#893496).
* NFSv4: Add a helper for encoding opaque data (bnc#888968).
* NFSv4: Add a helper for encoding stateids (bnc#888968).
* NFSv4: Add helpers for basic copying of stateids (bnc#888968).
* NFSv4: Clean up nfs4_select_rw_stateid() (bnc#888968).
* NFSv4: Fix the return value of nfs4_select_rw_stateid (bnc#888968).
* NFSv4: Rename nfs4_copy_stateid() (bnc#888968).
* NFSv4: Resend the READ/WRITE RPC call if a stateid change causes an
error (bnc#888968).
* NFSv4: Simplify the struct nfs4_stateid (bnc#888968).
* NFSv4: The stateid must remain the same for replayed RPC calls
(bnc#888968).
* NFSv4: nfs4_stateid_is_current should return 'true' for an invalid
stateid (bnc#888968).
* One more fix for kABI breakage.
* PCI: Lock down BAR access when module security is enabled
(bnc#884333).
* PCI: enable MPS 'performance' setting to properly handle bridge MPS
(bnc#883376).
* PM / Hibernate: Add memory_rtree_find_bit function (bnc#860441).
* PM / Hibernate: Create a Radix-Tree to store memory bitmap
(bnc#860441).
* PM / Hibernate: Implement position keeping in radix tree
(bnc#860441).
* PM / Hibernate: Iterate over set bits instead of PFNs in
swsusp_free() (bnc#860441).
* PM / Hibernate: Remove the old memory-bitmap implementation
(bnc#860441).
* PM / Hibernate: Touch Soft Lockup Watchdog in rtree_next_node
(bnc#860441).
* Restrict /dev/mem and /dev/kmem when module loading is restricted
(bnc#884333).
* Reuse existing 'state' field to indicate PERF_X86_EVENT_PEBS_LDLAT
(bnc#876114).
* USB: handle LPM errors during device suspend correctly (bnc#849123).
* Update kabi files to reflect fscache change (bnc#880344)
* Update x86_64 config files: re-enable SENSORS_W83627EHF (bnc#891281)
* VFS: Make more complete truncate operation available to CacheFiles
(bnc#880344).
* [FEAT NET1222] ib_uverbs: Allow explicit mmio trigger (FATE#83366,
ltc#83367).
* acpi: Ignore acpi_rsdp kernel parameter when module loading is
restricted (bnc#884333).
* af_iucv: correct cleanup if listen backlog is full (bnc#885262,
LTC#111728).
* asus-wmi: Restrict debugfs interface when module loading is
restricted (bnc#884333).
* autofs4: allow RCU-walk to walk through autofs4 (bnc#866130).
* autofs4: avoid taking fs_lock during rcu-walk (bnc#866130).
* autofs4: does not take spinlock when not needed in
autofs4_lookup_expiring (bnc#866130).
* autofs4: factor should_expire() out of autofs4_expire_indirect
(bnc#866130).
* autofs4: make 'autofs4_can_expire' idempotent (bnc#866130).
* autofs4: remove a redundant assignment (bnc#866130).
* autofs: fix lockref lookup (bnc#888591).
* be2net: add dma_mapping_error() check for dma_map_page()
(bnc#881759).
* block: add cond_resched() to potentially long running ioctl discard
loop (bnc#884725).
* block: fix race between request completion and timeout handling
(bnc#881051).
* cdc-ether: clean packet filter upon probe (bnc#876017).
* cpuset: Fix memory allocator deadlock (bnc#876590).
* crypto: Allow CRYPTO_FIPS without MODULE_SIGNATURES. Not all archs
have them, but some are FIPS certified, with some kernel support.
* crypto: fips - only panic on bad/missing crypto mod signatures
(bnc#887503).
* crypto: testmgr - allow aesni-intel and ghash_clmulni-intel in fips
mode (bnc#889451).
* dasd: validate request size before building CCW/TCW (bnc#891087,
LTC#114068).
* dm mpath: fix race condition between multipath_dtr and pg_init_done
(bnc#826486).
* dm-mpath: fix panic on deleting sg device (bnc#870161).
* drm/ast: AST2000 cannot be detected correctly (bnc#895983).
* drm/ast: Actually load DP501 firmware when required (bnc#895608
bnc#871134).
* drm/ast: Add missing entry to dclk_table[].
* drm/ast: Add reduced non reduced mode parsing for wide screen mode
(bnc#892723).
* drm/ast: initial DP501 support (v0.2) (bnc#871134).
* drm/ast: open key before detect chips (bnc#895983).
* drm/i915: Fix up cpt pixel multiplier enable sequence (bnc#879304).
* drm/i915: Only apply DPMS to the encoder if enabled (bnc#893064).
* drm/i915: clear the FPGA_DBG_RM_NOCLAIM bit at driver init
(bnc#869055).
* drm/i915: create functions for the 'unclaimed register' checks
(bnc#869055).
* drm/i915: use FPGA_DBG for the 'unclaimed register' checks
(bnc#869055).
* drm/mgag200: Initialize data needed to map fbdev memory (bnc
#806990).
* e1000e: enable support for new device IDs (bnc#885509).
* fs/fscache: remove spin_lock() from the condition in while()
(bnc#880344).
* hibernate: Disable in a signed modules environment (bnc#884333).
* hugetlb: does not use ERR_PTR with VM_FAULT* values
* ibmvscsi: Abort init sequence during error recovery (bnc#885382).
* ibmvscsi: Add memory barriers for send / receive (bnc#885382).
* inet: add a redirect generation id in inetpeer (bnc#860593).
* inetpeer: initialize ->redirect_genid in inet_getpeer() (bnc#860593).
* ipv6: tcp: fix tcp_v6_conn_request() (bnc#887645).
* kabi: hide bnc#860593 changes of struct inetpeer_addr_base
(bnc#860593).
* kernel: 3215 tty hang (bnc#891087, LTC#114562).
* kernel: fix data corruption when reading /proc/sysinfo (bnc#891087,
LTC#114480).
* kernel: fix kernel oops with load of fpc register (bnc#889061,
LTC#113596).
* kernel: sclp console tty reference counting (bnc#891087, LTC#115466).
* kexec: Disable at runtime if the kernel enforces module loading
restrictions (bnc#884333).
* md/raid6: avoid data corruption during recovery of double-degraded
RAID6.
* memcg, vmscan: Fix forced scan of anonymous pages (memory reclaim
fix).
* memcg: do not expose uninitialized mem_cgroup_per_node to world
(bnc#883096).
* mm, hugetlb: add VM_NORESERVE check in vma_has_reserves()
* mm, hugetlb: change variable name reservations to resv
* mm, hugetlb: decrement reserve count if VM_NORESERVE alloc page cache
* mm, hugetlb: defer freeing pages when gathering surplus pages
* mm, hugetlb: do not use a page in page cache for cow optimization
* mm, hugetlb: fix and clean-up node iteration code to alloc or free
* mm, hugetlb: fix race in region tracking
* mm, hugetlb: fix subpool accounting handling
* mm, hugetlb: improve page-fault scalability
* mm, hugetlb: improve, cleanup resv_map parameters
* mm, hugetlb: move up the code which check availability of free huge
page
* mm, hugetlb: protect reserved pages when soft offlining a hugepage
* mm, hugetlb: remove decrement_hugepage_resv_vma()
* mm, hugetlb: remove redundant list_empty check in
gather_surplus_pages()
* mm, hugetlb: remove resv_map_put
* mm, hugetlb: remove useless check about mapping type
* mm, hugetlb: return a reserved page to a reserved pool if failed
* mm, hugetlb: trivial commenting fix
* mm, hugetlb: unify region structure handling
* mm, hugetlb: unify region structure handling kabi
* mm, hugetlb: use long vars instead of int in region_count() (Hugetlb
Fault Scalability).
* mm, hugetlb: use vma_resv_map() map types
* mm, oom: fix badness score underflow (bnc#884582, bnc#884767).
* mm, oom: normalize oom scores to oom_score_adj scale only for
userspace (bnc#884582, bnc#884767).
* mm, thp: do not allow thp faults to avoid cpuset restrictions
(bnc#888849).
* net/mlx4_core: Load higher level modules according to ports type
(bnc#887680).
* net/mlx4_core: Load the IB driver when the device supports IBoE
(bnc#887680).
* net/mlx4_en: Fix a race between napi poll function and RX ring
cleanup (bnc#863586).
* net/mlx4_en: Fix selftest failing on non 10G link speed (bnc#888058).
* net: fix checksumming features handling in output path (bnc#891259).
* pagecache_limit: batch large nr_to_scan targets (bnc#895221).
* pagecachelimit: reduce lru_lock congestion for heavy parallel reclaim
fix (bnc#895680).
* perf/core: Add weighted samples (bnc#876114).
* perf/x86: Add flags to event constraints (bnc#876114).
* perf/x86: Add memory profiling via PEBS Load Latency (bnc#876114).
* perf: Add generic memory sampling interface (bnc#876114).
* qla2xxx: Avoid escalating the SCSI error handler if the command is
not found in firmware (bnc#859840).
* qla2xxx: Clear loop_id for ports that are marked lost during fabric
scanning (bnc#859840).
* qla2xxx: Does not check for firmware hung during the reset context
for ISP82XX (bnc#859840).
* qla2xxx: Issue abort command for outstanding commands during cleanup
when only firmware is alive (bnc#859840).
* qla2xxx: Reduce the time we wait for a command to complete during
SCSI error handling (bnc#859840).
* qla2xxx: Set host can_queue value based on available resources
(bnc#859840).
* restore smp_mb() in unlock_new_inode() (bnc#890526).
* s390/pci: introduce lazy IOTLB flushing for DMA unmap (bnc#889061,
LTC#113725).
* sched: fix the theoretical signal_wake_up() vs schedule() race
(bnc#876055).
* sclp_vt220: Enable integrated ASCII console per default (bnc#885262,
LTC#112035).
* scsi_dh: use missing accessor 'scsi_device_from_queue' (bnc#889614).
* scsi_transport_fc: Cap dev_loss_tmo by fast_io_fail (bnc#887608).
* scsiback: correct grant page unmapping.
* scsiback: fix retry handling in __report_luns().
* scsiback: free resources after error.
* sunrpc/auth: allow lockless (rcu) lookup of credential cache
(bnc#866130).
* supported.conf: remove external from drivers/net/veth (bnc#889727)
* supported.conf: support net/sched/act_police.ko (bnc#890426)
* tcp: adapt selected parts of RFC 5682 and PRR logic (bnc#879921).
* tg3: Change nvram command timeout value to 50ms (bnc#855657).
* tg3: Override clock, link aware and link idle mode during NVRAM dump
(bnc#855657).
* tg3: Set the MAC clock to the fastest speed during boot code load
(bnc#855657).
* usb: Does not enable LPM if the exit latency is zero (bnc#832309).
* usbcore: Does not log on consecutive debounce failures of the same
port (bnc#888105).
* usbhid: fix PIXART optical mouse (bnc#888607).
* uswsusp: Disable when module loading is restricted (bnc#884333).
* vscsi: support larger transfer sizes (bnc#774818).
* writeback: Do not sync data dirtied after sync start (bnc#833820).
* x86 thermal: Delete power-limit-notification console messages
(bnc#882317).
* x86 thermal: Disable power limit notification interrupt by default
(bnc#882317).
* x86 thermal: Re-enable power limit notification interrupt by default
(bnc#882317).
* x86, cpu hotplug: Fix stack frame warning in
check_irq_vectors_for_cpu_disable() (bnc#887418).
* x86/UV: Add call to KGDB/KDB from NMI handler (bnc#888847).
* x86/UV: Add kdump to UV NMI handler (bnc#888847).
* x86/UV: Add summary of cpu activity to UV NMI handler (bnc#888847).
* x86/UV: Move NMI support (bnc#888847).
* x86/UV: Update UV support for external NMI signals (bnc#888847).
* x86/uv/nmi: Fix Sparse warnings (bnc#888847).
* x86: Add check for number of available vectors before CPU down
(bnc#887418).
* x86: Lock down IO port access when module security is enabled
(bnc#884333).
* x86: Restrict MSR access when module loading is restricted
(bnc#884333).
Security Issues:
* CVE-2013-1979
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979>
* CVE-2014-1739
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739>
* CVE-2014-2706
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706>
* CVE-2014-4027
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027>
* CVE-2014-4171
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171>
* CVE-2014-4508
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508>
* CVE-2014-4667
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667>
* CVE-2014-4943
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943>
* CVE-2014-5077
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077>
* CVE-2014-5471
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471>
* CVE-2014-5472
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472>
* CVE-2014-3153
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153>
* CVE-2014-6410
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410>
The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix
various bugs and security issues.
Following security bugs were fixed: CVE-2013-1979: The scm_set_cred
function in include/net/scm.h in the Linux kernel before 3.8.11 uses
incorrect uid and gid values during credentials passing, which allows local
users to gain privileges via a crafted application (bnc#816708).
CVE-2014-1739: The media_device_enum_entities function in
drivers/media/media-device.c in the Linux kernel before 3.14.6 does not
initialize a certain data structure, which allows local users to obtain
sensitive information from kernel memory by leveraging /dev/media0 read
access for a MEDIA_IOC_ENUM_ENTITIES ioctl call (bnc#882804).
CVE-2014-4171: mm/shmem.c in the Linux kernel through 3.15.1 does not
properly implement the interaction between range notification and hole
punching, which allows local users to cause a denial of service (i_mutex
hold) by using the mmap system call to access a hole, as demonstrated by
interfering with intended shmem activity by blocking completion of (1) an
MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call
(bnc#883518).
CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through
3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the
sep CPU feature flag is set, allows local users to cause a denial of
service (OOPS and system crash) via an invalid syscall number, as
demonstrated by number 1000 (bnc#883724).
CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c
in the Linux kernel before 3.15.2 does not properly manage a certain
backlog value, which allows remote attackers to cause a denial of service
(socket outage) via a crafted SCTP packet (bnc#885422).
CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux
kernel through 3.15.6 allows local users to gain privileges by leveraging
data-structure differences between an l2tp socket and an inet socket
(bnc#887082).
CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in
the Linux kernel through 3.15.8, when SCTP authentication is enabled,
allows remote attackers to cause a denial of service (NULL pointer
dereference and OOPS) by starting to establish an association between two
endpoints immediately after an exchange of INIT and INIT ACK chunks to
establish an earlier association between these endpoints in the opposite
direction (bnc#889173).
CVE-2014-5471: Stack consumption vulnerability in the
parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux
kernel through 3.16.1 allows local users to cause a denial of service
(uncontrolled recursion, and system crash or reboot) via a crafted iso9660
image with a CL entry referring to a directory entry that has a CL entry.
(bnc#892490)
CVE-2014-5472: The parse_rock_ridge_inode_internal function in
fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to
cause a denial of service (unkillable mount process) via a crafted iso9660
image with a self-referential CL entry. (bnc#892490)
CVE-2014-2706: Race condition in the mac80211 subsystem in the Linux kernel
before 3.13.7 allows remote attackers to cause a denial of service (system
crash) via network traffic that improperly interacts with the
WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and
tx.c. (bnc#871797)
CVE-2014-4027: The rd_build_device_space function in
drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not
properly initialize a certain data structure, which allows local users to
obtain sensitive information from ramdisk_mcp memory by leveraging access
to a SCSI initiator. (bnc#882639)
CVE-2014-3153 The futex_requeue function in kernel/futex.c in the Linux
kernel through 3.14.5 does not ensure that calls have two different futex
addresses, which allows local users to gain privileges via a crafted
FUTEX_REQUEUE command that facilitates unsafe waiter modification.
(bnc#880892)
CVE-2014-6410: Avoid infinite loop when processing indirect ICBs
(bnc#896689)
The following non-security bugs were fixed: - ACPI / PAD: call schedule()
when need_resched() is true (bnc#866911). - ACPI: Fix bug when ACPI reset
register is implemented in system memory (bnc#882900). - ACPI: Limit access
to custom_method (bnc#884333). - ALSA: hda - Enabling Realtek ALC 671 codec
(bnc#891746). - Add option to automatically enforce module signatures when
in Secure Boot mode (bnc#884333). - Add secure_modules() call (bnc#884333).
- Add wait_on_atomic_t() and wake_up_atomic_t() (bnc#880344). - Backported
new patches of Lock down functions for UEFI secure boot Also updated
series.conf and removed old patches. - Btrfs: Return EXDEV for cross file
system snapshot. - Btrfs: abort the transaction when we does not find our
extent ref. - Btrfs: avoid warning bomb of btrfs_invalidate_inodes. -
Btrfs: cancel scrub on transaction abortion. - Btrfs: correctly set profile
flags on seqlock retry. - Btrfs: does not check nodes for extent items. -
Btrfs: fix a possible deadlock between scrub and transaction committing. -
Btrfs: fix corruption after write/fsync failure + fsync + log recovery
(bnc#894200). - Btrfs: fix csum tree corruption, duplicate and outdated
checksums (bnc#891619). - Btrfs: fix double free in
find_lock_delalloc_range. - Btrfs: fix possible memory leak in
btrfs_create_tree(). - Btrfs: fix use of uninit 'ret' in
end_extent_writepage(). - Btrfs: free delayed node outside of
root->inode_lock (bnc#866864). - Btrfs: make DEV_INFO ioctl available to
anyone. - Btrfs: make FS_INFO ioctl available to anyone. - Btrfs: make
device scan less noisy. - Btrfs: make sure there are not any read requests
before stopping workers. - Btrfs: more efficient io tree navigation on
wait_extent_bit. - Btrfs: output warning instead of error when loading free
space cache failed. - Btrfs: retrieve more info from FS_INFO ioctl. -
Btrfs: return EPERM when deleting a default subvolume (bnc#869934). -
Btrfs: unset DCACHE_DISCONNECTED when mounting default subvol (bnc#866615).
- Btrfs: use right type to get real comparison. - Btrfs: wake up
@scrub_pause_wait as much as we can. - Btrfs: wake up transaction thread
upon remount. - CacheFiles: Add missing retrieval completions (bnc#880344).
- CacheFiles: Does not try to dump the index key if the cookie has been
cleared (bnc#880344). - CacheFiles: Downgrade the requirements passed to
the allocator (bnc#880344). - CacheFiles: Fix the marking of cached pages
(bnc#880344). - CacheFiles: Implement invalidation (bnc#880344). -
CacheFiles: Make some debugging statements conditional (bnc#880344). -
Drivers: hv: util: Fix a bug in the KVP code (bnc#886840). - Drivers: hv:
vmbus: Fix a bug in the channel callback dispatch code (bnc#886840). -
FS-Cache: Add transition to handle invalidate immediately after lookup
(bnc#880344). - FS-Cache: Check that there are no read ops when cookie
relinquished (bnc#880344). - FS-Cache: Clear remaining page count on
retrieval cancellation (bnc#880344). - FS-Cache: Convert the object event
ID #defines into an enum (bnc#880344). - FS-Cache: Does not sleep in page
release if __GFP_FS is not set (bnc#880344). - FS-Cache: Does not use
spin_is_locked() in assertions (bnc#880344). - FS-Cache: Exclusive op
submission can BUG if there is been an I/O error (bnc#880344). - FS-Cache:
Fix __wait_on_atomic_t() to call the action func if the counter != 0
(bnc#880344). - FS-Cache: Fix object state machine to have separate work
and wait states (bnc#880344). - FS-Cache: Fix operation state management
and accounting (bnc#880344). - FS-Cache: Fix signal handling during waits
(bnc#880344). - FS-Cache: Initialise the object event mask with the
calculated mask (bnc#880344). - FS-Cache: Limit the number of I/O error
reports for a cache (bnc#880344). - FS-Cache: Make cookie relinquishment
wait for outstanding reads (bnc#880344). - FS-Cache: Mark cancellation of
in-progress operation (bnc#880344). - FS-Cache: One of the write operation
paths doeses not set the object state (bnc#880344). - FS-Cache: Provide
proper invalidation (bnc#880344). - FS-Cache: Simplify cookie retention for
fscache_objects, fixing oops (bnc#880344). - FS-Cache: The retrieval
remaining-pages counter needs to be atomic_t (bnc#880344). - FS-Cache:
Uninline fscache_object_init() (bnc#880344). - FS-Cache: Wrap checks on
object state (bnc#880344). - HID: usbhid: add always-poll quirk
(bnc#888607). - HID: usbhid: enable always-poll quirk for Elan Touchscreen
(bnc#888607). - IB/iser: Add TIMEWAIT_EXIT event handling (bnc#890297). -
Ignore 'flags' change to event_constraint (bnc#876114). - Ignore
data_src/weight changes to perf_sample_data (bnc#876114). - NFS: Allow more
operations in an NFSv4.1 request (bnc#890513). - NFS: Clean up helper
function nfs4_select_rw_stateid() (bnc#888968). - NFS: Does not copy read
delegation stateids in setattr (bnc#888968). - NFS: Does not use a
delegation to open a file when returning that delegation (bnc#888968,
bnc#892200, bnc#893596, bnc#893496) - NFS: Fixes for NFS RCU-walk support
in line with code going upstream - NFS: Use FS-Cache invalidation
(bnc#880344). - NFS: allow lockless access to access_cache (bnc#866130). -
NFS: avoid mountpoint being displayed as ' (deleted)' in /proc/mounts
(bnc#888591). - NFS: nfs4_do_open should add negative results to the dcache
(bnc#866130). - NFS: nfs_migrate_page() does not wait for FS-Cache to
finish with a page (bnc#880344). - NFS: nfs_open_revalidate: only evaluate
parent if it will be used (bnc#866130). - NFS: prepare for RCU-walk support
but pushing tests later in code (bnc#866130). - NFS: support RCU_WALK in
nfs_permission() (bnc#866130). - NFS: teach nfs_lookup_verify_inode to
handle LOOKUP_RCU (bnc#866130). - NFS: teach nfs_neg_need_reval to
understand LOOKUP_RCU (bnc#866130). - NFSD: Does not hand out delegations
for 30 seconds after recalling them (bnc#880370). - NFSv4 set open access
operation call flag in nfs4_init_opendata_res (bnc#888968, bnc#892200,
bnc#893596, bnc#893496). - NFSv4: Add a helper for encoding opaque data
(bnc#888968). - NFSv4: Add a helper for encoding stateids (bnc#888968). -
NFSv4: Add helpers for basic copying of stateids (bnc#888968). - NFSv4:
Clean up nfs4_select_rw_stateid() (bnc#888968). - NFSv4: Fix the return
value of nfs4_select_rw_stateid (bnc#888968). - NFSv4: Rename
nfs4_copy_stateid() (bnc#888968). - NFSv4: Resend the READ/WRITE RPC call
if a stateid change causes an error (bnc#888968). - NFSv4: Simplify the
struct nfs4_stateid (bnc#888968). - NFSv4: The stateid must remain the same
for replayed RPC calls (bnc#888968). - NFSv4: nfs4_stateid_is_current
should return 'true' for an invalid stateid (bnc#888968). - One more fix
for kABI breakage. - PCI: Lock down BAR access when module security is
enabled (bnc#884333). - PCI: enable MPS 'performance' setting to properly
handle bridge MPS (bnc#883376). - PM / Hibernate: Add memory_rtree_find_bit
function (bnc#860441). - PM / Hibernate: Create a Radix-Tree to store
memory bitmap (bnc#860441). - PM / Hibernate: Implement position keeping in
radix tree (bnc#860441). - PM / Hibernate: Iterate over set bits instead of
PFNs in swsusp_free() (bnc#860441). - PM / Hibernate: Remove the old
memory-bitmap implementation (bnc#860441). - PM / Hibernate: Touch Soft
Lockup Watchdog in rtree_next_node (bnc#860441). - Restrict /dev/mem and
/dev/kmem when module loading is restricted (bnc#884333). - Reuse existing
'state' field to indicate PERF_X86_EVENT_PEBS_LDLAT (bnc#876114). - USB:
handle LPM errors during device suspend correctly (bnc#849123). - Update
kabi files to reflect fscache change (bnc#880344) - Update x86_64 config
files: re-enable SENSORS_W83627EHF (bnc#891281) - VFS: Make more complete
truncate operation available to CacheFiles (bnc#880344). - [FEAT NET1222]
ib_uverbs: Allow explicit mmio trigger (FATE#83366, ltc#83367). - acpi:
Ignore acpi_rsdp kernel parameter when module loading is restricted
(bnc#884333). - af_iucv: correct cleanup if listen backlog is full
(bnc#885262, LTC#111728). - asus-wmi: Restrict debugfs interface when
module loading is restricted (bnc#884333). - autofs4: allow RCU-walk to
walk through autofs4 (bnc#866130). - autofs4: avoid taking fs_lock during
rcu-walk (bnc#866130). - autofs4: does not take spinlock when not needed in
autofs4_lookup_expiring (bnc#866130). - autofs4: factor should_expire() out
of autofs4_expire_indirect (bnc#866130). - autofs4: make
'autofs4_can_expire' idempotent (bnc#866130). - autofs4: remove a redundant
assignment (bnc#866130). - autofs: fix lockref lookup (bnc#888591). -
be2net: add dma_mapping_error() check for dma_map_page() (bnc#881759). -
block: add cond_resched() to potentially long running ioctl discard loop
(bnc#884725). - block: fix race between request completion and timeout
handling (bnc#881051). - cdc-ether: clean packet filter upon probe
(bnc#876017). - cpuset: Fix memory allocator deadlock (bnc#876590). -
crypto: Allow CRYPTO_FIPS without MODULE_SIGNATURES. Not all archs have
them, but some are FIPS certified, with some kernel support. - crypto: fips
- only panic on bad/missing crypto mod signatures (bnc#887503). - crypto:
testmgr - allow aesni-intel and ghash_clmulni-intel in fips mode
(bnc#889451). - dasd: validate request size before building CCW/TCW
(bnc#891087, LTC#114068). - dm mpath: fix race condition between
multipath_dtr and pg_init_done (bnc#826486). - dm-mpath: fix panic on
deleting sg device (bnc#870161). - drm/ast: AST2000 cannot be detected
correctly (bnc#895983). - drm/ast: Actually load DP501 firmware when
required (bnc#895608 bnc#871134). - drm/ast: Add missing entry to
dclk_table[]. - drm/ast: Add reduced non reduced mode parsing for wide
screen mode (bnc#892723). - drm/ast: initial DP501 support (v0.2)
(bnc#871134). - drm/ast: open key before detect chips (bnc#895983). -
drm/i915: Fix up cpt pixel multiplier enable sequence (bnc#879304). -
drm/i915: Only apply DPMS to the encoder if enabled (bnc#893064). -
drm/i915: clear the FPGA_DBG_RM_NOCLAIM bit at driver init (bnc#869055). -
drm/i915: create functions for the 'unclaimed register' checks
(bnc#869055). - drm/i915: use FPGA_DBG for the 'unclaimed register' checks
(bnc#869055). - drm/mgag200: Initialize data needed to map fbdev memory
(bnc #806990). - e1000e: enable support for new device IDs (bnc#885509). -
fs/fscache: remove spin_lock() from the condition in while() (bnc#880344).
- hibernate: Disable in a signed modules environment (bnc#884333). -
hugetlb: does not use ERR_PTR with VM_FAULT* values - ibmvscsi: Abort init
sequence during error recovery (bnc#885382). - ibmvscsi: Add memory
barriers for send / receive (bnc#885382). - inet: add a redirect generation
id in inetpeer (bnc#860593). - inetpeer: initialize ->redirect_genid in
inet_getpeer() (bnc#860593). - ipv6: tcp: fix tcp_v6_conn_request()
(bnc#887645). - kabi: hide bnc#860593 changes of struct inetpeer_addr_base
(bnc#860593). - kernel: 3215 tty hang (bnc#891087, LTC#114562). - kernel:
fix data corruption when reading /proc/sysinfo (bnc#891087, LTC#114480). -
kernel: fix kernel oops with load of fpc register (bnc#889061, LTC#113596).
- kernel: sclp console tty reference counting (bnc#891087, LTC#115466). -
kexec: Disable at runtime if the kernel enforces module loading
restrictions (bnc#884333). - md/raid6: avoid data corruption during
recovery of double-degraded RAID6. - memcg, vmscan: Fix forced scan of
anonymous pages (memory reclaim fix). - memcg: do not expose uninitialized
mem_cgroup_per_node to world (bnc#883096). - mm, hugetlb: add VM_NORESERVE
check in vma_has_reserves() - mm, hugetlb: change variable name
reservations to resv - mm, hugetlb: decrement reserve count if VM_NORESERVE
alloc page cache - mm, hugetlb: defer freeing pages when gathering surplus
pages - mm, hugetlb: do not use a page in page cache for cow optimization -
mm, hugetlb: fix and clean-up node iteration code to alloc or free - mm,
hugetlb: fix race in region tracking - mm, hugetlb: fix subpool accounting
handling - mm, hugetlb: improve page-fault scalability - mm, hugetlb:
improve, cleanup resv_map parameters - mm, hugetlb: move up the code which
check availability of free huge page - mm, hugetlb: protect reserved pages
when soft offlining a hugepage - mm, hugetlb: remove
decrement_hugepage_resv_vma() - mm, hugetlb: remove redundant list_empty
check in gather_surplus_pages() - mm, hugetlb: remove resv_map_put - mm,
hugetlb: remove useless check about mapping type - mm, hugetlb: return a
reserved page to a reserved pool if failed - mm, hugetlb: trivial
commenting fix - mm, hugetlb: unify region structure handling - mm,
hugetlb: unify region structure handling kabi - mm, hugetlb: use long vars
instead of int in region_count() (Hugetlb Fault Scalability). - mm,
hugetlb: use vma_resv_map() map types - mm, oom: fix badness score
underflow (bnc#884582, bnc#884767). - mm, oom: normalize oom scores to
oom_score_adj scale only for userspace (bnc#884582, bnc#884767). - mm, thp:
do not allow thp faults to avoid cpuset restrictions (bnc#888849). -
net/mlx4_core: Load higher level modules according to ports type
(bnc#887680). - net/mlx4_core: Load the IB driver when the device supports
IBoE (bnc#887680). - net/mlx4_en: Fix a race between napi poll function and
RX ring cleanup (bnc#863586). - net/mlx4_en: Fix selftest failing on non
10G link speed (bnc#888058). - net: fix checksumming features handling in
output path (bnc#891259). - pagecache_limit: batch large nr_to_scan targets
(bnc#895221). - pagecachelimit: reduce lru_lock congestion for heavy
parallel reclaim fix (bnc#895680). - perf/core: Add weighted samples
(bnc#876114). - perf/x86: Add flags to event constraints (bnc#876114). -
perf/x86: Add memory profiling via PEBS Load Latency (bnc#876114). - perf:
Add generic memory sampling interface (bnc#876114). - qla2xxx: Avoid
escalating the SCSI error handler if the command is not found in firmware
(bnc#859840). - qla2xxx: Clear loop_id for ports that are marked lost
during fabric scanning (bnc#859840). - qla2xxx: Does not check for firmware
hung during the reset context for ISP82XX (bnc#859840). - qla2xxx: Issue
abort command for outstanding commands during cleanup when only firmware is
alive (bnc#859840). - qla2xxx: Reduce the time we wait for a command to
complete during SCSI error handling (bnc#859840). - qla2xxx: Set host
can_queue value based on available resources (bnc#859840). - restore
smp_mb() in unlock_new_inode() (bnc#890526). - s390/pci: introduce lazy
IOTLB flushing for DMA unmap (bnc#889061, LTC#113725). - sched: fix the
theoretical signal_wake_up() vs schedule() race (bnc#876055). - sclp_vt220:
Enable integrated ASCII console per default (bnc#885262, LTC#112035). -
scsi_dh: use missing accessor 'scsi_device_from_queue' (bnc#889614). -
scsi_transport_fc: Cap dev_loss_tmo by fast_io_fail (bnc#887608). -
scsiback: correct grant page unmapping. - scsiback: fix retry handling in
__report_luns(). - scsiback: free resources after error. - sunrpc/auth:
allow lockless (rcu) lookup of credential cache (bnc#866130). -
supported.conf: remove external from drivers/net/veth (bnc#889727) -
supported.conf: support net/sched/act_police.ko (bnc#890426) - tcp: adapt
selected parts of RFC 5682 and PRR logic (bnc#879921). - tg3: Change nvram
command timeout value to 50ms (bnc#855657). - tg3: Override clock, link
aware and link idle mode during NVRAM dump (bnc#855657). - tg3: Set the MAC
clock to the fastest speed during boot code load (bnc#855657). - usb: Does
not enable LPM if the exit latency is zero (bnc#832309). - usbcore: Does
not log on consecutive debounce failures of the same port (bnc#888105). -
usbhid: fix PIXART optical mouse (bnc#888607). - uswsusp: Disable when
module loading is restricted (bnc#884333). - vscsi: support larger transfer
sizes (bnc#774818). - writeback: Do not sync data dirtied after sync start
(bnc#833820). - x86 thermal: Delete power-limit-notification console
messages (bnc#882317). - x86 thermal: Disable power limit notification
interrupt by default (bnc#882317). - x86 thermal: Re-enable power limit
notification interrupt by default (bnc#882317). - x86, cpu hotplug: Fix
stack frame warning in check_irq_vectors_for_cpu_disable() (bnc#887418). -
x86/UV: Add call to KGDB/KDB from NMI handler (bnc#888847). - x86/UV: Add
kdump to UV NMI handler (bnc#888847). - x86/UV: Add summary of cpu activity
to UV NMI handler (bnc#888847). - x86/UV: Move NMI support (bnc#888847). -
x86/UV: Update UV support for external NMI signals (bnc#888847). -
x86/uv/nmi: Fix Sparse warnings (bnc#888847). - x86: Add check for number
of available vectors before CPU down (bnc#887418). - x86: Lock down IO port
access when module security is enabled (bnc#884333). - x86: Restrict MSR
access when module loading is restricted (bnc#884333).
Security Issues:
* CVE-2013-1979
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979>
* CVE-2014-1739
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739>
* CVE-2014-2706
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706>
* CVE-2014-4027
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027>
* CVE-2014-4171
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171>
* CVE-2014-4508
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508>
* CVE-2014-4667
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667>
* CVE-2014-4943
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943>
* CVE-2014-5077
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077>
* CVE-2014-5471
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471>
* CVE-2014-5472
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472>
* CVE-2014-3153
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153>
* CVE-2014-6410
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410>
SUSE bug 774818SUSE bug 806990SUSE bug 816708SUSE bug 826486SUSE bug 832309SUSE bug 833820SUSE bug 849123SUSE bug 855657SUSE bug 859840SUSE bug 860441SUSE bug 860593SUSE bug 863586SUSE bug 866130SUSE bug 866615SUSE bug 866864SUSE bug 866911SUSE bug 869055SUSE bug 869934SUSE bug 870161SUSE bug 871134SUSE bug 871797SUSE bug 876017SUSE bug 876055SUSE bug 876114SUSE bug 876590SUSE bug 879304SUSE bug 879921SUSE bug 880344SUSE bug 880370SUSE bug 880892SUSE bug 881051SUSE bug 881759SUSE bug 882317SUSE bug 882639SUSE bug 882804SUSE bug 882900SUSE bug 883096SUSE bug 883376SUSE bug 883518SUSE bug 883724SUSE bug 884333SUSE bug 884582SUSE bug 884725SUSE bug 884767SUSE bug 885262SUSE bug 885382SUSE bug 885422SUSE bug 885509SUSE bug 886840SUSE bug 887082SUSE bug 887418SUSE bug 887503SUSE bug 887608SUSE bug 887645SUSE bug 887680SUSE bug 888058SUSE bug 888105SUSE bug 888591SUSE bug 888607SUSE bug 888847SUSE bug 888849SUSE bug 888968SUSE bug 889061SUSE bug 889173SUSE bug 889451SUSE bug 889614SUSE bug 889727SUSE bug 890297SUSE bug 890426SUSE bug 890513SUSE bug 890526SUSE bug 891087SUSE bug 891259SUSE bug 891281SUSE bug 891619SUSE bug 891746SUSE bug 892200SUSE bug 892490SUSE bug 892723SUSE bug 893064SUSE bug 893496SUSE bug 893596SUSE bug 894200SUSE bug 895221SUSE bug 895608SUSE bug 895680SUSE bug 895983SUSE bug 896689CVE-2013-1979CVE-2014-1739CVE-2014-2706CVE-2014-3153CVE-2014-4027CVE-2014-4171CVE-2014-4508CVE-2014-4667CVE-2014-4943CVE-2014-5077CVE-2014-5471CVE-2014-5472CVE-2014-6410cpe:/o:suse:suse_sled:11:sp3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Desktop 11 SP3
The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security and bugfixes.
Following security bugs were fixed:
- CVE-2015-5707: An integer overflow in the SCSI generic driver could
be potentially used by local attackers to crash the kernel or execute
code (bsc#940338).
- CVE-2015-5364: A remote denial of service (hang) via UDP flood with
incorrect package checksums was fixed. (bsc#936831).
- CVE-2015-5366: A remote denial of service (unexpected error returns)
via UDP flood with incorrect package checksums was fixed. (bsc#936831).
- CVE-2015-1420: A race condition in the handle_to_path function in
fs/fhandle.c in the Linux kernel allowed local users to bypass intended
size restrictions and trigger read operations on additional memory
locations by changing the handle_bytes value of a file handle during
the execution of this function (bnc#915517).
- CVE-2015-4700: A local user could have created a bad instruction in
the JIT processed BPF code, leading to a kernel crash (bnc#935705).
- CVE-2015-4167: The UDF filesystem in the Linux kernel was vulnerable
to a crash which could occur while fetching inode information from a
corrupted/malicious udf file system image. (bsc#933907).
- CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731: Various
issues in handling UDF filesystems in the Linux kernel allowed the
corruption of kernel memory and other issues. An attacker able to mount
a corrupted/malicious UDF file system image could cause the kernel to
crash. (bsc#933904 bsc#933896)
- CVE-2015-2150: The Linux kernel did not properly restrict access to
PCI command registers, which might have allowed local guest users to
cause a denial of service (non-maskable interrupt and host crash) by
disabling the (1) memory or (2) I/O decoding for a PCI Express device
and then accessing the device, which triggers an Unsupported Request
(UR) response (bsc#919463).
- CVE-2015-0777: drivers/xen/usbback/usbback.c as used in the Linux
kernel 2.6.x and 3.x in SUSE Linux distributions, allowed guest OS users
to obtain sensitive information from uninitialized locations in host OS
kernel memory via unspecified vectors (bnc#917830).
- CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel did
not prevent the TS_COMPAT flag from reaching a user-mode task, which
might have allowed local users to bypass the seccomp or audit protection
mechanism via a crafted application that uses the (1) fork or (2) close
system call, as demonstrated by an attack against seccomp before 3.16
(bnc#926240).
- CVE-2015-1805: The Linux kernels implementation of vectored pipe
read and write functionality did not take into account the I/O vectors
that were already processed when retrying after a failed atomic access
operation, potentially resulting in memory corruption due to an I/O vector
array overrun. A local, unprivileged user could use this flaw to crash
the system or, potentially, escalate their privileges on the system.
(bsc#933429).
Also the following non-security bugs were fixed:
- audit: keep inode pinned (bsc#851068).
- btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#942350).
- btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942350).
- btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#942350).
- cifs: Fix missing crypto allocation (bnc#937402).
- client MUST ignore EncryptionKeyLength if CAP_EXTENDED_SECURITY is set (bnc#932348).
- drm: ast,cirrus,mgag200: use drm_can_sleep (bnc#883380, bsc#935572).
- drm/cirrus: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572).
- drm/mgag200: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572).
- drm/mgag200: Do not do full cleanup if mgag200_device_init fails.
- ext3: Fix data corruption in inodes with journalled data (bsc#936637)
- ext4: handle SEEK_HOLE/SEEK_DATA generically (bsc#934944).
- fanotify: Fix deadlock with permission events (bsc#935053).
- fork: reset mm->pinned_vm (bnc#937855).
- hrtimer: prevent timer interrupt DoS (bnc#886785).
- hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092).
- hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092).
- IB/core: Fix mismatch between locked and pinned pages (bnc#937855).
- iommu/amd: Fix memory leak in free_pagetable (bsc#935866).
- iommu/amd: Handle integer overflow in dma_ops_area_alloc (bsc#931538).
- iommu/amd: Handle large pages correctly in free_pagetable (bsc#935866).
- ipr: Increase default adapter init stage change timeout (bsc#930761).
- ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned (bsc#927355).
- kdump: fix crash_kexec()/smp_send_stop() race in panic() (bnc#937444).
- kernel: add panic_on_warn. (bsc#934742)
- kvm: irqchip: Break up high order allocations of kvm_irq_routing_table (bnc#926953).
- libata: prevent HSM state change race between ISR and PIO (bsc#923245).
- md: use kzalloc() when bitmap is disabled (bsc#939994).
- megaraid_sas: Use correct reset sequence in adp_reset() (bsc#894936).
- mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355).
- mm/hugetlb: check for pte NULL pointer in __page_check_address() (bnc#929143).
- mm: restrict access to slab files under procfs and sysfs (bnc#936077).
- net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference (bsc#867362).
- net: Fix 'ip rule delete table 256' (bsc#873385).
- net: ipv6: fib: do not sleep inside atomic lock (bsc#867362).
- net/mlx4_core: Do not disable SRIOV if there are active VFs (bsc#927355).
- nfsd: Fix nfsv4 opcode decoding error (bsc#935906).
- nfsd: support disabling 64bit dir cookies (bnc#937503).
- nfs: never queue requests with rq_cong set on the sending queue (bsc#932458).
- nfsv4: Minor cleanups for nfs4_handle_exception and nfs4_async_handle_error (bsc#939910).
- pagecache limit: add tracepoints (bnc#924701).
- pagecache limit: Do not skip over small zones that easily (bnc#925881).
- pagecache limit: export debugging counters via /proc/vmstat (bnc#924701).
- pagecache limit: fix wrong nr_reclaimed count (bnc#924701).
- pagecache limit: reduce starvation due to reclaim retries (bnc#925903).
- pci: Add SRIOV helper function to determine if VFs are assigned to guest (bsc#927355).
- pci: Disable Bus Master only on kexec reboot (bsc#920110).
- pci: disable Bus Master on PCI device shutdown (bsc#920110).
- pci: Disable Bus Master unconditionally in pci_device_shutdown() (bsc#920110).
- pci: Don't try to disable Bus Master on disconnected PCI devices (bsc#920110).
- perf, nmi: Fix unknown NMI warning (bsc#929142).
- perf/x86/intel: Move NMI clearing to end of PMI handler (bsc#929142).
- rtlwifi: rtl8192cu: Fix kernel deadlock (bnc#927786).
- sched: fix __sched_setscheduler() vs load balancing race (bnc#921430)
- scsi_error: add missing case statements in scsi_decide_disposition() (bsc#920733).
- scsi: Set hostbyte status in scsi_check_sense() (bsc#920733).
- scsi: set host msg status correctly (bnc#933936)
- scsi: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398 bsc#930934).
- st: null pointer dereference panic caused by use after kref_put by st_open (bsc#936875).
- udf: Remove repeated loads blocksize (bsc#933907).
- usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bnc#937641).
- vmxnet3: Bump up driver version number (bsc#936423).
- vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423).
- vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423).
- vmxnet3: Register shutdown handler for device (fwd) (bug#936423).
- x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032).
- x86, tls: Interpret an all-zero struct user_desc as 'no segment' (bsc#920250).
- x86, tls, ldt: Stop checking lm in LDT_empty (bsc#920250).
- xenbus: add proper handling of XS_ERROR from Xenbus for transactions.
- xfs: avoid mounting of xfs filesystems with inconsistent option (bnc#925705)
- zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936925, LTC#126491).
ImportantSUSE bug 851068SUSE bug 867362SUSE bug 873385SUSE bug 883380SUSE bug 886785SUSE bug 894936SUSE bug 915517SUSE bug 917830SUSE bug 919463SUSE bug 920110SUSE bug 920250SUSE bug 920733SUSE bug 921430SUSE bug 923245SUSE bug 924701SUSE bug 925705SUSE bug 925881SUSE bug 925903SUSE bug 926240SUSE bug 926953SUSE bug 927355SUSE bug 927786SUSE bug 929142SUSE bug 929143SUSE bug 930092SUSE bug 930761SUSE bug 930934SUSE bug 931538SUSE bug 932348SUSE bug 932458SUSE bug 933429SUSE bug 933896SUSE bug 933904SUSE bug 933907SUSE bug 933936SUSE bug 934742SUSE bug 934944SUSE bug 935053SUSE bug 935572SUSE bug 935705SUSE bug 935866SUSE bug 935906SUSE bug 936077SUSE bug 936423SUSE bug 936637SUSE bug 936831SUSE bug 936875SUSE bug 936925SUSE bug 937032SUSE bug 937402SUSE bug 937444SUSE bug 937503SUSE bug 937641SUSE bug 937855SUSE bug 939910SUSE bug 939994SUSE bug 940338SUSE bug 940398SUSE bug 942350CVE-2014-9728CVE-2014-9729CVE-2014-9730CVE-2014-9731CVE-2015-0777CVE-2015-1420CVE-2015-1805CVE-2015-2150CVE-2015-2830CVE-2015-4167CVE-2015-4700CVE-2015-5364CVE-2015-5366CVE-2015-5707cpe:/o:suse:suse_sled:11:sp3Security update for Linux kernelSUSE Linux Enterprise Desktop 11 SP3
The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix
various bugs and security issues.
The following security bugs have been fixed:
*
CVE-2014-1739: The media_device_enum_entities function in
drivers/media/media-device.c in the Linux kernel before 3.14.6 does
not initialize a certain data structure, which allows local users to
obtain sensitive information from kernel memory by leveraging
/dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call
(bnc#882804).
*
CVE-2014-4171: mm/shmem.c in the Linux kernel through 3.15.1 does not
properly implement the interaction between range notification and
hole punching, which allows local users to cause a denial of service
(i_mutex hold) by using the mmap system call to access a hole, as
demonstrated by interfering with intended shmem activity by blocking
completion of (1) an MADV_REMOVE madvise call or (2) an
FALLOC_FL_PUNCH_HOLE fallocate call (bnc#883518).
*
CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through
3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and
the sep CPU feature flag is set, allows local users to cause a denial
of service (OOPS and system crash) via an invalid syscall number, as
demonstrated by number 1000 (bnc#883724).
*
CVE-2014-4667: The sctp_association_free function in
net/sctp/associola.c in the Linux kernel before 3.15.2 does not
properly manage a certain backlog value, which allows remote
attackers to cause a denial of service (socket outage) via a crafted
SCTP packet (bnc#885422).
*
CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the
Linux kernel through 3.15.6 allows local users to gain privileges by
leveraging data-structure differences between an l2tp socket and an
inet socket (bnc#887082).
*
CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c
in the Linux kernel through 3.15.8, when SCTP authentication is
enabled, allows remote attackers to cause a denial of service (NULL
pointer dereference and OOPS) by starting to establish an association
between two endpoints immediately after an exchange of INIT and INIT
ACK chunks to establish an earlier association between these
endpoints in the opposite direction (bnc#889173).
*
CVE-2014-5471: Stack consumption vulnerability in the
parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the
Linux kernel through 3.16.1 allows local users to cause a denial of
service (uncontrolled recursion, and system crash or reboot) via a
crafted iso9660 image with a CL entry referring to a directory entry
that has a CL entry. (bnc#892490)
*
CVE-2014-5472: The parse_rock_ridge_inode_internal function in
fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users
to cause a denial of service (unkillable mount process) via a crafted
iso9660 image with a self-referential CL entry. (bnc#892490)
*
CVE-2014-2706: Race condition in the mac80211 subsystem in the Linux
kernel before 3.13.7 allows remote attackers to cause a denial of
service (system crash) via network traffic that improperly interacts
with the WLAN_STA_PS_STA state (aka power-save mode), related to
sta_info.c and tx.c. (bnc#871797)
*
CVE-2014-4027: The rd_build_device_space function in
drivers/target/target_core_rd.c in the Linux kernel before 3.14 does
not properly initialize a certain data structure, which allows local
users to obtain sensitive information from ramdisk_mcp memory by
leveraging access to a SCSI initiator. (bnc#882639)
*
CVE-2014-3153 The futex_requeue function in kernel/futex.c in the
Linux kernel through 3.14.5 does not ensure that calls have two
different futex addresses, which allows local users to gain
privileges via a crafted FUTEX_REQUEUE command that facilitates
unsafe waiter modification. (bnc#880892)
*
CVE-2014-6410: Avoid infinite loop when processing indirect ICBs
(bnc#896689)
The following non-security bugs have been fixed:
* ACPI / PAD: call schedule() when need_resched() is true (bnc#866911).
* ACPI: Fix bug when ACPI reset register is implemented in system
memory (bnc#882900).
* ACPI: Limit access to custom_method (bnc#884333).
* ALSA: hda - Enabling Realtek ALC 671 codec (bnc#891746).
* Add option to automatically enforce module signatures when in Secure
Boot mode (bnc#884333).
* Add secure_modules() call (bnc#884333).
* Add wait_on_atomic_t() and wake_up_atomic_t() (bnc#880344).
* Backported new patches of Lock down functions for UEFI secure boot
Also updated series.conf and removed old patches.
* Btrfs: Return EXDEV for cross file system snapshot.
* Btrfs: abort the transaction when we does not find our extent ref.
* Btrfs: avoid warning bomb of btrfs_invalidate_inodes.
* Btrfs: cancel scrub on transaction abortion.
* Btrfs: correctly set profile flags on seqlock retry.
* Btrfs: does not check nodes for extent items.
* Btrfs: fix a possible deadlock between scrub and transaction
committing.
* Btrfs: fix corruption after write/fsync failure + fsync + log
recovery (bnc#894200).
* Btrfs: fix csum tree corruption, duplicate and outdated checksums
(bnc#891619).
* Btrfs: fix double free in find_lock_delalloc_range.
* Btrfs: fix possible memory leak in btrfs_create_tree().
* Btrfs: fix use of uninit 'ret' in end_extent_writepage().
* Btrfs: free delayed node outside of root->inode_lock (bnc#866864).
* Btrfs: make DEV_INFO ioctl available to anyone.
* Btrfs: make FS_INFO ioctl available to anyone.
* Btrfs: make device scan less noisy.
* Btrfs: make sure there are not any read requests before stopping
workers.
* Btrfs: more efficient io tree navigation on wait_extent_bit.
* Btrfs: output warning instead of error when loading free space cache
failed.
* Btrfs: retrieve more info from FS_INFO ioctl.
* Btrfs: return EPERM when deleting a default subvolume (bnc#869934).
* Btrfs: unset DCACHE_DISCONNECTED when mounting default subvol
(bnc#866615).
* Btrfs: use right type to get real comparison.
* Btrfs: wake up @scrub_pause_wait as much as we can.
* Btrfs: wake up transaction thread upon remount.
* CacheFiles: Add missing retrieval completions (bnc#880344).
* CacheFiles: Does not try to dump the index key if the cookie has been
cleared (bnc#880344).
* CacheFiles: Downgrade the requirements passed to the allocator
(bnc#880344).
* CacheFiles: Fix the marking of cached pages (bnc#880344).
* CacheFiles: Implement invalidation (bnc#880344).
* CacheFiles: Make some debugging statements conditional (bnc#880344).
* Drivers: hv: util: Fix a bug in the KVP code (bnc#886840).
* Drivers: hv: vmbus: Fix a bug in the channel callback dispatch code
(bnc#886840).
* FS-Cache: Add transition to handle invalidate immediately after
lookup (bnc#880344).
* FS-Cache: Check that there are no read ops when cookie relinquished
(bnc#880344).
* FS-Cache: Clear remaining page count on retrieval cancellation
(bnc#880344).
* FS-Cache: Convert the object event ID #defines into an enum
(bnc#880344).
* FS-Cache: Does not sleep in page release if __GFP_FS is not set
(bnc#880344).
* FS-Cache: Does not use spin_is_locked() in assertions (bnc#880344).
* FS-Cache: Exclusive op submission can BUG if there is been an I/O
error (bnc#880344).
* FS-Cache: Fix __wait_on_atomic_t() to call the action func if the
counter != 0 (bnc#880344).
* FS-Cache: Fix object state machine to have separate work and wait
states (bnc#880344).
* FS-Cache: Fix operation state management and accounting (bnc#880344).
* FS-Cache: Fix signal handling during waits (bnc#880344).
* FS-Cache: Initialise the object event mask with the calculated mask
(bnc#880344).
* FS-Cache: Limit the number of I/O error reports for a cache
(bnc#880344).
* FS-Cache: Make cookie relinquishment wait for outstanding reads
(bnc#880344).
* FS-Cache: Mark cancellation of in-progress operation (bnc#880344).
* FS-Cache: One of the write operation paths doeses not set the object
state (bnc#880344).
* FS-Cache: Provide proper invalidation (bnc#880344).
* FS-Cache: Simplify cookie retention for fscache_objects, fixing oops
(bnc#880344).
* FS-Cache: The retrieval remaining-pages counter needs to be atomic_t
(bnc#880344).
* FS-Cache: Uninline fscache_object_init() (bnc#880344).
* FS-Cache: Wrap checks on object state (bnc#880344).
* HID: usbhid: add always-poll quirk (bnc#888607).
* HID: usbhid: enable always-poll quirk for Elan Touchscreen
(bnc#888607).
* IB/iser: Add TIMEWAIT_EXIT event handling (bnc#890297).
* Ignore 'flags' change to event_constraint (bnc#876114).
* Ignore data_src/weight changes to perf_sample_data (bnc#876114).
* NFS: Allow more operations in an NFSv4.1 request (bnc#890513).
* NFS: Clean up helper function nfs4_select_rw_stateid() (bnc#888968).
* NFS: Does not copy read delegation stateids in setattr (bnc#888968).
* NFS: Does not use a delegation to open a file when returning that
delegation (bnc#888968, bnc#892200, bnc#893596, bnc#893496)
* NFS: Fixes for NFS RCU-walk support in line with code going upstream
* NFS: Use FS-Cache invalidation (bnc#880344).
* NFS: allow lockless access to access_cache (bnc#866130).
* NFS: avoid mountpoint being displayed as ' (deleted)' in /proc/mounts
(bnc#888591).
* NFS: nfs4_do_open should add negative results to the dcache
(bnc#866130).
* NFS: nfs_migrate_page() does not wait for FS-Cache to finish with a
page (bnc#880344).
* NFS: nfs_open_revalidate: only evaluate parent if it will be used
(bnc#866130).
* NFS: prepare for RCU-walk support but pushing tests later in code
(bnc#866130).
* NFS: support RCU_WALK in nfs_permission() (bnc#866130).
* NFS: teach nfs_lookup_verify_inode to handle LOOKUP_RCU (bnc#866130).
* NFS: teach nfs_neg_need_reval to understand LOOKUP_RCU (bnc#866130).
* NFSD: Does not hand out delegations for 30 seconds after recalling
them (bnc#880370).
* NFSv4 set open access operation call flag in nfs4_init_opendata_res
(bnc#888968, bnc#892200, bnc#893596, bnc#893496).
* NFSv4: Add a helper for encoding opaque data (bnc#888968).
* NFSv4: Add a helper for encoding stateids (bnc#888968).
* NFSv4: Add helpers for basic copying of stateids (bnc#888968).
* NFSv4: Clean up nfs4_select_rw_stateid() (bnc#888968).
* NFSv4: Fix the return value of nfs4_select_rw_stateid (bnc#888968).
* NFSv4: Rename nfs4_copy_stateid() (bnc#888968).
* NFSv4: Resend the READ/WRITE RPC call if a stateid change causes an
error (bnc#888968).
* NFSv4: Simplify the struct nfs4_stateid (bnc#888968).
* NFSv4: The stateid must remain the same for replayed RPC calls
(bnc#888968).
* NFSv4: nfs4_stateid_is_current should return 'true' for an invalid
stateid (bnc#888968).
* One more fix for kABI breakage.
* PCI: Lock down BAR access when module security is enabled
(bnc#884333).
* PCI: enable MPS 'performance' setting to properly handle bridge MPS
(bnc#883376).
* PM / Hibernate: Add memory_rtree_find_bit function (bnc#860441).
* PM / Hibernate: Create a Radix-Tree to store memory bitmap
(bnc#860441).
* PM / Hibernate: Implement position keeping in radix tree
(bnc#860441).
* PM / Hibernate: Iterate over set bits instead of PFNs in
swsusp_free() (bnc#860441).
* PM / Hibernate: Remove the old memory-bitmap implementation
(bnc#860441).
* PM / Hibernate: Touch Soft Lockup Watchdog in rtree_next_node
(bnc#860441).
* Restrict /dev/mem and /dev/kmem when module loading is restricted
(bnc#884333).
* Reuse existing 'state' field to indicate PERF_X86_EVENT_PEBS_LDLAT
(bnc#876114).
* USB: handle LPM errors during device suspend correctly (bnc#849123).
* Update kabi files to reflect fscache change (bnc#880344)
* Update x86_64 config files: re-enable SENSORS_W83627EHF (bnc#891281)
* VFS: Make more complete truncate operation available to CacheFiles
(bnc#880344).
* [FEAT NET1222] ib_uverbs: Allow explicit mmio trigger (FATE#83366,
ltc#83367).
* acpi: Ignore acpi_rsdp kernel parameter when module loading is
restricted (bnc#884333).
* af_iucv: correct cleanup if listen backlog is full (bnc#885262,
LTC#111728).
* asus-wmi: Restrict debugfs interface when module loading is
restricted (bnc#884333).
* autofs4: allow RCU-walk to walk through autofs4 (bnc#866130).
* autofs4: avoid taking fs_lock during rcu-walk (bnc#866130).
* autofs4: does not take spinlock when not needed in
autofs4_lookup_expiring (bnc#866130).
* autofs4: factor should_expire() out of autofs4_expire_indirect
(bnc#866130).
* autofs4: make 'autofs4_can_expire' idempotent (bnc#866130).
* autofs4: remove a redundant assignment (bnc#866130).
* autofs: fix lockref lookup (bnc#888591).
* be2net: add dma_mapping_error() check for dma_map_page()
(bnc#881759).
* block: add cond_resched() to potentially long running ioctl discard
loop (bnc#884725).
* block: fix race between request completion and timeout handling
(bnc#881051).
* cdc-ether: clean packet filter upon probe (bnc#876017).
* cpuset: Fix memory allocator deadlock (bnc#876590).
* crypto: Allow CRYPTO_FIPS without MODULE_SIGNATURES. Not all archs
have them, but some are FIPS certified, with some kernel support.
* crypto: fips - only panic on bad/missing crypto mod signatures
(bnc#887503).
* crypto: testmgr - allow aesni-intel and ghash_clmulni-intel in fips
mode (bnc#889451).
* dasd: validate request size before building CCW/TCW (bnc#891087,
LTC#114068).
* dm mpath: fix race condition between multipath_dtr and pg_init_done
(bnc#826486).
* dm-mpath: fix panic on deleting sg device (bnc#870161).
* drm/ast: AST2000 cannot be detected correctly (bnc#895983).
* drm/ast: Actually load DP501 firmware when required (bnc#895608
bnc#871134).
* drm/ast: Add missing entry to dclk_table[].
* drm/ast: Add reduced non reduced mode parsing for wide screen mode
(bnc#892723).
* drm/ast: initial DP501 support (v0.2) (bnc#871134).
* drm/ast: open key before detect chips (bnc#895983).
* drm/i915: Fix up cpt pixel multiplier enable sequence (bnc#879304).
* drm/i915: Only apply DPMS to the encoder if enabled (bnc#893064).
* drm/i915: clear the FPGA_DBG_RM_NOCLAIM bit at driver init
(bnc#869055).
* drm/i915: create functions for the 'unclaimed register' checks
(bnc#869055).
* drm/i915: use FPGA_DBG for the 'unclaimed register' checks
(bnc#869055).
* drm/mgag200: Initialize data needed to map fbdev memory (bnc
#806990).
* e1000e: enable support for new device IDs (bnc#885509).
* fs/fscache: remove spin_lock() from the condition in while()
(bnc#880344).
* hibernate: Disable in a signed modules environment (bnc#884333).
* hugetlb: does not use ERR_PTR with VM_FAULT* values
* ibmvscsi: Abort init sequence during error recovery (bnc#885382).
* ibmvscsi: Add memory barriers for send / receive (bnc#885382).
* inet: add a redirect generation id in inetpeer (bnc#860593).
* inetpeer: initialize ->redirect_genid in inet_getpeer() (bnc#860593).
* ipv6: tcp: fix tcp_v6_conn_request() (bnc#887645).
* kabi: hide bnc#860593 changes of struct inetpeer_addr_base
(bnc#860593).
* kernel: 3215 tty hang (bnc#891087, LTC#114562).
* kernel: fix data corruption when reading /proc/sysinfo (bnc#891087,
LTC#114480).
* kernel: fix kernel oops with load of fpc register (bnc#889061,
LTC#113596).
* kernel: sclp console tty reference counting (bnc#891087, LTC#115466).
* kexec: Disable at runtime if the kernel enforces module loading
restrictions (bnc#884333).
* md/raid6: avoid data corruption during recovery of double-degraded
RAID6.
* memcg, vmscan: Fix forced scan of anonymous pages (memory reclaim
fix).
* memcg: do not expose uninitialized mem_cgroup_per_node to world
(bnc#883096).
* mm, hugetlb: add VM_NORESERVE check in vma_has_reserves()
* mm, hugetlb: change variable name reservations to resv
* mm, hugetlb: decrement reserve count if VM_NORESERVE alloc page cache
* mm, hugetlb: defer freeing pages when gathering surplus pages
* mm, hugetlb: do not use a page in page cache for cow optimization
* mm, hugetlb: fix and clean-up node iteration code to alloc or free
* mm, hugetlb: fix race in region tracking
* mm, hugetlb: fix subpool accounting handling
* mm, hugetlb: improve page-fault scalability
* mm, hugetlb: improve, cleanup resv_map parameters
* mm, hugetlb: move up the code which check availability of free huge
page
* mm, hugetlb: protect reserved pages when soft offlining a hugepage
* mm, hugetlb: remove decrement_hugepage_resv_vma()
* mm, hugetlb: remove redundant list_empty check in
gather_surplus_pages()
* mm, hugetlb: remove resv_map_put
* mm, hugetlb: remove useless check about mapping type
* mm, hugetlb: return a reserved page to a reserved pool if failed
* mm, hugetlb: trivial commenting fix
* mm, hugetlb: unify region structure handling
* mm, hugetlb: unify region structure handling kabi
* mm, hugetlb: use long vars instead of int in region_count() (Hugetlb
Fault Scalability).
* mm, hugetlb: use vma_resv_map() map types
* mm, oom: fix badness score underflow (bnc#884582, bnc#884767).
* mm, oom: normalize oom scores to oom_score_adj scale only for
userspace (bnc#884582, bnc#884767).
* mm, thp: do not allow thp faults to avoid cpuset restrictions
(bnc#888849).
* net/mlx4_core: Load higher level modules according to ports type
(bnc#887680).
* net/mlx4_core: Load the IB driver when the device supports IBoE
(bnc#887680).
* net/mlx4_en: Fix a race between napi poll function and RX ring
cleanup (bnc#863586).
* net/mlx4_en: Fix selftest failing on non 10G link speed (bnc#888058).
* net: fix checksumming features handling in output path (bnc#891259).
* pagecache_limit: batch large nr_to_scan targets (bnc#895221).
* pagecachelimit: reduce lru_lock congestion for heavy parallel reclaim
fix (bnc#895680).
* perf/core: Add weighted samples (bnc#876114).
* perf/x86: Add flags to event constraints (bnc#876114).
* perf/x86: Add memory profiling via PEBS Load Latency (bnc#876114).
* perf: Add generic memory sampling interface (bnc#876114).
* qla2xxx: Avoid escalating the SCSI error handler if the command is
not found in firmware (bnc#859840).
* qla2xxx: Clear loop_id for ports that are marked lost during fabric
scanning (bnc#859840).
* qla2xxx: Does not check for firmware hung during the reset context
for ISP82XX (bnc#859840).
* qla2xxx: Issue abort command for outstanding commands during cleanup
when only firmware is alive (bnc#859840).
* qla2xxx: Reduce the time we wait for a command to complete during
SCSI error handling (bnc#859840).
* qla2xxx: Set host can_queue value based on available resources
(bnc#859840).
* restore smp_mb() in unlock_new_inode() (bnc#890526).
* s390/pci: introduce lazy IOTLB flushing for DMA unmap (bnc#889061,
LTC#113725).
* sched: fix the theoretical signal_wake_up() vs schedule() race
(bnc#876055).
* sclp_vt220: Enable integrated ASCII console per default (bnc#885262,
LTC#112035).
* scsi_dh: use missing accessor 'scsi_device_from_queue' (bnc#889614).
* scsi_transport_fc: Cap dev_loss_tmo by fast_io_fail (bnc#887608).
* scsiback: correct grant page unmapping.
* scsiback: fix retry handling in __report_luns().
* scsiback: free resources after error.
* sunrpc/auth: allow lockless (rcu) lookup of credential cache
(bnc#866130).
* supported.conf: remove external from drivers/net/veth (bnc#889727)
* supported.conf: support net/sched/act_police.ko (bnc#890426)
* tcp: adapt selected parts of RFC 5682 and PRR logic (bnc#879921).
* tg3: Change nvram command timeout value to 50ms (bnc#855657).
* tg3: Override clock, link aware and link idle mode during NVRAM dump
(bnc#855657).
* tg3: Set the MAC clock to the fastest speed during boot code load
(bnc#855657).
* usb: Does not enable LPM if the exit latency is zero (bnc#832309).
* usbcore: Does not log on consecutive debounce failures of the same
port (bnc#888105).
* usbhid: fix PIXART optical mouse (bnc#888607).
* uswsusp: Disable when module loading is restricted (bnc#884333).
* vscsi: support larger transfer sizes (bnc#774818).
* writeback: Do not sync data dirtied after sync start (bnc#833820).
* x86 thermal: Delete power-limit-notification console messages
(bnc#882317).
* x86 thermal: Disable power limit notification interrupt by default
(bnc#882317).
* x86 thermal: Re-enable power limit notification interrupt by default
(bnc#882317).
* x86, cpu hotplug: Fix stack frame warning in
check_irq_vectors_for_cpu_disable() (bnc#887418).
* x86/UV: Add call to KGDB/KDB from NMI handler (bnc#888847).
* x86/UV: Add kdump to UV NMI handler (bnc#888847).
* x86/UV: Add summary of cpu activity to UV NMI handler (bnc#888847).
* x86/UV: Move NMI support (bnc#888847).
* x86/UV: Update UV support for external NMI signals (bnc#888847).
* x86/uv/nmi: Fix Sparse warnings (bnc#888847).
* x86: Add check for number of available vectors before CPU down
(bnc#887418).
* x86: Lock down IO port access when module security is enabled
(bnc#884333).
* x86: Restrict MSR access when module loading is restricted
(bnc#884333).
Security Issues:
* CVE-2013-1979
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979>
* CVE-2014-1739
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739>
* CVE-2014-2706
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706>
* CVE-2014-4027
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027>
* CVE-2014-4171
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171>
* CVE-2014-4508
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508>
* CVE-2014-4667
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667>
* CVE-2014-4943
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943>
* CVE-2014-5077
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077>
* CVE-2014-5471
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471>
* CVE-2014-5472
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472>
* CVE-2014-3153
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153>
* CVE-2014-6410
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410>
The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix
various bugs and security issues.
Following security bugs were fixed: CVE-2013-1979: The scm_set_cred
function in include/net/scm.h in the Linux kernel before 3.8.11 uses
incorrect uid and gid values during credentials passing, which allows local
users to gain privileges via a crafted application (bnc#816708).
CVE-2014-1739: The media_device_enum_entities function in
drivers/media/media-device.c in the Linux kernel before 3.14.6 does not
initialize a certain data structure, which allows local users to obtain
sensitive information from kernel memory by leveraging /dev/media0 read
access for a MEDIA_IOC_ENUM_ENTITIES ioctl call (bnc#882804).
CVE-2014-4171: mm/shmem.c in the Linux kernel through 3.15.1 does not
properly implement the interaction between range notification and hole
punching, which allows local users to cause a denial of service (i_mutex
hold) by using the mmap system call to access a hole, as demonstrated by
interfering with intended shmem activity by blocking completion of (1) an
MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call
(bnc#883518).
CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through
3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the
sep CPU feature flag is set, allows local users to cause a denial of
service (OOPS and system crash) via an invalid syscall number, as
demonstrated by number 1000 (bnc#883724).
CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c
in the Linux kernel before 3.15.2 does not properly manage a certain
backlog value, which allows remote attackers to cause a denial of service
(socket outage) via a crafted SCTP packet (bnc#885422).
CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux
kernel through 3.15.6 allows local users to gain privileges by leveraging
data-structure differences between an l2tp socket and an inet socket
(bnc#887082).
CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in
the Linux kernel through 3.15.8, when SCTP authentication is enabled,
allows remote attackers to cause a denial of service (NULL pointer
dereference and OOPS) by starting to establish an association between two
endpoints immediately after an exchange of INIT and INIT ACK chunks to
establish an earlier association between these endpoints in the opposite
direction (bnc#889173).
CVE-2014-5471: Stack consumption vulnerability in the
parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux
kernel through 3.16.1 allows local users to cause a denial of service
(uncontrolled recursion, and system crash or reboot) via a crafted iso9660
image with a CL entry referring to a directory entry that has a CL entry.
(bnc#892490)
CVE-2014-5472: The parse_rock_ridge_inode_internal function in
fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to
cause a denial of service (unkillable mount process) via a crafted iso9660
image with a self-referential CL entry. (bnc#892490)
CVE-2014-2706: Race condition in the mac80211 subsystem in the Linux kernel
before 3.13.7 allows remote attackers to cause a denial of service (system
crash) via network traffic that improperly interacts with the
WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and
tx.c. (bnc#871797)
CVE-2014-4027: The rd_build_device_space function in
drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not
properly initialize a certain data structure, which allows local users to
obtain sensitive information from ramdisk_mcp memory by leveraging access
to a SCSI initiator. (bnc#882639)
The following non-security bugs were fixed: - ACPI / PAD: call schedule()
when need_resched() is true (bnc#866911). - ACPI: Fix bug when ACPI reset
register is implemented in system memory (bnc#882900). - ACPI: Limit access
to custom_method (bnc#884333). - Add option to automatically enforce module
signatures when in Secure Boot mode (bnc#884333). - Add secure_modules()
call (bnc#884333). - Add wait_on_atomic_t() and wake_up_atomic_t()
(bnc#880344). - Backported new patches of Lock down functions for UEFI
secure boot Also updated series.conf and removed old patches. - Btrfs:
Return EXDEV for cross file system snapshot. - Btrfs: abort the transaction
when we does not find our extent ref. - Btrfs: avoid warning bomb of
btrfs_invalidate_inodes. - Btrfs: cancel scrub on transaction abortion. -
Btrfs: correctly set profile flags on seqlock retry. - Btrfs: does not
check nodes for extent items. - Btrfs: fix a possible deadlock between
scrub and transaction committing. - Btrfs: fix corruption after write/fsync
failure + fsync + log recovery (bnc#894200). - Btrfs: fix csum tree
corruption, duplicate and outdated checksums (bnc#891619). - Btrfs: fix
double free in find_lock_delalloc_range. - Btrfs: fix possible memory leak
in btrfs_create_tree(). - Btrfs: fix use of uninit 'ret' in
end_extent_writepage(). - Btrfs: free delayed node outside of
root->inode_lock (bnc#866864). - Btrfs: make DEV_INFO ioctl available to
anyone. - Btrfs: make FS_INFO ioctl available to anyone. - Btrfs: make
device scan less noisy. - Btrfs: make sure there are not any read requests
before stopping workers. - Btrfs: more efficient io tree navigation on
wait_extent_bit. - Btrfs: output warning instead of error when loading free
space cache failed. - Btrfs: retrieve more info from FS_INFO ioctl. -
Btrfs: return EPERM when deleting a default subvolume (bnc#869934). -
Btrfs: unset DCACHE_DISCONNECTED when mounting default subvol (bnc#866615).
- Btrfs: use right type to get real comparison. - Btrfs: wake up
@scrub_pause_wait as much as we can. - Btrfs: wake up transaction thread
upon remount. - CacheFiles: Add missing retrieval completions (bnc#880344).
- CacheFiles: Does not try to dump the index key if the cookie has been
cleared (bnc#880344). - CacheFiles: Downgrade the requirements passed to
the allocator (bnc#880344). - CacheFiles: Fix the marking of cached pages
(bnc#880344). - CacheFiles: Implement invalidation (bnc#880344). -
CacheFiles: Make some debugging statements conditional (bnc#880344). -
Drivers: hv: util: Fix a bug in the KVP code (bnc#886840). - Drivers: hv:
vmbus: Fix a bug in the channel callback dispatch code (bnc#886840). -
FS-Cache: Add transition to handle invalidate immediately after lookup
(bnc#880344). - FS-Cache: Check that there are no read ops when cookie
relinquished (bnc#880344). - FS-Cache: Clear remaining page count on
retrieval cancellation (bnc#880344). - FS-Cache: Convert the object event
ID #defines into an enum (bnc#880344). - FS-Cache: Does not sleep in page
release if __GFP_FS is not set (bnc#880344). - FS-Cache: Does not use
spin_is_locked() in assertions (bnc#880344). - FS-Cache: Exclusive op
submission can BUG if there is been an I/O error (bnc#880344). - FS-Cache:
Fix __wait_on_atomic_t() to call the action func if the counter != 0
(bnc#880344). - FS-Cache: Fix object state machine to have separate work
and wait states (bnc#880344). - FS-Cache: Fix operation state management
and accounting (bnc#880344). - FS-Cache: Fix signal handling during waits
(bnc#880344). - FS-Cache: Initialise the object event mask with the
calculated mask (bnc#880344). - FS-Cache: Limit the number of I/O error
reports for a cache (bnc#880344). - FS-Cache: Make cookie relinquishment
wait for outstanding reads (bnc#880344). - FS-Cache: Mark cancellation of
in-progress operation (bnc#880344). - FS-Cache: One of the write operation
paths doeses not set the object state (bnc#880344). - FS-Cache: Provide
proper invalidation (bnc#880344). - FS-Cache: Simplify cookie retention for
fscache_objects, fixing oops (bnc#880344). - FS-Cache: The retrieval
remaining-pages counter needs to be atomic_t (bnc#880344). - FS-Cache:
Uninline fscache_object_init() (bnc#880344). - FS-Cache: Wrap checks on
object state (bnc#880344). - HID: usbhid: add always-poll quirk
(bnc#888607). - HID: usbhid: enable always-poll quirk for Elan Touchscreen
(bnc#888607). - IB/iser: Add TIMEWAIT_EXIT event handling (bnc#890297). -
Ignore 'flags' change to event_constraint (bnc#876114). - Ignore
data_src/weight changes to perf_sample_data (bnc#876114). - NFS: Allow more
operations in an NFSv4.1 request (bnc#890513). - NFS: Clean up helper
function nfs4_select_rw_stateid() (bnc#888968). - NFS: Does not copy read
delegation stateids in setattr (bnc#888968). - NFS: Does not use a
delegation to open a file when returning that delegation (bnc#888968,
bnc#892200, bnc#893596, bnc#893496) - NFS: Fixes for NFS RCU-walk support
in line with code going upstream - NFS: Use FS-Cache invalidation
(bnc#880344). - NFS: allow lockless access to access_cache (bnc#866130). -
NFS: avoid mountpoint being displayed as ' (deleted)' in /proc/mounts
(bnc#888591). - NFS: nfs4_do_open should add negative results to the dcache
(bnc#866130). - NFS: nfs_migrate_page() does not wait for FS-Cache to
finish with a page (bnc#880344). - NFS: nfs_open_revalidate: only evaluate
parent if it will be used (bnc#866130). - NFS: prepare for RCU-walk support
but pushing tests later in code (bnc#866130). - NFS: support RCU_WALK in
nfs_permission() (bnc#866130). - NFS: teach nfs_lookup_verify_inode to
handle LOOKUP_RCU (bnc#866130). - NFS: teach nfs_neg_need_reval to
understand LOOKUP_RCU (bnc#866130). - NFSD: Does not hand out delegations
for 30 seconds after recalling them (bnc#880370). - NFSv4 set open access
operation call flag in nfs4_init_opendata_res (bnc#888968, bnc#892200,
bnc#893596, bnc#893496). - NFSv4: Add a helper for encoding opaque data
(bnc#888968). - NFSv4: Add a helper for encoding stateids (bnc#888968). -
NFSv4: Add helpers for basic copying of stateids (bnc#888968). - NFSv4:
Clean up nfs4_select_rw_stateid() (bnc#888968). - NFSv4: Fix the return
value of nfs4_select_rw_stateid (bnc#888968). - NFSv4: Rename
nfs4_copy_stateid() (bnc#888968). - NFSv4: Resend the READ/WRITE RPC call
if a stateid change causes an error (bnc#888968). - NFSv4: Simplify the
struct nfs4_stateid (bnc#888968). - NFSv4: The stateid must remain the same
for replayed RPC calls (bnc#888968). - NFSv4: nfs4_stateid_is_current
should return 'true' for an invalid stateid (bnc#888968). - One more fix
for kABI breakage. - PCI: Lock down BAR access when module security is
enabled (bnc#884333). - PCI: enable MPS 'performance' setting to properly
handle bridge MPS (bnc#883376). - PM / Hibernate: Add memory_rtree_find_bit
function (bnc#860441). - PM / Hibernate: Create a Radix-Tree to store
memory bitmap (bnc#860441). - PM / Hibernate: Implement position keeping in
radix tree (bnc#860441). - PM / Hibernate: Iterate over set bits instead of
PFNs in swsusp_free() (bnc#860441). - PM / Hibernate: Remove the old
memory-bitmap implementation (bnc#860441). - PM / Hibernate: Touch Soft
Lockup Watchdog in rtree_next_node (bnc#860441). - Restrict /dev/mem and
/dev/kmem when module loading is restricted (bnc#884333). - Reuse existing
'state' field to indicate PERF_X86_EVENT_PEBS_LDLAT (bnc#876114). - USB:
handle LPM errors during device suspend correctly (bnc#849123). - Update
kabi files to reflect fscache change (bnc#880344) - VFS: Make more complete
truncate operation available to CacheFiles (bnc#880344). - [FEAT NET1222]
ib_uverbs: Allow explicit mmio trigger (FATE#83366, ltc#83367). - acpi:
Ignore acpi_rsdp kernel parameter when module loading is restricted
(bnc#884333). - af_iucv: correct cleanup if listen backlog is full
(bnc#885262, LTC#111728). - asus-wmi: Restrict debugfs interface when
module loading is restricted (bnc#884333). - autofs4: allow RCU-walk to
walk through autofs4 (bnc#866130). - autofs4: avoid taking fs_lock during
rcu-walk (bnc#866130). - autofs4: does not take spinlock when not needed in
autofs4_lookup_expiring (bnc#866130). - autofs4: factor should_expire() out
of autofs4_expire_indirect (bnc#866130). - autofs4: make
'autofs4_can_expire' idempotent (bnc#866130). - autofs4: remove a redundant
assignment (bnc#866130). - autofs: fix lockref lookup (bnc#888591). -
be2net: add dma_mapping_error() check for dma_map_page() (bnc#881759). -
block: add cond_resched() to potentially long running ioctl discard loop
(bnc#884725). - block: fix race between request completion and timeout
handling (bnc#881051). - cdc-ether: clean packet filter upon probe
(bnc#876017). - cpuset: Fix memory allocator deadlock (bnc#876590). -
crypto: Allow CRYPTO_FIPS without MODULE_SIGNATURES. Not all archs have
them, but some are FIPS certified, with some kernel support. - crypto: fips
- only panic on bad/missing crypto mod signatures (bnc#887503). - crypto:
testmgr - allow aesni-intel and ghash_clmulni-intel in fips mode
(bnc#889451). - dasd: validate request size before building CCW/TCW
(bnc#891087, LTC#114068). - dm mpath: fix race condition between
multipath_dtr and pg_init_done (bnc#826486). - dm-mpath: fix panic on
deleting sg device (bnc#870161). - drm/ast: Add missing entry to
dclk_table[]. - drm/ast: Add reduced non reduced mode parsing for wide
screen mode (bnc#892723). - drm/i915: Only apply DPMS to the encoder if
enabled (bnc#893064). - drm/i915: clear the FPGA_DBG_RM_NOCLAIM bit at
driver init (bnc#869055). - drm/i915: create functions for the 'unclaimed
register' checks (bnc#869055). - drm/i915: use FPGA_DBG for the 'unclaimed
register' checks (bnc#869055). - drm/mgag200: Initialize data needed to map
fbdev memory (bnc #806990). - e1000e: enable support for new device IDs
(bnc#885509). - fs/fscache: remove spin_lock() from the condition in
while() (bnc#880344). - hibernate: Disable in a signed modules environment
(bnc#884333). - hugetlb: does not use ERR_PTR with VM_FAULT* values -
ibmvscsi: Abort init sequence during error recovery (bnc#885382). -
ibmvscsi: Add memory barriers for send / receive (bnc#885382). - inet: add
a redirect generation id in inetpeer (bnc#860593). - inetpeer: initialize
->redirect_genid in inet_getpeer() (bnc#860593). - ipv6: tcp: fix
tcp_v6_conn_request() (bnc#887645). - kabi: hide bnc#860593 changes of
struct inetpeer_addr_base (bnc#860593). - kernel: 3215 tty hang
(bnc#891087, LTC#114562). - kernel: fix data corruption when reading
/proc/sysinfo (bnc#891087, LTC#114480). - kernel: fix kernel oops with load
of fpc register (bnc#889061, LTC#113596). - kernel: sclp console tty
reference counting (bnc#891087, LTC#115466). - kexec: Disable at runtime if
the kernel enforces module loading restrictions (bnc#884333). - md/raid6:
avoid data corruption during recovery of double-degraded RAID6. - memcg,
vmscan: Fix forced scan of anonymous pages (memory reclaim fix). - mm,
hugetlb: add VM_NORESERVE check in vma_has_reserves() - mm, hugetlb: change
variable name reservations to resv - mm, hugetlb: decrement reserve count
if VM_NORESERVE alloc page cache - mm, hugetlb: defer freeing pages when
gathering surplus pages - mm, hugetlb: do not use a page in page cache for
cow optimization - mm, hugetlb: fix and clean-up node iteration code to
alloc or free - mm, hugetlb: fix race in region tracking - mm, hugetlb: fix
subpool accounting handling - mm, hugetlb: improve page-fault scalability -
mm, hugetlb: improve, cleanup resv_map parameters - mm, hugetlb: move up
the code which check availability of free huge page - mm, hugetlb: protect
reserved pages when soft offlining a hugepage - mm, hugetlb: remove
decrement_hugepage_resv_vma() - mm, hugetlb: remove redundant list_empty
check in gather_surplus_pages() - mm, hugetlb: remove resv_map_put - mm,
hugetlb: remove useless check about mapping type - mm, hugetlb: return a
reserved page to a reserved pool if failed - mm, hugetlb: trivial
commenting fix - mm, hugetlb: unify region structure handling - mm,
hugetlb: unify region structure handling kabi - mm, hugetlb: use long vars
instead of int in region_count() (Hugetlb Fault Scalability). - mm,
hugetlb: use vma_resv_map() map types - mm, oom: fix badness score
underflow (bnc#884582, bnc#884767). - mm, oom: normalize oom scores to
oom_score_adj scale only for userspace (bnc#884582, bnc#884767). - mm, thp:
do not allow thp faults to avoid cpuset restrictions (bnc#888849). -
net/mlx4_core: Load higher level modules according to ports type
(bnc#887680). - net/mlx4_core: Load the IB driver when the device supports
IBoE (bnc#887680). - net/mlx4_en: Fix a race between napi poll function and
RX ring cleanup (bnc#863586). - net/mlx4_en: Fix selftest failing on non
10G link speed (bnc#888058). - net: fix checksumming features handling in
output path (bnc#891259). - perf/core: Add weighted samples (bnc#876114). -
perf/x86: Add flags to event constraints (bnc#876114). - perf/x86: Add
memory profiling via PEBS Load Latency (bnc#876114). - perf: Add generic
memory sampling interface (bnc#876114). - qla2xxx: Avoid escalating the
SCSI error handler if the command is not found in firmware (bnc#859840). -
qla2xxx: Clear loop_id for ports that are marked lost during fabric
scanning (bnc#859840). - qla2xxx: Does not check for firmware hung during
the reset context for ISP82XX (bnc#859840). - qla2xxx: Issue abort command
for outstanding commands during cleanup when only firmware is alive
(bnc#859840). - qla2xxx: Reduce the time we wait for a command to complete
during SCSI error handling (bnc#859840). - qla2xxx: Set host can_queue
value based on available resources (bnc#859840). - restore smp_mb() in
unlock_new_inode() (bnc#890526). - s390/pci: introduce lazy IOTLB flushing
for DMA unmap (bnc#889061, LTC#113725). - sched: fix the theoretical
signal_wake_up() vs schedule() race (bnc#876055). - sclp_vt220: Enable
integrated ASCII console per default (bnc#885262, LTC#112035). - scsi_dh:
use missing accessor 'scsi_device_from_queue' (bnc#889614). -
scsi_transport_fc: Cap dev_loss_tmo by fast_io_fail (bnc#887608). -
scsiback: correct grant page unmapping. - scsiback: fix retry handling in
__report_luns(). - scsiback: free resources after error. - sunrpc/auth:
allow lockless (rcu) lookup of credential cache (bnc#866130). -
supported.conf: remove external from drivers/net/veth (bnc#889727) -
supported.conf: support net/sched/act_police.ko (bnc#890426) - tcp: adapt
selected parts of RFC 5682 and PRR logic (bnc#879921). - tg3: Change nvram
command timeout value to 50ms (bnc#855657). - tg3: Override clock, link
aware and link idle mode during NVRAM dump (bnc#855657). - tg3: Set the MAC
clock to the fastest speed during boot code load (bnc#855657). - usb: Does
not enable LPM if the exit latency is zero (bnc#832309). - usbcore: Does
not log on consecutive debounce failures of the same port (bnc#888105). -
usbhid: fix PIXART optical mouse (bnc#888607). - uswsusp: Disable when
module loading is restricted (bnc#884333). - vscsi: support larger transfer
sizes (bnc#774818). - x86 thermal: Delete power-limit-notification console
messages (bnc#882317). - x86 thermal: Disable power limit notification
interrupt by default (bnc#882317). - x86 thermal: Re-enable power limit
notification interrupt by default (bnc#882317). - x86/UV: Add call to
KGDB/KDB from NMI handler (bnc#888847). - x86/UV: Add kdump to UV NMI
handler (bnc#888847). - x86/UV: Add summary of cpu activity to UV NMI
handler (bnc#888847). - x86/UV: Move NMI support (bnc#888847). - x86/UV:
Update UV support for external NMI signals (bnc#888847). - x86/uv/nmi: Fix
Sparse warnings (bnc#888847). - x86: Lock down IO port access when module
security is enabled (bnc#884333). - x86: Restrict MSR access when module
loading is restricted (bnc#884333).
Security Issues:
* CVE-2013-1979
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979>
* CVE-2014-1739
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739>
* CVE-2014-2706
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706>
* CVE-2014-4027
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027>
* CVE-2014-4171
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171>
* CVE-2014-4508
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508>
* CVE-2014-4667
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667>
* CVE-2014-4943
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943>
* CVE-2014-5077
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077>
* CVE-2014-5471
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471>
* CVE-2014-5472
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472>
SUSE bug 774818SUSE bug 806990SUSE bug 816708SUSE bug 826486SUSE bug 832309SUSE bug 849123SUSE bug 855657SUSE bug 859840SUSE bug 860441SUSE bug 860593SUSE bug 863586SUSE bug 866130SUSE bug 866615SUSE bug 866864SUSE bug 866911SUSE bug 869055SUSE bug 869934SUSE bug 870161SUSE bug 871797SUSE bug 876017SUSE bug 876055SUSE bug 876114SUSE bug 876590SUSE bug 879921SUSE bug 880344SUSE bug 880370SUSE bug 881051SUSE bug 881759SUSE bug 882317SUSE bug 882639SUSE bug 882804SUSE bug 882900SUSE bug 883376SUSE bug 883518SUSE bug 883724SUSE bug 884333SUSE bug 884582SUSE bug 884725SUSE bug 884767SUSE bug 885262SUSE bug 885382SUSE bug 885422SUSE bug 885509SUSE bug 886840SUSE bug 887082SUSE bug 887503SUSE bug 887608SUSE bug 887645SUSE bug 887680SUSE bug 888058SUSE bug 888105SUSE bug 888591SUSE bug 888607SUSE bug 888847SUSE bug 888849SUSE bug 888968SUSE bug 889061SUSE bug 889173SUSE bug 889451SUSE bug 889614SUSE bug 889727SUSE bug 890297SUSE bug 890426SUSE bug 890513SUSE bug 890526SUSE bug 891087SUSE bug 891259SUSE bug 891619SUSE bug 892200SUSE bug 892490SUSE bug 892723SUSE bug 893064SUSE bug 893496SUSE bug 893596SUSE bug 894200CVE-2013-1979CVE-2014-1739CVE-2014-2706CVE-2014-4027CVE-2014-4171CVE-2014-4508CVE-2014-4667CVE-2014-4943CVE-2014-5077CVE-2014-5471CVE-2014-5472cpe:/o:suse:suse_sled:11:sp3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Desktop 11 SP3
The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to receive various security and bugfixes.
Following security bugs were fixed:
- CVE-2015-8104: Prevent guest to host DoS caused by infinite loop in microcode via #DB exception (bsc#954404).
- CVE-2015-5307: Prevent guest to host DoS caused by infinite loop in microcode via #AC exception (bsc#953527).
- CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#952384).
- CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform mishandled IRET faults in processing NMIs that occurred during userspace execution, which might have allowed local users to gain privileges by triggering an NMI (bsc#938706).
- CVE-2015-7872: Possible crash when trying to garbage collect an uninstantiated keyring (bsc#951440).
- CVE-2015-0272: Prevent remote DoS using IPv6 RA with bogus MTU by validating before applying it (bsc#944296).
- CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bsc#945825).
- CVE-2015-6252: The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggered permanent file-descriptor allocation (bsc#942367).
The following non-security bugs were fixed:
- alsa: hda - Disable 64bit address for Creative HDA controllers (bsc#814440).
- btrfs: fix hang when failing to submit bio of directIO (bsc#942688).
- btrfs: fix memory corruption on failure to submit bio for direct IO (bsc#942688).
- btrfs: fix put dio bio twice when we submit dio bio fail (bsc#942688).
- dm sysfs: introduce ability to add writable attributes (bsc#904348).
- dm-snap: avoid deadock on s->lock when a read is split (bsc#939826).
- dm: do not start current request if it would have merged with the previous (bsc#904348).
- dm: impose configurable deadline for dm_request_fn merge heuristic (bsc#904348).
- drm/i915: (re)init HPD interrupt storm statistics (bsc#942938).
- drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938).
- drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4) (bsc#942938).
- drm/i915: Add bit field to record which pins have received HPD events (v3) (bsc#942938).
- drm/i915: Add enum hpd_pin to intel_encoder (bsc#942938).
- drm/i915: Add messages useful for HPD storm detection debugging (v2) (bsc#942938).
- drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt (bsc#942938).
- drm/i915: Convert HPD interrupts to make use of HPD pin assignment in encoders (v2) (bsc#942938).
- drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3) (bsc#942938).
- drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch platforms (bsc#942938).
- drm/i915: Enable hotplug interrupts after querying hw capabilities (bsc#942938).
- drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924).
- drm/i915: Fix hotplug interrupt enabling for SDVOC (bsc#942938).
- drm/i915: Fix up sdvo hpd pins for i965g/gm (bsc#942938).
- drm/i915: Get rid if the '^A' in struct drm_i915_private (bsc#942938).
- drm/i915: Make hpd arrays big enough to avoid out of bounds access (bsc#942938).
- drm/i915: Mask out the HPD irq bits before setting them individually (bsc#942938).
- drm/i915: Only print hotplug event message when hotplug bit is set (bsc#942938).
- drm/i915: Only reprobe display on encoder which has received an HPD event (v2) (bsc#942938).
- drm/i915: Queue reenable timer also when enable_hotplug_processing is false (bsc#942938).
- drm/i915: Remove i965_hpd_irq_setup (bsc#942938).
- drm/i915: Remove pch_rq_mask from struct drm_i915_private (bsc#942938).
- drm/i915: Remove valleyview_hpd_irq_setup (bsc#942938).
- drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler() (bsc#942938).
- drm/i915: WARN_ONCE() about unexpected interrupts for all chipsets (bsc#942938).
- drm/i915: add hotplug activation period to hotplug update mask (bsc#953980).
- drm/i915: assert_spin_locked for pipestat interrupt enable/disable (bsc#942938).
- drm/i915: clear crt hotplug compare voltage field before setting (bsc#942938).
- drm/i915: close tiny race in the ilk pcu even interrupt setup (bsc#942938).
- drm/i915: fix hotplug event bit tracking (bsc#942938).
- drm/i915: fix hpd interrupt register locking (bsc#942938).
- drm/i915: fix hpd work vs. flush_work in the pageflip code deadlock (bsc#942938).
- drm/i915: fix locking around ironlake_enable|disable_display_irq (bsc#942938).
- drm/i915: fold the hpd_irq_setup call into intel_hpd_irq_handler (bsc#942938).
- drm/i915: fold the no-irq check into intel_hpd_irq_handler (bsc#942938).
- drm/i915: fold the queue_work into intel_hpd_irq_handler (bsc#942938).
- drm/i915: implement ibx_hpd_irq_setup (bsc#942938).
- drm/i915: s/hotplug_irq_storm_detect/intel_hpd_irq_handler/ (bsc#942938).
- ehci-pci: enable interrupt on BayTrail (bnc926007).
- fix lpfc_send_rscn_event allocation size claims bsc#935757
- hugetlb: simplify migrate_huge_page() (bsc#947957, VM Functionality).
- hwpoison, hugetlb: lock_page/unlock_page does not match for handling a free hugepage (bsc#947957).
- ib/iser: Add Discovery support (bsc#923002).
- ib/iser: Move informational messages from error to info level (bsc#923002).
- ib/srp: Avoid skipping srp_reset_host() after a transport error (bsc#904965).
- ib/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965).
- inotify: Fix nested sleeps in inotify_read() (bsc#940925).
- ipv6: fix tunnel error handling (bsc#952579).
- ipv6: probe routes asynchronous in rt6_probe (bsc#936118).
- ipvs: Fix reuse connection if real server is dead (bsc#945827).
- ipvs: drop first packet to dead server (bsc#946078).
- keys: Fix race between key destruction and finding a keyring by name (bsc#951440).
- ktime: add ktime_after and ktime_before helpe (bsc#904348).
- lib/string.c: introduce memchr_inv() (bsc#930788).
- libiscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002).
- macvlan: Support bonding events bsc#948521
- make sure XPRT_CONNECTING gets cleared when needed (bsc#946309).
- memory-failure: do code refactor of soft_offline_page() (bsc#947957).
- memory-failure: fix an error of mce_bad_pages statistics (bsc#947957).
- memory-failure: use num_poisoned_pages instead of mce_bad_pages (bsc#947957).
- memory-hotplug: update mce_bad_pages when removing the memory (bsc#947957).
- mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory error on thp (bsc#947957).
- mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate successfully (bsc#947957).
- mm/migrate.c: pair unlock_page() and lock_page() when migrating huge pages (bsc#947957).
- mm: exclude reserved pages from dirtyable memory 32b fix (bsc#940017, bsc#949298).
- mm: make page pfmemalloc check more robust (bsc#920016).
- netfilter: nf_conntrack_proto_sctp: minimal multihoming support (bsc#932350).
- pci: Add VPD function 0 quirk for Intel Ethernet devices (bsc#943786).
- pci: Add dev_flags bit to access VPD through function 0 (bsc#943786).
- pci: Add flag indicating device has been assigned by KVM (bsc#777565).
- pci: Clear NumVFs when disabling SR-IOV in sriov_init() (bsc#952084).
- pci: Refresh First VF Offset and VF Stride when updating NumVFs (bsc#952084).
- pci: Update NumVFs register when disabling SR-IOV (bsc#952084).
- pci: delay configuration of SRIOV capability (bsc#952084).
- pci: set pci sriov page size before reading SRIOV BAR (bsc#952084).
- pktgen: clean up ktime_t helpers (bsc#904348).
- qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993).
- qla2xxx: Remove decrement of sp reference count in abort handler (bsc#944993).
- qla2xxx: do not clear slot in outstanding cmd array (bsc#944993).
- r8169: remember WOL preferences on driver load (bsc#942305).
- rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706).
- rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds (bsc#930145).
- sched/core: Fix task and run queue sched_info::run_delay inconsistencies (bsc#949100).
- scsi: fix scsi_error_handler vs. scsi_host_dev_release race (bsc#942204).
- scsi: hosts: update to use ida_simple for host_no (bsc#939926)
- scsi: kabi: allow iscsi disocvery session support (bsc#923002).
- scsi_transport_iscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002).
- sg: fix read() error reporting (bsc#926774).
- usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb (bsc#933721).
- usb: xhci: Reset a halted endpoint immediately when we encounter a stall (bsc#933721).
- usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers (bsc#944989).
- usb: xhci: do not start a halted endpoint before its new dequeue is set (bsc#933721).
- usb: xhci: handle Config Error Change (CEC) in xhci driver (bsc#933721).
- x86/tsc: Change Fast TSC calibration failed from error to info (bsc#942605).
- x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330).
- x86: mm: only do a local tlb flush in ptep_set_access_flags() (bsc#948330).
- xfs: Fix lost direct IO write in the last block (bsc#949744).
- xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347).
- xfs: add EOFBLOCKS inode tagging/untagging (bsc#930788).
- xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bsc#930788).
- xfs: add background scanning to clear eofblocks inodes (bsc#930788).
- xfs: add inode id filtering to eofblocks scan (bsc#930788).
- xfs: add minimum file size filtering to eofblocks scan (bsc#930788).
- xfs: create function to scan and clear EOFBLOCKS inodes (bsc#930788).
- xfs: create helper to check whether to free eofblocks on inode (bsc#930788).
- xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805).
- xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock failure (bsc#930788).
- xfs: support a tag-based inode_ag_iterator (bsc#930788).
- xfs: support multiple inode id filtering in eofblocks scan (bsc#930788).
- xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805).
- xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805).
- xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805).
- xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805).
- xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bsc#949981).
- xhci: Allocate correct amount of scratchpad buffers (bsc#933721).
- xhci: Calculate old endpoints correctly on device reset (bsc#944831).
- xhci: Do not enable/disable RWE on bus suspend/resume (bsc#933721).
- xhci: For streams the css flag most be read from the stream-ctx on ep stop (bsc#945691).
- xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256 (bsc#933721).
- xhci: Treat not finding the event_seg on COMP_STOP the same as COMP_STOP_INVAL (bsc#933721).
- xhci: Workaround for PME stuck issues in Intel xhci (bsc#933721).
- xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bsc#949502).
- xhci: do not report PLC when link is in internal resume state (bsc#933721).
- xhci: fix isoc endpoint dequeue from advancing too far on transaction error (bsc#944837).
- xhci: fix reporting of 0-sized URBs in control endpoint (bsc#933721).
- xhci: report U3 when link is in resume state (bsc#933721).
- xhci: rework cycle bit checking for new dequeue pointers (bsc#933721).
- xhci: use uninterruptible sleep for waiting for internal operations (bsc#939955).
ImportantSUSE bug 777565SUSE bug 814440SUSE bug 900610SUSE bug 904348SUSE bug 904965SUSE bug 920016SUSE bug 923002SUSE bug 926007SUSE bug 926709SUSE bug 926774SUSE bug 930145SUSE bug 930788SUSE bug 932350SUSE bug 932805SUSE bug 933721SUSE bug 935053SUSE bug 935757SUSE bug 936118SUSE bug 938706SUSE bug 939826SUSE bug 939926SUSE bug 939955SUSE bug 940017SUSE bug 940925SUSE bug 941202SUSE bug 942204SUSE bug 942305SUSE bug 942367SUSE bug 942605SUSE bug 942688SUSE bug 942938SUSE bug 943786SUSE bug 944296SUSE bug 944831SUSE bug 944837SUSE bug 944989SUSE bug 944993SUSE bug 945691SUSE bug 945825SUSE bug 945827SUSE bug 946078SUSE bug 946309SUSE bug 947957SUSE bug 948330SUSE bug 948347SUSE bug 948521SUSE bug 949100SUSE bug 949298SUSE bug 949502SUSE bug 949706SUSE bug 949744SUSE bug 949981SUSE bug 951440SUSE bug 952084SUSE bug 952384SUSE bug 952579SUSE bug 953527SUSE bug 953980SUSE bug 954404CVE-2015-0272CVE-2015-5157CVE-2015-5307CVE-2015-6252CVE-2015-6937CVE-2015-7872CVE-2015-7990CVE-2015-8104cpe:/o:suse:suse_sled:11:sp3Security update for krb5SUSE Linux Enterprise Desktop 11 SP3
This MIT krb5 update fixes a buffer overrun problem in kadmind:
* bnc#891082: buffer overrun in kadmind with LDAP back end
(MITKRB5-SA-2014-001) (CVE-2014-4345)
MIT krb5 Security Advisory 2014-001
* http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2014-001.txt
Security Issues:
* CVE-2014-4345
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345>
SUSE bug 891082CVE-2014-4345cpe:/o:suse:suse_sled:11:sp3Security update for krb5 (Important)SUSE Linux Enterprise Desktop 11 SP3
krb5 was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-2695: Applications which call gss_inquire_context() on a partially-established SPNEGO context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process crash (bsc#952188).
ImportantSUSE bug 952188CVE-2015-2695cpe:/o:suse:suse_sled:11:sp3Security update for krb5 (Moderate)SUSE Linux Enterprise Desktop 11 SP3
The krb5 package was updated to fix the following security and non security issues:
- CVE-2015-2695: Fixed missing functions that were still vulnerable (bsc#954270).
- Fixed a memory leak in the handling of error messages (bsc#954470).
ModerateSUSE bug 954270SUSE bug 954470CVE-2015-2695cpe:/o:suse:suse_sled:11:sp3Security update for krb5SUSE Linux Enterprise Desktop 11 SP3
This update for krb5 fixes the following issues:
* When randomizing the keys for a service principal, current keys could
be returned. (CVE-2014-5351)
* klist -s crashes when handling multiple referral entries.
(bnc#890623)
Security Issues:
* CVE-2014-5351
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351>
SUSE bug 890623SUSE bug 897874CVE-2014-5351cpe:/o:suse:suse_sled:11:sp3Security update for krb5SUSE Linux Enterprise Desktop 11 SP3
krb5 has been updated to fix four security issues:
* CVE-2014-5352: gss_process_context_token() incorrectly frees context
(bsc#912002)
* CVE-2014-9421: kadmind doubly frees partial deserialization results
(bsc#912002)
* CVE-2014-9422: kadmind incorrectly validates server principal name
(bsc#912002)
* CVE-2014-9423: libgssrpc server applications leak uninitialized bytes
(bsc#912002)
Additionally, these non-security issues have been fixed:
* Winbind process hangs indefinitely without DC. (bsc#872912)
* Hanging winbind processes. (bsc#906557)
Security Issues:
* CVE-2014-5352
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352>
* CVE-2014-9421
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421>
* CVE-2014-9422
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422>
* CVE-2014-9423
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423>
SUSE bug 872912SUSE bug 906557SUSE bug 912002CVE-2014-5352CVE-2014-9421CVE-2014-9422CVE-2014-9423cpe:/o:suse:suse_sled:11:sp3Security update for krb5 (Moderate)SUSE Linux Enterprise Desktop 11 SP3
krb5 was updated to fix three security issues.
Remote authenticated users could cause denial of service.
These security issues were fixed:
- CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name (bsc#910457).
- CVE-2014-5354: NULL pointer dereference when using keyless entries (bsc#910458).
- CVE-2014-5355: Denial of service in krb5_read_message (bsc#918595).
ModerateSUSE bug 910457SUSE bug 910458SUSE bug 918595CVE-2014-5353CVE-2014-5354CVE-2014-5355cpe:/o:suse:suse_sled:11:sp3Security update for kvmSUSE Linux Enterprise Desktop 11 SP3
kvm has been updated to fix issues in the embedded qemu:
*
CVE-2014-0223: An integer overflow flaw was found in the QEMU block
driver for QCOW version 1 disk images. A user able to alter the QEMU
disk image files loaded by a guest could have used this flaw to
corrupt QEMU process memory on the host, which could potentially have
resulted in arbitrary code execution on the host with the privileges
of the QEMU process.
*
CVE-2014-3461: A user able to alter the savevm data (either on the
disk or over the wire during migration) could have used this flaw to
to corrupt QEMU process memory on the (destination) host, which could
have potentially resulted in arbitrary code execution on the host
with the privileges of the QEMU process.
*
CVE-2014-0222: An integer overflow flaw was found in the QEMU block
driver for QCOW version 1 disk images. A user able to alter the QEMU
disk image files loaded by a guest could have used this flaw to
corrupt QEMU process memory on the host, which could have potentially
resulted in arbitrary code execution on the host with the privileges
of the QEMU process.
Non-security bugs fixed:
* Fix exceeding IRQ routes that could have caused freezes of guests.
(bnc#876842)
* Fix CPUID emulation bugs that may have broken Windows guests with
newer -cpu types (bnc#886535)
Security Issues:
* CVE-2014-0222
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0222>
* CVE-2014-0223
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0223>
* CVE-2014-3461
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3461>
SUSE bug 876842SUSE bug 877642SUSE bug 877645SUSE bug 878541SUSE bug 886535CVE-2014-0222CVE-2014-0223CVE-2014-3461cpe:/o:suse:suse_sled:11:sp3Security update for kvm (Important)SUSE Linux Enterprise Desktop 11 SP3
kvm was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344).
ImportantSUSE bug 938344CVE-2015-5154cpe:/o:suse:suse_sled:11:sp3Security update for kvm (Important)SUSE Linux Enterprise Desktop 11 SP3
This update for kvm fixes the following issues:
Security issues fixed:
- CVE-2015-7512: The receive packet size is now checked in the emulated
pcnet driver, eliminating buffer overflow and potential security
issue by malicious guest systems. (bsc#957162)
- CVE-2015-8345: A infinite loop in processing command block list was fixed that could be
exploit by malicious guest systems (bsc#956829).
Bugs fixed:
- Fix cases of wrong clock values in kvmclock timekeeping
(bsc#947164 and bsc#953187)
- Enforce pxe rom sizes to ensure migration compatibility.
(bsc#950590)
ImportantSUSE bug 947164SUSE bug 950590SUSE bug 953187SUSE bug 956829SUSE bug 957162CVE-2015-7512CVE-2015-8345cpe:/o:suse:suse_sled:11:sp3Security update for kvm and libvirtSUSE Linux Enterprise Desktop 11 SP3
This collective update for KVM and libvirt provides fixes for security and
non-security issues.
kvm:
* Fix NULL pointer dereference because of uninitialized UDP socket.
(bsc#897654, CVE-2014-3640)
* Fix performance degradation after migration. (bsc#878350)
* Fix potential image corruption due to missing FIEMAP_FLAG_SYNC flag
in FS_IOC_FIEMAP ioctl. (bsc#908381)
* Add validate hex properties for qdev. (bsc#852397)
* Add boot option to do strict boot (bsc#900084)
* Add query-command-line-options QMP command. (bsc#899144)
* Fix incorrect return value of migrate_cancel. (bsc#843074)
* Fix insufficient parameter validation during ram load. (bsc#905097,
CVE-2014-7840)
* Fix insufficient blit region checks in qemu/cirrus. (bsc#907805,
CVE-2014-8106)
libvirt:
* Fix security hole with migratable flag in dumpxml. (bsc#904176,
CVE-2014-7823)
* Fix domain deadlock. (bsc#899484, CVE-2014-3657)
* Use correct definition when looking up disk in qemu blkiotune.
(bsc#897783, CVE-2014-3633)
* Fix undefined symbol when starting virtlockd. (bsc#910145)
* Add '-boot strict' to qemu's commandline whenever possible.
(bsc#900084)
* Add support for 'reboot-timeout' in qemu. (bsc#899144)
* Increase QEMU's monitor timeout to 30sec. (bsc#911742)
* Allow setting QEMU's migration max downtime any time. (bsc#879665)
Security Issues:
* CVE-2014-7823
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7823>
* CVE-2014-3657
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3657>
* CVE-2014-3633
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633>
* CVE-2014-3640
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3640>
* CVE-2014-7840
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7840>
* CVE-2014-8106
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8106>
SUSE bug 843074SUSE bug 852397SUSE bug 878350SUSE bug 879665SUSE bug 897654SUSE bug 897783SUSE bug 899144SUSE bug 899484SUSE bug 900084SUSE bug 904176SUSE bug 905097SUSE bug 907805SUSE bug 908381SUSE bug 910145SUSE bug 911742CVE-2014-3633CVE-2014-3640CVE-2014-3657CVE-2014-7823CVE-2014-7840CVE-2014-8106cpe:/o:suse:suse_sled:11:sp3Security update for lcmsSUSE Linux Enterprise Desktop 11 SP3
The lcms userland utilities were updated to fix stack overflows.
* CVE-2013-4276: Multiple stack-based buffer overflows in LittleCMS
allowed remote attackers to cause a denial of service (crash) via a
crafted (1) ICC color profile to the icctrans utility or (2) TIFF
image to the tiffdiff utility.
Security Issues:
* CVE-2013-4276
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4276>
SUSE bug 843716CVE-2013-4276cpe:/o:suse:suse_sled:11:sp3Security update for lcms2SUSE Linux Enterprise Desktop 11 SP3
lcms2 has been updated to the version 2.5 which is a maintenance release to
fix various security and other bugs.
* User defined parametric curves can now be saved in ICC profiles.
* RGB profiles using same tone curves for several channels are storing
now only one copy of the curve
* update black point detection algorithm to reflect ICC changes
* Added new cmsPlugInTHR() and fixed some race conditions
* Added error descriptions on cmsSmoothToneCurve
* Several improvements in cgats parser.
* Fixed devicelink generation for 8 bits
* Added a reference for Mac MLU tag
* Added a way to read the profile creator from header
* Added identity curves support for write V2 LUT
* Added TIFF Lab16 handling on tifficc
* Fixed a bug in parametric curves
* Rendering intent used when creating the transform is now propagated
to profile header in cmsTransform2Devicelink.
* Transform2Devicelink now keeps white point when guessing deviceclass
is enabled
* Added some checks for non-happy path, mostly failing mallocs
(bnc#826097).
For further changes please see the ChangeLog in the RPM.
SUSE bug 826097cpe:/o:suse:suse_sled:11:sp3Security update for libQtSUSE Linux Enterprise Desktop 11 SP3
The Qt library was updated to fix a XML entity expansion attack (XXE).
(CVE-2013-4549)
Security Issue reference:
* CVE-2013-4549
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4549>
SUSE bug 856832SUSE bug 859158CVE-2013-4549cpe:/o:suse:suse_sled:11:sp3Security update for PostgreSQL 9.1SUSE Linux Enterprise Desktop 11 SP3
The PostgreSQL database server was updated to version 9.1.12 to fix various
security issues:
*
Granting a role without ADMIN OPTION is supposed to prevent the
grantee from adding or removing members from the granted role, but
this restriction was easily bypassed by doing SET ROLE first. The
security impact is mostly that a role member can revoke the access of
others, contrary to the wishes of his grantor. Unapproved role member
additions are a lesser concern, since an uncooperative role member
could provide most of his rights to others anyway by creating views
or SECURITY DEFINER functions. (CVE-2014-0060)
*
The primary role of PL validator functions is to be called implicitly
during CREATE FUNCTION, but they are also normal SQL functions that a
user can call explicitly. Calling a validator on a function actually
written in some other language was not checked for and could be
exploited for privilege-escalation purposes. The fix involves adding
a call to a privilege-checking function in each validator function.
Non-core procedural languages will also need to make this change to
their own validator functions, if any. (CVE-2014-0061)
*
If the name lookups come to different conclusions due to concurrent
activity, we might perform some parts of the DDL on a different table
than other parts. At least in the case of CREATE INDEX, this can be
used to cause the permissions checks to be performed against a
different table than the index creation, allowing for a privilege
escalation attack. (CVE-2014-0062)
*
The MAXDATELEN constant was too small for the longest possible value
of type interval, allowing a buffer overrun in interval_out().
Although the datetime input functions were more careful about
avoiding buffer overrun, the limit was short enough to cause them to
reject some valid inputs, such as input containing a very long
timezone name. The ecpg library contained these vulnerabilities along
with some of its own. (CVE-2014-0063)
*
Several functions, mostly type input functions, calculated an
allocation size without checking for overflow. If overflow did occur,
a too-small buffer would be allocated and then written past.
(CVE-2014-0064)
*
Use strlcpy() and related functions to provide a clear guarantee that
fixed-size buffers are not overrun. Unlike the preceding items, it is
unclear whether these cases really represent live issues, since in
most cases there appear to be previous constraints on the size of the
input string. Nonetheless it seems prudent to silence all Coverity
warnings of this type. (CVE-2014-0065)
*
There are relatively few scenarios in which crypt() could return
NULL, but contrib/chkpass would crash if it did. One practical case
in which this could be an issue is if libc is configured to refuse to
execute unapproved hashing algorithms (e.g., 'FIPS mode').
(CVE-2014-0066)
*
Since the temporary server started by make check uses 'trust'
authentication, another user on the same machine could connect to it
as database superuser, and then potentially exploit the privileges of
the operating-system user who started the tests. A future release
will probably incorporate changes in the testing procedure to prevent
this risk, but some public discussion is needed first. So for the
moment, just warn people against using make check when there are
untrusted users on the same machine. (CVE-2014-0067)
The complete list of bugs and more information can be found at:
http://www.postgresql.org/docs/9.1/static/release-9-1-12.html
<http://www.postgresql.org/docs/9.1/static/release-9-1-12.html>
Security Issues references:
* CVE-2014-0060
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0060>
* CVE-2014-0061
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0061>
* CVE-2014-0062
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0062>
* CVE-2014-0063
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0063>
* CVE-2014-0064
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0064>
* CVE-2014-0065
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0065>
* CVE-2014-0066
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0066>
SUSE bug 864845SUSE bug 864846SUSE bug 864847SUSE bug 864850SUSE bug 864851SUSE bug 864852SUSE bug 864853CVE-2014-0060CVE-2014-0061CVE-2014-0062CVE-2014-0063CVE-2014-0064CVE-2014-0065CVE-2014-0066cpe:/o:suse:suse_sled:11:sp3Security update for libeventSUSE Linux Enterprise Desktop 11 SP3
This update fixes a buffer overflow in the buffered event handling in
libevent. (CVE-2014-6272)
Security Issues:
* CVE-2014-6272
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6272>
SUSE bug 897243CVE-2014-6272cpe:/o:suse:suse_sled:11:sp3Security update for mozilla-nssSUSE Linux Enterprise Desktop 11 SP3
Mozilla NSS was updated to version 3.16.5 to fix a RSA certificate forgery
issue.
MFSA 2014-73 / CVE-2014-1568: Antoine Delignat-Lavaud, security researcher
at Inria Paris in team Prosecco, reported an issue in Network Security
Services (NSS) libraries affecting all versions. He discovered that NSS is
vulnerable to a variant of a signature forgery attack previously published
by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values
involved in a signature and could lead to the forging of RSA certificates.
The Advanced Threat Research team at Intel Security also independently
discovered and reported this issue.
Security Issues:
* CVE-2014-1568
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568>
SUSE bug 897890CVE-2014-1568cpe:/o:suse:suse_sled:11:sp3Security update for libgaduSUSE Linux Enterprise Desktop 11 SP3
A memory corruption vulnerability has been fixed in libgadu. CVE-2013-6487
has been assigned to this issue.
Security Issue reference:
* CVE-2013-6487
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487>
SUSE bug 878540CVE-2013-6487cpe:/o:suse:suse_sled:11:sp3Security update for libgcryptSUSE Linux Enterprise Desktop 11 SP3
This update of libgcrypt mitigates the Yarom/Falkner flush+reload
side-channel attack on RSA secret keys (CVE-2013-4242).
Security Issue reference:
* CVE-2013-4242
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242>
SUSE bug 831359CVE-2013-4242cpe:/o:suse:suse_sled:11:sp3Security update for libgcrypt (Moderate)SUSE Linux Enterprise Desktop 11 SP3
This update fixes the following issues:
* Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
(bsc#920057)
* Fixed data-dependent timing variations in modular exponentiation
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
are Practical]
ModerateSUSE bug 920057CVE-2014-3591CVE-2015-0837cpe:/o:suse:suse_sled:11:sp3Security update for libgcryptSUSE Linux Enterprise Desktop 11 SP3
This libgcrypt update fixes the following security issue:
* bnc#892464: Side-channel attack on Elgamal encryption subkeys.
(CVE-2014-5270)
Security Issues:
* CVE-2014-5270
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5270>
SUSE bug 892464CVE-2014-5270cpe:/o:suse:suse_sled:11:sp3Security update for libjasperSUSE Linux Enterprise Desktop 11 SP3
This update for libjasper fixes multiple off-by-one errors which could
allow remote attackers to execute arbitrary code via a heap-based buffer
overflow triggered by a crafted jp2 (JPEG 2000) file. (bsc#906364,
CVE-2014-9029)
Security Issues:
* CVE-2014-9029
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9029>
SUSE bug 906364CVE-2014-9029cpe:/o:suse:suse_sled:11:sp3Security update for libksba
SUSE Linux Enterprise Desktop 11 SP3
This libksba update fixes the following security issue:
* bnc#907074: buffer overflow in ksba_oid_to_str (CVE-2014-9087)
Security Issues:
* CVE-2014-9087
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9087>
SUSE bug 907074CVE-2014-9087cpe:/o:suse:suse_sled:11:sp3Security update for libksba (Moderate)SUSE Linux Enterprise Desktop 11 SP3
The libksba package was updated to fix the following security issues:
- Fixed an integer overflow, an out of bounds read and a stack overflow issues (bsc#926826).
ModerateSUSE bug 926826cpe:/o:suse:suse_sled:11:sp3Security update for lzoSUSE Linux Enterprise Desktop 11 SP3
lzo was updated to fix a potential denial of service issue or possible
remote code execution by allowing an attacker, if the LZO decompression
algorithm is used in a threaded or kernel context, to corrupt memory
structures that control the flow of execution in other contexts.
(CVE-2014-4607)
Security Issue reference:
* CVE-2014-4607
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4607>
SUSE bug 883947CVE-2014-4607cpe:/o:suse:suse_sled:11:sp3Security update for libmpfrSUSE Linux Enterprise Desktop 11 SP3
This update for libmpfr fixes a buffer overflow in mpfr_strtofr.
(CVE-2014-9474)
Security Issues:
* CVE-2014-9474
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9474>
SUSE bug 911812CVE-2014-9474cpe:/o:suse:suse_sled:11:sp3Security update for libmspackSUSE Linux Enterprise Desktop 11 SP3
This update fixes the following security issue:
* CVE-2014-9556: An integer overflow in the function qtmd_decompress()
could have been exploited causing a denial of service (endless loop)
(bnc##912214)
Security Issues:
* CVE-2014-9556
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9556>
SUSE bug 912214CVE-2014-9556cpe:/o:suse:suse_sled:11:sp3Security update for libmspack (Moderate)SUSE Linux Enterprise Desktop 11 SP3
libmspack was updated to fix several security vulnerabilities.
- Fix null pointer dereference on a crafted CAB. (bsc#934524, CVE-2014-9732)
- Fix denial of service while processing crafted CHM file. (bsc#934525, CVE-2015-4467)
- Fix denial of service while processing crafted CHM file. (bsc#934529, CVE-2015-4472)
- Fix pointer arithmetic overflow during CHM decompression. (bsc#934526, CVE-2015-4469)
- Fix off-by-one buffer over-read in mspack/mszipd.c. (bsc#934527, CVE-2015-4470)
- Fix off-by-one buffer under-read in mspack/lzxd.c. (bsc#934528, CVE-2015-4471)
ModerateSUSE bug 934524SUSE bug 934525SUSE bug 934526SUSE bug 934527SUSE bug 934528SUSE bug 934529CVE-2014-9732CVE-2015-4467CVE-2015-4469CVE-2015-4470CVE-2015-4471CVE-2015-4472cpe:/o:suse:suse_sled:11:sp3Security update for MySQLSUSE Linux Enterprise Desktop 11 SP3
This MySQL update provides the following:
* upgrade to version 5.5.39, [bnc#887580]
* CVE's fixed: CVE-2014-2484, CVE-2014-4258, CVE-2014-4260,
CVE-2014-2494, CVE-2014-4238, CVE-2014-4207, CVE-2014-4233,
CVE-2014-4240, CVE-2014-4214, CVE-2014-4243
See also:
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
<http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html>
Security Issues:
* CVE-2014-2484
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2484>
* CVE-2014-4258
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4258>
* CVE-2014-4260
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4260>
* CVE-2014-2494
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2494>
* CVE-2014-4238
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4238>
* CVE-2014-4207
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4207>
* CVE-2014-4233
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4233>
* CVE-2014-4240
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4240>
* CVE-2014-4214
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4214>
* CVE-2014-4243
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4243>
SUSE bug 887580CVE-2014-2484CVE-2014-2494CVE-2014-4207CVE-2014-4214CVE-2014-4233CVE-2014-4238CVE-2014-4240CVE-2014-4243CVE-2014-4258CVE-2014-4260cpe:/o:suse:suse_sled:11:sp3Security update for OpenSSLSUSE Linux Enterprise Desktop 11 SP3
This OpenSSL update fixes the following issues:
* Session Ticket Memory Leak (CVE-2014-3567)
* Build option no-ssl3 is incomplete (CVE-2014-3568)
* Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE)
Security Issues:
* CVE-2014-3567
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567>
* CVE-2014-3566
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>
* CVE-2014-3568
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568>
SUSE bug 892403SUSE bug 901223SUSE bug 901277CVE-2014-3566CVE-2014-3567CVE-2014-3568cpe:/o:suse:suse_sled:11:sp3Security update for pixmanSUSE Linux Enterprise Desktop 11 SP3
This update fixes the following security issue with pixman:
* Integer underflow when handling trapezoids. (bnc#853824,
CVE-2013-6425)
Security Issues:
* CVE-2013-6425
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6425>
SUSE bug 853824CVE-2013-6425cpe:/o:suse:suse_sled:11:sp3Security update for libpngSUSE Linux Enterprise Desktop 11 SP3
This libpng update fixes the following two overflow security issues.
* bnc#873123: Fixed integer overflow that could have lead to a
heap-based buffer overflow in png_set_sPLT() and png_set_text_2()
(CVE-2013-7354).
* bnc#873124: Fixed integer overflow that could have lead to a
heap-based buffer overflow in png_set_unknown_chunks()
(CVE-2013-7353).
Security Issue references:
* CVE-2013-7353
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7353>
* CVE-2013-7354
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7354>
SUSE bug 873123SUSE bug 873124CVE-2013-7353CVE-2013-7354cpe:/o:suse:suse_sled:11:sp3Security update for libpng12-0 (Moderate)SUSE Linux Enterprise Desktop 11 SP3
The libpng12-0 package was updated to fix the following security issues:
- CVE-2015-8126: Fixed a buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions (bsc#954980).
- CVE-2015-7981: Fixed an out-of-bound read (bsc#952051).
ModerateSUSE bug 952051SUSE bug 954980CVE-2015-7981CVE-2015-8126cpe:/o:suse:suse_sled:11:sp3Security update for libpng12-0 (Moderate)SUSE Linux Enterprise Desktop 11 SP3
- security update:
This update fixes the following securit issue:
* CVE-2015-8126 Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions
allow remote attackers to cause a denial of service (application crash) or possibly have
unspecified other impact [bsc#954980]
ModerateSUSE bug 954980CVE-2015-8126cpe:/o:suse:suse_sled:11:sp3Security update for popplerSUSE Linux Enterprise Desktop 11 SP3
This update fixes problems in DCTStream error handling in poppler.
Security Issue reference:
* CVE-2010-5110
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5110>
SUSE bug 845765CVE-2010-5110cpe:/o:suse:suse_sled:11:sp3Security update for pulseaudioSUSE Linux Enterprise Desktop 11 SP3
The following security issue is fixed in this update:
* CVE-2014-3970: Fixed a remote denial of service attack in
module-rtp-recv.
Security Issues:
* CVE-2014-3970
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3970>
SUSE bug 881524CVE-2014-3970cpe:/o:suse:suse_sled:11:sp3Security update for libqt4SUSE Linux Enterprise Desktop 11 SP3
This update of the QT4 QSSL interface makes it select a set of default
ciphers that is recommended for current usage. This update is needed for
Konqueror to restrict its cipher set when using https.
SUSE bug 865241cpe:/o:suse:suse_sled:11:sp3Security update for libqt4SUSE Linux Enterprise Desktop 11 SP3
The libqt4 library was updated to fix several security issues:
* CVE-2015-0295: Division by zero when processing malformed BMP files.
(bsc#921999)
* CVE-2015-1858: Segmentation fault in BMP Qt Image Format Handling.
(bsc#927806)
* CVE-2015-1859: Segmentation fault in ICO Qt Image Format Handling.
(bsc#927807)
* CVE-2015-1860: Segmentation fault in GIF Qt Image Format Handling.
(bsc#927808)
Security Issues:
* CVE-2015-1858
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1858>
* CVE-2015-1859
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1859>
* CVE-2015-1860
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1860>
* CVE-2015-0295
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0295>
SUSE bug 921999SUSE bug 927806SUSE bug 927807SUSE bug 927808CVE-2015-0295CVE-2015-1858CVE-2015-1859CVE-2015-1860cpe:/o:suse:suse_sled:11:sp3Security update for LibreOfficeSUSE Linux Enterprise Desktop 11 SP3
LibreOffice was updated to fix two security issues.
These security issues have been fixed:
* 'Document as E-mail' vulnerability (bnc#900218).
* Impress remote control use-after-free vulnerability (CVE-2014-3693).
Security Issues:
* CVE-2014-3693
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3693>
SUSE bug 900214SUSE bug 900218CVE-2014-3693cpe:/o:suse:suse_sled:11:sp3Security update for LibreOfficeSUSE Linux Enterprise Desktop 11 SP3
LibreOffice was updated to version 4.0.3.3.26. (SUSE 4.0-patch26, tag
suse-4.0-26, based on upstream 4.0.3.3).
Two security issues have been fixed:
* DOCM memory corruption vulnerability. (CVE-2013-4156, bnc#831578)
* Data exposure using crafted OLE objects. (CVE-2014-3575, bnc#893141)
The following non-security issues have been fixed:
* chart shown flipped (bnc#834722)
* chart missing dataset (bnc#839727)
* import new line in text (bnc#828390)
* lines running off screens (bnc#819614)
* add set-all language menu (bnc#863021)
* text rotation (bnc#783433, bnc#862510)
* page border shadow testcase (bnc#817956)
* one more clickable field fix (bnc#802888)
* multilevel labels are rotated (bnc#820273)
* incorrect nested table margins (bnc#816593)
* use BitmapURL only if its valid (bnc#821567)
* import gradfill for text colors (bnc#870234)
* fix undo of paragraph attributes (bnc#828598)
* stop-gap solution to avoid crash (bnc#830205)
* import images with duotone filter (bnc#820077)
* missing drop downs for autofilter (bnc#834705)
* typos in first page style creation (bnc#820836)
* labels wrongly interpreted as dates (bnc#834720)
* RTF import of fFilled shape property (bnc#825305)
* placeholders text size is not correct (bnc#831457)
* cells value formatted with wrong output (bnc#821795)
* RTF import of freeform shape coordinates (bnc#823655)
* styles (rename &) copy to different decks (bnc#757432)
* XLSX Chart import with internal data table (bnc#819822)
* handle M.d.yyyy date format in DOCX import (bnc#820509)
* paragraph style in empty first page header (bnc#823651)
* copying slides having same master page name (bnc#753460)
* printing handouts using the default, 'Order' (bnc#835985)
* wrap polygon was based on dest size of picture (bnc#820800)
* added common flags support for SEQ field import (bnc#825976)
* hyperlinks of illustration index in DOCX export (bnc#834035)
* allow insertion of redlines with an empty author (bnc#837302)
* handle drawinglayer rectangle inset in VML import (bnc#779642)
* don't apply complex font size to non-complex font (bnc#820819)
* issue with negative seeks in win32 shell extension (bnc#829017)
* slide appears quite garbled when imported from PPTX (bnc#593612)
* initial MCE support in writerfilter ooxml tokenizer (bnc#820503)
* MSWord uses \xb for linebreaks in DB fields, take 2 (bnc#878854)
* try harder to convert floating tables to text frames (bnc#779620)
* itemstate in parent style incorrectly reported as set (bnc#819865)
* default color hidden by Default style in writerfilter (bnc#820504)
* DOCX document crashes when using internal OOXML filter (bnc#382137)
* ugly workaround for external leading with symbol fonts (bnc#823626)
* followup fix for exported xlsx causes errors for mso2007 (bnc#823935)
* we only support simple labels in the InternalDataProvider
(bnc#864396)
* RTF import: fix import of numbering bullet associated font
(bnc#823675)
* page specific footer extended to every pages in DOCX export
(bnc#654230)
* v:textbox mso-fit-shape-to-text style property in VML import
(bnc#820788)
* w:spacing in a paragraph should also apply to as-char objects
(bnc#780044)
* compatibility setting for MS Word wrapping text in less space
(bnc#822908)
* fix SwWrtShell::SelAll() to work with empty table at doc start
(bnc#825891)
Security Issues:
* CVE-2014-3575
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3575>
* CVE-2013-4156
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4156>
SUSE bug 382137SUSE bug 593612SUSE bug 654230SUSE bug 753460SUSE bug 757432SUSE bug 779620SUSE bug 779642SUSE bug 780044SUSE bug 783433SUSE bug 802888SUSE bug 816593SUSE bug 817956SUSE bug 819614SUSE bug 819822SUSE bug 819865SUSE bug 820077SUSE bug 820273SUSE bug 820503SUSE bug 820504SUSE bug 820509SUSE bug 820788SUSE bug 820800SUSE bug 820819SUSE bug 820836SUSE bug 821567SUSE bug 821795SUSE bug 822908SUSE bug 823626SUSE bug 823651SUSE bug 823655SUSE bug 823675SUSE bug 823935SUSE bug 825305SUSE bug 825891SUSE bug 825976SUSE bug 828390SUSE bug 828598SUSE bug 829017SUSE bug 830205SUSE bug 831457SUSE bug 831578SUSE bug 834035SUSE bug 834705SUSE bug 834720SUSE bug 834722SUSE bug 835985SUSE bug 837302SUSE bug 839727SUSE bug 862510SUSE bug 863021SUSE bug 864396SUSE bug 870234SUSE bug 878854SUSE bug 893141CVE-2013-4156CVE-2014-3575cpe:/o:suse:suse_sled:11:sp3Security update for librsvg (Important)SUSE Linux Enterprise Desktop 11 SP3
librsvg was updated to fix one security issue.
This security issue was fixed:
- CVE-2013-1881: GNOME libsvg allowed remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (bsc#840753).
ImportantSUSE bug 840753CVE-2013-1881cpe:/o:suse:suse_sled:11:sp3Security update for libsndfileSUSE Linux Enterprise Desktop 11 SP3
This update for libsndfile fixes two buffer read overflows in
sd2_parse_rsrc_fork(). (CVE-2014-9496, bsc#911796)
Security Issues:
* CVE-2014-9496
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9496>
SUSE bug 911796CVE-2014-9496cpe:/o:suse:suse_sled:11:sp3Security update for libsndfile (Moderate)SUSE Linux Enterprise Desktop 11 SP3
The libsndfile package was updated to fix the following security issue:
- CVE-2014-9756: Fixed a divide by zero problem that can lead to a Denial of Service (DoS) (bsc#953521).
- CVE-2015-7805: Fixed heap overflow issue (bsc#953516).
ModerateSUSE bug 953516SUSE bug 953521CVE-2014-9756CVE-2015-7805cpe:/o:suse:suse_sled:11:sp3Security update for net-snmpSUSE Linux Enterprise Desktop 11 SP3
This update for net-snmp fixes a remote denial of service problem inside
snmptrapd when it is started with the '-OQ' option. (CVE-2014-3565,
bnc#894361)
Additionally, a timeout issue during SNMP MIB walk on OID 1.3.6.1.2.1.4.24
when using newer (v5.5+) versions of snmpwalk has been fixed. (bnc#865222)
Security Issues:
* CVE-2014-3565
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3565>
SUSE bug 865222SUSE bug 894361CVE-2014-3565cpe:/o:suse:suse_sled:11:sp3Security update for libssh2SUSE Linux Enterprise Desktop 11 SP3
This update of libssh fixes the following security issue:
* When libssh operates in server mode, the randomness pool was not
switched on fork, so two pools could operate on the same randomness
and could generate the same keys.
Security Issue references:
* CVE-2014-0017
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0017>
SUSE bug 866278CVE-2014-0017cpe:/o:suse:suse_sled:11:sp3Security update for libssh2_orgSUSE Linux Enterprise Desktop 11 SP3
The ssh client library libssh2_org was updated to fix a security issue:
* CVE-2015-1782: A malicious server could send a crafted
SSH_MSG_KEXINIT packet, that could lead to a buffer overread and to a
crash of the application using libssh2_org.
Security Issues:
* CVE-2015-1782
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1782>
SUSE bug 921070CVE-2015-1782cpe:/o:suse:suse_sled:11:sp3Security update for libtasn1SUSE Linux Enterprise Desktop 11 SP3
libtasn1 has been updated to fix three security issues:
* asn1_get_bit_der() could have returned negative bit length
(CVE-2014-3468)
* Multiple boundary check issues could have allowed DoS (CVE-2014-3467)
* Possible DoS by NULL pointer dereference in asn1_read_value_type
(CVE-2014-3469)
Security Issues:
* CVE-2014-3468
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468>
* CVE-2014-3467
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467>
* CVE-2014-3469
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469>
SUSE bug 880735SUSE bug 880737SUSE bug 880738CVE-2014-3467CVE-2014-3468CVE-2014-3469cpe:/o:suse:suse_sled:11:sp3Security update for libtiffSUSE Linux Enterprise Desktop 11 SP3
This tiff update fixes several security issues.
* bnc#834477: CVE-2013-4232 CVE-2013-4231: tiff: buffer overflows/use
after free problem
* bnc#834779: CVE-2013-4243: libtiff (gif2tiff): heap-based buffer
overflow in readgifimage()
* bnc#834788: CVE-2013-4244: libtiff (gif2tiff): OOB Write in LZW
decompressor
Security Issue references:
* CVE-2013-4232
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4232>
* CVE-2013-4231
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4231>
* CVE-2013-4243
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4243>
* CVE-2013-4244
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4244>
SUSE bug 834477SUSE bug 834779SUSE bug 834788CVE-2013-4231CVE-2013-4232CVE-2013-4243CVE-2013-4244cpe:/o:suse:suse_sled:11:sp3Security update for libvdpau (Moderate)SUSE Linux Enterprise Desktop 11 SP3
libvdpau was updated to use secure_getenv() instead of getenv() for several variables
so it can be more safely used in setuid applications.
* CVE-2015-5198: libvdpau: incorrect check for security transition (bnc#943967)
* CVE-2015-5199: libvdpau: directory traversal in dlopen (bnc#943968)
* CVE-2015-5200: libvdpau: vulnerability in trace functionality (bnc#943969)
ModerateSUSE bug 943967SUSE bug 943968SUSE bug 943969CVE-2015-5198CVE-2015-5199CVE-2015-5200cpe:/o:suse:suse_sled:11:sp3Security update for libvirtSUSE Linux Enterprise Desktop 11 SP3
libvirt has been patched to fix two security issues.
Further information is available at
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0179
<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0179> and
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6456
<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6456>
These security issues have been fixed:
* Unsafe parsing of XML documents allows arbitrary file read or denial
of service (CVE-2014-0179)
* Ability to delete or create arbitrary host devices (CVE-2013-6456)
Security Issue references:
* CVE-2014-0179
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0179>
* CVE-2013-6456
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6456>
SUSE bug 857490SUSE bug 873705CVE-2013-6456CVE-2014-0179cpe:/o:suse:suse_sled:11:sp3Security update for LibVNCServer (Moderate)SUSE Linux Enterprise Desktop 11 SP3
The libvncserver package was updated to fix the following security issues:
- bsc#897031: fix several security issues:
* CVE-2014-6051: Integer overflow in MallocFrameBuffer() on client side.
* CVE-2014-6052: Lack of malloc() return value checking on client side.
* CVE-2014-6053: Server crash on a very large ClientCutText message.
* CVE-2014-6054: Server crash when scaling factor is set to zero.
* CVE-2014-6055: Multiple stack overflows in File Transfer feature.
ModerateSUSE bug 897031CVE-2014-6051CVE-2014-6052CVE-2014-6053CVE-2014-6054CVE-2014-6055cpe:/o:suse:suse_sled:11:sp3Security update for libwmf (Moderate)SUSE Linux Enterprise Desktop 11 SP3
libwmf was updated to fix four security issues.
These security issues were fixed:
- CVE-2015-4588: Heap-based buffer overflow in the DecodeImage function allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted 'run-length count' in an image in a WMF file (bsc#933109).
- CVE-2015-0848: Heap-based buffer overflow allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image (bsc#933109).
- CVE-2015-4696: Use-after-free vulnerability allowed remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command (bsc#936062).
- CVE-2015-4695: meta.h allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file (bsc#936058).
ModerateSUSE bug 831299SUSE bug 933109SUSE bug 936058SUSE bug 936062CVE-2015-0848CVE-2015-4588CVE-2015-4695CVE-2015-4696cpe:/o:suse:suse_sled:11:sp3Security update for openwsmanSUSE Linux Enterprise Desktop 11 SP3
This update adds a configuration option to disable SSLv2 and SSLv3 in
openwsman. This is required to mitigate CVE-2014-3566.
To use the new option, edit /etc/openwsman/openwsman.conf and add the
following line to the [server] section:
ssl_disabled_protocols = SSLv2 SSLv3
Security Issues:
* CVE-2014-3566
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>
SUSE bug 901882CVE-2014-3566cpe:/o:suse:suse_sled:11:sp3Security update for libxml2SUSE Linux Enterprise Desktop 11 SP3
This update fixes a denial of service via recursive entity expansion.
(CVE-2014-3660)
Security Issues:
* CVE-2014-3660
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660>
SUSE bug 901546CVE-2014-3660cpe:/o:suse:suse_sled:11:sp3Security update for libxml2 (Moderate)SUSE Linux Enterprise Desktop 11 SP3
This update fixes the following security issues:
* CVE-2015-1819 Enforce the reader to run in constant memory [bnc#928193]
* CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors [bnc#951734]
* CVE-2015-7942 Fix another variation of overflow in Conditional sections [bnc#951735]
* CVE-2015-8241 Avoid extra processing of MarkupDecl when EOF [bnc#956018]
* CVE-2015-8242 Buffer overead with HTML parser in push mode [bnc#956021]
* CVE-2015-8317 Return if the encoding declaration is broken or encoding conversion failed [bnc#956260]
* CVE-2015-5312 Fix another entity expansion issue [bnc#957105]
* CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey [bnc#957106]
* CVE-2015-7498 Processes entities after encoding conversion failures [bnc#957107]
* CVE-2015-7499 Add xmlHaltParser() to stop the parser / Detect incoherency on GROW [bnc#957109]
* CVE-2015-7500 Fix memory access error due to incorrect entities boundaries [bnc#957110]
ModerateSUSE bug 928193SUSE bug 951734SUSE bug 951735SUSE bug 956018SUSE bug 956021SUSE bug 956260SUSE bug 957105SUSE bug 957106SUSE bug 957107SUSE bug 957109SUSE bug 957110CVE-2015-1819CVE-2015-5312CVE-2015-7497CVE-2015-7498CVE-2015-7499CVE-2015-7500CVE-2015-7941CVE-2015-7942CVE-2015-8241CVE-2015-8242CVE-2015-8317cpe:/o:suse:suse_sled:11:sp3Security update for libxml2 (Moderate)SUSE Linux Enterprise Desktop 11 SP3
This update for libxml2 fixes the following security issue:
- CVE-2015-8710: Parsing short unclosed HTML comment could cause uninitialized memory access, which allowed remote attackers to read contents from previous HTTP requests depending on the application (bsc#960674)
ModerateSUSE bug 960674CVE-2015-8710cpe:/o:suse:suse_sled:11:sp3Security update for libxsltSUSE Linux Enterprise Desktop 11 SP3
libxslt received a security update to fix a security issue:
* CVE-2013-4520: The XSL implementation in libxslt allowed remote
attackers to cause a denial of service (crash) via an invalid DTD.
(addendum due to incomplete fix for CVE-2012-2825)
Security Issue references:
* CVE-2012-6139
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6139>
* CVE-2012-2825
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825>
* CVE-2011-3970
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3970>
SUSE bug 849019CVE-2011-3970CVE-2012-2825CVE-2012-6139cpe:/o:suse:suse_sled:11:sp3Security update for lxcSUSE Linux Enterprise Desktop 11 SP3
The container framework LXC has been updated to fix various bugs and a
security issue:
* CVE-2013-6441: The sshd template allowed privilege escalation on the
host.
* SLES container time not aligned with host time (bnc#839653)
* SLES container boot takes ages (bnc#839663)
* lxc mounts /dev/pts with wrong options (bnc#869663)
Security Issues:
* CVE-2013-6441
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6441>
SUSE bug 839653SUSE bug 839663SUSE bug 855809SUSE bug 869663CVE-2013-6441cpe:/o:suse:suse_sled:11:sp3Security update for lxc (Moderate)SUSE Linux Enterprise Desktop 11 SP3
lxc was update to fix one security issue.
The following vulnerability was fixed:
* CVE-2015-1335: A directory traversal flaw while lxc-start is initially setting up the mounts for a container (bsc#946744)
ModerateSUSE bug 946744CVE-2015-1335cpe:/o:suse:suse_sled:11:sp3Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nss (Important)SUSE Linux Enterprise Desktop 11 SP3
This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues: (bsc#963520)
Mozilla Firefox was updated to 38.6.0 ESR.
Mozilla NSS was updated to 3.20.2.
The following vulnerabilities were fixed:
- CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632)
- CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (bsc#963635)
- CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results (bsc#963731)
The following improvements were added:
- bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites
- Tracking protection is now enabled by default
ImportantSUSE bug 954447SUSE bug 963520SUSE bug 963632SUSE bug 963635SUSE bug 963731CVE-2016-1930CVE-2016-1935CVE-2016-1938cpe:/o:suse:suse_sled:11:sp3Security update for mozilla-nspr (Moderate)SUSE Linux Enterprise Desktop 11 SP3
mozilla-nspr was update to version 4.10.8 ModerateSUSE bug 935979cpe:/o:suse:suse_sled:11:sp3Security update for mozilla-nss (Moderate)SUSE Linux Enterprise Desktop 11 SP3
This update contains mozilla-nss 3.19.2.2 and fixes the following security issue:
- CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (bsc#959888)
ModerateSUSE bug 959888CVE-2015-7575cpe:/o:suse:suse_sled:11:sp3Security update for Mozilla NSSSUSE Linux Enterprise Desktop 11 SP3
Mozilla NSS has been updated to 3.15.2 (bnc#847708) bringing various
features and bugfixes:
The main feature is TLS 1.2 support and its dependent algorithms.
* Support for AES-GCM ciphersuites that use the SHA-256 PRF
* MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs
* Add PK11_CipherFinal macro
* sizeof() used incorrectly
* nssutil_ReadSecmodDB() leaks memory
* Allow SSL_HandshakeNegotiatedExtension to be called before the
handshake is finished.
* Deprecate the SSL cipher policy code
* Avoid uninitialized data read in the event of a decryption failure.
(CVE-2013-1739)
Changes coming with version 3.15.1:
* TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246
and RFC 5289) are supported, allowing TLS to be used without MD5 and
SHA-1.
Note the following limitations:
The hash function used in the signature for TLS 1.2 client
authentication must be the hash function of the TLS 1.2 PRF, which is
always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet
supported.
o some bugfixes and improvements
Changes with version 3.15
* New Functionality
o Support for OCSP Stapling (RFC 6066, Certificate Status
Request) has been added for both client and server sockets. TLS
client applications may enable this via a call to
SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
o Added function SECITEM_ReallocItemV2. It replaces function
SECITEM_ReallocItem, which is now declared as obsolete.
o Support for single-operation (eg: not multi-part) symmetric key
encryption and decryption, via PK11_Encrypt and PK11_Decrypt.
o certutil has been updated to support creating name constraints
extensions.
Security Issue reference:
* CVE-2013-1739
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739>
SUSE bug 847708CVE-2013-1739cpe:/o:suse:suse_sled:11:sp3Security update for muttSUSE Linux Enterprise Desktop 11 SP3
The mailreader mutt was updated to fix a security issue in displaying mail
headers, where a crafted e-mail could cause a heap overflow, which in turn
might be used by attackers to crash mutt or potentially even execute code.
Security Issues references:
* CVE-2014-0467
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0467>
SUSE bug 868115CVE-2014-0467cpe:/o:suse:suse_sled:11:sp3Security update for mysql (Moderate)SUSE Linux Enterprise Desktop 11 SP3
MySQL was updated to version 5.5.45, fixing bugs and security issues.
A list of all changes can be found on:
- http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html
- http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html
To fix the 'BACKRONYM' security issue (CVE-2015-3152) the behaviour of
the SSL options was changed slightly to meet expectations:
Now using '--ssl-verify-server-cert' and '--ssl[-*]' implies that the ssl
connection is required. The mysql client will now print an error
if ssl is required, but the server can not handle a ssl
connection [bnc#924663], [bnc#928962], [CVE-2015-3152]
Additional bugs fixed:
- fix rc.mysql-multi script to start instances after restart
properly [bnc#934401].
ModerateSUSE bug 924663SUSE bug 928962SUSE bug 934401SUSE bug 938412CVE-2015-2582CVE-2015-2611CVE-2015-2617CVE-2015-2620CVE-2015-2639CVE-2015-2641CVE-2015-2643CVE-2015-2648CVE-2015-2661CVE-2015-3152CVE-2015-4737CVE-2015-4752CVE-2015-4756CVE-2015-4757CVE-2015-4761CVE-2015-4767CVE-2015-4769CVE-2015-4771CVE-2015-4772cpe:/o:suse:suse_sled:11:sp3Security update for mysql (Moderate)SUSE Linux Enterprise Desktop 11 SP3
The mysql package was updated to version 5.5.46 to fixs several security and non security issues.
- bnc#951391: update to version 5.5.46
* changes:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html
* fixed CVEs:
CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789,
CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800,
CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819,
CVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836,
CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864,
CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890,
CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910,
CVE-2015-4913
- bnc#952196: Fixed a build error for ppc*, s390* and ia64 architectures.
ModerateSUSE bug 951391SUSE bug 952196CVE-2015-0286CVE-2015-0288CVE-2015-1789CVE-2015-1793CVE-2015-4730CVE-2015-4766CVE-2015-4792CVE-2015-4800CVE-2015-4802CVE-2015-4815CVE-2015-4816CVE-2015-4819CVE-2015-4826CVE-2015-4830CVE-2015-4833CVE-2015-4836CVE-2015-4858CVE-2015-4861CVE-2015-4862CVE-2015-4864CVE-2015-4866CVE-2015-4870CVE-2015-4879CVE-2015-4890CVE-2015-4895CVE-2015-4904CVE-2015-4905CVE-2015-4910CVE-2015-4913cpe:/o:suse:suse_sled:11:sp3Security update for mysql (Moderate)SUSE Linux Enterprise Desktop 11 SP3
This update to MySQL 5.5.47 fixes the following issues (bsc#962779):
- CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.
- CVE-2016-0502: Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
- CVE-2016-0505: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Options.
- CVE-2016-0546: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client.
- CVE-2016-0596: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML.
- CVE-2016-0597: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
- CVE-2016-0598: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML.
- CVE-2016-0600: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
- CVE-2016-0606: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect integrity via unknown vectors related to encryption.
- CVE-2016-0608: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to UDF.
- CVE-2016-0609: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to privileges.
- CVE-2016-0616: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
- bsc#959724: Possible buffer overflow from incorrect use of strcpy() and sprintf()
The following bugs were fixed:
- bsc#960961: Incorrect use of plugin-load option in default_plugins.cnf
ModerateSUSE bug 959724SUSE bug 960961SUSE bug 962779CVE-2015-7744CVE-2016-0502CVE-2016-0505CVE-2016-0546CVE-2016-0596CVE-2016-0597CVE-2016-0598CVE-2016-0600CVE-2016-0606CVE-2016-0608CVE-2016-0609CVE-2016-0616cpe:/o:suse:suse_sled:11:sp3Security update for net-snmp (Moderate)SUSE Linux Enterprise Desktop 11 SP3
net-snmp was updated to fix one security vulnerability and several bugs.
- fix a vulnerability within the snmp_pdu_parse() function of snmp_api.c. (bnc#940188, CVE-2015-5621)
- Add build requirement 'procps' to fix a net-snmp-config error. (bsc#935863)
- add support for /dev/shm in snmp hostmib (bnc#853382, FATE#316893).
- stop snmptrapd on package removal.
ModerateSUSE bug 853382SUSE bug 935863SUSE bug 940188CVE-2015-5621cpe:/o:suse:suse_sled:11:sp3Security update for novell-qtgui, novell-ui-baseSUSE Linux Enterprise Desktop 11 SP3
Packages novell-ui-base and novell-qtgui were updated to prevent erroneous
rights assignment when a user is granted 'File Scan' rights (F). In this
case nwrights was assigning Supervisor (S) rights. (CVE-2014-0595)
Further information is available at
https://bugzilla.novell.com/show_bug.cgi?id=872796
<https://bugzilla.novell.com/show_bug.cgi?id=872796> .
Security Issue reference:
* CVE-2014-0595
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0595>
SUSE bug 872796CVE-2014-0595cpe:/o:suse:suse_sled:11:sp3Security update for mozilla-nspr, mozilla-nssSUSE Linux Enterprise Desktop 11 SP3
Mozilla NSPR and NSS were updated to fix various security bugs that could
be used to crash the browser or potentially execute code.
Mozilla NSPR 4.10.2 has the following bug fixes:
* Bug 770534: Possible pointer overflow in PL_ArenaAllocate(). Fixed by
Pascal Cuoq and Kamil Dudka.
* Bug 888546: ptio.c:PR_ImportUDPSocket doesn't work. Fixed by Miloslav
Trmac.
* Bug 915522: VS2013 support for NSPR. Fixed by Makoto Kato.
* Bug 927687: Avoid unsigned integer wrapping in PL_ArenaAllocate.
(CVE-2013-5607)
Mozilla NSS 3.15.3 is a patch release for NSS 3.15 and includes the
following bug fixes:
* Bug 925100: Ensure a size is <= half of the maximum PRUint32 value.
(CVE-2013-1741)
* Bug 934016: Handle invalid handshake packets. (CVE-2013-5605)
* Bug 910438: Return the correct result in CERT_VerifyCert on failure,
if a verifyLog isn't used. (CVE-2013-5606)
Security Issue references:
* CVE-2013-1741
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741>
* CVE-2013-5605
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5605>
* CVE-2013-5606
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5606>
* CVE-2013-5607
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607>
SUSE bug 850148CVE-2013-1741CVE-2013-5605CVE-2013-5606CVE-2013-5607cpe:/o:suse:suse_sled:11:sp3Recommended update for openldap2 (Moderate)SUSE Linux Enterprise Desktop 11 SP3
openldap2 was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-4000: The Logjam Attack / weakdh.org (bsc#937766).
This non-security issue was fixed:
- bsc#932773: ldapmodify failed with DOS format LDIF files containing '-' separator.
ModerateSUSE bug 924496SUSE bug 932773SUSE bug 937766CVE-2015-4000cpe:/o:suse:suse_sled:11:sp3Security update for openldap2SUSE Linux Enterprise Desktop 11 SP3
openldap2 was updated to fix three security issues and one non-security
bug.
The following vulnerabilities were fixed:
* A remote attacker could cause a denial of service (slapd crash) by
unbinding immediately after a search request. (bnc#846389,
CVE-2013-4449)
* A remote attacker could cause a denial of service through a NULL
pointer dereference and crash via an empty attribute list in a deref
control in a search request. (bnc#916897, CVE-2015-1545)
* A remote attacker could cause a denial of service (crash) via a
crafted search query with a matched values control. (bnc#916914,
CVE-2015-1546)
The following non-security bug was fixed:
* Prevent connection-0 (internal connection) from showing up in the
monitor back-end. (bnc#905959)
Security Issues:
* CVE-2015-1546
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546>
* CVE-2015-1545
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545>
* CVE-2013-4449
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4449>
SUSE bug 846389SUSE bug 905959SUSE bug 916897SUSE bug 916914CVE-2013-4449CVE-2015-1545CVE-2015-1546cpe:/o:suse:suse_sled:11:sp3Security update for openldap2 (Moderate)SUSE Linux Enterprise Desktop 11 SP3
This update fixes the following security issue:
- CVE-2015-6908. Passing a crafted packet to the function ber_get_next(),
an attacker may cause a remote denial of service, crashing the OpenLDAP server (bsc#945582).
ModerateSUSE bug 945582CVE-2015-6908cpe:/o:suse:suse_sled:11:sp3Security update for OpenSLPSUSE Linux Enterprise Desktop 11 SP3
This update for OpenSLP fixes a bug in SLPIntersectStringList that could
lead to an out-of-bounds read (CVE-2012-4428). Additionally, the SLP daemon
now always use localtime(3) when writing to log files to avoid having
timestamps with different timezones.
Security Issues:
* CVE-2012-4428
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4428>
SUSE bug 778508SUSE bug 855385CVE-2012-4428cpe:/o:suse:suse_sled:11:sp3Security update for opensshSUSE Linux Enterprise Desktop 11 SP3
This update for OpenSSH fixes the following issues:
* Exit sshd normally when port is already in use. (bnc#832628)
* Use hardware crypto engines where available. (bnc#826427)
* Use correct options for login when it is used. (bnc#833605)
* Move FIPS messages to higher debug level. (bnc#862875)
* Fix forwarding with IPv6 addresses in DISPLAY. (bnc#847710)
* Do not link OpenSSH binaries with LDAP libraries. (bnc#826906)
* Parse AcceptEnv properly. (bnc#869101, CVE-2014-2532)
* Check SSHFP DNS records even for server certificates. (bnc#870532,
CVE-2014-2653)
Security Issues references:
* CVE-2014-2532
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532>
* CVE-2014-2653
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2653>
SUSE bug 826427SUSE bug 833605SUSE bug 847710SUSE bug 869101SUSE bug 870532CVE-2014-2532cpe:/o:suse:suse_sled:11:sp3Security update for openssh (Important)SUSE Linux Enterprise Desktop 11 SP3
openssh was updated to fix several security issues and bugs.
These security issues were fixed:
* CVE-2015-5352: The x11_open_helper function in channels.c in ssh
in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of
the refusal deadline for X connections, which made it easier for remote
attackers to bypass intended access restrictions via a connection outside
of the permitted time window (bsc#936695).
* CVE-2015-5600: The kbdint_next_device function in auth2-chall.c
in sshd in OpenSSH did not properly restrict the processing of
keyboard-interactive devices within a single connection, which made it
easier for remote attackers to conduct brute-force attacks or cause a
denial of service (CPU consumption) via a long and duplicative list in
the ssh -oKbdInteractiveDevices option, as demonstrated by a modified
client that provides a different password for each pam element on this
list (bsc#938746).
* CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM (bsc#932483).
* Hardening patch to fix sftp RCE (bsc#903649).
* CVE-2015-6563: The monitor component in sshd in OpenSSH accepted
extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which
allowed local users to conduct impersonation attacks by leveraging any SSH
login access in conjunction with control of the sshd uid to send a crafted
MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
* CVE-2015-6564: Use-after-free vulnerability in the
mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH might
have allowed local users to gain privileges by leveraging control of the
sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
These non-security issues were fixed:
- bsc#914309: sshd inherits oom_adj -17 on SIGHUP causing DoS potential for oom_killer.
- bsc#673532: limits.conf fsize change in SLES10SP3 causing problems to WebSphere mqm user.
- bsc#916549: Fixed support for aesXXX-gcm@openssh.com.
ImportantSUSE bug 673532SUSE bug 903649SUSE bug 905118SUSE bug 914309SUSE bug 916549SUSE bug 932483SUSE bug 936695SUSE bug 938746SUSE bug 943006SUSE bug 943010SUSE bug 945493CVE-2015-4000CVE-2015-5352CVE-2015-5600CVE-2015-6563CVE-2015-6564cpe:/o:suse:suse_sled:11:sp3Security update for openssh (Critical)SUSE Linux Enterprise Desktop 11 SP3
This update for openssh fixes the following issues:
- CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client's private key through the roaming feature (bsc#961642)
- CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflow in the OpenSSH client through the roaming feature (bsc#961645)
This update disables the undocumented feature supported by the OpenSSH client and a commercial SSH server.
CriticalSUSE bug 961642SUSE bug 961645CVE-2016-0777CVE-2016-0778cpe:/o:suse:suse_sled:11:sp3Security update for openssl (Moderate)SUSE Linux Enterprise Desktop 11 SP3
This update for openssl fixes the following issues:
- CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure
OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS
routines so any application which reads PKCS#7 or CMS data from untrusted
sources is affected. SSL/TLS is not affected. (bsc#957812)
- Prevent segfault in s_client with invalid options (bsc#952099)
ModerateSUSE bug 952099SUSE bug 957812CVE-2015-3195cpe:/o:suse:suse_sled:11:sp3Security update for openssl-certsSUSE Linux Enterprise Desktop 11 SP3
openssl-certs has been updated to include four new and remove two
certificates:
* new: Atos_TrustedRoot_2011:2.8.92.51.203.98.44.95.179.50.crt
* new:
E-Tugra_Certification_Authority:2.8.106.104.62.156.81.155.203.83.crt
* new:
TeliaSonera_Root_CA_v1:2.17.0.149.190.22.160.247.46.70.241.123.57.130.114.250.139.205.150.crt
* new: T-TeleSec_GlobalRoot_Class_2:2.1.1.crt
* removed: Firmaprofesional_Root_CA:2.1.1.crt
* removed: TDC_OCES_Root_CA:2.4.62.72.189.196.crt
SUSE bug 875647SUSE bug 881241cpe:/o:suse:suse_sled:11:sp3Security update for openvpnSUSE Linux Enterprise Desktop 11 SP3
OpenVPN used a non-constant-time memcmp in HMAC comparison in
openvpn_decrypt that might have allowed remote attackers to gain knowledge
of plaintext data. (CVE-2013-2061)
Security Issues:
* CVE-2013-2061
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2061>
SUSE bug 843509CVE-2013-2061cpe:/o:suse:suse_sled:11:sp3Security update for orca (Moderate)SUSE Linux Enterprise Desktop 11 SP3
This orca update fixes the following security issue.
- Don't try to import modules from current working directory (bsc#916835, CVE-2013-4245).
ModerateSUSE bug 916835CVE-2013-4245cpe:/o:suse:suse_sled:11:sp3Security update for pamSUSE Linux Enterprise Desktop 11 SP3
This update changes the broken default behavior of pam_pwhistory to not
enforce checks when the root user requests password changes. In order to
enforce pwhistory checks on the root user, the 'enforce_for_root' parameter
needs to be set for the pam_pwhistory.so module.
This pam update fixes the following security and non-security issues:
* bnc#870433: Fixed pam_timestamp path injection problem
(CVE-2014-2583)
* bnc#848417: Fixed pam_pwhistory root password enforcement when
resetting non-root user's password
Security Issue references:
* CVE-2014-2583
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2583>
SUSE bug 848417SUSE bug 870433CVE-2014-2583cpe:/o:suse:suse_sled:11:sp3Security update for perlSUSE Linux Enterprise Desktop 11 SP3
This update fixes a memory leak and an infinite recursion in Data::Dumper.
(CVE-2014-4330)
Security Issues:
* CVE-2014-4330
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4330>
SUSE bug 838333SUSE bug 896715CVE-2014-4330cpe:/o:suse:suse_sled:11:sp3Security update for poptSUSE Linux Enterprise Desktop 11 SP3
This rpm update fixes the following security and non security issues.
* bnc#908128: check for bad invalid name sizes (CVE-2014-8118)
* bnc#906803: create files with mode 0 (CVE-2013-6435)
* bnc#892431: honor --noglob in install mode
Security Issues:
* CVE-2014-8118
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8118>
* CVE-2013-6435
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6435>
SUSE bug 892431SUSE bug 906803SUSE bug 908128CVE-2013-6435CVE-2014-8118cpe:/o:suse:suse_sled:11:sp3Security update for postgresql94 (Moderate)SUSE Linux Enterprise Desktop 11 SP3
This update of postgresql94 to 9.4.5 fixes the following issues:
* CVE-2015-5289: json or jsonb input values constructed from arbitrary user input could have crashed the PostgreSQL server and caused a denial of service (bsc#949670)
* CVE-2015-5288: crypt() (pgCrypto extension) couldi potentially be exploited to read a few additional bytes of memory (bsc#949669)
Also contains all changes and bugfixes in the upstream 9.4.5 release:
http://www.postgresql.org/docs/current/static/release-9-4-5.html
ModerateSUSE bug 949669SUSE bug 949670CVE-2015-5288CVE-2015-5289cpe:/o:suse:suse_sled:11:sp3Security update for postgresql91SUSE Linux Enterprise Desktop 11 SP3
The PostgreSQL database server was updated to 9.1.15, fixing bugs and
security issues:
* Fix buffer overruns in to_char() (CVE-2015-0241).
* Fix buffer overrun in replacement *printf() functions
(CVE-2015-0242).
* Fix buffer overruns in contrib/pgcrypto (CVE-2015-0243).
* Fix possible loss of frontend/backend protocol synchronization after
an error (CVE-2015-0244).
* Fix information leak via constraint-violation error messages
(CVE-2014-8161).
For a comprehensive list of fixes, please refer to the following release
notes:
* http://www.postgresql.org/docs/9.1/static/release-9-1-15.html
<http://www.postgresql.org/docs/9.1/static/release-9-1-15.html>
* http://www.postgresql.org/docs/9.1/static/release-9-1-14.html
<http://www.postgresql.org/docs/9.1/static/release-9-1-14.html>
* http://www.postgresql.org/docs/9.1/static/release-9-1-13.html
<http://www.postgresql.org/docs/9.1/static/release-9-1-13.html>
Security Issues:
* CVE-2015-0241
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0241>
* CVE-2015-0243
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0243>
* CVE-2015-0244
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0244>
* CVE-2014-8161
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8161>
SUSE bug 916953CVE-2014-8161CVE-2015-0241CVE-2015-0243CVE-2015-0244cpe:/o:suse:suse_sled:11:sp3Security update for postgresql91SUSE Linux Enterprise Desktop 11 SP3
This update provides PostgreSQL 9.1.18, which brings fixes for security
issues and other enhancements.
The following vulnerabilities have been fixed:
* CVE-2015-3165: Avoid possible crash when client disconnects.
(bsc#931972)
* CVE-2015-3166: Consistently check for failure of the *printf().
(bsc#931973)
* CVE-2015-3167: In contrib/pgcrypto, uniformly report decryption
failures. (bsc#931974)
For a comprehensive list of changes, please refer to
http://www.postgresql.org/docs/9.1/static/release-9-1-18.html
<http://www.postgresql.org/docs/9.1/static/release-9-1-18.html> .
This update also includes changes in PostgreSQL's packaging to prepare for
the migration to the new major version 9.4. (FATE#316970, bsc#907651)
Security Issues:
* CVE-2015-3165
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3165>
* CVE-2015-3166
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3166>
* CVE-2015-3167
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3167>
SUSE bug 907651SUSE bug 931972SUSE bug 931973SUSE bug 931974SUSE bug 932040CVE-2015-3165CVE-2015-3166CVE-2015-3167cpe:/o:suse:suse_sled:11:sp3Security update for postgresql91 (Moderate)SUSE Linux Enterprise Desktop 11 SP3
This update of postgresql91 to 9.1.19 fixes the following issues:
* CVE-2015-5288: crypt() (pgCrypto extension) couldi potentially be exploited to read a few additional bytes of memory (bsc#949669)
Also contains all changes and bugfixes in the upstream 9.1.19 release:
http://www.postgresql.org/docs/9.1/static/release-9-1-19.html
ModerateSUSE bug 949669CVE-2015-5288cpe:/o:suse:suse_sled:11:sp3Security update for pppSUSE Linux Enterprise Desktop 11 SP3
This ppp update fixes a potential security issue that an unprivileged
attacker could access privileged options:
* integer overflow in option parsing (CVE-2014-3158, bnc#891489)
Security Issues:
* CVE-2014-3158
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3158>
SUSE bug 891489CVE-2014-3158cpe:/o:suse:suse_sled:11:sp3Security update for procmailSUSE Linux Enterprise Desktop 11 SP3
procmail was updated to fix a security issue in its formail helper.
* When formail processed specially crafted e-mail headers a heap
corruption could be triggered, which would lead to a crash of
formail. (CVE-2014-3618)
Security Issues:
* CVE-2014-3618
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3618>
SUSE bug 894999CVE-2014-3618cpe:/o:suse:suse_sled:11:sp3Security update for puppetSUSE Linux Enterprise Desktop 11 SP3
Puppet was updated to fix the following security issues:
* Unsafe use of temporary files. (CVE-2013-4969)
* Arbitrary code execution with required social engineering.
(CVE-2014-3248, CVE-2014-3250)
Security Issues references:
* CVE-2014-3248
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3248>
* CVE-2013-4969
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4969>
* CVE-2014-3250
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3250>
SUSE bug 856843SUSE bug 879913CVE-2013-4969CVE-2014-3248CVE-2014-3250cpe:/o:suse:suse_sled:11:sp3Security update for pwlibSUSE Linux Enterprise Desktop 11 SP3
This update fixes a XML DoS vulnerability in pwlib. CVE-2013-1864 has been
assigned to this issue.
Security Issue reference:
* CVE-2013-1864
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1864>
SUSE bug 809917CVE-2013-1864cpe:/o:suse:suse_sled:11:sp3Security update for PythonSUSE Linux Enterprise Desktop 11 SP3
This python update fixes a certificate hostname issue.
* bnc#834601: CVE-2013-4238: python: SSL module does not handle
certificates that contain hostnames with NULL bytes
Security Issue reference:
* CVE-2013-4238
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238>
SUSE bug 834601CVE-2013-4238cpe:/o:suse:suse_sled:11:sp3Security update for PythonSUSE Linux Enterprise Desktop 11 SP3
Python was updated to fix one security issue:
* Potential wraparound/overflow in buffer() (CVE-2014-7185)
As an additional hardening measure SSLv2 has been disabled (bnc#901715).
Security Issues:
* CVE-2014-7185
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7185>
SUSE bug 898572SUSE bug 901715CVE-2014-7185cpe:/o:suse:suse_sled:11:sp3Security update for pythonSUSE Linux Enterprise Desktop 11 SP3
This update for Python fixes the following security issues:
* bnc#834601: SSL module does not handle certificates that contain
hostnames with NULL bytes. (CVE-2013-4238)
* bnc#856836: Various stdlib read flaws. (CVE-2013-1752)
Additionally, the following non-security issues have been fixed:
* bnc#859068: Turn off OpenSSL's aggressive optimizations that conflict
with Python's GC.
* bnc#847135: Setting fips=1 at boot time causes problems with Python
due to MD5 usage.
Security Issue references:
* CVE-2013-4073
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4073>
* CVE-2013-4238
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238>
SUSE bug 834601SUSE bug 847135SUSE bug 856836SUSE bug 859068CVE-2013-4073CVE-2013-4238cpe:/o:suse:suse_sled:11:sp3Security update for PythonSUSE Linux Enterprise Desktop 11 SP3
Python was updated to fix a security issue in the socket.recvfrom_into
function, where data could be written over the end of the buffer.
(CVE-2014-1912)
Security Issue reference:
* CVE-2014-1912
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1912>
SUSE bug 863741CVE-2014-1912cpe:/o:suse:suse_sled:11:sp3Security update for PythonSUSE Linux Enterprise Desktop 11 SP3
This update for Python provides fixes for the following issues:
* CGIHTTPServer file disclosure and directory traversal through
URL-encoded characters. (CVE-2014-4650)
* The 'urlparse' module has been updated to correctly parse IPv6
addresses. (bnc#872848)
* Correctly enable IPv6 support.
Security Issues:
* CVE-2014-4650
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4650>
SUSE bug 872848SUSE bug 885882CVE-2014-4650cpe:/o:suse:suse_sled:11:sp3Security update for python-lxmlSUSE Linux Enterprise Desktop 11 SP3
This security update for python-lxml fixes a input sanitization flaw in
clean_html. (CVE-2014-3146)
Security Issues:
* CVE-2014-3146
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3146>
SUSE bug 877258CVE-2014-3146cpe:/o:suse:suse_sled:11:sp3Security update for python-setuptoolsSUSE Linux Enterprise Desktop 11 SP3
python-setuptools so far used only HTTP to retrieve packages, which could
have lead to man in the middle attacks on newly installed python code.
This update adjusts it to use HTTPS, guaranteeing better connection
integrity.
Security Issue reference:
* CVE-2013-1633
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1633>
SUSE bug 843759CVE-2013-1633cpe:/o:suse:suse_sled:11:sp3Recommended update for python-setuptools (Moderate)SUSE Linux Enterprise Desktop 11 SP3
python-setuptools was updated to fix one security issue.
The following vulnerability was fixed:
* CVE-2013-7440: Non-RFC6125-compliant host name matching was incorrect (bsc#930189)
ModerateSUSE bug 930189CVE-2013-7440cpe:/o:suse:suse_sled:11:sp3Security update for rpcbind (Moderate)SUSE Linux Enterprise Desktop 11 SP3
A use-after-free security bug in rpcbind was fixed which could lead to a remote denial of service.
ModerateSUSE bug 940191SUSE bug 946204CVE-2015-7236cpe:/o:suse:suse_sled:11:sp3Security update for rsync (Moderate)SUSE Linux Enterprise Desktop 11 SP3
This update for rsync fixes two security issues:
- CVE-2014-8242: Checksum collisions leading to a denial of service (bsc#900914)
- CVE-2014-9512: Malicious servers could send files outside of the transferred directory (bsc#915410)
ModerateSUSE bug 900914SUSE bug 915410CVE-2014-8242CVE-2014-9512cpe:/o:suse:suse_sled:11:sp3Security update for RubySUSE Linux Enterprise Desktop 11 SP3
This Ruby update fixes the following security issue:
* bnc#808137: Fixed entity expansion DoS vulnerability in REXML
(CVE-2013-1821).
Security Issue reference:
* CVE-2013-1821
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1821>
SUSE bug 808137CVE-2013-1821cpe:/o:suse:suse_sled:11:sp3Security update for rxvt-unicodeSUSE Linux Enterprise Desktop 11 SP3
rxvt-unicode was updated to ensure that window property values can not be
queried in secure mode. (CVE-2014-3121)
Security Issue reference:
* CVE-2014-3121
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3121>
SUSE bug 876101CVE-2014-3121cpe:/o:suse:suse_sled:11:sp3Security update for SambaSUSE Linux Enterprise Desktop 11 SP3
Samba has been updated to fix one security issue:
* CVE-2015-0240: Don't call talloc_free on an uninitialized pointer
(bnc#917376).
Additionally, these non-security issues have been fixed:
* Realign the winbind request structure following require_membership_of
field expansion (bnc#913001).
* Reuse connections derived from DFS referrals (bso#10123,
fate#316512).
* Set domain/workgroup based on authentication callback value
(bso#11059).
* Fix spoolss error response marshalling (bso#10984).
* Fix spoolss EnumJobs and GetJob responses (bso#10905, bnc#898031).
* Fix handling of bad EnumJobs levels (bso#10898).
* Fix small memory-leak in the background print process; (bnc#899558).
* Prune idle or hung connections older than 'winbind request timeout'
(bso#3204, bnc#872912).
Security Issues:
* CVE-2015-0240
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240>
SUSE bug 872912SUSE bug 898031SUSE bug 899558SUSE bug 913001SUSE bug 917376CVE-2015-0240cpe:/o:suse:suse_sled:11:sp3Security update for samba (Important)SUSE Linux Enterprise Desktop 11 SP3
This update for Samba fixes the following security issues:
- CVE-2015-5330: Remote read memory exploit in LDB (bnc#958586)
- CVE-2015-5252: Insufficient symlink verification (file access outside the share) (bnc#958582)
- CVE-2015-5296: No man in the middle protection when forcing smb encryption on the client side (bnc#958584)
- CVE-2015-5299: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2) (bnc#958583)
Non-security issues fixed:
- Prevent null pointer access in samlogon fallback when security credentials are null (bnc#949022)
- Ensure samlogon fall-back requests are rerouted after kerberos failure (bnc#953382)
- Ensure 'Your account is disabled' message is displayed when attempting to ssh into locked account (bnc#953382)
- Address unrecoverable winbind failure: 'key length too large' (bnc#934299)
- Take resource group sids into account when caching netsamlogon data (bnc#912457)
- Fix lookup of groups with 'Local Domain' scope from Active Directory (bnc#948244)
- dependency issue with samba-winbind (bnc#936909)
ImportantSUSE bug 295284SUSE bug 912457SUSE bug 934299SUSE bug 936909SUSE bug 948244SUSE bug 949022SUSE bug 953382SUSE bug 958582SUSE bug 958583SUSE bug 958584SUSE bug 958586CVE-2015-5252CVE-2015-5296CVE-2015-5299CVE-2015-5330cpe:/o:suse:suse_sled:11:sp3Security update for sblim-sfcb (Moderate)SUSE Linux Enterprise Desktop 11 SP3
This update of sblim-sfcb fixes a potential NULL pointer crash in lookupProviders() (CVE-2015-5185).
ModerateSUSE bug 942628CVE-2015-5185cpe:/o:suse:suse_sled:11:sp3Security update for shimSUSE Linux Enterprise Desktop 11 SP3
shim has been updated to fix three security issues:
* OOB read access when parsing DHCPv6 packets (remote DoS)
(CVE-2014-3675).
* Heap overflow when parsing IPv6 addresses provided by tftp:// DHCPv6
boot option (RCE) (CVE-2014-3676).
* Memory corruption when processing user provided MOK lists
(CVE-2014-3677).
Security Issues:
* CVE-2014-3675
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3675>
* CVE-2014-3676
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3676>
* CVE-2014-3677
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3677>
SUSE bug 813448SUSE bug 863205SUSE bug 866690SUSE bug 875385SUSE bug 889332SUSE bug 889765CVE-2014-3675CVE-2014-3676CVE-2014-3677cpe:/o:suse:suse_sled:11:sp3Security update for strongswanSUSE Linux Enterprise Desktop 11 SP3
This update fixes a NULL ptr dereference (DoS) via ID_DER_ASN1_DN ID
payloads.
Security Issue reference:
* CVE-2014-2891
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2891>
SUSE bug 876449CVE-2014-2891cpe:/o:suse:suse_sled:11:sp3Security update for strongswan (Moderate)SUSE Linux Enterprise Desktop 11 SP3
The strongswan package was updated to fix the following security issue:
- CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin (bsc#953817).
ModerateSUSE bug 953817CVE-2015-8023cpe:/o:suse:suse_sled:11:sp3Security update for sudoSUSE Linux Enterprise Desktop 11 SP3
This collective update for sudo provides fixes for the following issues:
* Security policy bypass when env_reset is disabled. (CVE-2014-0106,
bnc#866503)
* Regression in the previous update that causes a segmentation fault
when running 'sudo -s'. (bnc#868444)
* Command 'who -m' prints no output when using log_input/log_output
sudo options. (bnc#863025)
Security Issues references:
* CVE-2014-0106
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0106>
SUSE bug 863025SUSE bug 866503SUSE bug 868444CVE-2014-0106cpe:/o:suse:suse_sled:11:sp3Security update for tcpdumpSUSE Linux Enterprise Desktop 11 SP3
When running tcpdump, a remote unauthenticated user could have crashed the
application or, potentially, execute arbitrary code by injecting crafted
packages into the network.
The following vulnerabilities in protocol printers have been fixed:
* IPv6 mobility printer remote DoS (CVE-2015-0261, bnc#922220)
* Ethernet printer remote DoS (CVE-2015-2154, bnc#922222)
* PPP printer remote DoS (CVE-2014-9140, bnc#923142)
Security Issues:
* CVE-2015-0261
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0261>
* CVE-2015-2154
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2154>
* CVE-2014-9140
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9140>
SUSE bug 922220SUSE bug 922222SUSE bug 923142CVE-2014-9140CVE-2015-0261CVE-2015-2154cpe:/o:suse:suse_sled:11:sp3Security update for telepathy-idleSUSE Linux Enterprise Desktop 11 SP3
Telepathy-idle did not check SSL certificates. CVE-2007-6746 was assigned
to this issue.
Security Issue reference:
* CVE-2007-6746
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6746>
SUSE bug 817120CVE-2007-6746cpe:/o:suse:suse_sled:11:sp3Security update for tidy (Low)SUSE Linux Enterprise Desktop 11 SP3
This update fixes two heap-based buffer overflows in tidy/libtidy. These vulnerabilities
could allow remote attackers to cause a denial of service (crash) via vectors involving
a command character in an href. (CVE-2015-5522, CVE-2015-5523)
LowSUSE bug 933588CVE-2015-5522CVE-2015-5523cpe:/o:suse:suse_sled:11:sp3Security update for tiff (Moderate)SUSE Linux Enterprise Desktop 11 SP3
tiff was updated to fix six security issues found by fuzzing initiatives.
These security issues were fixed:
- CVE-2014-8127: Out-of-bounds write (bnc#914890).
- CVE-2014-8128: Out-of-bounds write (bnc#914890).
- CVE-2014-8129: Out-of-bounds write (bnc#914890).
- CVE-2014-8130: Out-of-bounds write (bnc#914890).
- CVE-2014-9655: Access of uninitialized memory (bnc#916927).
ModerateSUSE bug 914890SUSE bug 916927CVE-2014-8127CVE-2014-8128CVE-2014-8129CVE-2014-8130CVE-2014-9655cpe:/o:suse:suse_sled:11:sp3Security update for unzipSUSE Linux Enterprise Desktop 11 SP3
This update fixes the following security issues:
* CVE-2014-8139: input sanitization errors (bnc#909214)
* CVE-2014-9636: out-of-bounds read/write in test_compr_eb()
(bnc#914442)
Security Issues:
* CVE-2014-9636
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9636>
* CVE-2014-8139
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8139>
SUSE bug 909214SUSE bug 914442CVE-2014-8139CVE-2014-9636cpe:/o:suse:suse_sled:11:sp3Security update for vinoSUSE Linux Enterprise Desktop 11 SP3
vino has been updated to fix a remote denial of service problem where
remote attackers could have caused a infinite loop in vino (CPU
consumption). (CVE-2013-5745)
Security Issue reference:
* CVE-2013-5745
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5745>
SUSE bug 843174CVE-2013-5745cpe:/o:suse:suse_sled:11:sp3Security update for vorbis-tools (Moderate)SUSE Linux Enterprise Desktop 11 SP3
vorbis-tools was updated to fix several security issues.
- A buffer overflow in aiff_open() that could be triggered
by opening prepared malicious files (CVE-2015-6749, bsc#943795).
- A division by zero and integer overflow by crafted WAV files was fixed
(CVE-2014-9638, CVE-2014-9639, bnc#914439, bnc#914441).
ModerateSUSE bug 914439SUSE bug 914441SUSE bug 943795CVE-2014-9638CVE-2014-9639CVE-2015-6749cpe:/o:suse:suse_sled:11:sp3Security update for wgetSUSE Linux Enterprise Desktop 11 SP3
wget has been updated to fix one security issue and two non-security
issues.
This security issue has been fixed:
* FTP symlink arbitrary filesystem access (CVE-2014-4877).
These non-security issues have been fixed:
* Fix displaying of download time (bnc#901276).
* Fix 0 size FTP downloads after failure (bnc#885069).
Security Issues:
* CVE-2014-4877
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877>
SUSE bug 885069SUSE bug 901276SUSE bug 902709CVE-2014-4877cpe:/o:suse:suse_sled:11:sp3Security update for wiresharkSUSE Linux Enterprise Desktop 11 SP3
wireshark has been updated to version 1.10.11 to fix five security issues.
These security issues have been fixed:
* SigComp UDVM buffer overflow (CVE-2014-8710).
* AMQP dissector crash (CVE-2014-8711).
* NCP dissector crashes (CVE-2014-8712, CVE-2014-8713).
* TN5250 infinite loops (CVE-2014-8714).
This non-security issue has been fixed:
* enable zlib (bnc#899303).
Further bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.10.11.html
<https://www.wireshark.org/docs/relnotes/wireshark-1.10.11.html>
Security Issues:
* CVE-2014-8711
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8711>
* CVE-2014-8710
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8710>
* CVE-2014-8714
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8714>
* CVE-2014-8712
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8712>
* CVE-2014-8713
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8713>
SUSE bug 899303SUSE bug 905245SUSE bug 905246SUSE bug 905247SUSE bug 905248CVE-2014-8710CVE-2014-8711CVE-2014-8712CVE-2014-8713CVE-2014-8714cpe:/o:suse:suse_sled:11:sp3Security update for wireshark (Moderate)SUSE Linux Enterprise Desktop 11 SP3
Wireshark has been updated to 1.12.7. (FATE#319388)
The following vulnerabilities have been fixed:
* Wireshark could crash when adding an item to the protocol tree. wnpa-sec-2015-21 CVE-2015-6241
* Wireshark could attempt to free invalid memory. wnpa-sec-2015-22 CVE-2015-6242
* Wireshark could crash when searching for a protocol dissector. wnpa-sec-2015-23 CVE-2015-6243
* The ZigBee dissector could crash. wnpa-sec-2015-24 CVE-2015-6244
* The GSM RLC/MAC dissector could go into an infinite loop. wnpa-sec-2015-25 CVE-2015-6245
* The WaveAgent dissector could crash. wnpa-sec-2015-26 CVE-2015-6246
* The OpenFlow dissector could go into an infinite loop. wnpa-sec-2015-27 CVE-2015-6247
* Wireshark could crash due to invalid ptvcursor length checking. wnpa-sec-2015-28 CVE-2015-6248
* The WCCP dissector could crash. wnpa-sec-2015-29 CVE-2015-6249
* Further bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html
Also a fix from 1.12.6 in GSM DTAP was backported. (bnc#935158 CVE-2015-4652)
ModerateSUSE bug 935158SUSE bug 941500CVE-2015-3813CVE-2015-4652CVE-2015-6241CVE-2015-6242CVE-2015-6243CVE-2015-6244CVE-2015-6245CVE-2015-6246CVE-2015-6247CVE-2015-6248CVE-2015-6249cpe:/o:suse:suse_sled:11:sp3Security update for wireshark (Low)SUSE Linux Enterprise Desktop 11 SP3
This update contains Wireshark 1.12.9 and fixes the following issues:
* CVE-2015-7830: pcapng file parser could crash while copying an interface filter (bsc#950437)
* CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.
* CVE-2015-8712: The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
* CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.
* CVE-2015-8714: The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
* CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
* CVE-2015-8716: The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
* CVE-2015-8717: The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
* CVE-2015-8718: Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the 'Match MSG/RES packets for async NLM' option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet.
* CVE-2015-8719: The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
* CVE-2015-8720: The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
* CVE-2015-8721: Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression.
* CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.
* CVE-2015-8723: The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted
* CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
* CVE-2015-8725: The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.
* CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
* CVE-2015-8727: The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.
* CVE-2015-8728: The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet.
* CVE-2015-8729: The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
* CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet.
* CVE-2015-8731: The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
* CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
* CVE-2015-8733: The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
LowSUSE bug 950437SUSE bug 960382CVE-2015-7830CVE-2015-8711CVE-2015-8712CVE-2015-8713CVE-2015-8714CVE-2015-8715CVE-2015-8716CVE-2015-8717CVE-2015-8718CVE-2015-8719CVE-2015-8720CVE-2015-8721CVE-2015-8722CVE-2015-8723CVE-2015-8724CVE-2015-8725CVE-2015-8726CVE-2015-8727CVE-2015-8728CVE-2015-8729CVE-2015-8730CVE-2015-8731CVE-2015-8732CVE-2015-8733cpe:/o:suse:suse_sled:11:sp3Security update for wpa_supplicantSUSE Linux Enterprise Desktop 11 SP3
This update fixes a remote code execution vulnerability in wpa_supplicant's
wpa_cli and hostapd_cli tools. CVE-2014-3686 has been assigned to this
issue.
Additionally, password based authentication with PKCS#5v2 has been enabled.
Security Issues:
* CVE-2014-3686
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3686>
SUSE bug 868937SUSE bug 900611CVE-2014-3686cpe:/o:suse:suse_sled:11:sp3Security update for wpa_supplicant (Moderate)SUSE Linux Enterprise Desktop 11 SP3
wpa_supplicant was updated to fix two security issues.
These security issues were fixed:
- CVE-2015-4142: Integer underflow in the WMM Action frame parser in hostapd and wpa_supplicant, when used for AP mode MLME/SME functionality, allowed remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read (bsc#930078).
- CVE-2015-4141: The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), allowed remote attackers to cause a denial of service (crash) via a negative chunk length, which triggered an out-of-bounds read or heap-based buffer overflow (bsc#930077).
ModerateSUSE bug 930077SUSE bug 930078CVE-2015-4141CVE-2015-4142cpe:/o:suse:suse_sled:11:sp3Security update for xalan-j2SUSE Linux Enterprise Desktop 11 SP3
xalan-j2 has been updated to ensure that secure processing can't be
circumvented (CVE-2014-0107).
Security Issues:
* CVE-2014-0107
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0107>
SUSE bug 870082CVE-2014-0107cpe:/o:suse:suse_sled:11:sp3Security update for XenSUSE Linux Enterprise Desktop 11 SP3
Xen was updated to fix two security issues and a bug:
* CVE-2015-3456: A buffer overflow in the floppy drive emulation, which
could be used to carry out denial of service attacks or potential
code execution against the host. This vulnerability is also known as
VENOM.
* CVE-2015-3340: Xen did not initialize certain fields, which allowed
certain remote service domains to obtain sensitive information from
memory via a (1) XEN_DOMCTL_gettscinfo or (2)
XEN_SYSCTL_getdomaininfolist request.
* An exception in setCPUAffinity when restoring guests. (bsc#910441)
Security Issues:
* CVE-2015-3456
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456>
* CVE-2015-3340
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340>
SUSE bug 910441SUSE bug 927967SUSE bug 929339CVE-2015-3456cpe:/o:suse:suse_sled:11:sp3Security update for XenSUSE Linux Enterprise Desktop 11 SP3
Xen has been updated to version 4.2.5 with additional patches to fix six
security issues:
* Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling
(CVE-2014-9030).
* Insufficient bounding of 'REP MOVS' to MMIO emulated inside the
hypervisor (CVE-2014-8867).
* Excessive checking in compatibility mode hypercall argument
translation (CVE-2014-8866).
* Guest user mode triggerable VM exits not handled by hypervisor
(bnc#903850).
* Missing privilege level checks in x86 emulation of far branches
(CVE-2014-8595).
* Insufficient restrictions on certain MMU update hypercalls
(CVE-2014-8594).
These non-security issues have been fixed:
* Xen save/restore of HVM guests cuts off disk and networking
(bnc#866902).
* Windows 2012 R2 fails to boot up with greater than 60 vcpus
(bnc#882089).
* Increase limit domUloader to 32MB (bnc#901317).
* Adjust xentop column layout (bnc#896023).
Security Issues:
* CVE-2014-9030
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9030>
* CVE-2014-8867
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8867>
* CVE-2014-8866
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8866>
* CVE-2014-8595
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8595>
* CVE-2014-8594
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8594>
SUSE bug 866902SUSE bug 882089SUSE bug 896023SUSE bug 901317SUSE bug 903850SUSE bug 903967SUSE bug 903970SUSE bug 905465SUSE bug 905467SUSE bug 906439CVE-2014-8594CVE-2014-8595CVE-2014-8866CVE-2014-8867CVE-2014-9030cpe:/o:suse:suse_sled:11:sp3Security update for xen (Important)SUSE Linux Enterprise Desktop 11 SP3
xen was updated to fix the following security issues:
* CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (bsc#939712, XSA-140)
* CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol (bsc#939709, XSA-139)
* CVE-2015-2751: Certain domctl operations could have be used to lock up the host (bsc#922709, XSA-127)
* CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137)
* CVE-2015-4164: DoS through iret hypercall handler (bsc#932996, XSA-136)
* CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344)
ImportantSUSE bug 922709SUSE bug 932996SUSE bug 935634SUSE bug 938344SUSE bug 939709SUSE bug 939712CVE-2015-2751CVE-2015-3259CVE-2015-4164CVE-2015-5154CVE-2015-5165CVE-2015-5166cpe:/o:suse:suse_sled:11:sp3Security update for xen (Important)SUSE Linux Enterprise Desktop 11 SP3
xen was updated to fix nine security issues.
These security issues were fixed:
- CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary files with predictable names, which allowed local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program (bsc#932267).
- CVE-2014-0222: Integer overflow in the qcow_open function allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642).
- CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests (bsc#950367).
- CVE-2015-7311: libxl in Xen did not properly handle the readonly flag on disks when using the qemu-xen device model, which allowed local guest users to write to a read-only disk image (bsc#947165).
- CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463).
- CVE-2015-6815: With e1000 NIC emulation support it was possible to enter an infinite loop (bsc#944697).
- CVE-2015-7969: Leak of main per-domain vcpu pointer array leading to denial of service (bsc#950703).
- CVE-2015-7969: Leak of per-domain profiling- related vcpu pointer array leading to denial of service (bsc#950705).
- CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (bsc#950706).
These non-security issues were fixed:
- bsc#907514: Bus fatal error: SLES 12 sudden reboot has been observed
- bsc#910258: SLES12 Xen host crashes with FATAL NMI after shutdown of guest with VT-d NIC
- bsc#918984: Bus fatal error: SLES11-SP4 sudden reboot has been observed
- bsc#923967: Partner-L3: Bus fatal error: SLES11-SP3 sudden reboot has been observed
- bsc#941074: Device 51728 could not be connected. Hotplug scripts not working
ImportantSUSE bug 877642SUSE bug 907514SUSE bug 910258SUSE bug 918984SUSE bug 923967SUSE bug 932267SUSE bug 941074SUSE bug 944463SUSE bug 944697SUSE bug 947165SUSE bug 950367SUSE bug 950703SUSE bug 950705SUSE bug 950706CVE-2014-0222CVE-2015-4037CVE-2015-5239CVE-2015-6815CVE-2015-7311CVE-2015-7835CVE-2015-7969CVE-2015-7971cpe:/o:suse:suse_sled:11:sp3Security update for XenSUSE Linux Enterprise Desktop 11 SP3
The Xen hypervisor and toolset has been updated to 4.2.2_06 to fix various
bugs and security issues:
The following security issues have been addressed:
* CVE-2013-2194: Various integer overflows in the ELF loader were
fixed. (XSA-55)
* CVE-2013-2195: Various pointer dereferences issues in the ELF loader
were fixed. (XSA-55)
* CVE-2013-2196: Various other problems in the ELF loader were fixed.
(XSA-55)
* CVE-2013-2078: A Hypervisor crash due to missing exception recovery
on XSETBV was fixed. (XSA-54)
* CVE-2013-2077: A Hypervisor crash due to missing exception recovery
on XRSTOR was fixed. (XSA-53)
* CVE-2013-2211: libxl allowed guest write access to sensitive console
related xenstore keys. (XSA-57)
* CVE-2013-2076: An information leak on XSAVE/XRSTOR capable AMD CPUs
(XSA-52) was fixed, where parts of this state could leak to other
VMs.
Also the following bugs have been fixed:
* performance issues in mirror lvm (bnc#801663)
* aacraid driver panics mapping INT A when booting kernel-xen
(bnc#808085)
* Fully Virtualized Windows VM install failed on Ivy Bridge platforms
with Xen kernel (bnc#808269)
* Did not boot with i915 graphics controller with VT-d enabled
(bnc#817210)
Security Issue references:
* CVE-2013-2194
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194>
* CVE-2013-2195
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195>
* CVE-2013-2196
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196>
SUSE bug 801663SUSE bug 808085SUSE bug 808269SUSE bug 817210SUSE bug 820917SUSE bug 820919SUSE bug 820920SUSE bug 823011SUSE bug 823608CVE-2013-2194CVE-2013-2195CVE-2013-2196cpe:/o:suse:suse_sled:11:sp3Security update for XenSUSE Linux Enterprise Desktop 11 SP3
XEN has been updated to version 4.2.3 c/s 26170, fixing various bugs and
security issues.
* CVE-2013-4416: XSA-72: Fixed ocaml xenstored that mishandled
oversized message replies
* CVE-2013-4355: XSA-63: Fixed information leaks through I/O
instruction emulation
* CVE-2013-4361: XSA-66: Fixed information leak through fbld
instruction emulation
* CVE-2013-4368: XSA-67: Fixed information leak through outs
instruction emulation
* CVE-2013-4369: XSA-68: Fixed possible null dereference when parsing
vif ratelimiting info
* CVE-2013-4370: XSA-69: Fixed misplaced free in ocaml
xc_vcpu_getaffinity stub
* CVE-2013-4371: XSA-70: Fixed use-after-free in libxl_list_cpupool
under memory pressure
* CVE-2013-4375: XSA-71: xen: qemu disk backend (qdisk) resource leak
* CVE-2013-1442: XSA-62: Fixed information leak on AVX and/or LWP
capable CPUs
* CVE-2013-1432: XSA-58: Page reference counting error due to
XSA-45/CVE-2013-1918 fixes.
Various bugs have also been fixed:
* Boot failure with xen kernel in UEFI mode with error 'No memory for
trampoline' (bnc#833483)
* Improvements to block-dmmd script (bnc#828623)
* MTU size on Dom0 gets reset when booting DomU with e1000 device
(bnc#840196)
* In HP's UEFI x86_64 platform and with xen environment, in booting
stage, xen hypervisor will panic. (bnc#833251)
* Xen: migration broken from xsave-capable to xsave-incapable host
(bnc#833796)
* In xen, 'shutdown -y 0 -h' cannot power off system (bnc#834751)
* In HP's UEFI x86_64 platform with xen environment, xen hypervisor
will panic on multiple blades nPar. (bnc#839600)
* vcpus not started after upgrading Dom0 from SLES 11 SP2 to SP3
(bnc#835896)
* SLES 11 SP3 Xen security patch does not automatically update UEFI
boot binary (bnc#836239)
* Failed to setup devices for vm instance when start multiple vms
simultaneously (bnc#824676)
* SLES 9 SP4 guest fails to start after upgrading to SLES 11 SP3
(bnc#817799)
* Various upstream fixes have been included.
Security Issues:
* CVE-2013-1432
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432>
* CVE-2013-1442
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442>
* CVE-2013-1918
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918>
* CVE-2013-4355
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355>
* CVE-2013-4361
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361>
* CVE-2013-4368
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368>
* CVE-2013-4369
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4369>
* CVE-2013-4370
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4370>
* CVE-2013-4371
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4371>
* CVE-2013-4375
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4375>
* CVE-2013-4416
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4416>
SUSE bug 817799SUSE bug 824676SUSE bug 826882SUSE bug 828623SUSE bug 833251SUSE bug 833483SUSE bug 833796SUSE bug 834751SUSE bug 835896SUSE bug 836239SUSE bug 839596SUSE bug 839600SUSE bug 840196SUSE bug 840592SUSE bug 841766SUSE bug 842511SUSE bug 842512SUSE bug 842513SUSE bug 842514SUSE bug 842515SUSE bug 845520CVE-2013-1432CVE-2013-1442CVE-2013-1918CVE-2013-4355CVE-2013-4361CVE-2013-4368CVE-2013-4369CVE-2013-4370CVE-2013-4371CVE-2013-4375CVE-2013-4416cpe:/o:suse:suse_sled:11:sp3Security update for XenSUSE Linux Enterprise Desktop 11 SP3
The Xen hypervisor and tool-suite have been updated to fix security issues
and bugs:
* CVE-2013-4494: XSA-73: A lock order reversal between page allocation
and grant table locks could lead to host crashes or even host code
execution.
* CVE-2013-4553: XSA-74: A lock order reversal between page_alloc_lock
and mm_rwlock could lead to deadlocks.
* CVE-2013-4554: XSA-76: Hypercalls exposed to privilege rings 1 and 2
of HVM guests which might lead to Hypervisor escalation under
specific circumstances.
* CVE-2013-6375: XSA-78: Insufficient TLB flushing in VT-d (iommu) code
could lead to access of memory that was revoked.
* CVE-2013-4551: XSA-75: A host crash due to guest VMX instruction
execution was fixed.
Non-security bugs have also been fixed:
* bnc#840997: It is possible to start a VM twice on the same node.
* bnc#842417: In HP's UEFI x86_64 platform and SLES 11-SP3, dom0 will
could lock-up on multiple blades nPar.
* bnc#848014: Xen Hypervisor panics on 8-blades nPar with 46-bit memory
addressing.
* bnc#846849: Soft lock-up with PCI pass-through and many VCPUs.
* bnc#833483: Boot Failure with Xen kernel in UEFI mode with error 'No
memory for trampoline'.
* Increase the maximum supported CPUs in the Hypervisor to 512.
Security Issues:
* CVE-2013-1922
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1922>
* CVE-2013-2007
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2007>
* CVE-2013-4375
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4375>
* CVE-2013-4416
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4416>
* CVE-2013-4494
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494>
* CVE-2013-4551
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4551>
* CVE-2013-4553
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553>
* CVE-2013-4554
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4554>
SUSE bug 833483SUSE bug 840997SUSE bug 842417SUSE bug 846849SUSE bug 848014SUSE bug 848657SUSE bug 849665SUSE bug 849667SUSE bug 849668SUSE bug 851386CVE-2013-1922CVE-2013-2007CVE-2013-4375CVE-2013-4416CVE-2013-4494CVE-2013-4551CVE-2013-4553CVE-2013-4554cpe:/o:suse:suse_sled:11:sp3Security update for XenSUSE Linux Enterprise Desktop 11 SP3
The SUSE Linux Enterprise Server 11 Service Pack 3 Xen hypervisor and
toolset has been updated to 4.2.4 to fix various bugs and security issues:
The following security issues have been addressed:
*
XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen 3.3
through 4.3, when disabling chaches, allows local HVM guests with
access to memory mapped I/O regions to cause a denial of service (CPU
consumption and possibly hypervisor or guest kernel panic) via a
crafted GFN range. (bnc#831120)
*
XSA-80: CVE-2013-6400: Xen 4.2.x and 4.3.x, when using Intel VT-d and
a PCI device has been assigned, does not clear the flag that
suppresses IOMMU TLB flushes when unspecified errors occur, which
causes the TLB entries to not be flushed and allows local guest
administrators to cause a denial of service (host crash) or gain
privileges via unspecified vectors. (bnc#853048)
*
XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh
processors does not properly handle the interaction between locked
instructions and write-combined memory types, which allows local
users to cause a denial of service (system hang) via a crafted
application, aka the errata 793 issue. (bnc#853049)
*
XSA-83: CVE-2014-1642: The IRQ setup in Xen 4.2.x and 4.3.x, when
using device passthrough and configured to support a large number of
CPUs, frees certain memory that may still be intended for use, which
allows local guest administrators to cause a denial of service
(memory corruption and hypervisor crash) and possibly execute
arbitrary code via vectors related to an out-of-memory error that
triggers a (1) use-after-free or (2) double free. (bnc#860092)
*
XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER and
FLASK_CONTEXT_TO_SID suboperations of the flask hypercall are
vulnerable to an integer overflow on the input size. The hypercalls
attempt to allocate a buffer which is 1 larger than this size and is
therefore vulnerable to integer overflow and an attempt to allocate
then access a zero byte buffer. (bnc#860163)
*
XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through 4.1, while not
affected by the above overflow, have a different overflow issue on
FLASK_{GET,SET}BOOL and expose unreasonably large memory allocation
to aribitrary guests. (bnc#860163)
*
XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier) exhibit both
problems with the overflow issue being present for more than just the
suboperations listed above. (bnc#860163)
*
XSA-85: CVE-2014-1895: The FLASK_AVC_CACHESTAT hypercall, which
provides access to per-cpu statistics on the Flask security policy,
incorrectly validates the CPU for which statistics are being
requested. (bnc#860165)
*
XSA-86: CVE-2014-1896: libvchan (a library for inter-domain
communication) does not correctly handle unusual or malicious
contents in the xenstore ring. A malicious guest can exploit this to
cause a libvchan-using facility to read or write past the end of the
ring. (bnc#860300)
*
XSA-87: CVE-2014-1666: The do_physdev_op function in Xen 4.1.5,
4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict
access to the (1) PHYSDEVOP_prepare_msix and (2)
PHYSDEVOP_release_msix operations, which allows local PV guests to
cause a denial of service (host or guest malfunction) or possibly
gain privileges via unspecified vectors. (bnc#860302)
*
XSA-88: CVE-2014-1950: Use-after-free vulnerability in the
xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a
multithreaded toolstack, does not properly handle a failure by the
xc_cpumap_alloc function, which allows local users with access to
management functions to cause a denial of service (heap corruption)
and possibly gain privileges via unspecified vectors. (bnc#861256)
Also the following non-security bugs have been fixed:
* Fixed boot problems with Xen kernel. '(XEN) setup 0000:00:18.0 for d0
failed (-19)' (bnc#858311)
* Fixed Xen hypervisor panic on 8-blades nPar with 46-bit memory
addressing. (bnc#848014)
* Fixed Xen hypervisor panic in HP's UEFI x86_64 platform and with xen
environment, in booting stage. (bnc#833251)
* xend/pvscsi: recognize also SCSI CDROM devices (bnc#863297)
* pygrub: Support (/dev/xvda) style disk specifications
Security Issue references:
* CVE-2013-2212
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2212>
* CVE-2013-6400
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6400>
* CVE-2013-6885
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885>
* CVE-2014-1642
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1642>
* CVE-2014-1666
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1666>
* CVE-2014-1891
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1891>
* CVE-2014-1892
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1892>
* CVE-2014-1893
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1893>
* CVE-2014-1894
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1894>
* CVE-2014-1895
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1895>
* CVE-2014-1896
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1896>
* CVE-2014-1950
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1950>
SUSE bug 831120SUSE bug 833251SUSE bug 848014SUSE bug 853048SUSE bug 853049SUSE bug 858311SUSE bug 860092SUSE bug 860163SUSE bug 860165SUSE bug 860300SUSE bug 860302SUSE bug 861256SUSE bug 863297CVE-2013-2212CVE-2013-6400CVE-2013-6885CVE-2014-1642CVE-2014-1666CVE-2014-1891CVE-2014-1892CVE-2014-1893CVE-2014-1894CVE-2014-1895CVE-2014-1896CVE-2014-1950cpe:/o:suse:suse_sled:11:sp3Security update for XenSUSE Linux Enterprise Desktop 11 SP3
The SUSE Linux Enterprise 11 Service Pack 3 Xen package was updated to fix
various bugs and security issues.
The following security issues have been fixed:
* XSA-108: CVE-2014-7188: Improper MSR range used for x2APIC emulation
(bnc#897657)
* XSA-106: CVE-2014-7156: Missing privilege level checks in x86
emulation of software interrupts (bnc#895802)
* XSA-105: CVE-2014-7155: Missing privilege level checks in x86 HLT,
LGDT, LIDT, and LMSW emulation (bnc#895799)
* XSA-104: CVE-2014-7154: Race condition in HVMOP_track_dirty_vram
(bnc#895798)
* XSA-100: CVE-2014-4021: Hypervisor heap contents leaked to guests
(bnc#880751)
* XSA-96: CVE-2014-3967, CVE-2014-3968: Vulnerabilities in HVM MSI
injection (bnc#878841)
* XSA-89: CVE-2014-2599: HVMOP_set_mem_access is not preemptible
(bnc#867910)
* XSA-65: CVE-2013-4344: qemu SCSI REPORT LUNS buffer overflow
(bnc#842006)
* CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load
(bnc#864801)
The following non-security issues have been fixed:
* xend: Fix netif convertToDeviceNumber for running domains
(bnc#891539)
* Installing SLES12 as a VM on SLES11 SP3 fails because of btrfs in the
VM (bnc#882092)
* XEN kernel panic do_device_not_available() (bnc#881900)
* Boot Failure with xen kernel in UEFI mode with error 'No memory for
trampoline' (bnc#833483)
* SLES 11 SP3 vm-install should get RHEL 7 support when released
(bnc#862608)
* SLES 11 SP3 XEN kiso version cause softlockup on 8 blades npar(480
cpu) (bnc#858178)
* Local attach support for PHY backends using scripts
local_attach_support_for_phy.patch (bnc#865682)
* Improve multipath support for npiv devices block-npiv (bnc#798770)
Security Issues:
* CVE-2013-4344
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4344>
* CVE-2013-4540
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4540>
* CVE-2014-2599
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2599>
* CVE-2014-3967
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3967>
* CVE-2014-3968
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3968>
* CVE-2014-4021
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021>
* CVE-2014-7154
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7154>
* CVE-2014-7155
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7155>
* CVE-2014-7156
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7156>
* CVE-2014-7188
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7188>
SUSE bug 798770SUSE bug 833483SUSE bug 842006SUSE bug 858178SUSE bug 862608SUSE bug 864801SUSE bug 865682SUSE bug 867910SUSE bug 878841SUSE bug 880751SUSE bug 881900SUSE bug 882092SUSE bug 891539SUSE bug 895798SUSE bug 895799SUSE bug 895802SUSE bug 897657CVE-2013-4344CVE-2013-4540CVE-2014-2599CVE-2014-3967CVE-2014-3968CVE-2014-4021CVE-2014-7154CVE-2014-7155CVE-2014-7156CVE-2014-7188cpe:/o:suse:suse_sled:11:sp3Security update for XenSUSE Linux Enterprise Desktop 11 SP3
The Virtualization service XEN was updated to fix various bugs and security
issues.
The following security issues have been fixed:
*
CVE-2015-2756: XSA-126: Unmediated PCI command register access in
qemu could have lead to denial of service attacks against the host,
if PCI cards are passed through to guests.
*
XSA-125: Long latency MMIO mapping operations were not preemptible.
*
CVE-2015-2151: XSA-123: Instructions with register operands ignored
eventual segment overrides encoded for them. Due to an insufficiently
conditional assignment such a bogus segment override could have,
however, corrupted a pointer used subsequently to store the result of
the instruction.
*
CVE-2015-2045: XSA-122: The code handling certain sub-operations of
the HYPERVISOR_xen_version hypercall failed to fully initialize all
fields of structures subsequently copied back to guest memory. Due to
this hypervisor stack contents were copied into the destination of
the operation, thus becoming visible to the guest.
*
CVE-2015-2044: XSA-121: Emulation routines in the hypervisor dealing
with certain system devices checked whether the access size by the
guest is a supported one. When the access size is unsupported these
routines failed to set the data to be returned to the guest for read
accesses, so that hypervisor stack contents were copied into the
destination of the operation, thus becoming visible to the guest.
Also fixed:
* Fully virtualized guest install from network source failed with
'cannot find guest domain' in XEN. (bsc#919341)
Security Issues:
* CVE-2015-2044
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2044>
* CVE-2015-2045
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2045>
* CVE-2015-2151
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2151>
* CVE-2015-2756
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2756>
SUSE bug 918995SUSE bug 918998SUSE bug 919341SUSE bug 919464SUSE bug 922705SUSE bug 922706CVE-2015-2044CVE-2015-2045CVE-2015-2151CVE-2015-2756cpe:/o:suse:suse_sled:11:sp3Security update for XenSUSE Linux Enterprise Desktop 11 SP3
Xen was updated to fix seven security vulnerabilities:
* CVE-2015-4103: Potential unintended writes to host MSI message data
field via qemu. (XSA-128, bnc#931625)
* CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests.
(XSA-129, bnc#931626)
* CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error
messages. (XSA-130, bnc#931627)
* CVE-2015-4106: Unmediated PCI register access in qemu. (XSA-131,
bnc#931628)
* CVE-2015-4163: GNTTABOP_swap_grant_ref operation misbehavior.
(XSA-134, bnc#932790)
* CVE-2015-3209: Heap overflow in qemu pcnet controller allowing guest
to host escape. (XSA-135, bnc#932770)
* CVE-2015-4164: DoS through iret hypercall handler. (XSA-136,
bnc#932996)
Security Issues:
* CVE-2015-4103
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103>
* CVE-2015-4104
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104>
* CVE-2015-4105
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105>
* CVE-2015-4106
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106>
* CVE-2015-4163
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163>
* CVE-2015-4164
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164>
* CVE-2015-3209
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209>
SUSE bug 931625SUSE bug 931626SUSE bug 931627SUSE bug 931628SUSE bug 932770SUSE bug 932790SUSE bug 932996CVE-2015-3209CVE-2015-4103CVE-2015-4104CVE-2015-4105CVE-2015-4106CVE-2015-4163CVE-2015-4164cpe:/o:suse:suse_sled:11:sp3Security update for xen (Moderate)SUSE Linux Enterprise Desktop 11 SP3
This update fixes the following security issues:
- bsc#956832 - CVE-2015-8345: xen: qemu: net: eepro100:
infinite loop in processing command block list
- bsc#956592 - xen: virtual PMU is unsupported (XSA-163)
- bsc#956408 - CVE-2015-8339, CVE-2015-8340: xen:
XENMEM_exchange error handling issues (XSA-159)
- bsc#956409 - CVE-2015-8341: xen: libxl leak of pv kernel
and initrd on error (XSA-160)
- bsc#956411 - CVE-2015-7504: xen: heap buffer overflow
vulnerability in pcnet emulator (XSA-162)
- bsc#947165 - CVE-2015-7311: xen: libxl fails to honour
readonly flag on disks with qemu-xen (xsa-142)
- bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by
triggering an infinite loop in microcode via #DB exception
- bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during
fault delivery (XSA-156)
- bsc#950704 - CVE-2015-7970: xen: x86: Long latency
populate-on-demand operation is not preemptible (XSA-150)
- bsc#951845 - CVE-2015-7972: xen: x86: populate-on-demand
balloon size inaccuracy can crash guests (XSA-153)
- bsc#950703 - CVE-2015-7969: xen: leak of main per-domain
vcpu pointer array (DoS) (XSA-149)
- bsc#950705 - CVE-2015-7969: xen: x86: leak of per-domain
profiling-related vcpu pointer array (DoS) (XSA-151)
- bsc#950706 - CVE-2015-7971: xen: x86: some pmu and
profiling hypercalls log without rate limiting (XSA-152) ModerateSUSE bug 947165SUSE bug 950703SUSE bug 950704SUSE bug 950705SUSE bug 950706SUSE bug 951845SUSE bug 954018SUSE bug 954405SUSE bug 956408SUSE bug 956409SUSE bug 956411SUSE bug 956592SUSE bug 956832CVE-2015-5307CVE-2015-7311CVE-2015-7504CVE-2015-7969CVE-2015-7970CVE-2015-7971CVE-2015-7972CVE-2015-8104CVE-2015-8339CVE-2015-8340CVE-2015-8341CVE-2015-8345cpe:/o:suse:suse_sled:11:sp3Security update for xfsprogs (Moderate)SUSE Linux Enterprise Desktop 11 SP3
xfsprogs was updated to fix one security vulnerability and several bugs.
- Handle unwanted data disclosure in xfs_metadump (bsc#939367, CVE-2012-2150)
- Fix segfault during xfs_repair run (bsc#911866)
- Fix definition of leaf attribute block to avoid gcc optimization xfsprogs-fix-leaf-block-definition
ModerateSUSE bug 911866SUSE bug 939367CVE-2012-2150cpe:/o:suse:suse_sled:11:sp3Security update for xinetdSUSE Linux Enterprise Desktop 11 SP3
The multiplexing system xinetd was updated to fix security issues and a
bug.
Security issues fixed:
* CVE-2013-4342: xinetd ignores user and group directives for tcpmux
services.
* CVE-2012-0862: xinetd enables all services when tcp multiplexing is
used.
Bug fixed:
* Services started by xinetd were limited to 1024 open file
descriptors. (bnc#855685)
Security Issues references:
* CVE-2012-0862
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0862>
* CVE-2013-4342
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342>
SUSE bug 762294SUSE bug 844230SUSE bug 855685CVE-2012-0862CVE-2013-4342cpe:/o:suse:suse_sled:11:sp3Security update for xorg-x11-libsSUSE Linux Enterprise Desktop 11 SP3
xorg-x11-libs was patched to fix the following security issues:
* Integer overflow of allocations in font metadata file parsing.
(CVE-2014-0209)
* libxfont not validating length fields when parsing xfs protocol
replies. (CVE-2014-0210)
* Integer overflows causing miscalculating memory needs for xfs
replies. (CVE-2014-0211)
Further information is available at
http://lists.x.org/archives/xorg-announce/2014-May/002431.html
<http://lists.x.org/archives/xorg-announce/2014-May/002431.html> .
Security Issues references:
* CVE-2014-0209
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0209>
* CVE-2014-0210
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0210>
* CVE-2014-0211
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0211>
SUSE bug 857544CVE-2014-0209CVE-2014-0210CVE-2014-0211cpe:/o:suse:suse_sled:11:sp3Security update for xorg-x11-libX11SUSE Linux Enterprise Desktop 11 SP3
This update of xorg-x11-libX11 fixes several security issues.
Bug 815451/821664
CVE-2013-1981 CVE-2013-1997 CVE-2013-2004
Security Issues:
* CVE-2013-1981
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1981>
* CVE-2013-1997
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1997>
* CVE-2013-2004
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2004>
SUSE bug 815451SUSE bug 821664CVE-2013-1981CVE-2013-1997CVE-2013-2004cpe:/o:suse:suse_sled:11:sp3Security update for xorg-x11-libX11 (Moderate)SUSE Linux Enterprise Desktop 11 SP3
xorg-x11-libX11 was updated to fix one security issue.
This security issue was fixed:
- CVE-2013-7439: Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allowed remote attackers to have unspecified impact via a crafted request, which triggered a buffer overflow (bsc#927220).
ModerateSUSE bug 927220CVE-2013-7439cpe:/o:suse:suse_sled:11:sp3Security update for xorg-x11-libXextSUSE Linux Enterprise Desktop 11 SP3
This update of xorg-x11-libXext fixes several integer overflow issues.
Bug 815451/821665 CVE-2013-1982
Security Issues:
* CVE-2013-1982
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1982>
SUSE bug 815451SUSE bug 821665CVE-2013-1982cpe:/o:suse:suse_sled:11:sp3Security update for xorg-x11-libXfixesSUSE Linux Enterprise Desktop 11 SP3
This update of xorg-x11-libXfixes fixed a integer overflow issue.
Bug 815451/821667 CVE-2013-1983
Security Issues:
* CVE-2013-1983
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1983>
SUSE bug 815451SUSE bug 821667CVE-2013-1983cpe:/o:suse:suse_sled:11:sp3Security update for xorg-x11-libXpSUSE Linux Enterprise Desktop 11 SP3
This update of xorg-x11-libXp fixes several integer overflow issues.
Bug 815451/821668 CVE-2013-2062
Security Issues:
* CVE-2013-2062
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2062>
SUSE bug 815451SUSE bug 821668CVE-2013-2062cpe:/o:suse:suse_sled:11:sp3Security update for xorg-x11-libXrenderSUSE Linux Enterprise Desktop 11 SP3
This update of xorg-x11-libXrender fixes several integer overflow issues.
Bug 815451/821669 CVE-2013-1987
Security Issues:
* CVE-2013-1987
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1987>
SUSE bug 815451SUSE bug 821669CVE-2013-1987cpe:/o:suse:suse_sled:11:sp3Security update for xorg-x11-libXtSUSE Linux Enterprise Desktop 11 SP3
This update of xorg-x11-libXt fixes several integer and buffer overflow
issues.
Bug 815451/821670 CVE-2013-2002/CVE-2013-2005
Security Issues:
* CVE-2013-2002
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2002>
* CVE-2013-2005
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2005>
SUSE bug 815451SUSE bug 821670CVE-2013-2002CVE-2013-2005cpe:/o:suse:suse_sled:11:sp3Security update for xorg-x11-libXvSUSE Linux Enterprise Desktop 11 SP3
This update of xorg-x11-libXv fixes several integer and buffer overflow
issues.
Bug 815451/821671 CVE-2013-1989/CVE-2013-2066
Security Issues:
* CVE-2013-1989
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1989>
* CVE-2013-2066
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2066>
SUSE bug 815451SUSE bug 821671CVE-2013-1989CVE-2013-2066cpe:/o:suse:suse_sled:11:sp3Security update for xscreensaver (Moderate)SUSE Linux Enterprise Desktop 11 SP3
The xscreensaver package was updated to fix the following security and non security issues:
- CVE-2015-8025: Fixed a crash when hot-swapping monitors while locked (bsc#952062).
- Added xscreensaver-in_signal_handler_p.patch needed for fix of signal handling.
- Refresh xscreensaver-stars.patch.
ModerateSUSE bug 952062CVE-2015-8025cpe:/o:suse:suse_sled:11:sp3Security update for MozillaFirefox (Critical)SUSE Linux Enterprise Desktop 11 SP4
This security update (bsc#940918) fixes the following issues:
* MFSA 2015-78 (CVE-2015-4495, bmo#1178058): Same origin violation
* Remove PlayPreview registration from PDF Viewer (bmo#1179262)
CriticalSUSE bug 940918CVE-2015-4495cpe:/o:suse:suse_sled:11:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Desktop 11 SP4
MozillaFirefox was updated to version 38.5.0 esr to fix the following issues:
Following security issues were fixed:
* MFSA 2015-134/CVE-2015-7201/CVE-2015-7202
Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)
* MFSA 2015-138/CVE-2015-7210
Use-after-free in WebRTC when datachannel is used after being
destroyed
* MFSA 2015-139/CVE-2015-7212
Integer overflow allocating extremely large textures
* MFSA 2015-145/CVE-2015-7205
Underflow through code inspection
* MFSA 2015-146/CVE-2015-7213
Integer overflow in MP4 playback in 64-bit versions
* MFSA 2015-147/CVE-2015-7222
Integer underflow and buffer overflow processing MP4 metadata
in libstagefright
* MFSA 2015-149/CVE-2015-7214
Cross-site reading attack through data and view-source URIs
ImportantSUSE bug 959277CVE-2015-7201CVE-2015-7202CVE-2015-7205CVE-2015-7210CVE-2015-7212CVE-2015-7213CVE-2015-7214CVE-2015-7222cpe:/o:suse:suse_sled:11:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Desktop 11 SP4
This update for MozillaFirefox fixes the following issues:
- update to Firefox 38.6.1 ESR (bsc#967087)
* MFSA 2016-14/CVE-2016-1523
(bmo#1246093)
Vulnerabilities in Graphite 2
ImportantSUSE bug 967087CVE-2016-1523cpe:/o:suse:suse_sled:11:sp4Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)SUSE Linux Enterprise Desktop 11 SP4
MozillaFirefox, mozilla-nspr and mozilla-nss were updated to fix 17 security issues.
For more details please check the changelogs.
These security issues were fixed:
- CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979).
- CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979).
- CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979).
- CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979).
- CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979).
- CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979).
- CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033).
- CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979).
This non-security issue was fixed:
- bsc#908275: Firefox did not print in landscape orientation.
ImportantSUSE bug 908275SUSE bug 935033SUSE bug 935979CVE-2015-2721CVE-2015-2722CVE-2015-2724CVE-2015-2725CVE-2015-2726CVE-2015-2728CVE-2015-2730CVE-2015-2733CVE-2015-2734CVE-2015-2735CVE-2015-2736CVE-2015-2737CVE-2015-2738CVE-2015-2739CVE-2015-2740CVE-2015-2743CVE-2015-4000cpe:/o:suse:suse_sled:11:sp4Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)SUSE Linux Enterprise Desktop 11 SP4
This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues:
Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894)
* MFSA 2016-16/CVE-2016-1952/CVE-2016-1953
Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)
* MFSA 2016-17/CVE-2016-1954
Local file overwriting and potential privilege escalation
through CSP reports
* MFSA 2016-20/CVE-2016-1957
A memory leak in libstagefright when deleting an array during
MP4 processing was fixed.
* MFSA 2016-21/CVE-2016-1958
The displayed page address can be overridden
* MFSA 2016-23/CVE-2016-1960
A use-after-free in HTML5 string parser was fixed.
* MFSA 2016-24/CVE-2016-1961
A use-after-free in SetBody was fixed.
* MFSA 2016-25/CVE-2016-1962
A use-after-free when using multiple WebRTC data channels was fixed.
* MFSA 2016-27/CVE-2016-1964
A use-after-free during XML transformations was fixed.
* MFSA 2016-28/CVE-2016-1965
Addressbar spoofing though history navigation and Location
protocol property was fixed.
* MFSA 2016-31/CVE-2016-1966
Memory corruption with malicious NPAPI plugin was fixed.
* MFSA 2016-34/CVE-2016-1974
A out-of-bounds read in the HTML parser following a failed
allocation was fixed.
* MFSA 2016-35/CVE-2016-1950
A buffer overflow during ASN.1 decoding in NSS was fixed.
* MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
Various font vulnerabilities were fixed in the embedded Graphite 2 library
Mozilla NSS was updated to fix:
* MFSA 2016-15/CVE-2016-1978
Use-after-free in NSS during SSL connections in low memory
* MFSA 2016-35/CVE-2016-1950
Buffer overflow during ASN.1 decoding in NSS
* MFSA 2016-36/CVE-2016-1979
Use-after-free during processing of DER encoded keys in NSS
Mozilla NSPR was updated to version 4.12 (bsc#969894)
* added a PR_GetEnvSecure function, which attempts to detect if
the program is being executed with elevated privileges, and
returns NULL if detected. It is recommended to use this function
in general purpose library code.
* fixed a memory allocation bug related to the PR_*printf functions
* exported API PR_DuplicateEnvironment, which had already been
added in NSPR 4.10.9
* added support for FreeBSD aarch64
* several minor correctness and compatibility fixes
* Enable atomic instructions on mips (bmo#1129878)
* Fix mips assertion failure when creating thread with custom
stack size (bmo#1129968)
ImportantSUSE bug 969894CVE-2016-1950CVE-2016-1952CVE-2016-1953CVE-2016-1954CVE-2016-1957CVE-2016-1958CVE-2016-1960CVE-2016-1961CVE-2016-1962CVE-2016-1964CVE-2016-1965CVE-2016-1966CVE-2016-1974CVE-2016-1977CVE-2016-1978CVE-2016-1979CVE-2016-2790CVE-2016-2791CVE-2016-2792CVE-2016-2793CVE-2016-2794CVE-2016-2795CVE-2016-2796CVE-2016-2797CVE-2016-2798CVE-2016-2799CVE-2016-2800CVE-2016-2801CVE-2016-2802cpe:/o:suse:suse_sled:11:sp4security update for xen (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This security update of Xen fixes the following issues:
* bsc#939712 (XSA-140): QEMU leak of uninitialized heap
memory in rtl8139 device model (CVE-2015-5165)
* bsc#939709 (XSA-139): Use after free in QEMU/Xen
block unplug protocol (CVE-2015-5166)
ModerateSUSE bug 939709SUSE bug 939712CVE-2015-5165CVE-2015-5166cpe:/o:suse:suse_sled:11:sp4Security update for augeas (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update fixes an untrusted argument escaping problem (CVE-2014-8119):
* new API - aug_escape_name() - which can be used to escape
untrusted inputs before using them as part of path expressions
* aug_match() is changed to return properly escaped output
ModerateSUSE bug 925225CVE-2014-8119cpe:/o:suse:suse_sled:11:sp4Security update for bind (Important)SUSE Linux Enterprise Desktop 11 SP4
bind was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567)
Exposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling.
ImportantSUSE bug 939567CVE-2015-5477cpe:/o:suse:suse_sled:11:sp4Security update for bind (Important)SUSE Linux Enterprise Desktop 11 SP4
The nameserver bind was updated to fix a remote denial of service (crash) attack against
bind nameservers doing validation on DNSSEC signed records. (CVE-2015-5722, bsc#944066).
ImportantSUSE bug 944066CVE-2015-5722cpe:/o:suse:suse_sled:11:sp4Security update for bind (Important)SUSE Linux Enterprise Desktop 11 SP4
This update fixes the following security issue:
- CVE-2015-8000: Fix remote denial of service by misparsing incoming responses (bsc#958861).
It also fixes a bug:
- Fix a regression in caching entries with a TTL of 0 (bsc#923281).
ImportantSUSE bug 923281SUSE bug 958861CVE-2015-8000cpe:/o:suse:suse_sled:11:sp4Security update for bind (Important)SUSE Linux Enterprise Desktop 11 SP4
This update for bind fixes the following issues:
- CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations (bsc#962189)
ImportantSUSE bug 962189CVE-2015-8704cpe:/o:suse:suse_sled:11:sp4Security update for bind (Important)SUSE Linux Enterprise Desktop 11 SP4
This update for bind fixes the following issues:
Fix two assertion failures that can lead to a remote denial of service attack:
* CVE-2016-1285: An error when parsing signature records for DNAME can lead to named exiting due to an assertion failure. (bsc#970072)
* CVE-2016-1286: An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c. (bsc#970073)
ImportantSUSE bug 970072SUSE bug 970073CVE-2016-1285CVE-2016-1286cpe:/o:suse:suse_sled:11:sp4Security update for cabextract (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This security update fixes the following issues:
- Fix possible infinite loop caused DoS (bsc919283, CVE-2014-9556)
- Fix zero dereference (bsc#934524, CVE-2014-9732)
- Fix off by one (bsc#934527, CVE-2015-4470)
- Fix buffer under-read crash (bsc#934528, CVE-2015-4471)
ModerateSUSE bug 934524SUSE bug 934527SUSE bug 934528CVE-2014-9556CVE-2014-9732CVE-2015-4470CVE-2015-4471cpe:/o:suse:suse_sled:11:sp4Security update for compat-openssl097g (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update for compat-openssl097g fixes the following issues:
Security issue fixed:
- CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure
OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS
routines so any application which reads PKCS#7 or CMS data from untrusted
sources is affected. SSL/TLS is not affected. (bsc#957812)
A non security issue fixed:
- Prevent segfault in s_client with invalid options (bsc#952099)
ModerateSUSE bug 952099SUSE bug 957812CVE-2015-3195cpe:/o:suse:suse_sled:11:sp4Security update for compat-openssl097g (Important)SUSE Linux Enterprise Desktop 11 SP4
This update for compat-openssl097g fixes the following issues:
- CVE-2016-0800 aka the 'DROWN' attack (bsc#968046):
OpenSSL was vulnerable to a cross-protocol attack that could lead to
decryption of TLS sessions by using a server supporting SSLv2 and
EXPORT cipher suites as a Bleichenbacher RSA padding oracle.
This update changes the openssl library to:
* Disable SSLv2 protocol support by default.
This can be overridden by setting the environment variable
'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the
SSL_OP_NO_SSLv2 flag.
Note that various services and clients had already disabled SSL
protocol 2 by default previously.
* Disable all weak EXPORT ciphers by default. These can be reenabled
if required by old legacy software using the environment variable
'OPENSSL_ALLOW_EXPORT'.
- CVE-2016-0705 (bnc#968047):
A double free() bug in the DSA ASN1 parser code was fixed that could
be abused to facilitate a denial-of-service attack.
- CVE-2016-0797 (bnc#968048):
The BN_hex2bn() and BN_dec2bn() functions had a bug that could result
in an attempt to de-reference a NULL pointer leading to crashes.
This could have security consequences if these functions were ever
called by user applications with large untrusted hex/decimal data. Also,
internal usage of these functions in OpenSSL uses data from config files
or application command line arguments. If user developed applications
generated config file data based on untrusted data, then this could
have had security consequences as well.
- CVE-2016-0799 (bnc#968374)
On many 64 bit systems, the internal fmtstr() and doapr_outch()
functions could miscalculate the length of a string and attempt to
access out-of-bounds memory locations. These problems could have
enabled attacks where large amounts of untrusted data is passed to
the BIO_*printf functions. If applications use these functions in
this way then they could have been vulnerable. OpenSSL itself uses
these functions when printing out human-readable dumps of ASN.1
data. Therefore applications that print this data could have been
vulnerable if the data is from untrusted sources. OpenSSL command line
applications could also have been vulnerable when they print out ASN.1
data, or if untrusted data is passed as command line arguments. Libssl
is not considered directly vulnerable.
- CVE-2016-0800 aka the 'DROWN' attack (bsc#968046):
OpenSSL was vulnerable to a cross-protocol attack that could lead to
decryption of TLS sessions by using a server supporting SSLv2 and
EXPORT cipher suites as a Bleichenbacher RSA padding oracle.
This update changes the openssl library to:
* Disable SSLv2 protocol support by default.
This can be overridden by setting the environment variable
'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the
SSL_OP_NO_SSLv2 flag.
Note that various services and clients had already disabled SSL
protocol 2 by default previously.
* Disable all weak EXPORT ciphers by default. These can be reenabled
if required by old legacy software using the environment variable
'OPENSSL_ALLOW_EXPORT'.
- CVE-2016-0705 (bnc#968047):
A double free() bug in the DSA ASN1 parser code was fixed that could
be abused to facilitate a denial-of-service attack.
- CVE-2016-0797 (bnc#968048):
The BN_hex2bn() and BN_dec2bn() functions had a bug that could result
in an attempt to de-reference a NULL pointer leading to crashes.
This could have security consequences if these functions were ever
called by user applications with large untrusted hex/decimal data. Also,
internal usage of these functions in OpenSSL uses data from config files
or application command line arguments. If user developed applications
generated config file data based on untrusted data, then this could
have had security consequences as well.
- CVE-2016-0799 (bnc#968374)
On many 64 bit systems, the internal fmtstr() and doapr_outch()
functions could miscalculate the length of a string and attempt to
access out-of-bounds memory locations. These problems could have
enabled attacks where large amounts of untrusted data is passed to
the BIO_*printf functions. If applications use these functions in
this way then they could have been vulnerable. OpenSSL itself uses
these functions when printing out human-readable dumps of ASN.1
data. Therefore applications that print this data could have been
vulnerable if the data is from untrusted sources. OpenSSL command line
applications could also have been vulnerable when they print out ASN.1
data, or if untrusted data is passed as command line arguments. Libssl
is not considered directly vulnerable.
- CVE-2015-3197 (bsc#963415):
The SSLv2 protocol did not block disabled ciphers.
Note that the March 1st 2016 release also references following CVEs
that were fixed by us with CVE-2015-0293 in 2015:
- CVE-2016-0703 (bsc#968051): This issue only affected versions of
OpenSSL prior to March 19th 2015 at which time the code was refactored
to address vulnerability CVE-2015-0293. It would have made the above
'DROWN' attack much easier.
- CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2'
This issue only affected versions of OpenSSL prior to March 19th
2015 at which time the code was refactored to address vulnerability
CVE-2015-0293. It would have made the above 'DROWN' attack much easier.
ImportantSUSE bug 963415SUSE bug 968046SUSE bug 968048SUSE bug 968051SUSE bug 968053SUSE bug 968374CVE-2015-3197CVE-2016-0702CVE-2016-0703CVE-2016-0797CVE-2016-0799CVE-2016-0800cpe:/o:suse:suse_sled:11:sp4Security update for curl (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update for curl fixes the following issues:
- CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983)
The following non-security bugs were fixed:
- bsc#926511: Check for errors on the control connection during FTP transfers
The following tracked bugs only affect the test suite:
- bsc#962996: Expired cookie in test 46 caused test failures
ModerateSUSE bug 926511SUSE bug 962983SUSE bug 962996CVE-2016-0755cpe:/o:suse:suse_sled:11:sp4Security update for dhcp (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update for dhcp fixes the following issues:
- CVE-2015-8605: A remote attacker could have used badly formed packets with an invalid IPv4 UDP length field to cause a DHCP server, client, or relay program to terminate abnormally (bsc#961305)
The following bugs were fixed:
- bsc#936923: Improper lease duration checking
- bsc#880984: Integer overflows in the date and time handling code
- bsc#947780: DHCP server could abort with 'Unable to set up timer: out of range' on very long or infinite timer intervals / lease lifetimes
- bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly
- bsc#928390: dhclient dit not expose next-server DHCPv4 option to script
- bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly
ModerateSUSE bug 880984SUSE bug 919959SUSE bug 926159SUSE bug 928390SUSE bug 936923SUSE bug 947780SUSE bug 961305CVE-2015-8605cpe:/o:suse:suse_sled:11:sp4Security update for dhcpcd (Important)SUSE Linux Enterprise Desktop 11 SP4
dhcpcd was updated to fix three security issues.
These security issues were fixed:
- CVE-2012-6698: A potential out of bounds write was fixed, which could lead to memory corruption, triggerable by network local attackers.
- CVE-2012-6699: A loop error was fixed that could lead out of bound reads, triggerable by network local attackers.
- CVE-2012-6700: An incorrect free could lead to crashes, triggerable by network local attackers.
ImportantSUSE bug 955762CVE-2012-6698CVE-2012-6699CVE-2012-6700cpe:/o:suse:suse_sled:11:sp4Security update for ecryptfs-utils (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update for ecryptfs-utils fixes the following issues:
- CVE-2016-1572: A local user could have escalated privileges by mounting over special filesystems (bsc#962052)
- CVE-2014-9687: A default salt value reduced complexity of offline precomputation attacks (bsc#920160)
ModerateSUSE bug 920160SUSE bug 962052CVE-2014-9687CVE-2016-1572cpe:/o:suse:suse_sled:11:sp4Security update for fetchmail (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update for fetchmail fixes the following issues:
- CVE-2012-3482: A denial of service vulnerability in the base64 decoder during processing server NTLM protocol exchange was fixed (bsc#775988).
ModerateSUSE bug 775988CVE-2012-3482cpe:/o:suse:suse_sled:11:sp4Security update for MozillaFirefox, mozilla-nspr (Important)SUSE Linux Enterprise Desktop 11 SP4
Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003),
fixing bugs and security issues.
* MFSA 2015-96/CVE-2015-4500/CVE-2015-4501
Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)
* MFSA 2015-101/CVE-2015-4506
Buffer overflow in libvpx while parsing vp9 format video
* MFSA 2015-105/CVE-2015-4511
Buffer overflow while decoding WebM video
* MFSA 2015-106/CVE-2015-4509
Use-after-free while manipulating HTML media content
* MFSA 2015-110/CVE-2015-4519
Dragging and dropping images exposes final URL after
redirects
* MFSA 2015-111/CVE-2015-4520
Errors in the handling of CORS preflight request headers
* MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522
CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177
CVE-2015-7180
Vulnerabilities found through code inspection
More details can be found on
https://www.mozilla.org/en-US/security/advisories/
The Mozilla NSPR library was updated to version 4.10.9, fixing various bugs.
ImportantSUSE bug 947003CVE-2015-4500CVE-2015-4501CVE-2015-4506CVE-2015-4509CVE-2015-4511CVE-2015-4517CVE-2015-4519CVE-2015-4520CVE-2015-4521CVE-2015-4522CVE-2015-7174CVE-2015-7175CVE-2015-7176CVE-2015-7177CVE-2015-7180cpe:/o:suse:suse_sled:11:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Desktop 11 SP4
Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003),
fixing bugs and security issues.
* MFSA 2015-96/CVE-2015-4500/CVE-2015-4501
Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)
* MFSA 2015-101/CVE-2015-4506
Buffer overflow in libvpx while parsing vp9 format video
* MFSA 2015-105/CVE-2015-4511
Buffer overflow while decoding WebM video
* MFSA 2015-106/CVE-2015-4509
Use-after-free while manipulating HTML media content
* MFSA 2015-110/CVE-2015-4519
Dragging and dropping images exposes final URL after
redirects
* MFSA 2015-111/CVE-2015-4520
Errors in the handling of CORS preflight request headers
* MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522
CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177
CVE-2015-7180
Vulnerabilities found through code inspection
More details can be found on
https://www.mozilla.org/en-US/security/advisories/
ImportantSUSE bug 947003CVE-2015-4500CVE-2015-4501CVE-2015-4506CVE-2015-4509CVE-2015-4511CVE-2015-4517CVE-2015-4519CVE-2015-4520CVE-2015-4521CVE-2015-4522CVE-2015-7174CVE-2015-7175CVE-2015-7176CVE-2015-7177CVE-2015-7180cpe:/o:suse:suse_sled:11:sp4Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)SUSE Linux Enterprise Desktop 11 SP4
This Mozilla Firefox, NSS and NSPR update fixes the following security
and non security issues.
- mozilla-nspr was updated to version 4.10.10 (bsc#952810)
* MFSA 2015-133/CVE-2015-7183
(bmo#1205157)
NSPR memory corruption issues
- mozilla-nss was updated to 3.19.2.1 (bsc#952810)
* MFSA 2015-133/CVE-2015-7181/CVE-2015-7182
(bmo#1192028, bmo#1202868)
NSS and NSPR memory corruption issues
- MozillaFirefox was updated to 38.4.0 ESR (bsc#952810)
* MFSA 2015-116/CVE-2015-4513
(bmo#1107011, bmo#1191942, bmo#1193038, bmo#1204580,
bmo#1204669, bmo#1204700, bmo#1205707, bmo#1206564,
bmo#1208665, bmo#1209471, bmo#1213979)
Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)
* MFSA 2015-122/CVE-2015-7188
(bmo#1199430)
Trailing whitespace in IP address hostnames can bypass
same-origin policy
* MFSA 2015-123/CVE-2015-7189
(bmo#1205900)
Buffer overflow during image interactions in canvas
* MFSA 2015-127/CVE-2015-7193
(bmo#1210302)
CORS preflight is bypassed when non-standard Content-Type
headers are received
* MFSA 2015-128/CVE-2015-7194
(bmo#1211262)
Memory corruption in libjar through zip files
* MFSA 2015-130/CVE-2015-7196
(bmo#1140616)
JavaScript garbage collection crash with Java applet
* MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
(bmo#1204061, bmo#1188010, bmo#1204155)
Vulnerabilities found through code inspection
* MFSA 2015-132/CVE-2015-7197
(bmo#1204269)
Mixed content WebSocket policy bypass through workers
* MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
(bmo#1202868, bmo#1192028, bmo#1205157)
NSS and NSPR memory corruption issues
- fix printing on landscape media (bsc#908275)
ImportantSUSE bug 908275SUSE bug 952810CVE-2015-4513CVE-2015-7181CVE-2015-7182CVE-2015-7183CVE-2015-7188CVE-2015-7189CVE-2015-7193CVE-2015-7194CVE-2015-7196CVE-2015-7197CVE-2015-7198CVE-2015-7199CVE-2015-7200cpe:/o:suse:suse_sled:11:sp4Security update for MozillaFirefox, mozilla-nss (Important)SUSE Linux Enterprise Desktop 11 SP4
Mozilla Firefox is being updated to the current Firefox 38ESR branch (specifically the 38.2.0ESR release).
Security issues fixed:
- MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file stealing via PDF reader
- MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)
- MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file
- MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable JavaScript object properties
- MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright
- MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in JavaScript
- MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling bitmap images
- MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx when decoding WebM video
- MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489: Vulnerabilities found through code inspection
- MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with shared workers
This update also contains a lot of feature improvements and bug fixes from 31ESR to 38ESR.
Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which is what Firefox 38ESR uses.
ImportantSUSE bug 940806CVE-2015-4473CVE-2015-4474CVE-2015-4475CVE-2015-4478CVE-2015-4479CVE-2015-4484CVE-2015-4485CVE-2015-4486CVE-2015-4487CVE-2015-4488CVE-2015-4489CVE-2015-4491CVE-2015-4492CVE-2015-4495cpe:/o:suse:suse_sled:11:sp4Security update for flash-player (Critical)SUSE Linux Enterprise Desktop 11 SP4
flash-player was updated to fix 35 security issues.
These security issues were fixed:
- CVE-2015-3135, CVE-2015-4432, CVE-2015-5118: Heap buffer overflow vulnerabilities that could lead to code execution (bsc#937339).
- CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431: Memory corruption vulnerabilities that could lead to code execution (bsc#937339).
- CVE-2015-3126, CVE-2015-4429: Null pointer dereference issues (bsc#937339).
- CVE-2015-3114: A security bypass vulnerability that could lead to information disclosure (bsc#937339).
- CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433: Type confusion vulnerabilities that could lead to code execution (bsc#937339).
- CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119: Use-after-free vulnerabilities that could lead to code execution (bsc#937339).
- CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116: Vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure (bsc#937339).
CriticalSUSE bug 937339CVE-2014-0578CVE-2015-3114CVE-2015-3115CVE-2015-3116CVE-2015-3117CVE-2015-3118CVE-2015-3119CVE-2015-3120CVE-2015-3121CVE-2015-3122CVE-2015-3123CVE-2015-3124CVE-2015-3125CVE-2015-3126CVE-2015-3127CVE-2015-3128CVE-2015-3129CVE-2015-3130CVE-2015-3131CVE-2015-3132CVE-2015-3133CVE-2015-3134CVE-2015-3135CVE-2015-3136CVE-2015-3137CVE-2015-4428CVE-2015-4429CVE-2015-4430CVE-2015-4431CVE-2015-4432CVE-2015-4433CVE-2015-5116CVE-2015-5117CVE-2015-5118CVE-2015-5119cpe:/o:suse:suse_sled:11:sp4Security update for flash-player (Critical)SUSE Linux Enterprise Desktop 11 SP4
flash-player was updated to fix two security issues.
These security issues were fixed:
- CVE-2015-5123: Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function (bsc#937752).
- CVE-2015-5122: Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property (bsc#937752).
CriticalSUSE bug 937752CVE-2015-5122CVE-2015-5123cpe:/o:suse:suse_sled:11:sp4Security update for flash-player (Critical)SUSE Linux Enterprise Desktop 11 SP4
This security update to 11.2.202.508 (bsc#941239) fixes the
following issues:
* APSB15-19: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125,
CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130,
CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134,
CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544,
CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548,
CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552,
CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556,
CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560,
CVE-2015-5561, CVE-2015-5562, CVE-2015-5563
CriticalSUSE bug 941239CVE-2015-3107CVE-2015-5124CVE-2015-5125CVE-2015-5127CVE-2015-5128CVE-2015-5129CVE-2015-5130CVE-2015-5131CVE-2015-5132CVE-2015-5133CVE-2015-5134CVE-2015-5539CVE-2015-5540CVE-2015-5541CVE-2015-5544CVE-2015-5545CVE-2015-5546CVE-2015-5547CVE-2015-5548CVE-2015-5549CVE-2015-5550CVE-2015-5551CVE-2015-5552CVE-2015-5553CVE-2015-5554CVE-2015-5555CVE-2015-5556CVE-2015-5557CVE-2015-5558CVE-2015-5559CVE-2015-5560CVE-2015-5561CVE-2015-5562CVE-2015-5563cpe:/o:suse:suse_sled:11:sp4Security update for flash-player (Important)SUSE Linux Enterprise Desktop 11 SP4
Adobe Flash Player was updated to 11.2.202.521 (APSB15-23 bsc#946880) fixing several security issues:
More information can be found on:
https://helpx.adobe.com/security/products/flash-player/apsb15-23.html
ImportantSUSE bug 946880CVE-2015-5567CVE-2015-5568CVE-2015-5570CVE-2015-5571CVE-2015-5572CVE-2015-5573CVE-2015-5574CVE-2015-5575CVE-2015-5576CVE-2015-5577CVE-2015-5578CVE-2015-5579CVE-2015-5580CVE-2015-5581CVE-2015-5582CVE-2015-5584CVE-2015-5587CVE-2015-5588CVE-2015-6676CVE-2015-6677CVE-2015-6678CVE-2015-6679CVE-2015-6682cpe:/o:suse:suse_sled:11:sp4Security update for flash-player (Important)SUSE Linux Enterprise Desktop 11 SP4
flash-player was updated to version 11.2.202.535 to fix 13 security issues (bsc#950169).
These security issues were fixed:
- A vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2015-7628).
- A defense-in-depth feature in the Flash broker API (CVE-2015-5569).
- Use-after-free vulnerabilities that could lead to code execution (CVE-2015-7629, CVE-2015-7631, CVE-2015-7643, CVE-2015-7644).
- A buffer overflow vulnerability that could lead to code execution (CVE-2015-7632).
- Memory corruption vulnerabilities that could lead to code execution (CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, CVE-2015-7634).
ImportantSUSE bug 950169CVE-2015-5569CVE-2015-7625CVE-2015-7626CVE-2015-7627CVE-2015-7628CVE-2015-7629CVE-2015-7630CVE-2015-7631CVE-2015-7632CVE-2015-7633CVE-2015-7634CVE-2015-7643CVE-2015-7644cpe:/o:suse:suse_sled:11:sp4Security update for flash-player (Critical)SUSE Linux Enterprise Desktop 11 SP4
flash-player was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-7645: Critical vulnerability affecting 11.2.202.535 used in Pawn Storm (APSA15-05) (bsc#950474).
CriticalSUSE bug 950474CVE-2015-7645cpe:/o:suse:suse_sled:11:sp4Security update for flash-player (Moderate)SUSE Linux Enterprise Desktop 11 SP4
The flash-player package was updated to fix the following security issues:
- Security update to 11.2.202.548 (bsc#954512):
* APSB15-28, CVE-2015-7651, CVE-2015-7652, CVE-2015-7653,
CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657,
CVE-2015-7658, CVE-2015-7659, CVE-2015-7660, CVE-2015-7661,
CVE-2015-7662, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043,
CVE-2015-8044, CVE-2015-8046
ModerateSUSE bug 954512CVE-2015-7651CVE-2015-7652CVE-2015-7653CVE-2015-7654CVE-2015-7655CVE-2015-7656CVE-2015-7657CVE-2015-7658CVE-2015-7659CVE-2015-7660CVE-2015-7661CVE-2015-7662CVE-2015-7663CVE-2015-8042CVE-2015-8043CVE-2015-8044CVE-2015-8046cpe:/o:suse:suse_sled:11:sp4Security update for flash-player (Important)SUSE Linux Enterprise Desktop 11 SP4
This update for flash-player to version 11.2.202.554 fixes the following security issues
in Adobe security advisory APSB15-32.
* These updates resolve heap buffer overflow vulnerabilities that could
lead to code execution (CVE-2015-8438, CVE-2015-8446).
* These updates resolve memory corruption vulnerabilities that could
lead to code execution (CVE-2015-8444, CVE-2015-8443, CVE-2015-8417,
CVE-2015-8416, CVE-2015-8451, CVE-2015-8047, CVE-2015-8455, CVE-2015-8045,
CVE-2015-8418, CVE-2015-8060, CVE-2015-8419, CVE-2015-8408).
* These updates resolve security bypass vulnerabilities (CVE-2015-8453,
CVE-2015-8440, CVE-2015-8409).
* These updates resolve a stack overflow vulnerability that could lead
to code execution (CVE-2015-8407).
* These updates resolve a type confusion vulnerability that could lead
to code execution (CVE-2015-8439).
* These updates resolve an integer overflow vulnerability that could
lead to code execution (CVE-2015-8445).
* These updates resolve a buffer overflow vulnerability that could lead
to code execution (CVE-2015-8415)
* These updates resolve use-after-free vulnerabilities that could
lead to code execution (CVE-2015-8050, CVE-2015-8049, CVE-2015-8437,
CVE-2015-8450, CVE-2015-8449, CVE-2015-8448, CVE-2015-8436, CVE-2015-8452,
CVE-2015-8048, CVE-2015-8413, CVE-2015-8412, CVE-2015-8410, CVE-2015-8411,
CVE-2015-8424, CVE-2015-8422, CVE-2015-8420, CVE-2015-8421, CVE-2015-8423,
CVE-2015-8425, CVE-2015-8433, CVE-2015-8432, CVE-2015-8431, CVE-2015-8426,
CVE-2015-8430, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8434,
CVE-2015-8435, CVE-2015-8414, CVE-2015-8454, CVE-2015-8059, CVE-2015-8058,
CVE-2015-8055, CVE-2015-8057, CVE-2015-8056, CVE-2015-8061, CVE-2015-8067,
CVE-2015-8066, CVE-2015-8062, CVE-2015-8068, CVE-2015-8064, CVE-2015-8065,
CVE-2015-8063, CVE-2015-8405, CVE-2015-8404, CVE-2015-8402, CVE-2015-8403,
CVE-2015-8071, CVE-2015-8401, CVE-2015-8406, CVE-2015-8069, CVE-2015-8070,
CVE-2015-8441, CVE-2015-8442, CVE-2015-8447).
Please also see
https://helpx.adobe.com/security/products/flash-player/apsb15-32.html
ImportantSUSE bug 958324CVE-2015-8045CVE-2015-8047CVE-2015-8048CVE-2015-8049CVE-2015-8050CVE-2015-8055CVE-2015-8056CVE-2015-8057CVE-2015-8058CVE-2015-8059CVE-2015-8060CVE-2015-8061CVE-2015-8062CVE-2015-8063CVE-2015-8064CVE-2015-8065CVE-2015-8066CVE-2015-8067CVE-2015-8068CVE-2015-8069CVE-2015-8070CVE-2015-8071CVE-2015-8401CVE-2015-8402CVE-2015-8403CVE-2015-8404CVE-2015-8405CVE-2015-8406CVE-2015-8407CVE-2015-8408CVE-2015-8409CVE-2015-8410CVE-2015-8411CVE-2015-8412CVE-2015-8413CVE-2015-8414CVE-2015-8415CVE-2015-8416CVE-2015-8417CVE-2015-8418CVE-2015-8419CVE-2015-8420CVE-2015-8421CVE-2015-8422CVE-2015-8423CVE-2015-8424CVE-2015-8425CVE-2015-8426CVE-2015-8427CVE-2015-8428CVE-2015-8429CVE-2015-8430CVE-2015-8431CVE-2015-8432CVE-2015-8433CVE-2015-8434CVE-2015-8435CVE-2015-8436CVE-2015-8437CVE-2015-8438CVE-2015-8439CVE-2015-8440CVE-2015-8441CVE-2015-8442CVE-2015-8443CVE-2015-8444CVE-2015-8445CVE-2015-8446CVE-2015-8447CVE-2015-8448CVE-2015-8449CVE-2015-8450CVE-2015-8451CVE-2015-8452CVE-2015-8453CVE-2015-8454CVE-2015-8455cpe:/o:suse:suse_sled:11:sp4Security update for flash-player (Important)SUSE Linux Enterprise Desktop 11 SP4
This update for flash-player fixes the following issues:
- CVE-2015-8644: Type confusion vulnerability that could lead to code execution.
- CVE-2015-8651: Integer overflow vulnerability that could lead to code execution.
- CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650: Use-after-free vulnerabilities that could lead to code execution.
- CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645: Memory corruption vulnerabilities that could lead to code execution.
ImportantSUSE bug 960317CVE-2015-8459CVE-2015-8460CVE-2015-8634CVE-2015-8635CVE-2015-8636CVE-2015-8638CVE-2015-8639CVE-2015-8640CVE-2015-8641CVE-2015-8642CVE-2015-8643CVE-2015-8644CVE-2015-8645CVE-2015-8646CVE-2015-8647CVE-2015-8648CVE-2015-8649CVE-2015-8650CVE-2015-8651cpe:/o:suse:suse_sled:11:sp4Security update for flash-player (Important)SUSE Linux Enterprise Desktop 11 SP4
This update for flash-player fixes the following issues:
- Security update to 11.2.202.569 (bsc#965901):
* APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,
CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970,
CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974,
CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978,
CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982,
CVE-2016-0983, CVE-2016-0984, CVE-2016-0985
ImportantSUSE bug 965901CVE-2016-0964CVE-2016-0965CVE-2016-0966CVE-2016-0967CVE-2016-0968CVE-2016-0969CVE-2016-0970CVE-2016-0971CVE-2016-0972CVE-2016-0973CVE-2016-0974CVE-2016-0975CVE-2016-0976CVE-2016-0977CVE-2016-0978CVE-2016-0979CVE-2016-0980CVE-2016-0981CVE-2016-0982CVE-2016-0983CVE-2016-0984CVE-2016-0985cpe:/o:suse:suse_sled:11:sp4Security update for flash-player (Important)SUSE Linux Enterprise Desktop 11 SP4
Adobe flash-player was updated to 11.2.202.577 to fix the following
list of security issues (bsc#970547):
These updates resolve integer overflow vulnerabilities that could lead
to code execution (CVE-2016-0963, CVE-2016-0993, CVE-2016-1010).
These updates resolve use-after-free vulnerabilities that could
lead to code execution (CVE-2016-0987, CVE-2016-0988, CVE-2016-0990,
CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997,
CVE-2016-0998, CVE-2016-0999, CVE-2016-1000).
These updates resolve a heap overflow vulnerability that could lead to
code execution (CVE-2016-1001).
These updates resolve memory corruption vulnerabilities that could
lead to code execution (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962,
CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002,
CVE-2016-1005).
Adobe advisory with more information:
https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
ImportantSUSE bug 970547CVE-2016-0960CVE-2016-0961CVE-2016-0962CVE-2016-0963CVE-2016-0986CVE-2016-0987CVE-2016-0988CVE-2016-0989CVE-2016-0990CVE-2016-0991CVE-2016-0992CVE-2016-0993CVE-2016-0994CVE-2016-0995CVE-2016-0996CVE-2016-0997CVE-2016-0998CVE-2016-0999CVE-2016-1000CVE-2016-1001CVE-2016-1002CVE-2016-1005CVE-2016-1010cpe:/o:suse:suse_sled:11:sp4Security update for foomatic-filters (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update fixes the following security issues:
CVE-2015-8327: adds backtick and semicolon to the list of illegal shell escape characters (bsc#957531).
CVE-2015-8560: fixed code execution via improper escaping of ; (bsc#957531).
ModerateSUSE bug 957531CVE-2015-8327CVE-2015-8560cpe:/o:suse:suse_sled:11:sp4Security update for gcc5 (Moderate)SUSE Linux Enterprise Desktop 11 SP4
The GNU Compiler Collection was updated to version 5.3.1, which brings several fixes
and enhancements.
The following security issue has been fixed:
- Fix C++11 std::random_device short read issue that could lead to predictable
randomness. (CVE-2015-5276, bsc#945842)
The following non-security issues have been fixed:
- Enable frame pointer for TARGET_64BIT_MS_ABI when stack is misaligned. Fixes internal
compiler error when building Wine. (bsc#966220)
- Fix a PowerPC specific issue in gcc-go that broke compilation of newer versions of
Docker. (bsc#964468)
- Fix HTM built-ins on PowerPC. (bsc#955382)
- Fix libgo certificate lookup. (bsc#953831)
- Suppress deprecated-declarations warnings for inline definitions of deprecated virtual
methods. (bsc#939460)
- Revert accidental libffi ABI breakage on aarch64. (bsc#968771)
- On x86_64, set default 32bit code generation to -march=x86-64 rather than -march=i586.
- Add experimental File System TS library.
ModerateSUSE bug 939460SUSE bug 945842SUSE bug 953831SUSE bug 955382SUSE bug 962765SUSE bug 964468SUSE bug 966220SUSE bug 968771CVE-2015-5276cpe:/o:suse:suse_sled:11:sp4Security update for giflib (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update for giflib fixes the following issues:
- CVE-2015-7555: Heap overflow in giffix (bsc#960319)
ModerateSUSE bug 960319CVE-2015-7555cpe:/o:suse:suse_sled:11:sp4Security update for glibc (Important)SUSE Linux Enterprise Desktop 11 SP4
This update for glibc provides fixes for security and non-security issues.
These security issues have been fixed:
- CVE-2015-1781: Buffer length after padding in resolv/nss_dns/dns-host.c. (bsc#927080)
- CVE-2013-2207: pt_chown did not properly check permissions for tty files, which allowed
local users to change the permission on the files and obtain access to arbitrary
pseudo-terminals by leveraging a FUSE file system. (bsc#830257)
- CVE-2014-8121: DB_LOOKUP in the Name Service Switch (NSS) did not properly check if a
file is open, which allowed remote attackers to cause a denial of service (infinite loop)
by performing a look-up while the database is iterated over the database, which triggers
the file pointer to be reset. (bsc#918187)
- Fix read past end of pattern in fnmatch. (bsc#920338)
These non-security issues have been fixed:
- Fix locking in _IO_flush_all_lockp() to prevent deadlocks in applications. (bsc#851280)
- Record TTL also for DNS PTR queries. (bsc#928723)
- Fix invalid free in ld.so. (bsc#932059)
- Make PowerPC64 default to non-executable stack. (bsc#933770)
- Fix floating point exceptions in some circumstances with exp() and friends. (bsc#933903)
- Fix bad TEXTREL in glibc.i686. (bsc#935286)
ImportantSUSE bug 830257SUSE bug 851280SUSE bug 918187SUSE bug 920338SUSE bug 927080SUSE bug 928723SUSE bug 932059SUSE bug 933770SUSE bug 933903SUSE bug 935286CVE-2013-2207CVE-2014-8121CVE-2015-1781cpe:/o:suse:suse_sled:11:sp4Security update for glibc (Important)SUSE Linux Enterprise Desktop 11 SP4
This update for glibc fixes the following issues:
- CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721)
- CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944)
- CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736)
- CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737)
- CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738)
- CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739)
The following non-security bugs were fixed:
- bsc#930721: Accept leading and trailing spaces in getdate input string
- bsc#942317: Recognize power8 platform
- bsc#950944: Always enable pointer guard
- bsc#956988: Fix deadlock in __dl_iterate_phdr
ImportantSUSE bug 930721SUSE bug 942317SUSE bug 950944SUSE bug 956988SUSE bug 961721SUSE bug 962736SUSE bug 962737SUSE bug 962738SUSE bug 962739CVE-2014-9761CVE-2015-7547CVE-2015-8776CVE-2015-8777CVE-2015-8778CVE-2015-8779cpe:/o:suse:suse_sled:11:sp4Security update for gnutls (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This security update of gnutls fixes the following issues:
- use minimal padding for CBC, the default random length padding
causes problems with some servers (bsc#925499)
* added gnutls-use_minimal_cbc_padding.patch
- use the default DH minimum for gnutls-cli instead of hardcoding 512
* CVE-2015-4000 (Logjam) (bsc#932026)
* added gnutls-CVE-2015-4000-logjam-use_the_default_DH_min_for_cli.patch
ModerateSUSE bug 925499SUSE bug 932026CVE-2015-4000cpe:/o:suse:suse_sled:11:sp4Security update for gnutls (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update for gnutls fixes the following security issues:
- CVE-2015-8313: First byte of the padding in CBC mode is not checked (bsc#957568)
- CVE-2015-2806: Two-byte stack overflow in asn1_der_decoding (bsc#924828)
ModerateSUSE bug 924828SUSE bug 947271SUSE bug 957568CVE-2015-2806CVE-2015-8313cpe:/o:suse:suse_sled:11:sp4Security update for gpg2 (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update for gpg2 fixes the following issues:
- Fix cve-2015-1606 (bsc#918089)
* Invalid memory read using a garbled keyring
* 0001-Gpg-prevent-an-invalid-memory-read-using-a-garbled-k.patch
- Fix cve-2015-1607 (bsc#918090)
* Memcpy with overlapping ranges
* 0001-Use-inline-functions-to-convert-buffer-data-to-scala.patch
ModerateSUSE bug 918089SUSE bug 918090CVE-2015-1606CVE-2015-1607cpe:/o:suse:suse_sled:11:sp4Security update for grub2 (Important)SUSE Linux Enterprise Desktop 11 SP4
This update for grub2 provides the following fixes:
A security issues with a bufferoverflow when reading username and password was fixed (bsc#956631, CVE-2015-8370)
Also following bugs were fixed:
- Fix buffer overflows when reading username and password. (bsc#956631, CVE-2015-8370)
- Expand list of grub.cfg search path in PV Xen guests for systems installed
on btrfs snapshots. (bsc#946148, bsc#952539)
- Add grub.xen config searching path on boot partition. (bsc#884828)
- Add linux16 and initrd16 to grub.xen. (bsc#884830)
ImportantSUSE bug 884828SUSE bug 884830SUSE bug 946148SUSE bug 952539SUSE bug 954592SUSE bug 956631CVE-2015-8370cpe:/o:suse:suse_sled:11:sp4Security update for gtk2 (Moderate)SUSE Linux Enterprise Desktop 11 SP4
gtk2 was updated to fix two security issues.
These security issues were fixed:
- CVE-2015-4491: Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, allowed remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that were mishandled during scaling (bsc#942801).
- CVE-2015-7674: Fix overflow when scaling GIF files (bsc#948791).
This non-security issue was fixed:
- Add the script which generates gdk-pixbuf64.loaders to the spec file (bsc#922741).
ModerateSUSE bug 922741SUSE bug 942801SUSE bug 948791CVE-2015-4491CVE-2015-7674cpe:/o:suse:suse_sled:11:sp4Security update for gdk2 (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update for gdk2 fixes the following security issues:
- CVE-2015-7552: various overflows, including heap overflow in flipping bmp files (bsc#958963)
The following non-security issues were fixed:
- bsc#960155: fix a possible divide by zero ModerateSUSE bug 958963SUSE bug 960155CVE-2015-7552cpe:/o:suse:suse_sled:11:sp4Security update for icedtea-web (Moderate)SUSE Linux Enterprise Desktop 11 SP4
The Java Plugin IcedTea Web was updated to 1.5.2, fixing bugs and security issues.
* permissions sandbox and signed app and unsigned app with
permissions all-permissions now run in sandbox instead of not at
all.
* fixed DownloadService
* RH1231441 Unable to read the text of the buttons of the
security dialogue
* Fixed RH1233697 icedtea-web: applet origin spoofing
(CVE-2015-5235, bsc#944208)
* Fixed RH1233667 icedtea-web: unexpected permanent authorization
of unsigned applets (CVE-2015-5234, bsc#944209)
* MissingALACAdialog made available also for unsigned applications (but ignoring actual manifest value) and fixed
ModerateSUSE bug 944208SUSE bug 944209CVE-2015-5234CVE-2015-5235cpe:/o:suse:suse_sled:11:sp4Security update for icu (Moderate)SUSE Linux Enterprise Desktop 11 SP4
icu was updated to fix one security issue.
This security issue was fixed:
- CVE-2014-9654: Insufficient size limit checks in regular expression compiler (bsc#917129).
ModerateSUSE bug 917129CVE-2014-9654cpe:/o:suse:suse_sled:11:sp4Security update for java-1_7_0-openjdk (Important)SUSE Linux Enterprise Desktop 11 SP4
OpenJDK was updated to 2.6.1 - OpenJDK 7u85 to fix security issues and bugs.
The following vulnerabilities were fixed:
* CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-2596: Difficult to exploit vulnerability in the Hotspot component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data.
* CVE-2015-2597: Easily exploitable vulnerability in the Install component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
* CVE-2015-2613: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.
* CVE-2015-2619: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
* CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
* CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
* CVE-2015-2627: Very difficult to exploit vulnerability in the Install component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
* CVE-2015-2628: Easily exploitable vulnerability in the CORBA component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
* CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
* CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data.
* CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data.
* CVE-2015-4729: Very difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data.
* CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-4736: Difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS).
* CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. ImportantSUSE bug 938248CVE-2015-2590CVE-2015-2596CVE-2015-2597CVE-2015-2601CVE-2015-2613CVE-2015-2619CVE-2015-2621CVE-2015-2625CVE-2015-2627CVE-2015-2628CVE-2015-2632CVE-2015-2637CVE-2015-2638CVE-2015-2664CVE-2015-2808CVE-2015-4000CVE-2015-4729CVE-2015-4731CVE-2015-4732CVE-2015-4733CVE-2015-4736CVE-2015-4748CVE-2015-4749CVE-2015-4760cpe:/o:suse:suse_sled:11:sp4Security update for java-1_7_0-openjdk (Important)SUSE Linux Enterprise Desktop 11 SP4
java-1_7_0-openjdk was updated to version 7u91 to fix 17 security issues.
These security issues were fixed:
- CVE-2015-4843: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (bsc#951376).
- CVE-2015-4842: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via vectors related to JAXP (bsc#951376).
- CVE-2015-4840: Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via unknown vectors related to 2D (bsc#951376).
- CVE-2015-4872: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect integrity via unknown vectors related to Security (bsc#951376).
- CVE-2015-4860: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883 (bsc#951376).
- CVE-2015-4844: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (bsc#951376).
- CVE-2015-4883: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860 (bsc#951376).
- CVE-2015-4893: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911 (bsc#951376).
- CVE-2015-4911: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893 (bsc#951376).
- CVE-2015-4882: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect availability via vectors related to CORBA (bsc#951376).
- CVE-2015-4881: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835 (bsc#951376).
- CVE-2015-4734: Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via vectors related to JGSS (bsc#951376).
- CVE-2015-4806: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries (bsc#951376).
- CVE-2015-4805: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization (bsc#951376).
- CVE-2015-4803: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911 (bsc#951376).
- CVE-2015-4835: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881 (bsc#951376).
- CVE-2015-4903: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via vectors related to RMI (bsc#951376).
ImportantSUSE bug 951376CVE-2015-4734CVE-2015-4803CVE-2015-4805CVE-2015-4806CVE-2015-4835CVE-2015-4840CVE-2015-4842CVE-2015-4843CVE-2015-4844CVE-2015-4860CVE-2015-4872CVE-2015-4881CVE-2015-4882CVE-2015-4883CVE-2015-4893CVE-2015-4903CVE-2015-4911cpe:/o:suse:suse_sled:11:sp4Security update for java-1_7_0-openjdk (Critical)SUSE Linux Enterprise Desktop 11 SP4
java-1_7_0-openjdk was updated to version 7u95 to fix 9 security issues. (bsc#962743)
- CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed
- CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996)
- CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays
- CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix
- CVE-2016-0402: Vulnerability in the Networking component related to URL processing
- CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing
- CVE-2016-0466: Vulnerability in the JAXP component, related to limits
- CVE-2016-0483: Vulnerability in the AWT component related to image decoding
- CVE-2016-0494: Vulnerability in 2D component related to font actions
CriticalSUSE bug 960996SUSE bug 962743CVE-2015-4871CVE-2015-7575CVE-2015-8126CVE-2015-8472CVE-2016-0402CVE-2016-0448CVE-2016-0466CVE-2016-0483CVE-2016-0494cpe:/o:suse:suse_sled:11:sp4Security update for java-1_7_0-openjdk (Important)SUSE Linux Enterprise Desktop 11 SP4
The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the following issues:
Update to 2.6.5 - OpenJDK 7u99 (bsc#972468)
* Security fixes
- S8152335, CVE-2016-0636: Improve MethodHandle consistency, which could be used by attackers to inject code.
* Import of OpenJDK 7 u99 build 0
- S6425769, PR2858: Allow specifying an address to bind JMX
remote connector
- S6961123: setWMClass fails to null-terminate WM_CLASS string
- S8145982, PR2858: JMXInterfaceBindingTest is failing
intermittently
- S8146015, PR2858: JMXInterfaceBindingTest is failing
intermittently for IPv6 addresses
* Backports
- S8028727, PR2814: [parfait] warnings from b116 for
jdk.src.share.native.sun.security.ec: JNI pending exceptions
- S8048512, PR2814: Uninitialised memory in
jdk/src/share/native/sun/security/ec/ECC_JNI.cpp
- S8071705. PR2819, RH1182694: Java application menu misbehaves
when running multiple screen stacked vertically
- S8150954, PR2866, RH1176206: AWT Robot not compatible with
GNOME Shell
* Bug fixes
- PR2803: Make system CUPS optional
- PR2886: Location of 'stap' executable is hard-coded
- PR2893: test/tapset/jstaptest.pl should be executable
- PR2894: Add missing test directory in make check.
* CACAO
- PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:
Assertion `dest && result && x.any && y.any' failed
* AArch64 port
- PR2852: Add support for large code cache
- PR2852: Apply ReservedCodeCacheSize default limiting to
AArch64 only.
- S8081289, PR2852: aarch64: add support for
RewriteFrequentPairs in interpreter
- S8131483, PR2852: aarch64: illegal stlxr instructions
- S8133352, PR2852: aarch64: generates constrained unpredictable
instructions
- S8133842, PR2852: aarch64: C2 generates illegal instructions
with int shifts >=32
- S8134322, PR2852: AArch64: Fix several errors in C2 biased
locking implementation
- S8136615, PR2852: aarch64: elide DecodeN when followed by
CmpP 0
- S8138575, PR2852: Improve generated code for profile counters
- S8138641, PR2852: Disable C2 peephole by default for aarch64
- S8138966, PR2852: Intermittent SEGV running ParallelGC
- S8143067, PR2852: aarch64: guarantee failure in javac
- S8143285, PR2852: aarch64: Missing load acquire when checking
if ConstantPoolCacheEntry is resolved
- S8143584, PR2852: Load constant pool tag and class status with
load acquire
- S8144201, PR2852: aarch64:
jdk/test/com/sun/net/httpserver/Test6a.java fails with
--enable-unlimited-crypto
- S8144582, PR2852: AArch64 does not generate correct branch
profile data
- S8146709, PR2852: AArch64: Incorrect use of ADRP for
byte_map_base
- S8147805, PR2852: aarch64: C1 segmentation fault due to inline
Unsafe.getAndSetObject
- S8148240, PR2852: aarch64: random infrequent null pointer
exceptions in javac
* PPC & AIX port
- S8034797, PR2851: AIX: Fix os::naked_short_sleep() in
os_aix.cpp after 8028280
- S8139258, PR2851: PPC64LE: argument passing problem when
passing 15 floats in native call
- S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable
kill register R12
ImportantSUSE bug 972468CVE-2016-0636cpe:/o:suse:suse_sled:11:sp4Security update for kdebase4-workspace (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update for kdebase4-workspace fixes the following issues:
- CVE-2014-8651: Privilege escalation via KDE Clock KCM helper when non-default polkit settings are used (bsc#904625)
The following non-security bugs were fixed:
- bsc#929718: Make kdm recognize an IPv6 localhost address as localhost
ModerateSUSE bug 904625SUSE bug 929718CVE-2014-8651cpe:/o:suse:suse_sled:11:sp4Security update for kernel-source (Moderate)SUSE Linux Enterprise Desktop 11 SP4
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
security and bugfixes.
Following security bugs were fixed:
* CVE-2015-6252: Possible file descriptor leak for each
VHOST_SET_LOG_FDcommand issued, this could eventually wasting available
system resources and creating a denial of service (bsc#942367).
* CVE-2015-5707: Possible integer overflow in the calculation of total
number of pages in bio_map_user_iov() (bsc#940338).
* CVE-2015-5364: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in
the Linux kernel before 4.0.6 do not properly consider yielding a
processor, which allowed remote attackers to cause a denial of service
(system hang) via incorrect checksums within a UDP packet flood
(bsc#936831).
* CVE-2015-5366: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in
the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return
values, which allowed remote attackers to cause a denial of service
(EPOLLET epoll application read outage) via an incorrect checksum in a
UDP packet, a different vulnerability than CVE-2015-5364 (bsc#936831).
* CVE-2015-1420: Race condition in the handle_to_path function in
fs/fhandle.c in the Linux kernel through 3.19.1 allowed local users to
bypass intended size restrictions and trigger read operations on
additional memory locations by changing the handle_bytes value of a
file handle during the execution of this function (bsc#915517).
* CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in
fs/pipe.c in the Linux kernel before 3.16 do not properly consider the
side effects of failed __copy_to_user_inatomic and
__copy_from_user_inatomic calls, which allows local users to cause a
denial of service (system crash) or possibly gain privileges via a
crafted application, aka an 'I/O' vector array overrun. (bsc#933429)
* CVE-2015-2150: Xen 3.3.x through 4.5.x and the Linux kernel through
3.19.1 do not properly restrict access to PCI command registers, which
might allow local guest users to cause a denial of service
(non-maskable interrupt and host crash) by disabling the (1) memory or
(2) I/O decoding for a PCI Express device and then accessing the
device, which triggers an Unsupported Request (UR) response.
(bsc#919463)
* CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel before
3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode
task, which might allow local users to bypass the seccomp or audit
protection mechanism via a crafted application that uses the (1) fork
or (2) close system call, as demonstrated by an attack against seccomp
before 3.16. (bsc#926240)
* CVE-2015-4700: The bpf_int_jit_compile function in
arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allowed
local users to cause a denial of service (system crash) by creating a
packet filter and then loading crafted BPF instructions that trigger
late convergence by the JIT compiler (bsc#935705).
* CVE-2015-4167: The udf_read_inode function in fs/udf/inode.c in the
Linux kernel before 3.19.1 did not validate certain length values,
which allowed local users to cause a denial of service (incorrect data
representation or integer overflow, and OOPS) via a crafted UDF
filesystem (bsc#933907).
* CVE-2015-0777: drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0
(aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as
used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions,
allows guest OS users to obtain sensitive information from
uninitialized locations in host OS kernel memory via unspecified
vectors. (bsc#917830)
* CVE-2014-9728: The UDF filesystem implementation in the Linux kernel
before 3.18.2 did not validate certain lengths, which allowed local
users to cause a denial of service (buffer over-read and system crash)
via a crafted filesystem image, related to fs/udf/inode.c and
fs/udf/symlink.c (bsc#933904).
* CVE-2014-9730: The udf_pc_to_char function in fs/udf/symlink.c in the
Linux kernel before 3.18.2 relies on component lengths that are unused,
which allowed local users to cause a denial of service (system crash)
via a crafted UDF filesystem image (bsc#933904).
* CVE-2014-9729: The udf_read_inode function in fs/udf/inode.c in the
Linux kernel before 3.18.2 did not ensure a certain data-structure size
consistency, which allowed local users to cause a denial of service
(system crash) via a crafted UDF filesystem image (bsc#933904).
* CVE-2014-9731: The UDF filesystem implementation in the Linux kernel
before 3.18.2 did not ensure that space is available for storing a
symlink target's name along with a trailing \0 character, which allowed
local users to obtain sensitive information via a crafted filesystem
image, related to fs/udf/symlink.c and fs/udf/unicode.c (bsc#933896).
The following non-security bugs were fixed:
- Btrfs: be aware of btree inode write errors to avoid fs corruption
(bnc#942350).
- Btrfs: be aware of btree inode write errors to avoid fs corruption
(bnc#942404).
- Btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942350).
- Btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942404).
- Btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#942350).
- Btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#942404).
- Btrfs: fix hang when failing to submit bio of directIO (bnc#942688).
- Btrfs: fix memory corruption on failure to submit bio for direct IO (bnc#942688).
- Btrfs: fix put dio bio twice when we submit dio bio fail (bnc#942688).
- DRM/I915: Add enum hpd_pin to intel_encoder (bsc#942938).
- DRM/i915: Convert HPD interrupts to make use of HPD pin assignment in encoders (v2) (bsc#942938).
- DRM/i915: Get rid of the 'hotplug_supported_mask' in struct drm_i915_private (bsc#942938).
- DRM/i915: Remove i965_hpd_irq_setup (bsc#942938).
- DRM/i915: Remove valleyview_hpd_irq_setup (bsc#942938).
- Ext4: handle SEEK_HOLE/SEEK_DATA generically (bsc#934944).
- IB/core: Fix mismatch between locked and pinned pages (bnc#937855).
- IB/iser: Add Discovery support (bsc#923002).
- IB/iser: Move informational messages from error to info level (bsc#923002).
- NFS: never queue requests with rq_cong set on the sending queue (bsc#932458).
- NFSD: Fix nfsv4 opcode decoding error (bsc#935906).
- NFSv4: Minor cleanups for nfs4_handle_exception and nfs4_async_handle_error (bsc#939910).
- PCI: Disable Bus Master only on kexec reboot (bsc#920110).
- PCI: Disable Bus Master unconditionally in pci_device_shutdown() (bsc#920110).
- PCI: Do not try to disable Bus Master on disconnected PCI devices (bsc#920110).
- PCI: Lock down register access when trusted_kernel is true (fate#314486, bnc#884333)(bsc#923431).
- PCI: disable Bus Master on PCI device shutdown (bsc#920110).
- USB: xhci: Reset a halted endpoint immediately when we encounter a stall (bnc#933721).
- USB: xhci: do not start a halted endpoint before its new dequeue is set (bnc#933721).
- Apparmor: fix file_permission if profile is updated (bsc#917968).
- block: Discard bios do not have data (bsc#928988).
- cifs: Fix missing crypto allocation (bnc#937402).
- drm/cirrus: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572).
- drm/i915: (re)init HPD interrupt storm statistics (bsc#942938).
- drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938).
- drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4) (bsc#942938).
- drm/i915: Add bit field to record which pins have received HPD events (v3) (bsc#942938).
- drm/i915: Add messages useful for HPD storm detection debugging (v2) (bsc#942938).
- drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt (bsc#942938).
- drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3) (bsc#942938).
- drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch platforms (bsc#942938).
- drm/i915: Enable hotplug interrupts after querying hw capabilities (bsc#942938).
- drm/i915: Fix hotplug interrupt enabling for SDVOC (bsc#942938).
- drm/i915: Fix up sdvo hpd pins for i965g/gm (bsc#942938).
- drm/i915: Make hpd arrays big enough to avoid out of bounds access (bsc#942938).
- drm/i915: Mask out the HPD irq bits before setting them individually (bsc#942938).
- drm/i915: Only print hotplug event message when hotplug bit is set (bsc#942938).
- drm/i915: Only reprobe display on encoder which has received an HPD event (v2) (bsc#942938).
- drm/i915: Queue reenable timer also when enable_hotplug_processing is false (bsc#942938).
- drm/i915: Remove pch_rq_mask from struct drm_i915_private (bsc#942938).
- drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler() (bsc#942938).
- drm/i915: WARN_ONCE() about unexpected interrupts for all chipsets (bsc#942938).
- drm/i915: assert_spin_locked for pipestat interrupt enable/disable (bsc#942938).
- drm/i915: clear crt hotplug compare voltage field before setting (bsc#942938).
- drm/i915: close tiny race in the ilk pcu even interrupt setup (bsc#942938).
- drm/i915: fix hotplug event bit tracking (bsc#942938).
- drm/i915: fix hpd interrupt register locking (bsc#942938).
- drm/i915: fix hpd work vs. flush_work in the pageflip code deadlock (bsc#942938).
- drm/i915: fix locking around ironlake_enable|disable_display_irq (bsc#942938).
- drm/i915: fold the hpd_irq_setup call into intel_hpd_irq_handler (bsc#942938).
- drm/i915: fold the no-irq check into intel_hpd_irq_handler (bsc#942938).
- drm/i915: fold the queue_work into intel_hpd_irq_handler (bsc#942938).
- drm/i915: implement ibx_hpd_irq_setup (bsc#942938).
- drm/i915: s/hotplug_irq_storm_detect/intel_hpd_irq_handler/ (bsc#942938).
- drm/mgag200: Do not do full cleanup if mgag200_device_init fails (FATE#317582).
- drm/mgag200: do not attempt to acquire a reservation while in an interrupt handler (FATE#317582).
- drm: ast,cirrus,mgag200: use drm_can_sleep (FATE#317582, bnc#883380, bsc#935572).
- ehci-pci: enable interrupt on BayTrail (bnc926007).
- exec: kill the unnecessary mm->def_flags setting in load_elf_binary() (fate#317831,bnc#891116)).
- ext3: Fix data corruption in inodes with journalled data (bsc#936637).
- fanotify: Fix deadlock with permission events (bsc#935053).
- fork: reset mm->pinned_vm (bnc#937855).
- hrtimer: prevent timer interrupt DoS (bnc#886785).
- hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092).
- hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092).
- hv_storvsc: use small sg_tablesize on x86 (bnc#937256).
- ibmveth: Add GRO support (bsc#935055).
- ibmveth: Add support for Large Receive Offload (bsc#935055).
- ibmveth: Add support for TSO (bsc#935055).
- ibmveth: add support for TSO6.
- ibmveth: change rx buffer default allocation for CMO (bsc#935055).
- igb: do not reuse pages with pfmemalloc flag fix (bnc#920016).
- inotify: Fix nested sleeps in inotify_read() (bsc#940925).
- iommu/amd: Fix memory leak in free_pagetable (bsc#935866).
- iommu/amd: Handle large pages correctly in free_pagetable (bsc#935866).
- ipv6: probe routes asynchronous in rt6_probe (bsc#936118).
- ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned (bsc#927355).
- kabi: wrapper include file with __GENKSYMS__ check to avoid kabi change (bsc920110).
- kdump: fix crash_kexec()/smp_send_stop() race in panic() (bnc#937444).
- kernel: add panic_on_warn.
- kernel: do full redraw of the 3270 screen on reconnect (bnc#943477, LTC#129509).
- kvm: irqchip: Break up high order allocations of kvm_irq_routing_table (bnc#926953).
- libata: prevent HSM state change race between ISR and PIO (bsc#923245).
- libiscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002).
- md: use kzalloc() when bitmap is disabled (bsc#939994).
- megaraid_sas: Use correct reset sequence in adp_reset() (bsc#894936).
- megaraid_sas: Use correct reset sequence in adp_reset() (bsc#938485).
- mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355).
- mm, THP: do not hold mmap_sem in khugepaged when allocating THP (VM Performance).
- mm, mempolicy: remove duplicate code (VM Functionality, bnc#931620).
- mm, thp: fix collapsing of hugepages on madvise (VM Functionality).
- mm, thp: only collapse hugepages to nodes with affinity for zone_reclaim_mode (VM Functionality, bnc#931620).
- mm, thp: really limit transparent hugepage allocation to local node (VM Performance, bnc#931620).
- mm, thp: respect MPOL_PREFERRED policy with non-local node (VM Performance, bnc#931620).
- mm/hugetlb: check for pte NULL pointer in __page_check_address() (bnc#929143).
- mm/mempolicy.c: merge alloc_hugepage_vma to alloc_pages_vma (VM Performance, bnc#931620).
- mm/thp: allocate transparent hugepages on local node (VM Performance, bnc#931620).
- mm: make page pfmemalloc check more robust (bnc#920016).
- mm: restrict access to slab files under procfs and sysfs (bnc#936077).
- mm: thp: khugepaged: add policy for finding target node (VM Functionality, bnc#931620).
- net/mlx4_core: Do not disable SRIOV if there are active VFs (bsc#927355).
- net: Fix 'ip rule delete table 256' (bsc#873385).
- net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference (bsc#867362).
- net: ipv6: fib: do not sleep inside atomic lock (bsc#867362).
- netfilter: nf_conntrack_proto_sctp: minimal multihoming support (bsc#932350).
- nfsd: support disabling 64bit dir cookies (bnc#937503).
- pagecache limit: Do not skip over small zones that easily (bnc#925881).
- pagecache limit: add tracepoints (bnc#924701).
- pagecache limit: export debugging counters via /proc/vmstat (bnc#924701).
- pagecache limit: fix wrong nr_reclaimed count (FATE#309111, bnc#924701).
- pagecache limit: reduce starvation due to reclaim retries (bnc#925903).
- pci: Add SRIOV helper function to determine if VFs are assigned to guest (bsc#927355).
- pci: Add flag indicating device has been assigned by KVM (bnc#777565 FATE#313819).
- pci: Add flag indicating device has been assigned by KVM (bnc#777565 FATE#313819).
- perf, nmi: Fix unknown NMI warning (bsc#929142).
- perf/x86/intel: Move NMI clearing to end of PMI handler (bsc#929142).
- qlcnic: Fix NULL pointer dereference in qlcnic_hwmon_show_temp() (bsc#936095).
- r8169: remember WOL preferences on driver load (bsc#942305).
- s390/dasd: fix kernel panic when alias is set offline (bnc#940966, LTC#128595).
- sched: fix __sched_setscheduler() vs load balancing race (bnc#921430)
- scsi: Correctly set the scsi host/msg/status bytes (bnc#933936).
- scsi: fix scsi_error_handler vs. scsi_host_dev_release race (bnc#942204).
- scsi: Moved iscsi kabi patch to patches.kabi (bsc#923002)
- scsi: Set hostbyte status in scsi_check_sense() (bsc#920733).
- scsi: kabi: allow iscsi disocvery session support (bsc#923002).
- scsi: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398 bsc#930934).
- scsi_error: add missing case statements in scsi_decide_disposition() (bsc#920733).
- scsi_transport_iscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002).
- sg_start_req(): make sure that there's not too many elements in iovec (bsc#940338).
- st: null pointer dereference panic caused by use after kref_put by st_open (bsc#936875).
- supported.conf: enable sch_mqprio (bsc#932882)
- udf: Remove repeated loads blocksize (bsc#933907).
- usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bnc#937641).
- usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb (bnc#933721).
- usb: xhci: handle Config Error Change (CEC) in xhci driver (bnc#933721).
- vmxnet3: Bump up driver version number (bsc#936423).
- vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423).
- vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423).
- vmxnet3: Register shutdown handler for device (fwd) (bug#936423).
- x86, tls, ldt: Stop checking lm in LDT_empty (bsc#920250).
- x86, tls: Interpret an all-zero struct user_desc as 'no segment' (bsc#920250).
- x86-64: Do not apply destructive erratum workaround on unaffected CPUs (bsc#929076).
- x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032).
- x86/tsc: Change Fast TSC calibration failed from error to info (bnc#942605).
- xenbus: add proper handling of XS_ERROR from Xenbus for transactions.
- xfs: fix problem when using md+XFS under high load (bnc#925705).
- xhci: Allocate correct amount of scratchpad buffers (bnc#933721).
- xhci: Do not enable/disable RWE on bus suspend/resume (bnc#933721).
- xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256 (bnc#933721).
- xhci: Treat not finding the event_seg on COMP_STOP the same as COMP_STOP_INVAL (bnc#933721).
- xhci: Workaround for PME stuck issues in Intel xhci (bnc#933721).
- xhci: do not report PLC when link is in internal resume state (bnc#933721).
- xhci: fix reporting of 0-sized URBs in control endpoint (bnc#933721).
- xhci: report U3 when link is in resume state (bnc#933721).
- xhci: rework cycle bit checking for new dequeue pointers (bnc#933721).
- zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936921, bnc#936925, LTC#126491). ModerateSUSE bug 777565SUSE bug 867362SUSE bug 873385SUSE bug 883380SUSE bug 884333SUSE bug 886785SUSE bug 891116SUSE bug 894936SUSE bug 915517SUSE bug 917830SUSE bug 917968SUSE bug 919463SUSE bug 920016SUSE bug 920110SUSE bug 920250SUSE bug 920733SUSE bug 921430SUSE bug 923002SUSE bug 923245SUSE bug 923431SUSE bug 924701SUSE bug 925705SUSE bug 925881SUSE bug 925903SUSE bug 926240SUSE bug 926953SUSE bug 927355SUSE bug 928988SUSE bug 929076SUSE bug 929142SUSE bug 929143SUSE bug 930092SUSE bug 930934SUSE bug 931620SUSE bug 932350SUSE bug 932458SUSE bug 932882SUSE bug 933429SUSE bug 933721SUSE bug 933896SUSE bug 933904SUSE bug 933907SUSE bug 933936SUSE bug 934944SUSE bug 935053SUSE bug 935055SUSE bug 935572SUSE bug 935705SUSE bug 935866SUSE bug 935906SUSE bug 936077SUSE bug 936095SUSE bug 936118SUSE bug 936423SUSE bug 936637SUSE bug 936831SUSE bug 936875SUSE bug 936921SUSE bug 936925SUSE bug 937032SUSE bug 937256SUSE bug 937402SUSE bug 937444SUSE bug 937503SUSE bug 937641SUSE bug 937855SUSE bug 938485SUSE bug 939910SUSE bug 939994SUSE bug 940338SUSE bug 940398SUSE bug 940925SUSE bug 940966SUSE bug 942204SUSE bug 942305SUSE bug 942350SUSE bug 942367SUSE bug 942404SUSE bug 942605SUSE bug 942688SUSE bug 942938SUSE bug 943477CVE-2014-9728CVE-2014-9729CVE-2014-9730CVE-2014-9731CVE-2015-0777CVE-2015-1420CVE-2015-1805CVE-2015-2150CVE-2015-2830CVE-2015-4167CVE-2015-4700CVE-2015-5364CVE-2015-5366CVE-2015-5707CVE-2015-6252cpe:/o:suse:suse_sled:11:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Desktop 11 SP4
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.
Following feature was added to kernel-xen:
- A improved XEN blkfront module was added, which allows more I/O bandwidth. (FATE#320200)
It is called xen-blkfront in PV, and xen-vbd-upstream in HVM mode.
The following security bugs were fixed:
- CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in
the Linux kernel allowed local users to bypass intended AF_UNIX socket
permissions or cause a denial of service (panic) via crafted epoll_ctl
calls (bnc#955654).
- CVE-2015-7515: An out of bounds memory access in the aiptek USB
driver could be used by physical local attackers to crash the kernel
(bnc#956708).
- CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c
in the Linux kernel did not properly use a semaphore, which allowed
local users to cause a denial of service (NULL pointer dereference and
system crash) or possibly have unspecified other impact via a crafted
application that leverages a race condition between keyctl_revoke and
keyctl_read calls (bnc#958951).
- CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed
local users to gain privileges or cause a denial of service (BUG)
via crafted keyctl commands that negatively instantiate a key, related
to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c,
and security/keys/user_defined.c (bnc#958463).
- CVE-2015-8543: The networking implementation in the Linux kernel
did not validate protocol identifiers for certain protocol families,
which allowed local users to cause a denial of service (NULL function
pointer dereference and system crash) or possibly gain privileges by
leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application
(bnc#958886).
- CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers
could have lead to double fetch vulnerabilities, causing denial of service
or arbitrary code execution (depending on the configuration) (bsc#957988).
- CVE-2015-8551, CVE-2015-8552: xen/pciback: For
XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled
(bsc#957990).
- CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in
drivers/net/ppp/pptp.c in the Linux kernel did not verify an address
length, which allowed local users to obtain sensitive information from
kernel memory and bypass the KASLR protection mechanism via a crafted
application (bnc#959190).
- CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the
Linux kernel did not verify an address length, which allowed local users
to obtain sensitive information from kernel memory and bypass the KASLR
protection mechanism via a crafted application (bnc#959190 bnc#959399).
- CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not
properly manage the relationship between a lock and a socket, which
allowed local users to cause a denial of service (deadlock) via a crafted
sctp_accept call (bnc#961509).
- CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c
in the Linux kernel allowed local users to cause a denial of service
(infinite loop) via a writev system call that triggers a zero length
for the first segment of an iov (bnc#963765).
- CVE-2015-8812: A use-after-free flaw was found in the CXGB3 kernel
driver when the network was considered to be congested. This could be
used by local attackers to cause machine crashes or potentially code
execution (bsc#966437).
- CVE-2016-0723: Race condition in the tty_ioctl function in
drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain
sensitive information from kernel memory or cause a denial of service
(use-after-free and system crash) by making a TIOCGETD ioctl call during
processing of a TIOCSETD ioctl call (bnc#961500).
- CVE-2016-2069: Race conditions in TLB syncing was fixed which could
leak to information leaks (bnc#963767).
- CVE-2016-2384: Removed a double free in the ALSA usb-audio driver in
the umidi object which could lead to crashes (bsc#966693).
- CVE-2016-2543: Added a missing NULL check at remove_events ioctl in
ALSA that could lead to crashes. (bsc#967972).
- CVE-2016-2544, CVE-2016-2545, CVE-2016-2546, CVE-2016-2547,
CVE-2016-2548, CVE-2016-2549: Various race conditions in ALSAs timer
handling were fixed. (bsc#967975, bsc#967974, bsc#967973, bsc#968011,
bsc#968012, bsc#968013).
The following non-security bugs were fixed:
- alsa: hda - Add one more node in the EAPD supporting candidate list (bsc#963561).
- alsa: hda - Apply clock gate workaround to Skylake, too (bsc#966137).
- alsa: hda - Fix playback noise with 24/32 bit sample size on BXT (bsc#966137).
- alsa: hda - disable dynamic clock gating on Broxton before reset (bsc#966137).
- Add /etc/modprobe.d/50-xen.conf selecting Xen frontend driver implementation (bsc#957986, bsc#956084, bsc#961658).
- Fix handling of re-write-before-commit for mmapped NFS pages (bsc#964201).
- nfsv4: Recovery of recalled read delegations is broken (bsc#956514).
- nvme: default to 4k device page size (bsc#967042).
- pci: leave MEM and IO decoding disabled during 64-bit BAR sizing, too (bsc#951815).
- Refresh patches.xen/xen3-08-x86-ldt-make-modify_ldt-synchronous.patch (bsc#959705).
- Refresh patches.xen/xen-vscsi-large-requests (refine fix and also address bsc#966094).
- sunrpc: restore fair scheduling to priority queues (bsc#955308).
- usb: ftdi_sio: fix race condition in TIOCMIWAIT, and abort of TIOCMIWAIT when the device is removed (bnc#956375).
- usb: ftdi_sio: fix status line change handling for TIOCMIWAIT and TIOCGICOUNT (bnc#956375).
- usb: ftdi_sio: fix tiocmget and tiocmset return values (bnc#956375).
- usb: ftdi_sio: fix tiocmget indentation (bnc#956375).
- usb: ftdi_sio: optimise chars_in_buffer (bnc#956375).
- usb: ftdi_sio: refactor modem-control status retrieval (bnc#956375).
- usb: ftdi_sio: remove unnecessary memset (bnc#956375).
- usb: ftdi_sio: use ftdi_get_modem_status in chars_in_buffer (bnc#956375).
- usb: ftdi_sio: use generic chars_in_buffer (bnc#956375).
- usb: pl2303: clean up line-status handling (bnc#959649).
- usb: pl2303: only wake up MSR queue on changes (bnc#959649).
- usb: pl2303: remove bogus delta_msr_wait wake up (bnc#959649).
- usb: serial: export usb_serial_generic_chars_in_buffer (bnc#956375).
- Update patches.fixes/mm-exclude-reserved-pages-from-dirtyable-memory-fix.patch (bnc#940017, bnc#949298, bnc#947128).
- xen: Update Xen config files (enable upstream block frontend).
- ec2: Update kabi files and start tracking ec2
- xen: consolidate and simplify struct xenbus_driver instantiation (bsc#961658 fate#320200).
- blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976).
- blktap: refine mm tracking (bsc#952976).
- block: Always check queue limits for cloned requests (bsc#933782).
- block: xen-blkfront: Fix possible NULL ptr dereference (bsc#961658 fate#320200).
- bnx2x: Add new device ids under the Qlogic vendor (bsc#964818).
- bnx2x: Alloc 4k fragment for each rx ring buffer element (bsc#953369).
- bnx2x: fix DMA API usage (bsc#953369).
- driver core: Add BUS_NOTIFY_REMOVED_DEVICE event (bnc#962965).
- driver: xen-blkfront: move talk_to_blkback to a more suitable place (bsc#961658 fate#320200).
- drivers: xen-blkfront: only talk_to_blkback() when in XenbusStateInitialising (bsc#961658 fate#320200).
- drm/i915: Change semantics of hw_contexts_disabled (bsc#963276).
- drm/i915: Evict CS TLBs between batches (bsc#758040).
- drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040).
- e1000e: Do not read ICR in Other interrupt (bsc#924919).
- e1000e: Do not write lsc to ics in msi-x mode (bsc#924919).
- e1000e: Fix msi-x interrupt automask (bsc#924919).
- e1000e: Remove unreachable code (bsc#924919).
- ext3: NULL dereference in ext3_evict_inode() (bsc#942082).
- ext3: fix data=journal fast mount/umount hang (bsc#942082).
- firmware: Create directories for external firmware (bsc#959312).
- firmware: Simplify directory creation (bsc#959312).
- ftdi_sio: private backport of TIOCMIWAIT (bnc#956375).
- iommu/vt-d: Do not change dma domain on dma-mask change (bsc#955925).
- jbd: Fix unreclaimed pages after truncate in data=journal mode (bsc#961516).
- kabi/severities: Add exception for bnx2x_schedule_sp_rtnl() There is no external, 3rd party modules use the symbol and the bnx2x_schedule_sp_rtnl symbol is only used in the bnx2x driver. (bsc#953369)
- kbuild: create directory for dir/file.o (bsc#959312).
- llist/xen-blkfront: implement safe version of llist_for_each_entry (bsc#961658 fate#320200).
- lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392).
- mm-memcg-print-statistics-from-live-counters-fix (bnc#969307).
- nvme: Clear BIO_SEG_VALID flag in nvme_bio_split() (bsc#954992).
- pci: Update VPD size with correct length (bsc#958906).
- pl2303: fix TIOCMIWAIT (bnc#959649).
- pl2303: introduce private disconnect method (bnc#959649).
- qeth: initialize net_device with carrier off (bnc#958000, LTC#136514).
- s390/cio: collect format 1 channel-path description data (bnc#958000, LTC#136434).
- s390/cio: ensure consistent measurement state (bnc#958000, LTC#136434).
- s390/cio: fix measurement characteristics memleak (bnc#958000, LTC#136434).
- s390/cio: update measurement characteristics (bnc#958000, LTC#136434).
- s390/dasd: fix failfast for disconnected devices (bnc#958000, LTC#135138).
- s390/sclp: Determine HSA size dynamically for zfcpdump (bnc#958000, LTC#136143).
- s390/sclp: Move declarations for sclp_sdias into separate header file (bnc#958000, LTC#136143).
- scsi_dh_rdac: always retry MODE SELECT on command lock violation (bsc#956949).
- supported.conf: Add xen-blkfront.
- tg3: 5715 does not link up when autoneg off (bsc#904035).
- usb: serial: ftdi_sio: Add missing chars_in_buffer function (bnc#956375).
- vmxnet3: fix building without CONFIG_PCI_MSI (bsc#958912).
- vmxnet3: fix netpoll race condition (bsc#958912).
- xen, blkfront: factor out flush-related checks from do_blkif_request() (bsc#961658 fate#320200).
- xen-blkfront: Handle discard requests (bsc#961658 fate#320200).
- xen-blkfront: If no barrier or flush is supported, use invalid operation (bsc#961658 fate#320200).
- xen-blkfront: Introduce a 'max' module parameter to alter the amount of indirect segments (bsc#961658 fate#320200).
- xen-blkfront: Silence pfn maybe-uninitialized warning (bsc#961658 fate#320200).
- xen-blkfront: allow building in our Xen environment (bsc#961658 fate#320200).
- xen-blkfront: check for null drvdata in blkback_changed (XenbusStateClosing) (bsc#961658 fate#320200).
- xen-blkfront: do not add indirect pages to list when !feature_persistent (bsc#961658 fate#320200).
- xen-blkfront: drop the use of llist_for_each_entry_safe (bsc#961658 fate#320200).
- xen-blkfront: fix a deadlock while handling discard response (bsc#961658 fate#320200).
- xen-blkfront: fix accounting of reqs when migrating (bsc#961658 fate#320200).
- xen-blkfront: free allocated page (bsc#961658 fate#320200).
- xen-blkfront: handle backend CLOSED without CLOSING (bsc#961658 fate#320200).
- xen-blkfront: handle bvecs with partial data (bsc#961658 fate#320200).
- xen-blkfront: improve aproximation of required grants per request (bsc#961658 fate#320200).
- xen-blkfront: make blkif_io_lock spinlock per-device (bsc#961658 fate#320200).
- xen-blkfront: plug device number leak in xlblk_init() error path (bsc#961658 fate#320200).
- xen-blkfront: pre-allocate pages for requests (bsc#961658 fate#320200).
- xen-blkfront: remove frame list from blk_shadow (bsc#961658 fate#320200).
- xen-blkfront: remove type check from blkfront_setup_discard (bsc#961658 fate#320200).
- xen-blkfront: restore the non-persistent data path (bsc#961658 fate#320200).
- xen-blkfront: revoke foreign access for grants not mapped by the backend (bsc#961658 fate#320200).
- xen-blkfront: set blk_queue_max_hw_sectors correctly (bsc#961658 fate#320200).
- xen-blkfront: switch from llist to list (bsc#961658 fate#320200).
- xen-blkfront: use a different scatterlist for each request (bsc#961658 fate#320200).
- xen-block: implement indirect descriptors (bsc#961658 fate#320200).
- xen/blk[front|back]: Enhance discard support with secure erasing support (bsc#961658 fate#320200).
- xen/blk[front|back]: Squash blkif_request_rw and blkif_request_discard together (bsc#961658 fate#320200).
- xen/blkback: Persistent grant maps for xen blk drivers (bsc#961658 fate#320200).
- xen/blkback: persistent-grants fixes (bsc#961658 fate#320200).
- xen/blkfront: Fix crash if backend does not follow the right states (bsc#961658 fate#320200).
- xen/blkfront: do not put bdev right after getting it (bsc#961658 fate#320200).
- xen/blkfront: improve protection against issuing unsupported REQ_FUA (bsc#961658 fate#320200).
- xen/blkfront: remove redundant flush_op (bsc#961658 fate#320200).
- xen/panic/x86: Allow cpus to save registers even if they (bnc#940946).
- xen/panic/x86: Fix re-entrance problem due to panic on (bnc#937444).
- xen/pvhvm: If xen_platform_pci=0 is set do not blow up (v4) (bsc#961658 fate#320200).
- xen/x86/mm: Add barriers and document switch_mm()-vs-flush synchronization (bnc#963767).
- xen: x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330).
- xen: x86: mm: only do a local tlb flush in ptep_set_access_flags() (bsc#948330).
- xfs: Skip dirty pages in ->releasepage (bnc#912738, bnc#915183).
- zfcp: fix fc_host port_type with NPIV (bnc#958000, LTC#132479).
ImportantSUSE bug 758040SUSE bug 904035SUSE bug 912738SUSE bug 915183SUSE bug 924919SUSE bug 933782SUSE bug 937444SUSE bug 940017SUSE bug 940946SUSE bug 942082SUSE bug 947128SUSE bug 948330SUSE bug 949298SUSE bug 951392SUSE bug 951815SUSE bug 952976SUSE bug 953369SUSE bug 954992SUSE bug 955308SUSE bug 955654SUSE bug 955837SUSE bug 955925SUSE bug 956084SUSE bug 956375SUSE bug 956514SUSE bug 956708SUSE bug 956949SUSE bug 957986SUSE bug 957988SUSE bug 957990SUSE bug 958000SUSE bug 958463SUSE bug 958886SUSE bug 958906SUSE bug 958912SUSE bug 958951SUSE bug 959190SUSE bug 959312SUSE bug 959399SUSE bug 959649SUSE bug 959705SUSE bug 961500SUSE bug 961509SUSE bug 961516SUSE bug 961658SUSE bug 962965SUSE bug 963276SUSE bug 963561SUSE bug 963765SUSE bug 963767SUSE bug 964201SUSE bug 964818SUSE bug 966094SUSE bug 966137SUSE bug 966437SUSE bug 966693SUSE bug 967042SUSE bug 967972SUSE bug 967973SUSE bug 967974SUSE bug 967975SUSE bug 968011SUSE bug 968012SUSE bug 968013SUSE bug 969307CVE-2013-7446CVE-2015-7515CVE-2015-7550CVE-2015-8539CVE-2015-8543CVE-2015-8550CVE-2015-8551CVE-2015-8552CVE-2015-8569CVE-2015-8575CVE-2015-8767CVE-2015-8785CVE-2015-8812CVE-2016-0723CVE-2016-2069CVE-2016-2384CVE-2016-2543CVE-2016-2544CVE-2016-2545CVE-2016-2546CVE-2016-2547CVE-2016-2548CVE-2016-2549cpe:/o:suse:suse_sled:11:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Desktop 11 SP4
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.
Following security bugs were fixed:
- CVE-2015-7509: Mounting ext4 filesystems in no-journal mode could hav lead to a system crash (bsc#956709).
- CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936).
- CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).
- CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527).
- CVE-2015-7990: RDS: There was no verification that an underlying transport exists when creating a connection, causing usage of a NULL pointer (bsc#952384).
- CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform mishandled IRET faults in processing NMIs that occurred during userspace execution, which might have allowed local users to gain privileges by triggering an NMI (bnc#938706).
- CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440).
- CVE-2015-0272: Missing checks allowed remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215 (bnc#944296).
- CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825).
The following non-security bugs were fixed:
- ALSA: hda - Disable 64bit address for Creative HDA controllers (bnc#814440).
- Driver: Vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750).
- Drivers: hv: do not do hypercalls when hypercall_page is NULL.
- Drivers: hv: kvp: move poll_channel() to hyperv_vmbus.h.
- Drivers: hv: util: move kvp/vss function declarations to hyperv_vmbus.h.
- Drivers: hv: vmbus: Get rid of some unused definitions.
- Drivers: hv: vmbus: Implement the protocol for tearing down vmbus state.
- Drivers: hv: vmbus: add special crash handler (bnc#930770).
- Drivers: hv: vmbus: add special kexec handler.
- Drivers: hv: vmbus: kill tasklets on module unload.
- Drivers: hv: vmbus: prefer '^A' notification chain to 'panic'.
- Drivers: hv: vmbus: remove hv_synic_free_cpu() call from hv_synic_cleanup().
- Drivers: hv: vmbus: unregister panic notifier on module unload.
- IB/srp: Avoid skipping srp_reset_host() after a transport error (bsc#904965).
- IB/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965).
- KEYS: Fix race between key destruction and finding a keyring by name (bsc#951440).
- Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309).
- NFSv4: Fix two infinite loops in the mount code (bsc#954628).
- PCI: Add VPD function 0 quirk for Intel Ethernet devices (bnc#943786).
- PCI: Add dev_flags bit to access VPD through function 0 (bnc#943786).
- PCI: Clear NumVFs when disabling SR-IOV in sriov_init() (bnc#952084).
- PCI: Refresh First VF Offset and VF Stride when updating NumVFs (bnc#952084).
- PCI: Update NumVFs register when disabling SR-IOV (bnc#952084).
- PCI: delay configuration of SRIOV capability (bnc#952084).
- PCI: set pci sriov page size before reading SRIOV BAR (bnc#952084).
- SCSI: hosts: update to use ida_simple for host_no (bsc#939926)
- SUNRPC refactor rpcauth_checkverf error returns (bsc#955673).
- af_iucv: avoid path quiesce of severed path in shutdown() (bnc#946214).
- ahci: Add Device ID for Intel Sunrise Point PCH (bsc#953799).
- blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976).
- blktap: refine mm tracking (bsc#952976).
- cachefiles: Avoid deadlocks with fs freezing (bsc#935123).
- dm sysfs: introduce ability to add writable attributes (bsc#904348).
- dm-snap: avoid deadock on s->lock when a read is split (bsc#939826).
- dm: do not start current request if it would've merged with the previous (bsc#904348).
- dm: impose configurable deadline for dm_request_fn's merge heuristic (bsc#904348).
- drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt, v2 (bsc#942938).
- drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924).
- drm/i915: add hotplug activation period to hotplug update mask (bsc#953980).
- fix lpfc_send_rscn_event allocation size claims bnc#935757
- fs: Avoid deadlocks of fsync_bdev() and fs freezing (bsc#935123).
- fs: Fix deadlocks between sync and fs freezing (bsc#935123).
- hugetlb: simplify migrate_huge_page() (bnc#947957).
- hwpoison, hugetlb: lock_page/unlock_page does not match for handling a free hugepage (bnc#947957,).
- ipr: Fix incorrect trace indexing (bsc#940913).
- ipr: Fix invalid array indexing for HRRQ (bsc#940913).
- ipv6: fix tunnel error handling (bsc#952579).
- ipvs: Fix reuse connection if real server is dead (bnc#945827).
- ipvs: drop first packet to dead server (bsc#946078).
- kernel: correct uc_sigmask of the compat signal frame (bnc#946214).
- kernel: fix incorrect use of DIAG44 in continue_trylock_relax() (bnc#946214).
- kexec: Fix race between panic() and crash_kexec() called directly (bnc#937444).
- ktime: add ktime_after and ktime_before helpe (bsc#904348).
- lib/string.c: introduce memchr_inv() (bnc#930788).
- lpfc: Fix cq_id masking problem (bsc#944677).
- macvlan: Support bonding events bsc#948521
- memory-failure: do code refactor of soft_offline_page() (bnc#947957).
- memory-failure: fix an error of mce_bad_pages statistics (bnc#947957).
- memory-failure: use num_poisoned_pages instead of mce_bad_pages (bnc#947957).
- memory-hotplug: update mce_bad_pages when removing the memory (bnc#947957).
- mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory error on thp (bnc#947957).
- mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate successfully (bnc#947957).
- mm/migrate.c: pair unlock_page() and lock_page() when migrating huge pages (bnc#947957).
- mm: exclude reserved pages from dirtyable memory 32b fix (bnc#940017, bnc#949298).
- mm: fix GFP_THISNODE callers and clarify (bsc#954950).
- mm: remove GFP_THISNODE (bsc#954950).
- mm: sl[au]b: add knowledge of PFMEMALLOC reserve pages (Swap over NFS).
- net/core: Add VF link state control policy (bsc#950298).
- netfilter: xt_recent: fix namespace destroy path (bsc#879378).
- panic/x86: Allow cpus to save registers even if they (bnc#940946).
- panic/x86: Fix re-entrance problem due to panic on (bnc#937444).
- pktgen: clean up ktime_t helpers (bsc#904348).
- qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993).
- qla2xxx: Remove decrement of sp reference count in abort handler (bsc#944993).
- qla2xxx: Remove unavailable firmware files (bsc#921081).
- qla2xxx: do not clear slot in outstanding cmd array (bsc#944993).
- qlge: Fix qlge_update_hw_vlan_features to handle if interface is down (bsc#930835).
- quota: Fix deadlock with suspend and quotas (bsc#935123).
- rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706).
- rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds (bsc#930145).
- rtnetlink: Fix VF IFLA policy (bsc#950298).
- rtnetlink: fix VF info size (bsc#950298).
- s390/dasd: fix disconnected device with valid path mask (bnc#946214).
- s390/dasd: fix invalid PAV assignment after suspend/resume (bnc#946214).
- s390/dasd: fix list_del corruption after lcu changes (bnc#954984).
- s390/pci: handle events for unused functions (bnc#946214).
- s390/pci: improve handling of hotplug event 0x301 (bnc#946214).
- s390/pci: improve state check when processing hotplug events (bnc#946214).
- sched/core: Fix task and run queue sched_info::run_delay inconsistencies (bnc#949100).
- sg: fix read() error reporting (bsc#926774).
- usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers (bnc#944989).
- usbback: correct copy length for partial transfers (bsc#941202).
- usbvision fix overflow of interfaces array (bnc#950998).
- veth: extend device features (bsc#879381).
- vfs: Provide function to get superblock and wait for it to thaw (bsc#935123).
- vmxnet3: adjust ring sizes when interface is down (bsc#950750).
- vmxnet3: fix ethtool ring buffer size setting (bsc#950750).
- writeback: Skip writeback for frozen filesystem (bsc#935123).
- x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE (bnc#937256).
- x86/evtchn: make use of PHYSDEVOP_map_pirq.
- x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330).
- x86: mm: only do a local tlb flush in ptep_set_access_flags() (bsc#948330).
- xen: x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE (bnc#937256).
- xfs: Fix lost direct IO write in the last block (bsc#949744).
- xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347).
- xfs: add EOFBLOCKS inode tagging/untagging (bnc#930788).
- xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bnc#930788).
- xfs: add background scanning to clear eofblocks inodes (bnc#930788).
- xfs: add inode id filtering to eofblocks scan (bnc#930788).
- xfs: add minimum file size filtering to eofblocks scan (bnc#930788).
- xfs: create function to scan and clear EOFBLOCKS inodes (bnc#930788).
- xfs: create helper to check whether to free eofblocks on inode (bnc#930788).
- xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805).
- xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock failure (bnc#930788).
- xfs: support a tag-based inode_ag_iterator (bnc#930788).
- xfs: support multiple inode id filtering in eofblocks scan (bnc#930788).
- xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805).
- xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805).
- xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805).
- xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805).
- xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#949981).
- xhci: Calculate old endpoints correctly on device reset (bnc#944831).
- xhci: For streams the css flag most be read from the stream-ctx on ep stop (bnc#945691).
- xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949502).
- xhci: fix isoc endpoint dequeue from advancing too far on transaction error (bnc#944837).
- xhci: silence TD warning (bnc#939955).
- xhci: use uninterruptible sleep for waiting for internal operations (bnc#939955).
ImportantSUSE bug 814440SUSE bug 879378SUSE bug 879381SUSE bug 900610SUSE bug 904348SUSE bug 904965SUSE bug 921081SUSE bug 926774SUSE bug 930145SUSE bug 930770SUSE bug 930788SUSE bug 930835SUSE bug 932805SUSE bug 935123SUSE bug 935757SUSE bug 937256SUSE bug 937444SUSE bug 938706SUSE bug 939826SUSE bug 939926SUSE bug 939955SUSE bug 940017SUSE bug 940913SUSE bug 940946SUSE bug 941202SUSE bug 942938SUSE bug 943786SUSE bug 944296SUSE bug 944677SUSE bug 944831SUSE bug 944837SUSE bug 944989SUSE bug 944993SUSE bug 945691SUSE bug 945825SUSE bug 945827SUSE bug 946078SUSE bug 946214SUSE bug 946309SUSE bug 947957SUSE bug 948330SUSE bug 948347SUSE bug 948521SUSE bug 949100SUSE bug 949298SUSE bug 949502SUSE bug 949706SUSE bug 949744SUSE bug 949936SUSE bug 949981SUSE bug 950298SUSE bug 950750SUSE bug 950998SUSE bug 951440SUSE bug 952084SUSE bug 952384SUSE bug 952579SUSE bug 952976SUSE bug 953527SUSE bug 953799SUSE bug 953980SUSE bug 954404SUSE bug 954628SUSE bug 954950SUSE bug 954984SUSE bug 955673SUSE bug 956709CVE-2015-0272CVE-2015-5157CVE-2015-5307CVE-2015-6937CVE-2015-7509CVE-2015-7799CVE-2015-7872CVE-2015-7990CVE-2015-8104CVE-2015-8215cpe:/o:suse:suse_sled:11:sp4Security update for krb5 (Important)SUSE Linux Enterprise Desktop 11 SP4
krb5 was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-2695: Applications which call gss_inquire_context() on a partially-established SPNEGO context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process crash (bsc#952188).
ImportantSUSE bug 952188CVE-2015-2695cpe:/o:suse:suse_sled:11:sp4Security update for krb5 (Moderate)SUSE Linux Enterprise Desktop 11 SP4
The krb5 package was updated to fix the following security and non security issues:
- CVE-2015-2695: Fixed missing functions that were still vulnerable (bsc#954270).
- Fixed a memory leak in the handling of error messages (bsc#954470).
ModerateSUSE bug 954270SUSE bug 954470CVE-2015-2695cpe:/o:suse:suse_sled:11:sp4Security update for krb5 (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update for krb5 fixes the following issues:
- CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database (bsc#963968)
- CVE-2015-8631: An authenticated attacker could have caused a memory leak in auditd by supplying a null principal name in request (bsc#963975)
ModerateSUSE bug 963968SUSE bug 963975CVE-2015-8629CVE-2015-8631cpe:/o:suse:suse_sled:11:sp4Security update for krb5 (Moderate)SUSE Linux Enterprise Desktop 11 SP4
krb5 was updated to fix three security issues.
Remote authenticated users could cause denial of service.
These security issues were fixed:
- CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name (bsc#910457).
- CVE-2014-5354: NULL pointer dereference when using keyless entries (bsc#910458).
- CVE-2014-5355: Denial of service in krb5_read_message (bsc#918595).
ModerateSUSE bug 910457SUSE bug 910458SUSE bug 918595CVE-2014-5353CVE-2014-5354CVE-2014-5355cpe:/o:suse:suse_sled:11:sp4Security update for kvm (Important)SUSE Linux Enterprise Desktop 11 SP4
kvm was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344).
ImportantSUSE bug 938344CVE-2015-5154cpe:/o:suse:suse_sled:11:sp4Security update for kvm (Important)SUSE Linux Enterprise Desktop 11 SP4
This update for kvm fixes the following issues:
Security issues fixed:
- CVE-2015-7512: The receive packet size is now checked in the emulated
pcnet driver, eliminating buffer overflow and potential security
issue by malicious guest systems. (bsc#957162)
- CVE-2015-8345: A infinite loop in processing command block list was fixed that could be
exploit by malicious guest systems (bsc#956829).
Other bugs fixed:
- To assist users past the migration incompatibility discussed in
bsc#950590 (restore migration compatibility with SLE11 SP3 and
SLE12, at the unfortunate expense to prior SLE11 SP4 kvm release
compatability when a virtio-net device is used), print a message
which references the support document TID 7017048.
See https://www.suse.com/support/kb/doc.php?id=7017048
- Fix cases of wrong clock values in kvmclock timekeeping
(bsc#947164 and bsc#953187)
- Enforce pxe rom sizes to ensure migration compatibility.
(bsc#950590)
- Fix kvm live migration fails between sles11 sp3 and sp4 (bsc#950590)
ImportantSUSE bug 947164SUSE bug 950590SUSE bug 953187SUSE bug 956829SUSE bug 957162CVE-2015-7512CVE-2015-8345cpe:/o:suse:suse_sled:11:sp4Security update for libgcrypt (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update fixes the following issues:
* Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
(bsc#920057)
* Fixed data-dependent timing variations in modular exponentiation
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
are Practical]
ModerateSUSE bug 920057CVE-2014-3591CVE-2015-0837cpe:/o:suse:suse_sled:11:sp4Security update for libksba (Moderate)SUSE Linux Enterprise Desktop 11 SP4
The libksba package was updated to fix the following security issues:
- Fixed an integer overflow, an out of bounds read and a stack overflow issues (bsc#926826).
ModerateSUSE bug 926826cpe:/o:suse:suse_sled:11:sp4Security update for libmspack (Moderate)SUSE Linux Enterprise Desktop 11 SP4
libmspack was updated to fix several security vulnerabilities.
- Fix null pointer dereference on a crafted CAB. (bsc#934524, CVE-2014-9732)
- Fix denial of service while processing crafted CHM file. (bsc#934525, CVE-2015-4467)
- Fix denial of service while processing crafted CHM file. (bsc#934529, CVE-2015-4472)
- Fix pointer arithmetic overflow during CHM decompression. (bsc#934526, CVE-2015-4469)
- Fix off-by-one buffer over-read in mspack/mszipd.c. (bsc#934527, CVE-2015-4470)
- Fix off-by-one buffer under-read in mspack/lzxd.c. (bsc#934528, CVE-2015-4471)
ModerateSUSE bug 934524SUSE bug 934525SUSE bug 934526SUSE bug 934527SUSE bug 934528SUSE bug 934529CVE-2014-9732CVE-2015-4467CVE-2015-4469CVE-2015-4470CVE-2015-4471CVE-2015-4472cpe:/o:suse:suse_sled:11:sp4Security update for libotr (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update for libotr fixes the following issues:
- Apply 'libotr-CVE-2016-2851.patch' to fix integer overflows that
used to occur on 64-bit architectures when receiving 4GB messages.
This flaw could potentially have been exploited by an attacker to
remotely execute arbitrary code on the user's machine.
(CVE-2016-2851, bsc#969785)
ModerateSUSE bug 969785CVE-2016-2851cpe:/o:suse:suse_sled:11:sp4Security update for libpng12-0 (Moderate)SUSE Linux Enterprise Desktop 11 SP4
The libpng12-0 package was updated to fix the following security issues:
- CVE-2015-8126: Fixed a buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions (bsc#954980).
- CVE-2015-7981: Fixed an out-of-bound read (bsc#952051).
ModerateSUSE bug 952051SUSE bug 954980CVE-2015-7981CVE-2015-8126cpe:/o:suse:suse_sled:11:sp4Security update for libpng12-0 (Moderate)SUSE Linux Enterprise Desktop 11 SP4
- security update:
This update fixes the following securit issue:
* CVE-2015-8126 Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions
allow remote attackers to cause a denial of service (application crash) or possibly have
unspecified other impact [bsc#954980]
ModerateSUSE bug 954980CVE-2015-8126cpe:/o:suse:suse_sled:11:sp4Recommended update for LibreOffice (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update brings LibreOffice to version 5.0.4, a major version update.
It brings lots of new features, bug fixes and also security fixes.
Features as seen on http://www.libreoffice.org/discover/new-features/
* LibreOffice 5.0 ships an impressive number of new features for
its spreadsheet module, Calc: complex formulae image cropping, new
functions, more powerful conditional formatting, table addressing
and much more. Calc's blend of performance and features makes it
an enterprise-ready, heavy duty spreadsheet application capable of
handling all kinds of workload for an impressive range of use cases
* New icons, major improvements to menus and sidebar : no other
LibreOffice version has looked that good and helped you be creative and
get things done the right way. In addition, style management is now more
intuitive thanks to the visualization of styles right in the interface.
* LibreOffice 5 ships with numerous improvements to document import and
export filters for MS Office, PDF, RTF, and more. You can now timestamp
PDF documents generated with LibreOffice and enjoy enhanced document
conversion fidelity all around.
The Pentaho Flow Reporting Engine is now added and used.
Security issues fixed:
* CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c
in the Unicode Bidirectional Algorithm implementation in ICU4C in
International Components for Unicode (ICU) before 55.1 did not properly
track directionally isolated pieces of text, which allowed remote
attackers to cause a denial of service (heap-based buffer overflow)
or possibly execute arbitrary code via crafted text.
* CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c
in the Unicode Bidirectional Algorithm implementation in ICU4C in
International Components for Unicode (ICU) before 55.1 used an integer
data type that is inconsistent with a header file, which allowed remote
attackers to cause a denial of service (incorrect malloc followed by
invalid free) or possibly execute arbitrary code via crafted text.
* CVE-2015-4551: An arbitrary file disclosure vulnerability in Libreoffice
and Openoffice Calc and Writer was fixed.
* CVE-2015-5212: A LibreOffice 'PrinterSetup Length' integer underflow
vulnerability could be used by attackers supplying documents to execute
code as the user opening the document.
* CVE-2015-5213: A LibreOffice 'Piece Table Counter' invalid check design
error vulnerability allowed attackers supplying documents to execute
code as the user opening the document.
* CVE-2015-5214: Multiple Vendor LibreOffice Bookmark Status Memory
Corruption Vulnerability allowed attackers supplying documents to execute
code as the user opening the document.
ModerateSUSE bug 306333SUSE bug 547549SUSE bug 668145SUSE bug 679938SUSE bug 681560SUSE bug 688200SUSE bug 718113SUSE bug 73544SUSE bug 806250SUSE bug 857026SUSE bug 889755SUSE bug 890735SUSE bug 907636SUSE bug 907966SUSE bug 910805SUSE bug 910806SUSE bug 914911SUSE bug 934423SUSE bug 936188SUSE bug 936190SUSE bug 939996SUSE bug 940838SUSE bug 943075SUSE bug 945047SUSE bug 945692SUSE bug 951579SUSE bug 954345CVE-2014-8146CVE-2014-8147CVE-2014-9093CVE-2015-4551CVE-2015-5212CVE-2015-5213CVE-2015-5214cpe:/o:suse:suse_sled:11:sp4Security update for librsvg (Important)SUSE Linux Enterprise Desktop 11 SP4
librsvg was updated to fix one security issue.
This security issue was fixed:
- CVE-2013-1881: GNOME libsvg allowed remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (bsc#840753).
ImportantSUSE bug 840753CVE-2013-1881cpe:/o:suse:suse_sled:11:sp4Security update for libsndfile (Moderate)SUSE Linux Enterprise Desktop 11 SP4
The libsndfile package was updated to fix the following security issue:
- CVE-2014-9756: Fixed a divide by zero problem that can lead to a Denial of Service (DoS) (bsc#953521).
- CVE-2015-7805: Fixed heap overflow issue (bsc#953516).
ModerateSUSE bug 953516SUSE bug 953521CVE-2014-9756CVE-2015-7805cpe:/o:suse:suse_sled:11:sp4Security update for libssh (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update for libssh fixes the following issues:
CVE-2016-0739: Fix Weakness in diffie-hellman secret key generation. (bsc#965875)
ModerateSUSE bug 965875CVE-2016-0739cpe:/o:suse:suse_sled:11:sp4Security update for libssh2_org (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update for libssh2_org fixes the following issues:
- Add SHA256 support for DH group exchange (fate#320343, bsc#961964)
- fix CVE-2016-0787 (bsc#967026)
* Weakness in diffie-hellman secret key generation lead to much shorter DH groups
then needed, which could be used to retrieve server keys.
ModerateSUSE bug 961964SUSE bug 967026CVE-2016-0787cpe:/o:suse:suse_sled:11:sp4Security update for libvdpau (Moderate)SUSE Linux Enterprise Desktop 11 SP4
libvdpau was updated to use secure_getenv() instead of getenv() for several variables
so it can be more safely used in setuid applications.
* CVE-2015-5198: libvdpau: incorrect check for security transition (bnc#943967)
* CVE-2015-5199: libvdpau: directory traversal in dlopen (bnc#943968)
* CVE-2015-5200: libvdpau: vulnerability in trace functionality (bnc#943969)
ModerateSUSE bug 943967SUSE bug 943968SUSE bug 943969CVE-2015-5198CVE-2015-5199CVE-2015-5200cpe:/o:suse:suse_sled:11:sp4Security update for libvirt (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update for libvirt fixes the following issues:
Security issue:
- CVE-2015-5313: directory directory traversal privilege
escalation vulnerability. (bsc#953110)
Bugs fixed:
- bsc#960305: xenxs: support parsing and formatting vif bandwidth
- bsc#961173: xen: use correct domctl version in domaininfolist union
- bsc#959094: xen: Disable building xen-inotify subdriver. It is unmaintained
and contains bugs that can cause client connection failures.
- bsc#948686: qemu: Use PAUSED state for domains that are starting up
- bsc#948516: Fix profile_status to distringuish between errors and unconfined
domains.
ModerateSUSE bug 948516SUSE bug 948686SUSE bug 953110SUSE bug 959094SUSE bug 960305SUSE bug 961173CVE-2015-5313cpe:/o:suse:suse_sled:11:sp4Security update for LibVNCServer (Moderate)SUSE Linux Enterprise Desktop 11 SP4
The libvncserver package was updated to fix the following security issues:
- bsc#897031: fix several security issues:
* CVE-2014-6051: Integer overflow in MallocFrameBuffer() on client side.
* CVE-2014-6052: Lack of malloc() return value checking on client side.
* CVE-2014-6053: Server crash on a very large ClientCutText message.
* CVE-2014-6054: Server crash when scaling factor is set to zero.
* CVE-2014-6055: Multiple stack overflows in File Transfer feature.
ModerateSUSE bug 897031CVE-2014-6051CVE-2014-6052CVE-2014-6053CVE-2014-6054CVE-2014-6055cpe:/o:suse:suse_sled:11:sp4Security update for libwmf (Moderate)SUSE Linux Enterprise Desktop 11 SP4
libwmf was updated to fix four security issues.
These security issues were fixed:
- CVE-2015-4588: Heap-based buffer overflow in the DecodeImage function allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted 'run-length count' in an image in a WMF file (bsc#933109).
- CVE-2015-0848: Heap-based buffer overflow allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image (bsc#933109).
- CVE-2015-4696: Use-after-free vulnerability allowed remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command (bsc#936062).
- CVE-2015-4695: meta.h allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file (bsc#936058).
ModerateSUSE bug 831299SUSE bug 933109SUSE bug 936058SUSE bug 936062CVE-2015-0848CVE-2015-4588CVE-2015-4695CVE-2015-4696cpe:/o:suse:suse_sled:11:sp4Security update for libxml2 (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update fixes the following security issues:
* CVE-2015-1819 Enforce the reader to run in constant memory [bnc#928193]
* CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors [bnc#951734]
* CVE-2015-7942 Fix another variation of overflow in Conditional sections [bnc#951735]
* CVE-2015-8241 Avoid extra processing of MarkupDecl when EOF [bnc#956018]
* CVE-2015-8242 Buffer overead with HTML parser in push mode [bnc#956021]
* CVE-2015-8317 Return if the encoding declaration is broken or encoding conversion failed [bnc#956260]
* CVE-2015-5312 Fix another entity expansion issue [bnc#957105]
* CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey [bnc#957106]
* CVE-2015-7498 Processes entities after encoding conversion failures [bnc#957107]
* CVE-2015-7499 Add xmlHaltParser() to stop the parser / Detect incoherency on GROW [bnc#957109]
* CVE-2015-7500 Fix memory access error due to incorrect entities boundaries [bnc#957110]
ModerateSUSE bug 928193SUSE bug 951734SUSE bug 951735SUSE bug 956018SUSE bug 956021SUSE bug 956260SUSE bug 957105SUSE bug 957106SUSE bug 957107SUSE bug 957109SUSE bug 957110CVE-2015-1819CVE-2015-5312CVE-2015-7497CVE-2015-7498CVE-2015-7499CVE-2015-7500CVE-2015-7941CVE-2015-7942CVE-2015-8241CVE-2015-8242CVE-2015-8317cpe:/o:suse:suse_sled:11:sp4Security update for libxml2 (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update for libxml2 fixes the following security issue:
- CVE-2015-8710: Parsing short unclosed HTML comment could cause uninitialized memory access, which allowed remote attackers to read contents from previous HTTP requests depending on the application (bsc#960674)
ModerateSUSE bug 960674CVE-2015-8710cpe:/o:suse:suse_sled:11:sp4Security update for lxc (Moderate)SUSE Linux Enterprise Desktop 11 SP4
lxc was update to fix one security issue.
The following vulnerability was fixed:
* CVE-2015-1335: A directory traversal flaw while lxc-start is initially setting up the mounts for a container (bsc#946744)
ModerateSUSE bug 946744CVE-2015-1335cpe:/o:suse:suse_sled:11:sp4Security update for mono-core (Moderate)SUSE Linux Enterprise Desktop 11 SP4
mono-core was updated to fix the following vulnerabilities:
- CVE-2009-0689: Remote attackers could cause a denial of service and possibly arbitrary code execution through the string-to-double parser implementation (bsc#958097)
- CVE-2012-3543: Remote attackers could cause a denial of service through increased CPU consumption due to lack of protection against predictable hash collisions when processing form parameters (bsc#739119)
ModerateSUSE bug 739119SUSE bug 958097CVE-2009-0689CVE-2012-3543cpe:/o:suse:suse_sled:11:sp4Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nss (Important)SUSE Linux Enterprise Desktop 11 SP4
This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues: (bsc#963520)
Mozilla Firefox was updated to 38.6.0 ESR.
Mozilla NSS was updated to 3.20.2.
The following vulnerabilities were fixed:
- CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632)
- CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (bsc#963635)
- CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results (bsc#963731)
The following improvements were added:
- bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites
- Tracking protection is now enabled by default
ImportantSUSE bug 954447SUSE bug 963520SUSE bug 963632SUSE bug 963635SUSE bug 963731CVE-2016-1930CVE-2016-1935CVE-2016-1938cpe:/o:suse:suse_sled:11:sp4Security update for mozilla-nspr (Moderate)SUSE Linux Enterprise Desktop 11 SP4
mozilla-nspr was update to version 4.10.8 ModerateSUSE bug 935979cpe:/o:suse:suse_sled:11:sp4Security update for mozilla-nss (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update contains mozilla-nss 3.19.2.2 and fixes the following security issue:
- CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (bsc#959888)
ModerateSUSE bug 959888CVE-2015-7575cpe:/o:suse:suse_sled:11:sp4Security update for mysql (Moderate)SUSE Linux Enterprise Desktop 11 SP4
MySQL was updated to version 5.5.45, fixing bugs and security issues.
A list of all changes can be found on:
- http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html
- http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html
To fix the 'BACKRONYM' security issue (CVE-2015-3152) the behaviour of
the SSL options was changed slightly to meet expectations:
Now using '--ssl-verify-server-cert' and '--ssl[-*]' implies that the ssl
connection is required. The mysql client will now print an error
if ssl is required, but the server can not handle a ssl
connection [bnc#924663], [bnc#928962], [CVE-2015-3152]
Additional bugs fixed:
- fix rc.mysql-multi script to start instances after restart
properly [bnc#934401].
ModerateSUSE bug 924663SUSE bug 928962SUSE bug 934401SUSE bug 938412CVE-2015-2582CVE-2015-2611CVE-2015-2617CVE-2015-2620CVE-2015-2639CVE-2015-2641CVE-2015-2643CVE-2015-2648CVE-2015-2661CVE-2015-3152CVE-2015-4737CVE-2015-4752CVE-2015-4756CVE-2015-4757CVE-2015-4761CVE-2015-4767CVE-2015-4769CVE-2015-4771CVE-2015-4772cpe:/o:suse:suse_sled:11:sp4Security update for mysql (Moderate)SUSE Linux Enterprise Desktop 11 SP4
The mysql package was updated to version 5.5.46 to fixs several security and non security issues.
- bnc#951391: update to version 5.5.46
* changes:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html
* fixed CVEs:
CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789,
CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800,
CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819,
CVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836,
CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864,
CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890,
CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910,
CVE-2015-4913
- bnc#952196: Fixed a build error for ppc*, s390* and ia64 architectures.
ModerateSUSE bug 951391SUSE bug 952196CVE-2015-0286CVE-2015-0288CVE-2015-1789CVE-2015-1793CVE-2015-4730CVE-2015-4766CVE-2015-4792CVE-2015-4800CVE-2015-4802CVE-2015-4815CVE-2015-4816CVE-2015-4819CVE-2015-4826CVE-2015-4830CVE-2015-4833CVE-2015-4836CVE-2015-4858CVE-2015-4861CVE-2015-4862CVE-2015-4864CVE-2015-4866CVE-2015-4870CVE-2015-4879CVE-2015-4890CVE-2015-4895CVE-2015-4904CVE-2015-4905CVE-2015-4910CVE-2015-4913cpe:/o:suse:suse_sled:11:sp4Security update for mysql (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update to MySQL 5.5.47 fixes the following issues (bsc#962779):
- CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.
- CVE-2016-0502: Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
- CVE-2016-0505: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Options.
- CVE-2016-0546: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client.
- CVE-2016-0596: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML.
- CVE-2016-0597: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
- CVE-2016-0598: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML.
- CVE-2016-0600: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
- CVE-2016-0606: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect integrity via unknown vectors related to encryption.
- CVE-2016-0608: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to UDF.
- CVE-2016-0609: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to privileges.
- CVE-2016-0616: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
- bsc#959724: Possible buffer overflow from incorrect use of strcpy() and sprintf()
The following bugs were fixed:
- bsc#960961: Incorrect use of plugin-load option in default_plugins.cnf
ModerateSUSE bug 959724SUSE bug 960961SUSE bug 962779CVE-2015-7744CVE-2016-0502CVE-2016-0505CVE-2016-0546CVE-2016-0596CVE-2016-0597CVE-2016-0598CVE-2016-0600CVE-2016-0606CVE-2016-0608CVE-2016-0609CVE-2016-0616cpe:/o:suse:suse_sled:11:sp4Security update for net-snmp (Moderate)SUSE Linux Enterprise Desktop 11 SP4
net-snmp was updated to fix one security vulnerability and several bugs.
- fix a vulnerability within the snmp_pdu_parse() function of snmp_api.c. (bnc#940188, CVE-2015-5621)
- Add build requirement 'procps' to fix a net-snmp-config error. (bsc#935863)
- add support for /dev/shm in snmp hostmib (bnc#853382, FATE#316893).
- stop snmptrapd on package removal.
ModerateSUSE bug 853382SUSE bug 935863SUSE bug 940188CVE-2015-5621cpe:/o:suse:suse_sled:11:sp4Security update for ntp (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This ntp update provides the following security and non security fixes:
- Update to 4.2.8p4 to fix several security issues (bsc#951608):
* CVE-2015-7871: NAK to the Future: Symmetric association
authentication bypass via crypto-NAK
* CVE-2015-7855: decodenetnum() will ASSERT botch instead of
returning FAIL on some bogus values
* CVE-2015-7854: Password Length Memory Corruption Vulnerability
* CVE-2015-7853: Invalid length data provided by a custom
refclock driver could cause a buffer overflow
* CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability
* CVE-2015-7851 saveconfig Directory Traversal Vulnerability
* CVE-2015-7850 remote config logfile-keyfile
* CVE-2015-7849 trusted key use-after-free
* CVE-2015-7848 mode 7 loop counter underrun
* CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC
* CVE-2015-7703 configuration directives 'pidfile' and
'driftfile' should only be allowed locally
* CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should
validate the origin timestamp field
* CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey
data packet length checks
- Use ntpq instead of deprecated ntpdc in start-ntpd (bnc#936327).
- Add a controlkey to ntp.conf to make the above work.
- Improve runtime configuration:
* Read keytype from ntp.conf
* Don't write ntp keys to syslog.
- Don't let 'keysdir' lines in ntp.conf trigger the 'keys' parser.
- Fix the comment regarding addserver in ntp.conf (bnc#910063).
- Remove ntp.1.gz, it wasn't installed anymore.
- Remove ntp-4.2.7-rh-manpages.tar.gz and only keep ntptime.8.gz.
The rest is partially irrelevant, partially redundant and
potentially outdated (bsc#942587).
- Remove 'kod' from the restrict line in ntp.conf (bsc#944300).
- Use SHA1 instead of MD5 for symmetric keys (bsc#905885).
- Require perl-Socket6 (bsc#942441).
- Fix incomplete backporting of 'rcntp ntptimemset'.
ModerateSUSE bug 905885SUSE bug 910063SUSE bug 936327SUSE bug 942441SUSE bug 942587SUSE bug 944300SUSE bug 951608CVE-2015-7691CVE-2015-7692CVE-2015-7701CVE-2015-7702CVE-2015-7703CVE-2015-7704CVE-2015-7705CVE-2015-7848CVE-2015-7849CVE-2015-7850CVE-2015-7851CVE-2015-7852CVE-2015-7853CVE-2015-7854CVE-2015-7855CVE-2015-7871cpe:/o:suse:suse_sled:11:sp4Recommended update for openldap2 (Moderate)SUSE Linux Enterprise Desktop 11 SP4
openldap2 was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-4000: The Logjam Attack / weakdh.org (bsc#937766).
This non-security issue was fixed:
- bsc#932773: ldapmodify failed with DOS format LDIF files containing '-' separator.
ModerateSUSE bug 924496SUSE bug 932773SUSE bug 937766CVE-2015-4000cpe:/o:suse:suse_sled:11:sp4Security update for openldap2 (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update fixes the following security issue:
- CVE-2015-6908. Passing a crafted packet to the function ber_get_next(),
an attacker may cause a remote denial of service, crashing the OpenLDAP server (bsc#945582).
ModerateSUSE bug 945582CVE-2015-6908cpe:/o:suse:suse_sled:11:sp4Security update for openssh (Moderate)SUSE Linux Enterprise Desktop 11 SP4
OpenSSH was updated to fix several security issues and bugs.
Please note that due to a bug in the previous shipped openssh version, sshd might
not correctly restart. Please verify that the ssh daemon is running after installing
this update.
These security issues were fixed:
* CVE-2015-5352: The x11_open_helper function, when ForwardX11Trusted mode
is not used, lacked a check of the refusal deadline for X connections,
which made it easier for remote attackers to bypass intended access
restrictions via a connection outside of the permitted time window.
(bsc#936695)
* CVE-2015-5600: The kbdint_next_device function in auth2-chall.c
in sshd did not properly restrict the processing of keyboard-interactive
devices within a single connection, which made it easier for remote
attackers to conduct brute-force attacks or cause a denial of service
(CPU consumption) via a long and duplicative list in the ssh
-oKbdInteractiveDevices option, as demonstrated by a modified client
that provides a different password for each pam element on this list.
(bsc#938746)
* CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM.
(bsc#932483)
* Hardening patch to fix sftp RCE. (bsc#903649)
* CVE-2015-6563: The monitor component in sshd accepted extraneous username
data in MONITOR_REQ_PAM_INIT_CTX requests, which allowed local users to
conduct impersonation attacks by leveraging any SSH login access in
conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM
request, related to monitor.c and monitor_wrap.c.
* CVE-2015-6564: Use-after-free vulnerability in the mm_answer_pam_free_ctx
function in monitor.c in sshd might have allowed local users to gain
privileges by leveraging control of the sshd uid to send an unexpectedly
early MONITOR_REQ_PAM_FREE_CTX request.
Additional a bug was fixed that could lead to openssh not working in
chroot (bsc#947458).
ModerateSUSE bug 903649SUSE bug 932483SUSE bug 936695SUSE bug 938746SUSE bug 939932SUSE bug 943006SUSE bug 943010SUSE bug 945484SUSE bug 945493SUSE bug 947458CVE-2015-4000CVE-2015-5352CVE-2015-5600CVE-2015-6563CVE-2015-6564cpe:/o:suse:suse_sled:11:sp4Security update for openssh (Critical)SUSE Linux Enterprise Desktop 11 SP4
This update for openssh fixes the following issues:
- CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client's private key through the roaming feature (bsc#961642)
- CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflow in the OpenSSH client through the roaming feature (bsc#961645)
This update disables the undocumented feature supported by the OpenSSH client and a commercial SSH server.
CriticalSUSE bug 961642SUSE bug 961645CVE-2016-0777CVE-2016-0778cpe:/o:suse:suse_sled:11:sp4Security update for openssl (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update for openssl fixes the following issues:
- CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure
OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS
routines so any application which reads PKCS#7 or CMS data from untrusted
sources is affected. SSL/TLS is not affected. (bsc#957812)
- Prevent segfault in s_client with invalid options (bsc#952099)
ModerateSUSE bug 952099SUSE bug 957812CVE-2015-3195cpe:/o:suse:suse_sled:11:sp4Security update for openssl (Important)SUSE Linux Enterprise Desktop 11 SP4
This update for openssl fixes various security issues and bugs:
Security issues fixed:
- CVE-2016-0800 aka the 'DROWN' attack (bsc#968046):
OpenSSL was vulnerable to a cross-protocol attack that could lead to
decryption of TLS sessions by using a server supporting SSLv2 and
EXPORT cipher suites as a Bleichenbacher RSA padding oracle.
This update changes the openssl library to:
* Disable SSLv2 protocol support by default.
This can be overridden by setting the environment variable
'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the
SSL_OP_NO_SSLv2 flag.
Note that various services and clients had already disabled SSL
protocol 2 by default previously.
* Disable all weak EXPORT ciphers by default. These can be reenabled
if required by old legacy software using the environment variable
'OPENSSL_ALLOW_EXPORT'.
- CVE-2016-0705 (bnc#968047):
A double free() bug in the DSA ASN1 parser code was fixed that could
be abused to facilitate a denial-of-service attack.
- CVE-2016-0797 (bnc#968048):
The BN_hex2bn() and BN_dec2bn() functions had a bug that could result
in an attempt to de-reference a NULL pointer leading to crashes.
This could have security consequences if these functions were ever
called by user applications with large untrusted hex/decimal data. Also,
internal usage of these functions in OpenSSL uses data from config files
or application command line arguments. If user developed applications
generated config file data based on untrusted data, then this could
have had security consequences as well.
- CVE-2016-0799 (bnc#968374)
On many 64 bit systems, the internal fmtstr() and doapr_outch()
functions could miscalculate the length of a string and attempt to
access out-of-bounds memory locations. These problems could have
enabled attacks where large amounts of untrusted data is passed to
the BIO_*printf functions. If applications use these functions in
this way then they could have been vulnerable. OpenSSL itself uses
these functions when printing out human-readable dumps of ASN.1
data. Therefore applications that print this data could have been
vulnerable if the data is from untrusted sources. OpenSSL command line
applications could also have been vulnerable when they print out ASN.1
data, or if untrusted data is passed as command line arguments. Libssl
is not considered directly vulnerable.
- CVE-2015-3197 (bsc#963415):
The SSLv2 protocol did not block disabled ciphers.
Note that the March 1st 2016 release also references following CVEs
that were fixed by us with CVE-2015-0293 in 2015:
- CVE-2016-0703 (bsc#968051): This issue only affected versions of
OpenSSL prior to March 19th 2015 at which time the code was refactored
to address vulnerability CVE-2015-0293. It would have made the above
'DROWN' attack much easier.
- CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2'
This issue only affected versions of OpenSSL prior to March 19th
2015 at which time the code was refactored to address vulnerability
CVE-2015-0293. It would have made the above 'DROWN' attack much easier.
Also fixes the following bug:
- Avoid running OPENSSL_config twice. This avoids breaking
engine loading and also fixes a memory leak in libssl. (bsc#952871 bsc#967787)
ImportantSUSE bug 952871SUSE bug 963415SUSE bug 967787SUSE bug 968046SUSE bug 968047SUSE bug 968048SUSE bug 968051SUSE bug 968053SUSE bug 968374CVE-2015-3197CVE-2016-0702CVE-2016-0703CVE-2016-0705CVE-2016-0797CVE-2016-0799CVE-2016-0800cpe:/o:suse:suse_sled:11:sp4Security update for orca (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This orca update fixes the following security issue.
- Don't try to import modules from current working directory (bsc#916835, CVE-2013-4245).
ModerateSUSE bug 916835CVE-2013-4245cpe:/o:suse:suse_sled:11:sp4Security update for postgresql94 (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update of postgresql94 to 9.4.5 fixes the following issues:
* CVE-2015-5289: json or jsonb input values constructed from arbitrary user input could have crashed the PostgreSQL server and caused a denial of service (bsc#949670)
* CVE-2015-5288: crypt() (pgCrypto extension) couldi potentially be exploited to read a few additional bytes of memory (bsc#949669)
Also contains all changes and bugfixes in the upstream 9.4.5 release:
http://www.postgresql.org/docs/current/static/release-9-4-5.html
ModerateSUSE bug 949669SUSE bug 949670CVE-2015-5288CVE-2015-5289cpe:/o:suse:suse_sled:11:sp4Security update for postgresql94 (Important)SUSE Linux Enterprise Desktop 11 SP4
This update for postgresql94 fixes the following issues:
- Security and bugfix release 9.4.6:
* *** IMPORTANT ***
Users of version 9.4 will need to reindex any jsonb_path_ops
indexes they have created, in order to fix a persistent issue
with missing index entries.
* Fix infinite loops and buffer-overrun problems in regular
expressions (CVE-2016-0773, bsc#966436).
* Fix regular-expression compiler to handle loops of constraint
arcs (CVE-2007-4772).
* Prevent certain PL/Java parameters from being set by
non-superusers (CVE-2016-0766, bsc#966435).
* Fix many issues in pg_dump with specific object types
* Prevent over-eager pushdown of HAVING clauses for
GROUPING SETS
* Fix deparsing error with ON CONFLICT ... WHERE clauses
* Fix tableoid errors for postgres_fdw
* Prevent floating-point exceptions in pgbench
* Make \det search Foreign Table names consistently
* Fix quoting of domain constraint names in pg_dump
* Prevent putting expanded objects into Const nodes
* Allow compile of PL/Java on Windows
* Fix 'unresolved symbol' errors in PL/Python execution
* Allow Python2 and Python3 to be used in the same database
* Add support for Python 3.5 in PL/Python
* Fix issue with subdirectory creation during initdb
* Make pg_ctl report status correctly on Windows
* Suppress confusing error when using pg_receivexlog with older
servers
* Multiple documentation corrections and additions
* Fix erroneous hash calculations in gin_extract_jsonb_path()
- For the full release notse, see:
http://www.postgresql.org/docs/9.4/static/release-9-4-6.html
- Security and bugfix release 9.4.5:
* CVE-2015-5289, bsc#949670: json or jsonb input values
constructed from arbitrary user input can crash the PostgreSQL
server and cause a denial of service.
* CVE-2015-5288, bsc#949669: The crypt() function included with
the optional pgCrypto extension could be exploited to read a
few additional bytes of memory. No working exploit for this
issue has been developed.
- For the full release notse, see:
http://www.postgresql.org/docs/current/static/release-9-4-5.html
- Relax dependency on libpq to major version.
ImportantSUSE bug 949669SUSE bug 949670SUSE bug 966435SUSE bug 966436CVE-2007-4772CVE-2015-5288CVE-2015-5289CVE-2016-0766CVE-2016-0773cpe:/o:suse:suse_sled:11:sp4Recommended update for python-setuptools (Moderate)SUSE Linux Enterprise Desktop 11 SP4
python-setuptools was updated to fix one security issue.
The following vulnerability was fixed:
* CVE-2013-7440: Non-RFC6125-compliant host name matching was incorrect (bsc#930189)
ModerateSUSE bug 930189CVE-2013-7440cpe:/o:suse:suse_sled:11:sp4Security update for rpcbind (Moderate)SUSE Linux Enterprise Desktop 11 SP4
A use-after-free security bug in rpcbind was fixed which could lead to a remote denial of service.
ModerateSUSE bug 940191SUSE bug 946204CVE-2015-7236cpe:/o:suse:suse_sled:11:sp4Security update for rsync (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update for rsync fixes two security issues:
- CVE-2014-8242: Checksum collisions leading to a denial of service (bsc#900914)
- CVE-2014-9512: Malicious servers could send files outside of the transferred directory (bsc#915410)
ModerateSUSE bug 900914SUSE bug 915410CVE-2014-8242CVE-2014-9512cpe:/o:suse:suse_sled:11:sp4Security update for samba (Important)SUSE Linux Enterprise Desktop 11 SP4
This update for samba fixes the following issues:
Security issue fixed:
- CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link
target; (bso#11648); (bsc#968222).
Bug fixed:
- Fix leaking memory in libsmbclient: Add missing talloc
stackframe; (bso#11177); (bsc#967017).
ImportantSUSE bug 967017SUSE bug 968222CVE-2015-7560cpe:/o:suse:suse_sled:11:sp4Security update for samba (Important)SUSE Linux Enterprise Desktop 11 SP4
This update for Samba fixes the following security issues:
- CVE-2015-5330: Remote read memory exploit in LDB (bnc#958586)
- CVE-2015-5252: Insufficient symlink verification (file access outside the share) (bnc#958582)
- CVE-2015-5296: No man in the middle protection when forcing smb encryption on the client side (bnc#958584)
- CVE-2015-5299: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2) (bnc#958583)
Non-security issues fixed:
- Prevent null pointer access in samlogon fallback when security credentials are null (bnc#949022)
- Ensure samlogon fall-back requests are rerouted after kerberos failure (bnc#953382)
- Ensure 'Your account is disabled' message is displayed when attempting to ssh into locked account (bnc#953382)
- Address unrecoverable winbind failure: 'key length too large' (bnc#934299)
- Take resource group sids into account when caching netsamlogon data (bnc#912457)
- Fix lookup of groups with 'Local Domain' scope from Active Directory (bnc#948244)
- dependency issue with samba-winbind (bnc#936909)
ImportantSUSE bug 295284SUSE bug 912457SUSE bug 934299SUSE bug 936909SUSE bug 948244SUSE bug 949022SUSE bug 953382SUSE bug 958582SUSE bug 958583SUSE bug 958584SUSE bug 958586CVE-2015-5252CVE-2015-5296CVE-2015-5299CVE-2015-5330cpe:/o:suse:suse_sled:11:sp4Security update for sblim-sfcb (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update of sblim-sfcb fixes a potential NULL pointer crash in lookupProviders() (CVE-2015-5185).
ModerateSUSE bug 942628CVE-2015-5185cpe:/o:suse:suse_sled:11:sp4Security update for socat (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update for socat fixes the following issues:
- CVE-2013-3571: Fix a file descriptor leak that could have been misused for a denial of service attack against socat running in server mode (bsc#821985)
- CVE-2014-0019: PROXY-CONNECT address was vulnerable to a stack buffer overflow (bsc#860991)
- Fix a stack overflow in the parser that could have been leveraged to execute arbitrary code (bsc#964844)
ModerateSUSE bug 821985SUSE bug 860991SUSE bug 964844CVE-2013-3571CVE-2014-0019cpe:/o:suse:suse_sled:11:sp4Security update for strongswan (Moderate)SUSE Linux Enterprise Desktop 11 SP4
The strongswan package was updated to fix the following security issue:
- CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin (bsc#953817).
ModerateSUSE bug 953817CVE-2015-8023cpe:/o:suse:suse_sled:11:sp4Security update for tidy (Low)SUSE Linux Enterprise Desktop 11 SP4
This update fixes two heap-based buffer overflows in tidy/libtidy. These vulnerabilities
could allow remote attackers to cause a denial of service (crash) via vectors involving
a command character in an href. (CVE-2015-5522, CVE-2015-5523)
LowSUSE bug 933588CVE-2015-5522CVE-2015-5523cpe:/o:suse:suse_sled:11:sp4Security update for tiff (Moderate)SUSE Linux Enterprise Desktop 11 SP4
tiff was updated to fix six security issues found by fuzzing initiatives.
These security issues were fixed:
- CVE-2014-8127: Out-of-bounds write (bnc#914890).
- CVE-2014-8128: Out-of-bounds write (bnc#914890).
- CVE-2014-8129: Out-of-bounds write (bnc#914890).
- CVE-2014-8130: Out-of-bounds write (bnc#914890).
- CVE-2014-9655: Access of uninitialized memory (bnc#916927).
ModerateSUSE bug 914890SUSE bug 916927CVE-2014-8127CVE-2014-8128CVE-2014-8129CVE-2014-8130CVE-2014-9655cpe:/o:suse:suse_sled:11:sp4Security update for tiff (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update for tiff fixes the following issues:
- CVE-2015-8781, CVE-2015-8782, CVE-2015-8783: Out-of-bounds writes for invalid images (bsc#964225)
- CVE-2015-7554: Out-of-bounds Write in the thumbnail and tiffcmp tools (bsc#960341)
ModerateSUSE bug 960341SUSE bug 964225CVE-2015-7554CVE-2015-8781CVE-2015-8782CVE-2015-8783cpe:/o:suse:suse_sled:11:sp4Security update for vorbis-tools (Moderate)SUSE Linux Enterprise Desktop 11 SP4
vorbis-tools was updated to fix several security issues.
- A buffer overflow in aiff_open() that could be triggered
by opening prepared malicious files (CVE-2015-6749, bsc#943795).
- A division by zero and integer overflow by crafted WAV files was fixed
(CVE-2014-9638, CVE-2014-9639, bnc#914439, bnc#914441).
ModerateSUSE bug 914439SUSE bug 914441SUSE bug 943795CVE-2014-9638CVE-2014-9639CVE-2015-6749cpe:/o:suse:suse_sled:11:sp4Security update for wireshark (Moderate)SUSE Linux Enterprise Desktop 11 SP4
Wireshark has been updated to 1.12.7. (FATE#319388)
The following vulnerabilities have been fixed:
* Wireshark could crash when adding an item to the protocol tree. wnpa-sec-2015-21 CVE-2015-6241
* Wireshark could attempt to free invalid memory. wnpa-sec-2015-22 CVE-2015-6242
* Wireshark could crash when searching for a protocol dissector. wnpa-sec-2015-23 CVE-2015-6243
* The ZigBee dissector could crash. wnpa-sec-2015-24 CVE-2015-6244
* The GSM RLC/MAC dissector could go into an infinite loop. wnpa-sec-2015-25 CVE-2015-6245
* The WaveAgent dissector could crash. wnpa-sec-2015-26 CVE-2015-6246
* The OpenFlow dissector could go into an infinite loop. wnpa-sec-2015-27 CVE-2015-6247
* Wireshark could crash due to invalid ptvcursor length checking. wnpa-sec-2015-28 CVE-2015-6248
* The WCCP dissector could crash. wnpa-sec-2015-29 CVE-2015-6249
* Further bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html
Also a fix from 1.12.6 in GSM DTAP was backported. (bnc#935158 CVE-2015-4652)
ModerateSUSE bug 935158SUSE bug 941500CVE-2015-3813CVE-2015-4652CVE-2015-6241CVE-2015-6242CVE-2015-6243CVE-2015-6244CVE-2015-6245CVE-2015-6246CVE-2015-6247CVE-2015-6248CVE-2015-6249cpe:/o:suse:suse_sled:11:sp4Security update for wireshark (Low)SUSE Linux Enterprise Desktop 11 SP4
This update contains Wireshark 1.12.9 and fixes the following issues:
* CVE-2015-7830: pcapng file parser could crash while copying an interface filter (bsc#950437)
* CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.
* CVE-2015-8712: The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
* CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.
* CVE-2015-8714: The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
* CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
* CVE-2015-8716: The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
* CVE-2015-8717: The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
* CVE-2015-8718: Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the 'Match MSG/RES packets for async NLM' option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet.
* CVE-2015-8719: The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
* CVE-2015-8720: The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
* CVE-2015-8721: Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression.
* CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.
* CVE-2015-8723: The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted
* CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
* CVE-2015-8725: The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.
* CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
* CVE-2015-8727: The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.
* CVE-2015-8728: The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet.
* CVE-2015-8729: The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
* CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet.
* CVE-2015-8731: The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
* CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
* CVE-2015-8733: The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
LowSUSE bug 950437SUSE bug 960382CVE-2015-7830CVE-2015-8711CVE-2015-8712CVE-2015-8713CVE-2015-8714CVE-2015-8715CVE-2015-8716CVE-2015-8717CVE-2015-8718CVE-2015-8719CVE-2015-8720CVE-2015-8721CVE-2015-8722CVE-2015-8723CVE-2015-8724CVE-2015-8725CVE-2015-8726CVE-2015-8727CVE-2015-8728CVE-2015-8729CVE-2015-8730CVE-2015-8731CVE-2015-8732CVE-2015-8733cpe:/o:suse:suse_sled:11:sp4Security update for wpa_supplicant (Moderate)SUSE Linux Enterprise Desktop 11 SP4
wpa_supplicant was updated to fix two security issues.
These security issues were fixed:
- CVE-2015-4142: Integer underflow in the WMM Action frame parser in hostapd and wpa_supplicant, when used for AP mode MLME/SME functionality, allowed remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read (bsc#930078).
- CVE-2015-4141: The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), allowed remote attackers to cause a denial of service (crash) via a negative chunk length, which triggered an out-of-bounds read or heap-based buffer overflow (bsc#930077).
ModerateSUSE bug 930077SUSE bug 930078CVE-2015-4141CVE-2015-4142cpe:/o:suse:suse_sled:11:sp4Security update for xen (Important)SUSE Linux Enterprise Desktop 11 SP4
xen was updated to fix two security issues.
These security issues were fixed:
- CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137).
- CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344).
This non-security issue was fixed:
- Kdump did not work in a XEN environment (bsc#925466).
ImportantSUSE bug 925466SUSE bug 935634SUSE bug 938344CVE-2015-3259CVE-2015-5154cpe:/o:suse:suse_sled:11:sp4Security update for xen (Important)SUSE Linux Enterprise Desktop 11 SP4
xen was updated to version 4.4.3 to fix nine security issues.
These security issues were fixed:
- CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary files with predictable names, which allowed local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program (bsc#932267).
- CVE-2014-0222: Integer overflow in the qcow_open function allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642).
- CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests (bsc#950367).
- CVE-2015-7311: libxl in Xen did not properly handle the readonly flag on disks when using the qemu-xen device model, which allowed local guest users to write to a read-only disk image (bsc#947165).
- CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463).
- CVE-2015-6815: With e1000 NIC emulation support it was possible to enter an infinite loop (bsc#944697).
- CVE-2015-7969: Leak of main per-domain vcpu pointer array leading to denial of service (bsc#950703).
- CVE-2015-7969: Leak of per-domain profiling- related vcpu pointer array leading to denial of service (bsc#950705).
- CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (bsc#950706).
These non-security issues were fixed:
- bsc#907514: Bus fatal error: SLES 12 sudden reboot has been observed
- bsc#910258: SLES12 Xen host crashes with FATAL NMI after shutdown of guest with VT-d NIC
- bsc#918984: Bus fatal error: SLES11-SP4 sudden reboot has been observed
- bsc#923967: Partner-L3: Bus fatal error: SLES11-SP3 sudden reboot has been observed
- bnc#901488: Intel ixgbe driver assigns rx/tx queues per core resulting in irq problems on servers with a large amount of CPU cores
- bsc#945167: Running command: xl pci-assignable-add 03:10.1 secondly show errors
- bsc#949138: Setting vcpu affinity under Xen causes libvirtd abort
- bsc#949549: xm create hangs when maxmen value is enclosed in quotes
ImportantSUSE bug 877642SUSE bug 901488SUSE bug 907514SUSE bug 910258SUSE bug 918984SUSE bug 923967SUSE bug 932267SUSE bug 944463SUSE bug 944697SUSE bug 945167SUSE bug 947165SUSE bug 949138SUSE bug 949549SUSE bug 950367SUSE bug 950703SUSE bug 950705SUSE bug 950706CVE-2014-0222CVE-2015-4037CVE-2015-5239CVE-2015-6815CVE-2015-7311CVE-2015-7835CVE-2015-7969CVE-2015-7971cpe:/o:suse:suse_sled:11:sp4Security update for xen (Important)SUSE Linux Enterprise Desktop 11 SP4
xen was updated to fix 47 security issues.
These security issues were fixed:
- CVE-2013-4527: Buffer overflow in hw/timer/hpet.c might have allowed remote attackers to execute arbitrary code via vectors related to the number of timers (bnc#864673).
- CVE-2013-4529: Buffer overflow in hw/pci/pcie_aer.c allowed remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image (bnc#864678).
- CVE-2013-4530: Buffer overflow in hw/ssi/pl022.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image (bnc#864682).
- CVE-2013-4533: Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image (bsc#864655).
- CVE-2013-4534: Buffer overflow in hw/intc/openpic.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements (bsc#864811).
- CVE-2013-4537: The ssi_sd_transfer function in hw/sd/ssi-sd.c allowed remote attackers to execute arbitrary code via a crafted arglen value in a savevm image (bsc#864391).
- CVE-2013-4538: Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image (bsc#864769).
- CVE-2013-4539: Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c might have allowed remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image (bsc#864805).
- CVE-2014-0222: Integer overflow in the qcow_open function in block/qcow.c allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642).
- CVE-2014-3640: The sosendto function in slirp/udp.c allowed local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket (bsc#897654).
- CVE-2014-3689: The vmware-vga driver (hw/display/vmware_vga.c) allowed local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling (bsc#901508).
- CVE-2014-7815: The set_pixel_format function in ui/vnc.c allowed remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value (bsc#902737).
- CVE-2014-9718: The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality had multiple interpretations of a function's return value, which allowed guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions (bsc#928393).
- CVE-2015-1779: The VNC websocket frame decoder allowed remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section (bsc#924018).
- CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989).
- CVE-2015-6855: hw/ide/core.c did not properly restrict the commands accepted by an ATAPI device, which allowed guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash (bsc#945404).
- CVE-2015-7512: Buffer overflow in the pcnet_receive function in hw/net/pcnet.c, when a guest NIC has a larger MTU, allowed remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet (bsc#957162).
- CVE-2015-7549: pci: NULL pointer dereference issue (bsc#958917).
- CVE-2015-8345: eepro100: infinite loop in processing command block list (bsc#956829).
- CVE-2015-8504: VNC: floating point exception (bsc#958491).
- CVE-2015-8550: Paravirtualized drivers were incautious about shared memory contents (XSA-155) (bsc#957988).
- CVE-2015-8554: qemu-dm buffer overrun in MSI-X handling (XSA-164) (bsc#958007).
- CVE-2015-8555: Information leak in legacy x86 FPU/XMM initialization (XSA-165) (bsc#958009).
- CVE-2015-8558: Infinite loop in ehci_advance_state resulted in DoS (bsc#959005).
- CVE-2015-8567: vmxnet3: host memory leakage (bsc#959387).
- CVE-2015-8568: vmxnet3: host memory leakage (bsc#959387).
- CVE-2015-8613: SCSI: stack based buffer overflow in megasas_ctrl_get_info (bsc#961358).
- CVE-2015-8619: Stack based OOB write in hmp_sendkey routine (bsc#960334).
- CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions (bsc#960725).
- CVE-2015-8744: vmxnet3: Incorrect l2 header validation lead to a crash via assert(2) call (bsc#960835).
- CVE-2015-8745: Reading IMR registers lead to a crash via assert(2) call (bsc#960707).
- CVE-2015-8817: OOB access in address_space_rw lead to segmentation fault (I) (bsc#969121).
- CVE-2015-8818: OOB access in address_space_rw lead to segmentation fault (II) (bsc#969122).
- CVE-2016-1568: AHCI use-after-free vulnerability in aio port commands (bsc#961332).
- CVE-2016-1570: The PV superpage functionality in arch/x86/mm.c allowed local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates (bsc#960861).
- CVE-2016-1571: VMX: intercept issue with INVLPG on non-canonical address (XSA-168) (bsc#960862).
- CVE-2016-1714: nvram: OOB r/w access in processing firmware configurations (bsc#961691).
- CVE-2016-1922: NULL pointer dereference in vapic_write() (bsc#962320).
- CVE-2016-1981: e1000 infinite loop in start_xmit and e1000_receive_iov routines (bsc#963782).
- CVE-2016-2198: EHCI NULL pointer dereference in ehci_caps_write (bsc#964413).
- CVE-2016-2270: Xen allowed local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings (bsc#965315).
- CVE-2016-2271: VMX when using an Intel or Cyrix CPU, allowed local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP (bsc#965317).
- CVE-2016-2391: usb: multiple eof_timers in ohci module lead to NULL pointer dereference (bsc#967013).
- CVE-2016-2392: NULL pointer dereference in remote NDIS control message handling (bsc#967012).
- CVE-2016-2538: Integer overflow in remote NDIS control message handling (bsc#967969).
- CVE-2016-2841: ne2000: Infinite loop in ne2000_receive (bsc#969350).
- XSA-166: ioreq handling possibly susceptible to multiple read issue (bsc#958523).
These non-security issues were fixed:
- bsc#954872: script block-dmmd not working as expected
- bsc#963923: domain weights not honored when sched-credit tslice is reduced
- bsc#959695: Missing docs for xen
- bsc#967630: Discrepancy in reported memory size with correction XSA-153 for xend
- bsc#959928: When DomU is in state running xm domstate returned nothing
ImportantSUSE bug 864391SUSE bug 864655SUSE bug 864673SUSE bug 864678SUSE bug 864682SUSE bug 864769SUSE bug 864805SUSE bug 864811SUSE bug 877642SUSE bug 897654SUSE bug 901508SUSE bug 902737SUSE bug 924018SUSE bug 928393SUSE bug 945404SUSE bug 945989SUSE bug 954872SUSE bug 956829SUSE bug 957162SUSE bug 957988SUSE bug 958007SUSE bug 958009SUSE bug 958491SUSE bug 958523SUSE bug 958917SUSE bug 959005SUSE bug 959387SUSE bug 959695SUSE bug 959928SUSE bug 960334SUSE bug 960707SUSE bug 960725SUSE bug 960835SUSE bug 960861SUSE bug 960862SUSE bug 961332SUSE bug 961358SUSE bug 961691SUSE bug 962320SUSE bug 963782SUSE bug 963923SUSE bug 964413SUSE bug 965315SUSE bug 965317SUSE bug 967012SUSE bug 967013SUSE bug 967630SUSE bug 967969SUSE bug 969121SUSE bug 969122SUSE bug 969350CVE-2013-4527CVE-2013-4529CVE-2013-4530CVE-2013-4533CVE-2013-4534CVE-2013-4537CVE-2013-4538CVE-2013-4539CVE-2014-0222CVE-2014-3640CVE-2014-3689CVE-2014-7815CVE-2014-9718CVE-2015-1779CVE-2015-5278CVE-2015-6855CVE-2015-7512CVE-2015-7549CVE-2015-8345CVE-2015-8504CVE-2015-8550CVE-2015-8554CVE-2015-8555CVE-2015-8558CVE-2015-8567CVE-2015-8568CVE-2015-8613CVE-2015-8619CVE-2015-8743CVE-2015-8744CVE-2015-8745CVE-2015-8817CVE-2015-8818CVE-2016-1568CVE-2016-1570CVE-2016-1571CVE-2016-1714CVE-2016-1922CVE-2016-1981CVE-2016-2198CVE-2016-2270CVE-2016-2271CVE-2016-2391CVE-2016-2392CVE-2016-2538CVE-2016-2841cpe:/o:suse:suse_sled:11:sp4Security update for xen (Moderate)SUSE Linux Enterprise Desktop 11 SP4
This update fixes the following security issues:
- bsc#955399 - Fix xm migrate --log_progress.
Due to logic error progress was not logged when requested.
- bsc#956832 - CVE-2015-8345: xen: qemu: net: eepro100:
infinite loop in processing command block list
- bsc#956592 - xen: virtual PMU is unsupported (XSA-163)
- bsc#956408 - CVE-2015-8339, CVE-2015-8340: xen:
XENMEM_exchange error handling issues (XSA-159)
- bsc#956409 - CVE-2015-8341: xen: libxl leak of pv kernel
and initrd on error (XSA-160)
- bsc#956411 - CVE-2015-7504: xen: heap buffer overflow
vulnerability in pcnet emulator (XSA-162)
- bsc#947165 - CVE-2015-7311: xen: libxl fails to honour
readonly flag on disks with qemu-xen (xsa-142)
- bsc#955399 - Fix xm migrate --live. The options were not passed
due to a merge error. As a result the migration was not live,
instead the suspended guest was migrated.
- bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by
triggering an infinite loop in microcode via #DB exception
- bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during
fault delivery (XSA-156)
- bsc#950704 - CVE-2015-7970: xen: x86: Long latency
populate-on-demand operation is not preemptible (XSA-150)
- bsc#951845 - CVE-2015-7972: xen: x86: populate-on-demand
balloon size inaccuracy can crash guests (XSA-153)
- Drop 5604f239-x86-PV-properly-populate-descriptor-tables.patch
- bsc#950703 - CVE-2015-7969: xen: leak of main per-domain
vcpu pointer array (DoS) (XSA-149)
- bsc#950705 - CVE-2015-7969: xen: x86: leak of per-domain
profiling-related vcpu pointer array (DoS) (XSA-151)
- bsc#950706 - CVE-2015-7971: xen: x86: some pmu and
profiling hypercalls log without rate limiting (XSA-152) ModerateSUSE bug 947165SUSE bug 950703SUSE bug 950704SUSE bug 950705SUSE bug 950706SUSE bug 951845SUSE bug 954018SUSE bug 954405SUSE bug 955399SUSE bug 956408SUSE bug 956409SUSE bug 956411SUSE bug 956592SUSE bug 956832CVE-2015-5307CVE-2015-7311CVE-2015-7504CVE-2015-7835CVE-2015-7969CVE-2015-7970CVE-2015-7971CVE-2015-7972CVE-2015-8104CVE-2015-8339CVE-2015-8340CVE-2015-8341CVE-2015-8345cpe:/o:suse:suse_sled:11:sp4Security update for xfsprogs (Moderate)SUSE Linux Enterprise Desktop 11 SP4
xfsprogs was updated to fix one security vulnerability and several bugs.
- Handle unwanted data disclosure in xfs_metadump (bsc#939367, CVE-2012-2150)
- Fix segfault during xfs_repair run (bsc#911866)
- Fix definition of leaf attribute block to avoid gcc optimization xfsprogs-fix-leaf-block-definition
ModerateSUSE bug 911866SUSE bug 939367CVE-2012-2150cpe:/o:suse:suse_sled:11:sp4Security update for xorg-x11-libX11 (Moderate)SUSE Linux Enterprise Desktop 11 SP4
xorg-x11-libX11 was updated to fix one security issue.
This security issue was fixed:
- CVE-2013-7439: Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allowed remote attackers to have unspecified impact via a crafted request, which triggered a buffer overflow (bsc#927220).
ModerateSUSE bug 927220CVE-2013-7439cpe:/o:suse:suse_sled:11:sp4Security update for xscreensaver (Moderate)SUSE Linux Enterprise Desktop 11 SP4
The xscreensaver package was updated to fix the following security and non security issues:
- CVE-2015-8025: Fixed a crash when hot-swapping monitors while locked (bsc#952062).
- Added xscreensaver-in_signal_handler_p.patch needed for fix of signal handling.
- Refresh xscreensaver-stars.patch.
ModerateSUSE bug 952062CVE-2015-8025cpe:/o:suse:suse_sled:11:sp4ImageMagicklibMagick++1libMagickCore1libMagickCore1-32bitlibMagickWand1sled-releaseMesaMesa-32bitMozillaFirefoxMozillaFirefox-translationsacroreadacroread-cmapsacroread-fonts-jaacroread-fonts-koacroread-fonts-zh_CNacroread-fonts-zh_TWacroread_jabind-libsbind-libs-32bitbind-utilsbogofilterbytefx-data-mysqlibm-data-db2mono-coremono-datamono-data-firebirdmono-data-oraclemono-data-postgresqlmono-data-sqlitemono-data-sybasemono-develmono-extrasmono-jscriptmono-locale-extrasmono-nunitmono-wcfmono-webmono-winformsmonodoc-corelibldb1libldb1-32bitlibsmbclient0libsmbclient0-32bitlibtalloc1libtalloc1-32bitlibtalloc2libtalloc2-32bitlibtdb1libtdb1-32bitlibtevent0libtevent0-32bitlibwbclient0libwbclient0-32bitsambasamba-32bitsamba-clientsamba-client-32bitsamba-docsamba-krb-printingsamba-winbindsamba-winbind-32bitclamavcompat-openssl097gcompat-openssl097g-32bitcoreutilscoreutils-langcupscups-clientcups-libscups-libs-32bitcurllibcurl4libcurl4-32bitdhcpdhcp-clientfinchlibpurplelibpurple-langlibpurple-meanwhilelibpurple-tclpidginMozillaFirefox-branding-SLEDlibfreebl3libfreebl3-32bitmozilla-nsprmozilla-nspr-32bitmozilla-nssmozilla-nss-32bitmozilla-nss-toolsbeaglebeagle-evolutionbeagle-firefoxbeagle-guibeagle-langmhtml-firefoxflash-playerflash-player-gnomeflash-player-kde4freetype2freetype2-32bitfreetype2-develft2demosghostscript-fonts-otherghostscript-fonts-rusghostscript-fonts-stdghostscript-libraryghostscript-omnighostscript-x11libgimpprintglibcglibc-32bitglibc-develglibc-devel-32bitglibc-i18ndataglibc-localeglibc-locale-32bitnscdgnutlslibgnutls26libgnutls26-32bitgpg2gpg2-langgtk2gtk2-32bitgtk2-develgtk2-langhpliphplip-hpijsicedtea-webiculibicuinkscapeinkscape-extensions-diainkscape-extensions-extrainkscape-extensions-figinkscape-extensions-gimpinkscape-langjava-1_6_0-openjdkjava-1_6_0-openjdk-demojava-1_6_0-openjdk-develkdelibs4kdelibs4-corelibkde4libkde4-32bitlibkdecore4libkdecore4-32bitkernel-defaultkernel-default-basekernel-default-develkernel-default-extrakernel-paekernel-pae-basekernel-pae-develkernel-pae-extrakernel-sourcekernel-symskernel-tracekernel-trace-basekernel-trace-develkernel-trace-extrakernel-xenkernel-xen-basekernel-xen-develkernel-xen-extraxen-kmp-defaultxen-kmp-paexen-kmp-tracekrb5krb5-32bitkrb5-clientkvmlcmsliblcms1liblcms1-32bitlibQtWebKit4libQtWebKit4-32bitlibqt4libqt4-32bitlibqt4-qt3supportlibqt4-qt3support-32bitlibqt4-sqllibqt4-sql-32bitlibqt4-sql-mysqllibqt4-sql-mysql-32bitlibqt4-sql-postgresqllibqt4-sql-postgresql-32bitlibqt4-sql-sqlitelibqt4-sql-sqlite-32bitlibqt4-sql-unixODBClibqt4-sql-unixODBC-32bitlibqt4-x11libqt4-x11-32bitlibecpg6libpq5libpq5-32bitpostgresql91libgcrypt11libgcrypt11-32bitlibmysqlclient15libmysqlclient15-32bitlibmysqlclient_r15libmysqlclient_r15-32bitmysqlmysql-clientlibopenssl0_9_8libopenssl0_9_8-32bitopenssllibotr2permissionslibpixman-1-0libpixman-1-0-32bitlibpixman-1-0-devellibpoppler-glib4libpoppler-qt4-3libpoppler5poppler-toolslibproxy0libproxy0-32bitlibproxy0-config-gnomelibproxy0-config-gnome-32bitlibproxy0-config-kde4libproxy0-networkmanagerlibproxy0-networkmanager-32bitlibreofficelibreoffice-baselibreoffice-base-drivers-postgresqllibreoffice-base-extensionslibreoffice-calclibreoffice-calc-extensionslibreoffice-drawlibreoffice-draw-extensionslibreoffice-filters-optionallibreoffice-gnomelibreoffice-help-cslibreoffice-help-dalibreoffice-help-delibreoffice-help-en-GBlibreoffice-help-en-USlibreoffice-help-eslibreoffice-help-frlibreoffice-help-gu-INlibreoffice-help-hi-INlibreoffice-help-hulibreoffice-help-itlibreoffice-help-jalibreoffice-help-kolibreoffice-help-nllibreoffice-help-pllibreoffice-help-ptlibreoffice-help-pt-BRlibreoffice-help-rulibreoffice-help-svlibreoffice-help-zh-CNlibreoffice-help-zh-TWlibreoffice-icon-themeslibreoffice-impresslibreoffice-impress-extensionslibreoffice-kdelibreoffice-kde4libreoffice-l10n-aflibreoffice-l10n-arlibreoffice-l10n-calibreoffice-l10n-cslibreoffice-l10n-dalibreoffice-l10n-delibreoffice-l10n-en-GBlibreoffice-l10n-eslibreoffice-l10n-filibreoffice-l10n-frlibreoffice-l10n-gu-INlibreoffice-l10n-hi-INlibreoffice-l10n-hulibreoffice-l10n-itlibreoffice-l10n-jalibreoffice-l10n-kolibreoffice-l10n-nblibreoffice-l10n-nllibreoffice-l10n-nnlibreoffice-l10n-pllibreoffice-l10n-ptlibreoffice-l10n-pt-BRlibreoffice-l10n-rulibreoffice-l10n-sklibreoffice-l10n-svlibreoffice-l10n-xhlibreoffice-l10n-zh-CNlibreoffice-l10n-zh-TWlibreoffice-l10n-zulibreoffice-mailmergelibreoffice-mathlibreoffice-monolibreoffice-officebeanlibreoffice-pyunolibreoffice-writerlibreoffice-writer-extensionslibssh2libtiff3libtiff3-32bitlibvirtlibvirt-clientlibvirt-client-32bitlibvirt-doclibvirt-pythonlibxml2libxml2-32bitlibxml2-pythonlibxsltlibxslt-32bitopensshopenssh-askpassopenssl-certsopenvpnperlperl-32bitperl-baseperl-docpostgresqlpuppetlibpython2_6-1_0libpython2_6-1_0-32bitpythonpython-basepython-base-32bitpython-cursespython-develpython-tkpython-xmlrubystrongswanstrongswan-docsudotelepathy-gabbletelepathy-idleusbmuxdvinovino-langwiresharkxenxen-doc-htmlxen-doc-pdfxen-libsxen-libs-32bitxen-toolsxen-tools-domUvirt-managervm-installxorg-x11-Xvncxorg-x11-serverxorg-x11-server-extraxorg-x11-develxorg-x11-libsxorg-x11-libs-32bitxorg-x11-libX11xorg-x11-libX11-32bitxorg-x11-libX11-develxorg-x11-libXextxorg-x11-libXext-32bitxorg-x11-libXext-develxorg-x11-libXfixesxorg-x11-libXfixes-32bitxorg-x11-libXfixes-develxorg-x11-libXpxorg-x11-libXp-32bitxorg-x11-libXp-develxorg-x11-libXrenderxorg-x11-libXrender-32bitxorg-x11-libXrender-develxorg-x11-libXtxorg-x11-libXt-32bitxorg-x11-libXt-develxorg-x11-libXvxorg-x11-libXv-32bitxorg-x11-libXv-develxorg-x11-libxcbxorg-x11-libxcb-32bitxorg-x11-libxcb-develzypperzypper-loglibsoftokn3libsoftokn3-32bita2pslibaugeas0bashbash-doclibreadline5libreadline5-32bitreadline-docbinutilscabextractcompat-wireless-kmp-defaultcompat-wireless-kmp-paecompat-wireless-kmp-xencpiocpio-langdbus-1dbus-1-32bitdbus-1-x11dhcpcde2fsprogslibblkid1libblkid1-32bitlibcom_err2libcom_err2-32bitlibext2fs2libuuid-devellibuuid1libuuid1-32bituuid-runtimeecryptfs-utilsecryptfs-utils-32bitelfutilslibasm1libdw1libdw1-32bitlibebl1libebl1-32bitlibelf1libelf1-32bitemacsemacs-infoemacs-x11evolution-data-serverevolution-data-server-32bitevolution-data-server-langfilefile-32bitlibFLAC++6libFLAC8libFLAC8-32bitfoomatic-filtersfuselibfuse2gdgiflibgiflib-32bitgimpgimp-langgimp-plugins-pythongpgmelibgpgme11grub2-x86_64-efigrub2-x86_64-xengstreamer-0_10-plugins-badgstreamer-0_10-plugins-bad-langlibgstbasecamerabinsrc-0_10-0libgstbasecamerabinsrc-0_10-0-32bitlibgstbasevideo-0_10-0libgstbasevideo-0_10-0-32bitlibgstphotography-0_10-0libgstphotography-0_10-0-32bitlibgstsignalprocessor-0_10-0libgstsignalprocessor-0_10-0-32bitlibgstvdp-0_10-0libgstvdp-0_10-0-32bitlibjasperlibjasper-32bitjava-1_7_0-openjdkjava-1_7_0-openjdk-demojava-1_7_0-openjdk-develkde4-kgreeter-pluginskdebase4-wallpaperskdebase4-workspacekdebase4-workspace-ksysguarddkdmkwinkde4-l10n-arkde4-l10n-cskde4-l10n-dakde4-l10n-da-datakde4-l10n-da-dockde4-l10n-dekde4-l10n-de-datakde4-l10n-de-dockde4-l10n-en_GBkde4-l10n-eskde4-l10n-es-datakde4-l10n-es-dockde4-l10n-frkde4-l10n-fr-datakde4-l10n-fr-dockde4-l10n-hukde4-l10n-itkde4-l10n-it-datakde4-l10n-it-dockde4-l10n-jakde4-l10n-kokde4-l10n-nbkde4-l10n-nlkde4-l10n-nl-datakde4-l10n-nl-dockde4-l10n-plkde4-l10n-pl-datakde4-l10n-pl-dockde4-l10n-ptkde4-l10n-pt_BRkde4-l10n-pt_BR-datakde4-l10n-pt_BR-dockde4-l10n-rukde4-l10n-ru-datakde4-l10n-ru-dockde4-l10n-svkde4-l10n-sv-datakde4-l10n-sv-dockde4-l10n-zh_CNkde4-l10n-zh_TWkdebase4-runtimekdebase4-runtime-xinekdirstatkernel-bigsmp-devellcms2liblcms2-2postgresql91-docslibevent-1_4-2libgadulibksbaliblzo2-2liblzo2-2-32bitlibmpfr1libmspack0libmysql55client18libmysql55client18-32bitlibmysql55client_r18libmysql55client_r18-32bitlibpng12-0libpng12-0-32bitlibpulse-browse0libpulse-mainloop-glib0libpulse0libpulse0-32bitpulseaudiopulseaudio-esound-compatpulseaudio-gdm-hookspulseaudio-langpulseaudio-module-bluetoothpulseaudio-module-gconfpulseaudio-module-jackpulseaudio-module-lircpulseaudio-module-x11pulseaudio-module-zeroconfpulseaudio-utilslibrsvglibrsvg-32bitrsvg-viewlibsndfilelibsndfile-32bitlibsnmp15libsnmp15-32bitnet-snmpperl-SNMPsnmp-mibslibssh2-1libtasn1libtasn1-3libtasn1-3-32bitlibvdpau1libvdpau1-32bitLibVNCServerlibwmflibwsman1openwsman-clientopenwsman-serverlxcmuttnovell-qtguinovell-qtgui-clinovell-ui-baselibldap-2_4-2libldap-2_4-2-32bitopenldap2-clientopenslpopenslp-32bitopenssh-askpass-gnomeorcaorca-langpampam-32bitpam-docperl-Module-Buildperl-Test-Simplepoptpopt-32bitrpmrpm-32bitpostgresql94postgresql94-docspppprocmailpwlibpwlib-plugins-avcpwlib-plugins-dcpwlib-plugins-v4l2python-lxmlpython-setuptoolsrpcbindrsyncrxvt-unicodesblim-sfcbshimtcpdumplibtidyunzipvorbis-toolswgetwpa_supplicantwpa_supplicant-guixalan-j2xfsprogsxinetdxscreensaverfetchmaillibgcc_s1libgcc_s1-32bitlibgfortran3libgfortran3-32bitlibgomp1libgomp1-32bitlibquadmath0libquadmath0-32bitlibstdc++6libstdc++6-32bitlibstdc++6-localegoogle-carlito-fontslibhyphen0libmythes-1_2-0libreoffice-icon-theme-galaxylibreoffice-icon-theme-tangolibreoffice-l10n-enlibreoffice-l10n-gulibreoffice-l10n-hilibreoffice-l10n-pt-PTlibreoffice-l10n-zh-Hanslibreoffice-l10n-zh-Hantlibreoffice-sdklibreoffice-share-linkerlibreoffice-voikkolibvoikko1myspell-af_NAmyspell-af_ZAmyspell-armyspell-ar_AEmyspell-ar_BHmyspell-ar_DZmyspell-ar_EGmyspell-ar_IQmyspell-ar_JOmyspell-ar_KWmyspell-ar_LBmyspell-ar_LYmyspell-ar_MAmyspell-ar_OMmyspell-ar_QAmyspell-ar_SAmyspell-ar_SDmyspell-ar_SYmyspell-ar_TNmyspell-ar_YEmyspell-be_BYmyspell-bg_BGmyspell-bn_BDmyspell-bn_INmyspell-bsmyspell-bs_BAmyspell-camyspell-ca_ADmyspell-ca_ESmyspell-ca_ES_valenciamyspell-ca_FRmyspell-ca_ITmyspell-cs_CZmyspell-da_DKmyspell-demyspell-de_ATmyspell-de_CHmyspell-de_DEmyspell-dictionariesmyspell-el_GRmyspell-enmyspell-en_AUmyspell-en_BSmyspell-en_BZmyspell-en_CAmyspell-en_GBmyspell-en_GHmyspell-en_IEmyspell-en_INmyspell-en_JMmyspell-en_MWmyspell-en_NAmyspell-en_NZmyspell-en_PHmyspell-en_TTmyspell-en_USmyspell-en_ZAmyspell-en_ZWmyspell-esmyspell-es_ARmyspell-es_BOmyspell-es_CLmyspell-es_COmyspell-es_CRmyspell-es_CUmyspell-es_DOmyspell-es_ECmyspell-es_ESmyspell-es_GTmyspell-es_HNmyspell-es_MXmyspell-es_NImyspell-es_PAmyspell-es_PEmyspell-es_PRmyspell-es_PYmyspell-es_SVmyspell-es_UYmyspell-es_VEmyspell-et_EEmyspell-fr_BEmyspell-fr_CAmyspell-fr_CHmyspell-fr_FRmyspell-fr_LUmyspell-fr_MCmyspell-gu_INmyspell-he_ILmyspell-hi_INmyspell-hr_HRmyspell-hu_HUmyspell-it_ITmyspell-lightproof-enmyspell-lightproof-hu_HUmyspell-lightproof-pt_BRmyspell-lightproof-ru_RUmyspell-lo_LAmyspell-lt_LTmyspell-lv_LVmyspell-nb_NOmyspell-nl_BEmyspell-nl_NLmyspell-nn_NOmyspell-nomyspell-pl_PLmyspell-pt_AOmyspell-pt_BRmyspell-pt_PTmyspell-romyspell-ro_ROmyspell-ru_RUmyspell-sk_SKmyspell-sl_SImyspell-srmyspell-sr_CSmyspell-sr_Latn_CSmyspell-sr_Latn_RSmyspell-sr_RSmyspell-sv_FImyspell-sv_SEmyspell-temyspell-te_INmyspell-th_THmyspell-vimyspell-vi_VNmyspell-zu_ZApython-importlibntpntp-docopenssh-helperssocat(i586|x86_64)0:6.4.3.6-7.26.1(x86_64)0:6.4.3.6-7.26.111.2(i586|x86_64)0:7.11.2-0.9.1(x86_64)0:7.11.2-0.9.1(i586|x86_64)0:17.0.9esr-0.3.1(i586)0:9.5.5-0.5.5.1(noarch)0:9.4.6-0.4.5.1(i586)0:9.4.2-0.4.1(i586|x86_64)0:9.9.4P2-0.6.1(x86_64)0:9.9.4P2-0.6.1(i586|x86_64)0:1.1.1-174.27.1(i586|x86_64)0:2.6.7-0.9.1(i586|x86_64)0:3.6.3-0.33.39.1(x86_64)0:3.6.3-0.33.39.1(i586|x86_64)0:3.4.3-1.50.1(x86_64)0:3.4.3-1.50.1(noarch)0:3.6.3-0.33.39.1(i586|x86_64)0:0.97.8-0.2.1(x86_64)0:0.9.7g-146.22.1(i586|x86_64)0:8.12-6.25.29.1(i586|x86_64)0:1.3.9-8.46.48.1(x86_64)0:1.3.9-8.46.48.1(i586|x86_64)0:7.19.7-1.20.31.1(x86_64)0:7.19.7-1.20.31.1(i586|x86_64)0:4.2.4.P2-0.11.13.1(i586|x86_64)0:2.6.6-0.19.1(i586|x86_64)0:10.0.7-0.3.1(i586|x86_64)0:7-0.6.7.80(i586|x86_64)0:3.13.6-0.5.1(x86_64)0:3.13.6-0.5.1(i586|x86_64)0:4.9.2-0.6.1(x86_64)0:4.9.2-0.6.1(i586|x86_64)0:10.0.9-0.3.1(i586|x86_64)0:7-0.6.7.85(i586|x86_64)0:10.0.10-0.3.1(i586|x86_64)0:4.9.3-0.2.1(x86_64)0:4.9.3-0.2.1(i586|x86_64)0:10.0.11-0.3.1(i586|x86_64)0:3.14-0.3.1(x86_64)0:3.14-0.3.1(i586|x86_64)0:10.0.12-0.4.1(i586|x86_64)0:3.14.1-0.3.1(x86_64)0:3.14.1-0.3.1(i586|x86_64)0:4.9.4-0.3.1(x86_64)0:4.9.4-0.3.1(i586|x86_64)0:17.0.4esr-0.5.1(i586|x86_64)0:7-0.6.9.5(i586|x86_64)0:0.3.8-56.51.1(i586|x86_64)0:3.14.2-0.4.3.2(x86_64)0:3.14.2-0.4.3.2(i586|x86_64)0:0.5-1.47.51.5(i586|x86_64)0:4.9.5-0.3.2(x86_64)0:4.9.5-0.3.2(i586|x86_64)0:17.0.5esr-0.4.1(i586|x86_64)0:7-0.6.9.17(i586|x86_64)0:3.14.3-0.4.3.1(x86_64)0:3.14.3-0.4.3.1(i586|x86_64)0:4.9.6-0.3.1(x86_64)0:4.9.6-0.3.1(i586|x86_64)0:17.0.6esr-0.4.1(i586|x86_64)0:17.0.7esr-0.3.1(i586|x86_64)0:7-0.6.9.31(i586|x86_64)0:17.0.10esr-0.4.2.4(i586|x86_64)0:7-0.6.9.62(i586|x86_64)0:11.2.202.336-0.3.1(i586|x86_64)0:2.3.7-25.32.1(x86_64)0:2.3.7-25.32.1(i586|x86_64)0:8.62-32.34.1(i586|x86_64)0:4.2.7-32.34.1(i586|i686|x86_64)0:2.11.3-17.45.49.1(x86_64)0:2.11.3-17.45.49.1(i586|x86_64)0:2.11.3-17.45.49.1(i586|x86_64)0:2.4.1-24.39.47.1(x86_64)0:2.4.1-24.39.47.1(i586|x86_64)0:2.0.9-25.33.37.1(i586|x86_64)0:2.18.9-0.23.1(x86_64)0:2.18.9-0.23.1(i586|x86_64)0:3.11.10-0.6.11.1(i586|x86_64)0:1.4.1-0.8.1(i586|x86_64)0:4.0-7.26.15(i586|x86_64)0:0.46-62.38.1(i586|x86_64)0:1.6.0.0_b27.1.12.7-0.2.1(i586|x86_64)0:4.3.5-0.12.1(x86_64)0:4.3.5-0.12.1(i586|x86_64)0:3.0.101-0.7.17.1(i586)0:3.0.101-0.7.17.1(i586|x86_64)0:4.1.6_04_3.0.101_0.7.17-0.5.16(i586)0:4.1.6_04_3.0.101_0.7.17-0.5.16(i586|x86_64)0:1.6.3-133.49.58.1(x86_64)0:1.6.3-133.49.58.1(i586|x86_64)0:0.15.1-0.27.1(i586|x86_64)0:1.17-77.16.1(x86_64)0:1.17-77.16.1(i586|x86_64)0:3.6.3-0.24.4(x86_64)0:3.6.3-0.24.4(noarch)0:3.6.3-0.24.4(i586|x86_64)0:4.6.3-5.20.23.1(x86_64)0:4.6.3-5.20.23.1(i586|x86_64)0:9.1.9-0.3.1(x86_64)0:9.1.9-0.3.1(i586|x86_64)0:1.5.0-0.15.2(x86_64)0:1.5.0-0.15.2(i586|x86_64)0:5.0.96-0.6.1(x86_64)0:5.0.96-0.6.1(i586|x86_64)0:0.9.8j-0.50.1(x86_64)0:0.9.8j-0.50.1(i586|x86_64)0:3.2.0-10.3.1(i586|x86_64)0:2013.1.7-0.3.1(i586|x86_64)0:0.16.0-1.4.1(x86_64)0:0.16.0-1.4.1(i586|x86_64)0:0.12.3-1.8.1(i586|x86_64)0:0.3.1-2.6.1(x86_64)0:0.3.1-2.6.1(i586|x86_64)0:0.3.1-2.6.3(x86_64)0:0.3.1-2.6.3(i586|x86_64)0:3.5.4.13-0.3.1(noarch)0:3.5.4.13-0.3.1(i586|x86_64)0:0.2-5.18.1(i586|x86_64)0:3.8.2-141.154.1(x86_64)0:3.8.2-141.154.1(i586|x86_64)0:0.9.6-0.29.1(x86_64)0:0.9.6-0.29.1(i586|x86_64)0:0.9.6-0.23.1(x86_64)0:0.9.6-0.23.1(i586|x86_64)0:2.7.6-0.25.1(x86_64)0:2.7.6-0.25.1(i586|x86_64)0:1.1.24-19.23.1(x86_64)0:1.1.24-19.23.1(i586|x86_64)0:3.15.2-0.3.1(x86_64)0:3.15.2-0.3.1(i586|x86_64)0:4.10.1-0.3.1(x86_64)0:4.10.1-0.3.1(i586|x86_64)0:3.15.3-0.3.1(x86_64)0:3.15.3-0.3.1(i586|x86_64)0:4.10.2-0.3.1(x86_64)0:4.10.2-0.3.1(i586|x86_64)0:3.15.3.1-0.4.2.1(x86_64)0:3.15.3.1-0.4.2.1(i586|x86_64)0:5.1p1-41.57.1(noarch)0:1.95-0.4.1(i586|x86_64)0:2.0.9-143.33.3.1(i586|x86_64)0:5.10.0-64.61.61.1(x86_64)0:5.10.0-64.61.61.1(i586|x86_64)0:8.3.23-0.4.1(i586|x86_64)0:2.6.18-0.12.1(i586|x86_64)0:2.6.8-0.23.1(x86_64)0:2.6.8-0.23.1(i586|x86_64)0:1.8.7.p357-0.9.13.1(i586|x86_64)0:4.4.0-6.21.1(i586|x86_64)0:1.7.6p2-0.2.12.1(i586|x86_64)0:0.7.10-2.19.1(i586|x86_64)0:0.1.5-1.5.1(i586|x86_64)0:1.0.7-5.10.1(i586|x86_64)0:2.28.1-2.5.1(i586|x86_64)0:1.8.12-0.2.1(x86_64)0:4.1.4_02-0.5.1(i586|x86_64)0:4.1.4_02_3.0.58_0.6.6-0.5.1(i586)0:4.1.4_02_3.0.58_0.6.6-0.5.1(i586|x86_64)0:4.1.4_02-0.5.1(x86_64)0:0.9.6-0.21.3(x86_64)0:0.9.0-3.19.1(x86_64)0:0.5.10-0.5.1(x86_64)0:4.1.2_20-0.5.2(x86_64)0:4.1.2_20_3.0.38_0.5-0.5.2(i586|x86_64)0:0.5.12-0.5.1(x86_64)0:4.1.3_02-0.5.1(i586|x86_64)0:4.1.3_02_3.0.38_0.5-0.5.1(i586|x86_64)0:4.1.3_02-0.5.1(x86_64)0:4.1.3_04-0.5.1(i586|x86_64)0:4.1.3_04_3.0.42_0.7-0.5.1(i586)0:4.1.3_04_3.0.42_0.7-0.5.1(i586|x86_64)0:4.1.3_04-0.5.1(x86_64)0:4.1.5_02-0.5.1(i586|x86_64)0:4.1.5_02_3.0.74_0.6.10-0.5.1(i586)0:4.1.5_02_3.0.74_0.6.10-0.5.1(i586|x86_64)0:4.1.5_02-0.5.1(x86_64)0:4.1.6_02-0.5.1(i586|x86_64)0:4.1.6_02_3.0.93_0.5-0.5.1(i586)0:4.1.6_02_3.0.93_0.5-0.5.1(i586|x86_64)0:4.1.6_02-0.5.1(x86_64)0:4.1.6_04-0.5.1(i586|x86_64)0:4.1.6_04_3.0.101_0.5-0.5.1(i586)0:4.1.6_04_3.0.101_0.5-0.5.1(i586|x86_64)0:4.1.6_04-0.5.1(i586|x86_64)0:7.4-27.70.76.1(i586|x86_64)0:7.4-8.26.40.1(x86_64)0:7.4-8.26.40.1(i586|x86_64)0:7.4-5.11.11.1(x86_64)0:7.4-5.11.11.1(i586|x86_64)0:7.4-1.18.1(x86_64)0:7.4-1.18.1(i586|x86_64)0:7.4-1.16.1(x86_64)0:7.4-1.16.1(i586|x86_64)0:7.4-1.19.1(x86_64)0:7.4-1.19.1(i586|x86_64)0:7.4-1.22.5.1(x86_64)0:7.4-1.22.5.1(i586|x86_64)0:1.6.166-0.5.1(i586|x86_64)0:24.6.0esr-0.8.1(i586|x86_64)0:24-0.7.48(i586|x86_64)0:3.16.1-0.8.1(x86_64)0:3.16.1-0.8.1(i586|x86_64)0:4.10.6-0.3.1(x86_64)0:4.10.6-0.3.111.3(i586|x86_64)0:6.4.3.6-7.30.1(x86_64)0:6.4.3.6-7.30.1(i586|x86_64)0:17.0.9esr-0.7.1(i586|x86_64)0:31.8.0esr-0.13.2(i586|x86_64)0:38.5.0esr-28.2(i586|x86_64)0:24.5.0esr-0.8.1(i586|x86_64)0:24-0.7.36(i586|x86_64)0:3.16-0.8.1(x86_64)0:3.16-0.8.1(i586|x86_64)0:4.10.4-0.3.1(x86_64)0:4.10.4-0.3.1(i586|x86_64)0:31.6.0esr-0.8.1(i586|x86_64)0:31.8.0esr-0.10.1(i586|x86_64)0:3.19.2_CKBI_1.98-0.10.1(x86_64)0:3.19.2_CKBI_1.98-0.10.1(i586|x86_64)0:4.10.8-0.5.1(x86_64)0:4.10.8-0.5.1(i586|x86_64)0:4.13-1326.37.1(i586|x86_64)0:0.9.0-3.15.1(i586|x86_64)0:0.9.0-3.17.2(i586|x86_64)0:3.2-147.22.1(i586|x86_64)0:5.2-147.22.1(x86_64)0:5.2-147.22.1(i586|x86_64)0:9.9.6P1-0.12.1(x86_64)0:9.9.6P1-0.12.1(i586|x86_64)0:9.9.6P1-0.15.1(x86_64)0:9.9.6P1-0.15.1(i586|x86_64)0:9.9.6P1-0.19.1(x86_64)0:9.9.6P1-0.19.1(i586|x86_64)0:9.9.6P1-0.22.1(x86_64)0:9.9.6P1-0.22.1(i586|x86_64)0:2.23.1-0.23.15(i586|x86_64)0:1.2-2.10.1(i586|x86_64)0:1.2-2.12.1(i586|x86_64)0:0.9.7g-146.22.31.1(x86_64)0:0.9.7g-146.22.31.1(i586|x86_64)0:0.9.7g-146.22.36.1(x86_64)0:0.9.7g-146.22.36.1(i586|x86_64)0:3.13_3.0.101_0.31-0.9.1(i586)0:3.13_3.0.101_0.31-0.9.1(i586|x86_64)0:2.9-75.78.1(i586|x86_64)0:1.3.9-8.46.52.2(x86_64)0:1.3.9-8.46.52.2(i586|x86_64)0:7.19.7-1.38.1(x86_64)0:7.19.7-1.38.1(i586|x86_64)0:7.19.7-1.46.1(x86_64)0:7.19.7-1.46.1(i586|x86_64)0:7.19.7-1.40.1(x86_64)0:7.19.7-1.40.1(i586|x86_64)0:1.2.10-3.31.1(x86_64)0:1.2.10-3.31.1(i586|x86_64)0:4.2.4.P2-0.24.1(i586|x86_64)0:3.2.3-45.5.3(i586|x86_64)0:1.41.9-2.10.11.1(i586|x86_64)0:2.19.1-6.62.7(x86_64)0:2.19.1-6.62.7(x86_64)0:1.41.9-2.10.11.1(i586|x86_64)0:61-1.35.1(x86_64)0:61-1.35.1(i586|x86_64)0:0.152-4.9.17(x86_64)0:0.152-4.9.17(i586|x86_64)0:22.3-4.42.1(i586|x86_64)0:2.28.2-0.32.1(x86_64)0:2.28.2-0.32.1(i586|x86_64)0:4.24-43.27.1(x86_64)0:4.24-43.27.1(i586|x86_64)0:2.6.6-0.23.1(i586|x86_64)0:17.0.7esr-0.8.1(i586|x86_64)0:7-0.12.1(i586|x86_64)0:17.0.10esr-0.7.4(i586|x86_64)0:7-0.12.41(i586|x86_64)0:24.3.0esr-0.8.1(i586|x86_64)0:24-0.7.14(i586|x86_64)0:3.15.4-0.7.1(x86_64)0:3.15.4-0.7.1(i586|x86_64)0:24.4.0esr-0.8.1(i586|x86_64)0:24-0.7.23(i586|x86_64)0:24.7.0esr-0.8.2(i586|x86_64)0:3.16.2-0.8.1(x86_64)0:3.16.2-0.8.1(i586|x86_64)0:24.8.0esr-0.8.1(i586|x86_64)0:3.16.4-0.8.1(x86_64)0:3.16.4-0.8.1(i586|x86_64)0:4.10.7-0.3.1(x86_64)0:4.10.7-0.3.1(i586|x86_64)0:31.3.0esr-0.8.1(i586|x86_64)0:31.4.0esr-0.8.7(i586|x86_64)0:3.17.3-0.8.11(x86_64)0:3.17.3-0.8.11(i586|x86_64)0:31.5.3esr-0.8.1(i586|x86_64)0:31.7.0esr-0.8.1(i586|x86_64)0:4.10.9-11.1(x86_64)0:4.10.9-11.1(i586|x86_64)0:38.3.0esr-22.1(i586|x86_64)0:38.4.0esr-25.6(i586|x86_64)0:38-15.31(i586|x86_64)0:3.19.2.1-19.3(x86_64)0:3.19.2.1-19.3(i586|x86_64)0:4.10.10-16.1(x86_64)0:4.10.10-16.1(i586|x86_64)0:24.2.0esr-0.7.1(i586|x86_64)0:24-0.7.4(i586|x86_64)0:3.15.3.1-0.7.1(x86_64)0:3.15.3.1-0.7.1(i586|x86_64)0:31.2.0esr-0.16.1(i586|x86_64)0:31.0-0.10.1(i586|x86_64)0:3.17.2-0.8.1(x86_64)0:3.17.2-0.8.1(i586|x86_64)0:4.10.7-0.3.3(x86_64)0:4.10.7-0.3.3(i586|x86_64)0:38.2.1esr-19.3(i586|x86_64)0:31.0-0.12.51(i586|x86_64)0:3.19.2.0-0.16.1(x86_64)0:3.19.2.0-0.16.1(i586|x86_64)0:1.2.1-68.17.1(x86_64)0:1.2.1-68.17.1(i586|x86_64)0:11.2.202.418-0.3.1(i586|x86_64)0:11.2.202.481-0.8.2(i586|x86_64)0:11.2.202.491-0.11.1(i586|x86_64)0:11.2.202.508-0.14.1(i586|x86_64)0:11.2.202.521-0.17.1(i586|x86_64)0:11.2.202.535-0.20.1(i586|x86_64)0:11.2.202.540-0.23.1(i586|x86_64)0:11.2.202.548-0.26.1(i586|x86_64)0:11.2.202.554-0.29.1(i586|x86_64)0:11.2.202.559-0.32.1(i586|x86_64)0:3.0.2-269.39.1(i586|x86_64)0:2.3.7-25.34.1(x86_64)0:2.3.7-25.34.1(i586|x86_64)0:2.8.7-0.11.1(i586|x86_64)0:2.0.36.RC1-52.20.1(i586|x86_64)0:4.1.6-13.1(x86_64)0:4.1.6-13.1(i586|x86_64)0:2.6.2-3.34.45.1(i586|i686|x86_64)0:2.11.3-17.72.14(x86_64)0:2.11.3-17.72.14(i586|x86_64)0:2.11.3-17.72.14(i586|i686|x86_64)0:2.11.3-17.87.3(x86_64)0:2.11.3-17.87.3(i586|x86_64)0:2.11.3-17.87.3(i586|i686|x86_64)0:2.11.3-17.95.2(x86_64)0:2.11.3-17.95.2(i586|x86_64)0:2.11.3-17.95.2(i586|x86_64)0:2.4.1-24.39.51.1(x86_64)0:2.4.1-24.39.51.1(i586|x86_64)0:2.4.1-24.39.57.1(x86_64)0:2.4.1-24.39.57.1(i586|x86_64)0:2.4.1-24.39.60.1(x86_64)0:2.4.1-24.39.60.1(i586|x86_64)0:2.0.9-25.33.39.1(i586|x86_64)0:2.0.9-25.33.41.2(i586|x86_64)0:1.1.6-25.32.1(x86_64)0:2.00-0.49.2(i586|x86_64)0:0.10.22-7.11.1(x86_64)0:0.10.22-7.11.1(i586|x86_64)0:2.18.9-0.35.1(x86_64)0:2.18.9-0.35.1(i586|x86_64)0:2.18.9-0.39.1(x86_64)0:2.18.9-0.39.1(i586|x86_64)0:1.4.2-0.7.1(i586|x86_64)0:4.0-7.28.1(i586|x86_64)0:1.900.1-134.17.1(x86_64)0:1.900.1-134.17.1(i586|x86_64)0:1.7.0.71-0.7.1(i586|x86_64)0:1.7.0.85-0.11.2(i586|x86_64)0:1.7.0.91-0.14.2(i586|x86_64)0:1.7.0.95-0.17.2(i586|x86_64)0:4.3.5-0.12.18.1(noarch)0:4.3.5-0.11.18.1(noarch)0:4.3.5-0.3.1(i586|x86_64)0:4.3.5-0.3.1(i586|x86_64)0:4.3.5-0.12.20.1(noarch)0:4.3.5-0.11.20.1(i586|x86_64)0:4.3.5-0.14.1(x86_64)0:4.3.5-0.14.1(i586|x86_64)0:2.4.4-255.28.1(x86_64)0:3.0.101-0.47.55.1(i586|x86_64)0:3.0.101-0.40.1(i586)0:3.0.101-0.40.1(i586|x86_64)0:4.2.4_04_3.0.101_0.40-0.7.3(i586)0:4.2.4_04_3.0.101_0.40-0.7.3(x86_64)0:3.0.101-0.47.67.2(i586|x86_64)0:3.0.101-0.47.67.2(i586)0:3.0.101-0.47.67.2(x86_64)0:3.0.101-0.40.1(x86_64)0:3.0.101-0.47.71.1(i586|x86_64)0:3.0.101-0.47.71.1(i586)0:3.0.101-0.47.71.1(i586|x86_64)0:1.6.3-133.49.62.1(x86_64)0:1.6.3-133.49.62.1(i586|x86_64)0:1.6.3-133.49.97.1(x86_64)0:1.6.3-133.49.97.1(i586|x86_64)0:1.6.3-133.49.103.1(x86_64)0:1.6.3-133.49.103.1(i586|x86_64)0:1.6.3-133.49.64.1(x86_64)0:1.6.3-133.49.64.1(i586|x86_64)0:1.6.3-133.49.66.1(x86_64)0:1.6.3-133.49.66.1(i586|x86_64)0:1.6.3-133.49.68.1(x86_64)0:1.6.3-133.49.68.1(i586|x86_64)0:1.4.2-0.17.1(i586|x86_64)0:1.4.2-0.22.34.3(i586|x86_64)0:1.4.2-37.1(i586|x86_64)0:1.4.2-0.21.4(i586|x86_64)0:1.0.5.9-0.19.3(x86_64)0:1.0.5.9-0.19.3(i586|x86_64)0:2.5-0.7.1(i586|x86_64)0:4.6.3-5.29.2(x86_64)0:4.6.3-5.29.2(i586|x86_64)0:9.1.12-0.3.1(x86_64)0:9.1.12-0.3.1(i586|x86_64)0:1.4.5-24.24.1(i586|x86_64)0:3.16.5-0.7.1(x86_64)0:3.16.5-0.7.1(i586|x86_64)0:1.8.2-1.24.1(i586|x86_64)0:1.5.0-0.19.1(x86_64)0:1.5.0-0.19.1(i586|x86_64)0:1.5.0-0.17.1(x86_64)0:1.5.0-0.17.1(i586|x86_64)0:1.900.1-134.13.1(x86_64)0:1.900.1-134.13.1(i586|x86_64)0:1.0.4-1.18.1(i586|x86_64)0:1.0.4-1.20.1(i586|x86_64)0:2.03-12.3.1(x86_64)0:2.03-12.3.1(i586|x86_64)0:2.3.2-3.118.1(i586|x86_64)0:0.0.20060920alpha-74.5.1(i586|x86_64)0:0.0.20060920alpha-74.10.1(i586|x86_64)0:5.5.39-0.7.1(x86_64)0:5.5.39-0.7.1(i586|x86_64)0:5.0.96-0.6.13(x86_64)0:5.0.96-0.6.13(i586|x86_64)0:0.9.8j-0.66.1(x86_64)0:0.9.8j-0.66.1(i586|x86_64)0:0.24.4-0.15.1(x86_64)0:0.24.4-0.15.1(i586|x86_64)0:1.2.31-5.33.1(x86_64)0:1.2.31-5.33.1(i586|x86_64)0:1.2.31-5.35.1(x86_64)0:1.2.31-5.35.1(i586|x86_64)0:1.2.31-5.38.1(x86_64)0:1.2.31-5.38.1(i586|x86_64)0:0.12.3-1.10.1(i586|x86_64)0:0.9.23-0.15.1(x86_64)0:0.9.23-0.15.1(i586|x86_64)0:4.6.3-5.32.1(x86_64)0:4.6.3-5.32.1(i586|x86_64)0:4.6.3-5.34.2(x86_64)0:4.6.3-5.34.2(i586|x86_64)0:4.0.3.3.26-0.10.2(noarch)0:4.0.3.3.26-0.10.2(noarch)0:4.0.3.3.26-0.10.1(i586|x86_64)0:4.0.3.3.26-0.6.2(noarch)0:4.0.3.3.26-0.6.1(noarch)0:4.0.3.3.26-0.6.2(i586|x86_64)0:2.26.0-2.5.1(x86_64)0:2.26.0-2.5.1(i586|x86_64)0:1.0.20-2.6.5(x86_64)0:1.0.20-2.6.5(i586|x86_64)0:1.0.20-2.10.2(x86_64)0:1.0.20-2.10.2(i586|x86_64)0:5.4.2.1-8.12.22.1(x86_64)0:5.4.2.1-8.12.22.1(i586|x86_64)0:0.2-5.20.1(i586|x86_64)0:1.2.9-4.2.4.1(i586|x86_64)0:1.5-1.28.1(x86_64)0:1.5-1.28.1(i586|x86_64)0:0.4.1-16.20.2(x86_64)0:0.4.1-16.20.2(i586|x86_64)0:1.0.5.9-0.9.1(x86_64)0:1.0.5.9-0.9.1(i586|x86_64)0:0.9.1-156.1(i586|x86_64)0:0.2.8.4-206.29.29.1(i586|x86_64)0:2.2.3-0.8.1(i586|x86_64)0:2.7.6-0.31.1(x86_64)0:2.7.6-0.31.1(i586|x86_64)0:2.7.6-0.34.1(x86_64)0:2.7.6-0.34.1(i586|x86_64)0:2.7.6-0.34.4(i586|x86_64)0:2.7.6-0.37.1(x86_64)0:2.7.6-0.37.1(i586|x86_64)0:2.7.6-0.37.4(i586|x86_64)0:0.8.0-0.21.6(i586|x86_64)0:0.8.0-0.25.1(i586|x86_64)0:38.6.0esr-31.3(i586|x86_64)0:38-18.24(i586|x86_64)0:3.20.2-25.2(x86_64)0:3.20.2-25.2(i586|x86_64)0:4.10.8-0.8.1(x86_64)0:4.10.8-0.8.1(i586|x86_64)0:3.19.2.2-22.1(x86_64)0:3.19.2.2-22.1(i586|x86_64)0:3.15.2-0.8.1(x86_64)0:3.15.2-0.8.1(i586|x86_64)0:1.5.17-42.37.1(i586|x86_64)0:5.5.45-0.11.1(x86_64)0:5.5.45-0.11.1(i586|x86_64)0:5.5.46-0.14.1(x86_64)0:5.5.46-0.14.1(i586|x86_64)0:5.5.47-0.17.1(x86_64)0:5.5.47-0.17.1(i586|x86_64)0:5.4.2.1-8.12.24.1(x86_64)0:5.4.2.1-8.12.24.1(i586|x86_64)0:3.0.0-0.20.1(i586|x86_64)0:3.0.0-0.10.1(i586|x86_64)0:3.15.3-0.8.1(x86_64)0:3.15.3-0.8.1(i586|x86_64)0:2.4.26-0.35.1(x86_64)0:2.4.26-0.35.1(i586|x86_64)0:2.4.26-0.30.1(x86_64)0:2.4.26-0.30.1(i586|x86_64)0:2.4.26-0.62.2(x86_64)0:2.4.26-0.62.2(i586|x86_64)0:1.2.0-172.24.1(x86_64)0:1.2.0-172.24.1(i586|x86_64)0:6.2p2-0.13.1(i586|x86_64)0:6.2p2-0.21.1(i586|x86_64)0:6.2p2-0.21.3(i586|x86_64)0:6.2p2-0.24.1(i586|x86_64)0:6.2p2-0.24.3(i586|x86_64)0:0.9.8j-0.80.1(x86_64)0:0.9.8j-0.80.1(noarch)0:1.97-0.3.1(i586|x86_64)0:2.0.9-143.40.5(i586|x86_64)0:2.28.3-0.5.10(i586|x86_64)0:1.1.5-0.12.1(x86_64)0:1.1.5-0.12.1(i586|x86_64)0:5.10.0-64.70.1(x86_64)0:5.10.0-64.70.1(i586|x86_64)0:0.2808.01-0.70.1(i586|x86_64)0:0.72-0.70.1(i586|x86_64)0:1.7-37.60.2(x86_64)0:1.7-37.60.2(i586|x86_64)0:4.4.2.3-37.60.2(x86_64)0:4.4.2.3-37.60.2(i586|x86_64)0:9.4.5-0.8.3(x86_64)0:9.4.5-0.8.3(i586|x86_64)0:9.1.15-0.3.1(x86_64)0:9.1.15-0.3.1(i586|x86_64)0:9.1.18-0.3.1(i586|x86_64)0:9.1.19-0.5.1(i586|x86_64)0:2.4.5.git-2.29.1(i586|x86_64)0:3.22-240.8.1(i586|x86_64)0:2.6.18-0.16.1(i586|x86_64)0:1.10.10-120.35.1(i586|x86_64)0:2.6.9-0.33.1(x86_64)0:2.6.9-0.33.1(i586|x86_64)0:2.6.9-0.25.1(x86_64)0:2.6.9-0.25.1(i586|x86_64)0:2.6.9-0.27.1(x86_64)0:2.6.9-0.27.1(i586|x86_64)0:2.6.9-0.31.1(x86_64)0:2.6.9-0.31.1(i586|x86_64)0:2.3.6-0.13.1(i586|x86_64)0:0.6c8-10.19.6.1(i586|x86_64)0:0.6c11-6.1(i586|x86_64)0:0.1.6+git20080930-6.24.1(i586|x86_64)0:3.0.4-2.49.1(i586|x86_64)0:1.8.7.p357-0.9.15.1(i586|x86_64)0:9.05-1.19.1(i586|x86_64)0:3.6.3-0.56.1(x86_64)0:3.6.3-0.56.1(noarch)0:3.6.3-0.56.1(i586|x86_64)0:3.6.3-64.1(x86_64)0:3.6.3-64.1(noarch)0:3.6.3-64.1(i586|x86_64)0:1.3.11-0.25.4(x86_64)0:0.7.318.81ee561d-0.9.2(i586|x86_64)0:4.4.0-6.25.1(i586|x86_64)0:4.4.0-6.32.1(i586|x86_64)0:1.7.6p2-0.21.1(i586|x86_64)0:3.9.8-1.27.1(i586|x86_64)0:1.0-37.1(i586|x86_64)0:3.8.2-141.160.1(x86_64)0:3.8.2-141.160.1(i586|x86_64)0:6.00-11.13.1(i586|x86_64)0:1.1.1-174.1(i586|x86_64)0:1.11.4-1.19.1(i586|x86_64)0:1.10.11-0.2.1(i586|x86_64)0:1.12.7-0.5.3(i586|x86_64)0:1.12.9-0.12.1(i586|x86_64)0:0.7.1-6.15.1(i586|x86_64)0:0.7.1-6.17.4(noarch)0:2.7.0-217.26.1(x86_64)0:4.2.5_06-0.7.1(i586|x86_64)0:4.2.5_06_3.0.101_0.47.52-0.7.1(i586)0:4.2.5_06_3.0.101_0.47.52-0.7.1(i586|x86_64)0:4.2.5_06-0.7.1(x86_64)0:4.2.5_02-0.7.1(x86_64)0:4.2.5_02_3.0.101_0.40-0.7.1(x86_64)0:4.2.5_12-15.1(i586|x86_64)0:4.2.5_12_3.0.101_0.47.55-15.1(i586)0:4.2.5_12_3.0.101_0.47.55-15.1(i586|x86_64)0:4.2.5_12-15.1(x86_64)0:4.2.5_14-18.2(i586|x86_64)0:4.2.5_14_3.0.101_0.47.67-18.2(i586)0:4.2.5_14_3.0.101_0.47.67-18.2(i586|x86_64)0:4.2.5_14-18.2(x86_64)0:4.2.2_06-0.7.1(i586|x86_64)0:4.2.2_06_3.0.82_0.7-0.7.1(i586)0:4.2.2_06_3.0.82_0.7-0.7.1(i586|x86_64)0:4.2.2_06-0.7.1(x86_64)0:4.2.3_02-0.7.1(i586|x86_64)0:4.2.3_02_3.0.93_0.8-0.7.1(i586)0:4.2.3_02_3.0.93_0.8-0.7.1(i586|x86_64)0:4.2.3_02-0.7.1(x86_64)0:4.2.3_08-0.7.1(i586|x86_64)0:4.2.3_08_3.0.101_0.8-0.7.1(i586)0:4.2.3_08_3.0.101_0.8-0.7.1(i586|x86_64)0:4.2.3_08-0.7.1(x86_64)0:4.2.4_02-0.7.1(i586|x86_64)0:4.2.4_02_3.0.101_0.15-0.7.1(i586)0:4.2.4_02_3.0.101_0.15-0.7.1(i586|x86_64)0:4.2.4_02-0.7.1(x86_64)0:4.2.4_04-0.9.1(i586|x86_64)0:4.2.4_04_3.0.101_0.40-0.9.1(i586)0:4.2.4_04_3.0.101_0.40-0.9.1(i586|x86_64)0:4.2.4_04-0.9.1(x86_64)0:4.2.5_04-0.9.1(i586|x86_64)0:4.2.5_04_3.0.101_0.47.52-0.9.1(i586)0:4.2.5_04_3.0.101_0.47.52-0.9.1(i586|x86_64)0:4.2.5_04-0.9.1(x86_64)0:4.2.5_08-0.9.1(i586|x86_64)0:4.2.5_08_3.0.101_0.47.55-0.9.1(i586)0:4.2.5_08_3.0.101_0.47.55-0.9.1(i586|x86_64)0:4.2.5_08-0.9.1(x86_64)0:4.2.5_18-21.1(i586|x86_64)0:4.2.5_18_3.0.101_0.47.71-21.1(i586)0:4.2.5_18_3.0.101_0.47.71-21.1(i586|x86_64)0:4.2.5_18-21.1(i586|x86_64)0:3.1.8-0.7.1(i586|x86_64)0:2.3.14-130.133.1(i586|x86_64)0:7.4-8.26.42.1(x86_64)0:7.4-8.26.42.1(i586|x86_64)0:7.4-5.11.15.1(x86_64)0:7.4-5.11.15.1(i586|x86_64)0:7.4-1.18.2(x86_64)0:7.4-1.18.2(i586|x86_64)0:7.4-1.16.2(x86_64)0:7.4-1.16.2(i586|x86_64)0:7.4-1.19.2(x86_64)0:7.4-1.19.2(i586|x86_64)0:5.07-6.36.111.4(i586|x86_64)0:38.6.1esr-34.1(i586|x86_64)0:38.7.0esr-37.3(i586|x86_64)0:3.20.2-28.1(x86_64)0:3.20.2-28.1(i586|x86_64)0:4.12-24.1(x86_64)0:4.12-24.1(x86_64)0:4.4.2_12-23.1(i586|x86_64)0:4.4.2_12_3.0.101_63-23.1(i586)0:4.4.2_12_3.0.101_63-23.1(i586|x86_64)0:4.4.2_12-23.1(i586|x86_64)0:9.9.6P1-0.25.1(x86_64)0:9.9.6P1-0.25.1(i586|x86_64)0:0.9.7g-146.22.41.1(x86_64)0:0.9.7g-146.22.41.1(i586|x86_64)0:6.3.8.90-13.20.21.1(i586|x86_64)0:11.2.202.569-0.35.1(i586|x86_64)0:11.2.202.577-0.38.1(i586|x86_64)0:5.3.1+r233831-10.1(x86_64)0:5.3.1+r233831-10.1(x86_64)0:2.00-0.54.2(i586|x86_64)0:1.5.3-0.9.1(i586|x86_64)0:4.0-7.30.2(i586|x86_64)0:1.7.0.99-0.20.2(i586|x86_64)0:3.0.101-65.1(i586)0:3.0.101-65.1(i586|x86_64)0:3.0.101-71.1(i586)0:3.0.101-71.1(i586|x86_64)0:3.0.101-68.1(i586)0:3.0.101-68.1(i586|x86_64)0:1.6.3-133.49.106.1(x86_64)0:1.6.3-133.49.106.1(i586|x86_64)0:1.4.2-32.1(i586|x86_64)0:1.4.2-35.1(i586|x86_64)0:3.2.0-10.5.1(noarch)0:1.1.03.beta1-2.1(i586|x86_64)0:2.8.8-2.1(i586|x86_64)0:1.2.4-2.1(i586|x86_64)0:5.0.4.2-23.1(noarch)0:1-2.1(i586|x86_64)0:4.1-2.26(i586|x86_64)0:3.7.1-5.2(i586|x86_64)0:20150827-23.1(i586|x86_64)0:1.0.2-0.8.1(i586|x86_64)0:0.2-5.22.1(i586|x86_64)0:1.2.9-4.2.6.1(i586|x86_64)0:1.2.5-12.3(x86_64)0:1.2.5-12.3(i586|x86_64)0:2.6.7-0.16.1(i586|x86_64)0:4.2.8p4-5.1(i586|x86_64)0:6.6p1-13.1(i586|x86_64)0:6.6p1-13.3(i586|x86_64)0:6.6p1-16.1(i586|x86_64)0:6.6p1-16.4(i586|x86_64)0:0.9.8j-0.89.1(x86_64)0:0.9.8j-0.89.1(i586|x86_64)0:9.4.6-0.14.3(x86_64)0:9.4.6-0.14.3(i586|x86_64)0:3.6.3-67.2(x86_64)0:3.6.3-67.2(noarch)0:3.6.3-67.2(i586|x86_64)0:1.7.0.0-1.18.2(i586|x86_64)0:3.8.2-141.163.1(x86_64)0:3.8.2-141.163.1(x86_64)0:4.4.2_10-5.1(i586|x86_64)0:4.4.2_10_3.0.101_63-5.1(i586)0:4.4.2_10_3.0.101_63-5.1(i586|x86_64)0:4.4.2_10-5.1(x86_64)0:4.4.3_02-26.2(i586|x86_64)0:4.4.3_02_3.0.101_65-26.2(i586)0:4.4.3_02_3.0.101_65-26.2(i586|x86_64)0:4.4.3_02-26.2(x86_64)0:4.4.4_02-32.1(i586|x86_64)0:4.4.4_02_3.0.101_68-32.1(i586)0:4.4.4_02_3.0.101_68-32.1(i586|x86_64)0:4.4.4_02-32.1(x86_64)0:4.4.3_06-29.1(i586|x86_64)0:4.4.3_06_3.0.101_65-29.1(i586)0:4.4.3_06_3.0.101_65-29.1(i586|x86_64)0:4.4.3_06-29.1