The OVAL Repository5.62015-09-03T08:16:56.527-04:00SUSE-SU-2015:1144-1 -- Security update for icu (moderate)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11icuThis update fixes the following security issue in icu:Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1574-1 -- Security update for clamav (important)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11clamavclamav was updated to version 0.98.5 to fix three security issues and
several non-security issues.
These security issues have been fixed:
* Crash when scanning maliciously crafted yoda's crypter files
(CVE-2013-6497).
* Heap-based buffer overflow when scanning crypted PE files
(CVE-2014-9050).
* Crash when using 'clamscan -a'.
These non-security issues have been fixed:
* Support for the XDP file format and extracting, decoding, and
scanning PDF files within XDP files.
* Addition of shared library support for LLVM versions 3.1 - 3.5 for
the purpose of just-in-time(JIT) compilation of ClamAV bytecode
signatures.
* Enhancements to the clambc command line utility to assist ClamAV
bytecode signature authors by providing introspection into compiled
bytecode programs.
* Resolution of many of the warning messages from ClamAV compilation.
* Improved detection of malicious PE files.
* ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode
(bnc#904207).
* Fix server socket setup code in clamd (bnc#903489).
* Change updateclamconf to prefer the state of the old config file
even for commented-out options (bnc#903719).
* Fix infinite loop in clamdscan when clamd is not running.
* Fix buffer underruns when handling multi-part MIME email attachments.
* Fix configuration of OpenSSL on various platforms.
* Fix linking issues with libclamunrar.
Security Issues:
* CVE-2013-6497
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6497>
* CVE-2014-9050
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9050>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1558-1 -- Security update for pure-ftpd (moderate)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pure-ftpdure-ftpd was updated to fix one security issue and two non-security bugs:
* SSLv2 and SSLv3 have been disabled to avoid the attack named POODLE
(CVE-2014-3566, bnc#902229).
* Added the disable_ascii option (bnc#828469).
* Fixed wait on TLS handshake (bnc#856424).
Security Issues:
* CVE-2014-3566
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2015:1152-1 -- Security update for KVM (important)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11KVMKVM was updated to fix two security issues:Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1619-1 -- Security update for shim (important)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11shimshim has been updated to fix three security issues:
* OOB read access when parsing DHCPv6 packets (remote DoS)
(CVE-2014-3675).
* Heap overflow when parsing IPv6 addresses provided by tftp:// DHCPv6
boot option (RCE) (CVE-2014-3676).
* Memory corruption when processing user provided MOK lists
(CVE-2014-3677).
Security Issues:
* CVE-2014-3675
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3675>
* CVE-2014-3676
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3676>
* CVE-2014-3677
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3677>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1650-1 -- Security update for flash-player (important)SUSE Linux Enterprise Desktop 11flash-player
* CVE-2014-0587
* CVE-2014-8443
* CVE-2014-9162
* CVE-2014-9163
* CVE-2014-9164
]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1356-1 -- Security update for wpa_supplicant (important)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11wpa_supplicantThis update fixes a remote code execution vulnerability in
wpa_supplicant's wpa_cli and hostapd_cli tools. CVE-2014-3686 has been
assigned to this issue.
Additionally, password based authentication with PKCS#5v2 has been enabled.
Security Issues:
* CVE-2014-3686
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3686>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1545-1 -- Security update for flash-player (important)SUSE Linux Enterprise Desktop 11flash-playerThe following vulnerability is fixed with this update:
* bnc#907257 hardening against a remote code execution flaw (APSB14-26)
Security Issues:
* CVE-2014-8439
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8439>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1519-1 -- Security update for evolution-data-server (moderate)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11evolution-data-serverevolution-data-server has been updated to disable support for SSLv3.
This security issues has been fixed:
* SSLv3 POODLE attack (CVE-2014-3566)
Security Issues:
* CVE-2014-3566
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1577-1 -- Security update for flac (low)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11flacflac was updated to fix two security issues:
* Stack overflow may result in arbitrary code execution
(CVE-2014-8962).
* Heap overflow via specially crafted .flac files (CVE-2014-9028).
Security Issues:
* CVE-2014-8962
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8962>
* CVE-2014-9028
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9028>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1544-1 -- Security update for LibreOffice (moderate)SUSE Linux Enterprise Desktop 11LibreOfficeLibreOffice was updated to fix two security issues.
These security issues have been fixed:
* "Document as E-mail" vulnerability (bnc#900218).
* Impress remote control use-after-free vulnerability (CVE-2014-3693).
Security Issues:
* CVE-2014-3693
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3693>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1473-1 -- Security update for file (moderate)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11filefile was updated to fix one security issue.
* An out-of-bounds read flaw file's donote() function. This could
possibly lead to file executable crash (CVE-2014-3710).
Security Issues:
* CVE-2014-3710
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1631-1 -- Security update for Image Magick (moderate)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Image MagickImageMagick has been updated to fix four security issues:
* Crafted jpeg file could have lead to a Denial of Service
(CVE-2014-8716).
* Out-of-bounds memory access in resize code (CVE-2014-8354)
* Out-of-bounds memory access in PCX parser (CVE-2014-8355).
* Out-of-bounds memory error in DCM decode (CVE-2014-8562).
Security Issues:
* CVE-2014-8716
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8716>
* CVE-2014-8355
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8355>
* CVE-2014-8354
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8354>
* CVE-2014-8562
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8562>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1366-1 -- Security update for wget (important)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11wgetwget has been updated to fix one security issue and two non-security
issues.
This security issue has been fixed:
* FTP symlink arbitrary filesystem access (CVE-2014-4877).
These non-security issues have been fixed:
* Fix displaying of download time (bnc#901276).
* Fix 0 size FTP downloads after failure (bnc#885069).
Security Issues:
* CVE-2014-4877
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1361-1 -- Security update for OpenSSL (important)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11OpenSSLThis OpenSSL update fixes the following issues:
* Session Ticket Memory Leak (CVE-2014-3567)
* Build option no-ssl3 is incomplete (CVE-2014-3568)
* Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE)
Security Issues:
* CVE-2014-3567
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567>
* CVE-2014-3566
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>
* CVE-2014-3568
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1518-1 -- Security update for Python (moderate)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PythonPython was updated to fix one security issue:
* Potential wraparound/overflow in buffer() (CVE-2014-7185)
As an additional hardening measure SSLv2 has been disabled (bnc#901715).
Security Issues:
* CVE-2014-7185
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7185>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1385-1 -- Security update for MozillaFirefox (important)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MozillaFirefox
* CVE-2014-1575
* CVE-2014-1576
* CVE-2014-1577
* CVE-2014-1578
* CVE-2014-1581
* CVE-2014-1583
* CVE-2014-1585
* CVE-2014-1586
]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1392-1 -- Security update for Java OpenJDK (moderate)SUSE Linux Enterprise Desktop 11Java OpenJDKOracle Critical Patch Update Advisory - October 2014
Description:
A Critical Patch Update (CPU) is a collection of patches for multiple
security vulnerabilities.
Find more information here:
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
<http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1321-1 -- Security update for perl (low)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11perlThis update fixes a memory leak and an infinite recursion in Data::Dumper.
(CVE-2014-4330)
Security Issues:
* CVE-2014-4330
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4330>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1447-1 -- Security update for openwsman (moderate)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11openwsmanThis update adds a configuration option to disable SSLv2 and SSLv3 in
openwsman. This is required to mitigate CVE-2014-3566.
To use the new option, edit /etc/openwsman/openwsman.conf and add the
following line to the [server] section:
ssl_disabled_protocols = SSLv2 SSLv3
Security Issues:
* CVE-2014-3566
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1520-1 -- Security update for wireshark (moderate)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11wireshark
Security Issues:
* CVE-2014-8711
* CVE-2014-8710
* CVE-2014-8714
* CVE-2014-8712
* CVE-2014-8713
]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1458-1 -- Security update for MozillaFirefox (important)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MozillaFirefox
* CVE-2014-1575
* CVE-2014-1576
* CVE-2014-1577
* CVE-2014-1578
* CVE-2014-1581
* CVE-2014-1583
* CVE-2014-1585
* CVE-2014-1586
]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1442-1 -- Security update for flash-player (important)SUSE Linux Enterprise Desktop 11flash-playerflash-player was updated to version 11.2.202.418 to fix 18 security issues:
* Memory corruption vulnerabilities that could lead to code execution
(CVE-2014-0576, CVE-2014-0581, CVE-2014-8440, CVE-2014-8441).
* Use-after-free vulnerabilities that could lead to code execution
(CVE-2014-0573, CVE-2014-0588, CVE-2014-8438).
* A double free vulnerability that could lead to code execution
(CVE-2014-0574).
* Type confusion vulnerabilities that could lead to code execution
(CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586,
CVE-2014-0590).
* Heap buffer overflow vulnerabilities that could lead to code
execution (CVE-2014-0582, CVE-2014-0589).
* An information disclosure vulnerability that could be exploited to
disclose session tokens (CVE-2014-8437).
* A heap buffer overflow vulnerability that could be exploited to
perform privilege escalation from low to medium integrity level
(CVE-2014-0583).
* A permission issue that could be exploited to perform privilege
escalation from low to medium integrity level (CVE-2014-8442).
Further information can be found at
http://helpx.adobe.com/security/products/flash-player/apsb14-24.html
<http://helpx.adobe.com/security/products/flash-player/apsb14-24.html>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1623-1 -- Security update for pidgin (moderate)SUSE Linux Enterprise Desktop 11pidginThis pidgin update fixes the following security issues:
* bnc#902408: remote information leak via crafted XMPP message
(CVE-2014-3698)
* bnc#902410: denial of service parsing Groupwise server message
(CVE-2014-3696)
* bnc#902409: crash in MXit protocol plug-in (CVE-2014-3695)
Security Issues:
* CVE-2014-3698
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3698>
* CVE-2014-3696
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3696>
* CVE-2014-3695
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3695>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1319-1 -- Security update for Linux kernel (important)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix
various bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1318-1 -- Security update for Xen (moderate)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Xen
* CVE-2013-4540
* CVE-2014-2599
* CVE-2014-3967
* CVE-2014-3968
* CVE-2014-4021
* CVE-2014-7154
* CVE-2014-7155
* CVE-2014-7156
* CVE-2014-7188
]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1557-2 -- Security update for compat-openssl097g (moderate)SUSE Linux Enterprise Desktop 11compat-openssl097g
* CVE-2013-0169
* CVE-2014-0224
* CVE-2014-3470
* CVE-2014-3508
* CVE-2014-3566
* CVE-2014-3568
]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1440-1 -- Security update for libxml2 (moderate)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libxml2This update fixes a denial of service via recursive entity expansion.
(CVE-2014-3660)
Security Issues:
* CVE-2014-3660
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1624-1 -- Security update for Mozilla Firefox (important)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11Mozilla Firefox
* CVE-2014-1588
* CVE-2014-1589
* CVE-2014-1590
* CVE-2014-1591
* CVE-2014-1592
* CVE-2014-1593
* CVE-2014-1594
* CVE-2014-1595
]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1410-1 -- Security update for krb5 (low)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11krb5This update for krb5 fixes the following issues:
* When randomizing the keys for a service principal, current keys
could be returned. (CVE-2014-5351)
* klist -s crashes when handling multiple referral entries.
(bnc#890623)
Security Issues:
* CVE-2014-5351
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1605-1 -- Security update for OpenVPN (important)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11OpenVPNThis update fixes a critical denial of service vulnerability in OpenVPN:
* CVE-2014-8104: Critical denial of service vulnerability in OpenVPN
servers that can be triggered by authenticated attackers.
Also an incompatibility with OpenVPN and OpenSSL in FIPS mode has been
fixed. (bnc#895882)
Security Issues:
* CVE-2014-8104
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8104>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1316-1 -- Security update for Linux kernel (important)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix
various bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1360-1 -- Security update for flash-player (important)SUSE Linux Enterprise Desktop 11flash-playerThis update fixes multiple code execution vulnerabilities in flash-player
(APSB14-22). CVE-2014-0564, CVE-2014-0558 and CVE-2014-0569 have been
assigned to this issue.
Security Issues:
* CVE-2014-0569
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0569>
* CVE-2014-0564
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0564>
* CVE-2014-0558
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0558>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-OU-2014:1304-1 -- Optional update for gccSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gccThis optional update for gcc provides bi-arch variants of packages gcc-c++
and libstdc++-devel, for example: gcc-c++-32bit and libstdc++-devel-32bit
on x86_64.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1464-1 -- Security update for flash-playerSUSE Linux Enterprise Desktop 11flash-playerAdobe flash-player has been updated to version 11.2.202.310
(ABSP13-21) which fixes several bugs and security issues.
(SUSE bnc#839897)
These updates resolve memory corruption vulnerabilities
that could have lead to code execution (CVE-2013-3361,
CVE-2013-3362, CVE-2013-3363, CVE-2013-5324).
The official advisory can be found on
https://www.adobe.com/support/security/bulletins/apsb13-21.h
tml
<https://www.adobe.com/support/security/bulletins/apsb13-21.
html>
Security Issue reference references:
* CVE-2013-3361
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3361
>
* CVE-2013-3362
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3362
>
* CVE-2013-3363
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3363
>
* CVE-2013-5324
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5324
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1301-1 -- Recommended update for psmiscSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11psmiscThis update for psmisc fixes formatting of 6-digit process IDs in fuser(1).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1283-1 -- Security update for libeventSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libeventThis update fixes a buffer overflow in the buffered event handling in
libevent. (CVE-2014-6272)
Security Issues:
* CVE-2014-6272
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6272>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1278-1 -- Security update for kvmSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kvmkvm has been updated to fix issues in the embedded qemu:
*
CVE-2014-0223: An integer overflow flaw was found in the QEMU block
driver for QCOW version 1 disk images. A user able to alter the QEMU disk
image files loaded by a guest could have used this flaw to corrupt QEMU
process memory on the host, which could potentially have resulted in
arbitrary code execution on the host with the privileges
of the QEMU process.
*
CVE-2014-3461: A user able to alter the savevm data (either on the
disk or over the wire during migration) could have used this flaw to to
corrupt QEMU process memory on the (destination) host, which could have
potentially resulted in arbitrary code execution on the host with the
privileges of the QEMU process.
*
CVE-2014-0222: An integer overflow flaw was found in the QEMU block
driver for QCOW version 1 disk images. A user able to alter the QEMU disk
image files loaded by a guest could have used this flaw to corrupt QEMU
process memory on the host, which could have potentially resulted in
arbitrary code execution on the host with the privileges
of the QEMU process.
Non-security bugs fixed:
* Fix exceeding IRQ routes that could have caused freezes of guests.
(bnc#876842)
* Fix CPUID emulation bugs that may have broken Windows guests with
newer -cpu types (bnc#886535)
Security Issues:
* CVE-2014-0222
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0222>
* CVE-2014-0223
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0223>
* CVE-2014-3461
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3461>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1221-1 -- Security update for wiresharkSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11wireshark and
https://www.wireshark.org/docs/relnotes/wireshark-1.10.9.html
.
Security Issues:
* CVE-2014-5161
* CVE-2014-5162
* CVE-2014-5163
* CVE-2014-5164
* CVE-2014-5165
* CVE-2014-6421
* CVE-2014-6422
* CVE-2014-6423
* CVE-2014-6424
* CVE-2014-6427
* CVE-2014-6428
* CVE-2014-6429
* CVE-2014-6430
* CVE-2014-6431
* CVE-2014-6432
]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1220-1 -- Security update for mozilla-nssSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mozilla-nssMozilla NSS was updated to version 3.16.5 to fix a RSA certificate forgery
issue.
MFSA 2014-73 / CVE-2014-1568: Antoine Delignat-Lavaud, security researcher
at Inria Paris in team Prosecco, reported an issue in Network Security
Services (NSS) libraries affecting all versions. He discovered that NSS is
vulnerable to a variant of a signature forgery attack previously published
by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values
involved in a signature and could lead to the forging of RSA certificates.
The Advanced Threat Research team at Intel Security also independently
discovered and reported this issue.
Security Issues:
* CVE-2014-1568
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-SU-2014:0989-1 -- Security update for krb5SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11krb5The several security issues have been fixed in kerberos 5.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-SU-2014:1003-1 -- Security update for pulseaudioSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pulseaudioThe several security issue is fixed in this updateSergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-SU-2014:1011-1 -- Security update for PythonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PythonThis update for Python provides fixes for the following issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-SU-2014:1007-1 -- Security update for pulseaudioSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pulseaudioThe several security issue is fixed in this update.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-RU-2014:0990-1 -- Recommended update for pesign-obs-integrationSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pesign-obs-integrationThis update for pesign-obs-integration includes the following fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-RU-2014:1222-1 -- Recommended update for xorg-x11-driver-inputSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-driver-inputThis update for xorg-x11-driver-input improves handling of devices which
send both absolute and relative coordinates in the evdev driver.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1299-1 -- Recommended update for atSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11atThis update for the at(1) job manager fixes a regression caused by the
latest security updates for bash. at(1) now sanitizes the environment it
passes to the shell, allowing only variables whose keys are of the form
/^[A-Z_][A-Z0-9_]/i.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-SU-2014:1027-1 -- Security update for glibcSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11glibcThis glibc update contains one security and two non security fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-RU-2014:1054-1 -- Recommended update for gdmSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gdmThis update for gdm provides fixes for the several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-RU-2014:1064-1 -- Recommended update for yast2-countrySUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-countryThis update for YaST's Country Settings module (yast2-country) provides
the following fix:Do not try to save settings when the user did not change them.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-SU-2014:0999-1 -- Security update for pulseaudioSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pulseaudioThe several security issue is fixed in this update.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-RU-2014:1016-1 -- Recommended update for libgphoto2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libgphoto2This update of libgphoto2 fixes an issue where daemonized usage of
libgphoto2 like in gphotofs could have affected devices attached to
unrelated serial ports.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-YU-2014:1021-1 -- YOU update for Software Update StackSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Software Update StackThis update for the Software Update Stack provides the several fixes and
enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-OU-2014:1050-1 -- Optional update for grub2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11grub2This patch provides grub2-x86_64-xen. This new package should be installed
on Xen virtualization servers that host SUSE Linux Enterprise 12 virtual
machines.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-SU-2014:1028-1 -- Security update for krb5SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11krb5This MIT krb5 update fixes a buffer overrun problem in kadmind.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-RU-2014:1102-1 -- Recommended update for perl-BootloaderSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11perl-BootloaderThis update adjusts perl-Bootloader to work even if no kernel is
installed; in particular: allow empty boot configuration, remember kernel
options of last removed kernel, tolerate temporarily invalid boot entry on
s390x. (bnc#821465)
Additionally, the following minor fixes are included in this update:
* Remove old and no longer needed workaround-script
bootloader_fix_xen. (bnc#817168)
* Fix superfluous error message. (bnc#873231)
* Require coreutils during post for chmod.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-RU-2014:1063-1 -- Recommended update for nss_ldapSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11nss_ldapThis update for nss_ldap provides fixes for the several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-OU-2014:1285-1 -- Optional update for grub2-x86_64-xenSUSE Linux Enterprise Desktop 11grub2-x86_64-xenThis patch provides grub2-x86_64-xen. This new package should be installed
on Xen virtualization servers that host SUSE Linux Enterprise 12 virtual
machines.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1146-1 -- Security update for dbus-1SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11dbus-1Various denial of service issues were fixed in the DBUS service.
* CVE-2014-3638: dbus-daemon tracks whether method call messages
expect a reply, so that unsolicited replies can be dropped. As
currently implemented, if there are n parallel method calls in
progress, each method reply takes O(n) CPU time. A malicious user
could exploit this by opening the maximum allowed number of parallel
connections and sending the maximum number of parallel method calls
on each one, causing subsequent method calls to be unreasonably
slow, a denial of service.
* CVE-2014-3639: dbus-daemon allows a small number of "incomplete"
connections (64 by default) whose identity has not yet been
confirmed. When this limit has been reached, subsequent connections
are dropped. Alban's testing indicates that one malicious process
that makes repeated connection attempts, but never completes the
authentication handshake and instead waits for dbus-daemon to time
out and disconnect it, can cause the majority of legitimate
connection attempts to fail.
Security Issues:
* CVE-2014-3638
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638>
* CVE-2014-3638
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-SU-2014:1017-1 -- Security update for augeasSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11augeasAugeas has been updated to fix a symlink overwrite problem.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-SU-2014:1116-1 -- Security update for LibreOfficeSUSE Linux Enterprise Desktop 11LibreOfficeLibreOffice was updated to version 4.0.3.3.26. (SUSE 4.0-patch26, tag
suse-4.0-26, based on upstream 4.0.3.3).
Two security issues have been fixed:
* DOCM memory corruption vulnerability. (CVE-2013-4156, bnc#831578)
* Data exposure using crafted OLE objects. (CVE-2014-3575, bnc#893141)
The following non-security issues have been fixed:
* chart shown flipped (bnc#834722)
* chart missing dataset (bnc#839727)
* import new line in text (bnc#828390)
* lines running off screens (bnc#819614)
* add set-all language menu (bnc#863021)
* text rotation (bnc#783433, bnc#862510)
* page border shadow testcase (bnc#817956)
* one more clickable field fix (bnc#802888)
* multilevel labels are rotated (bnc#820273)
* incorrect nested table margins (bnc#816593)
* use BitmapURL only if its valid (bnc#821567)
* import gradfill for text colors (bnc#870234)
* fix undo of paragraph attributes (bnc#828598)
* stop-gap solution to avoid crash (bnc#830205)
* import images with duotone filter (bnc#820077)
* missing drop downs for autofilter (bnc#834705)
* typos in first page style creation (bnc#820836)
* labels wrongly interpreted as dates (bnc#834720)
* RTF import of fFilled shape property (bnc#825305)
* placeholders text size is not correct (bnc#831457)
* cells value formatted with wrong output (bnc#821795)
* RTF import of freeform shape coordinates (bnc#823655)
* styles (rename &) copy to different decks (bnc#757432)
* XLSX Chart import with internal data table (bnc#819822)
* handle M.d.yyyy date format in DOCX import (bnc#820509)
* paragraph style in empty first page header (bnc#823651)
* copying slides having same master page name (bnc#753460)
* printing handouts using the default, 'Order' (bnc#835985)
* wrap polygon was based on dest size of picture (bnc#820800)
* added common flags support for SEQ field import (bnc#825976)
* hyperlinks of illustration index in DOCX export (bnc#834035)
* allow insertion of redlines with an empty author (bnc#837302)
* handle drawinglayer rectangle inset in VML import (bnc#779642)
* don't apply complex font size to non-complex font (bnc#820819)
* issue with negative seeks in win32 shell extension (bnc#829017)
* slide appears quite garbled when imported from PPTX (bnc#593612)
* initial MCE support in writerfilter ooxml tokenizer (bnc#820503)
* MSWord uses xb for linebreaks in DB fields, take 2 (bnc#878854)
* try harder to convert floating tables to text frames (bnc#779620)
* itemstate in parent style incorrectly reported as set (bnc#819865)
* default color hidden by Default style in writerfilter (bnc#820504)
* DOCX document crashes when using internal OOXML filter (bnc#382137)
* ugly workaround for external leading with symbol fonts (bnc#823626)
* followup fix for exported xlsx causes errors for mso2007 (bnc#823935)
* we only support simple labels in the InternalDataProvider
(bnc#864396)
* RTF import: fix import of numbering bullet associated font
(bnc#823675)
* page specific footer extended to every pages in DOCX export
(bnc#654230)
* v:textbox mso-fit-shape-to-text style property in VML import
(bnc#820788)
* w:spacing in a paragraph should also apply to as-char objects
(bnc#780044)
* compatibility setting for MS Word wrapping text in less space
(bnc#822908)
* fix SwWrtShell::SelAll() to work with empty table at doc start
(bnc#825891)
Security Issues:
* CVE-2014-3575
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3575>
* CVE-2013-4156
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4156>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1005-1 -- Security update for PythonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PythonThis update for Python provides fixes for the several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1011-1 -- Security update for PythonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PythonThis update for Python provides fixes for the following issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1216-1 -- Recommended update for mkinitrdSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mkinitrdThis collective update for mkinitrd provides the following fixes and
enhancements:
* Fix matching of device numbers in /proc/partitions in setup-storage.
(bnc#887683)
* Complete support of 2nd ibft iscsi interface. (bnc#830968)
* Include USB HID support whenever the kernel supports it. (bnc#879502)
* Respect the sixth field (fs_passno) in /etc/fstab for the root
device entry. (bnc#858023)
* Fix network setup with mkinitrd -f ifup. (bnc#872435)
* Include ifup dependencies even if ifup is not used. (bnc#891573)
* Retry nfs mount if network is not yet up. (bnc#891573)
* Add cciss compat rules to mkinitrd. (bnc#858663)
* Cleanup /lib/mkinitrd/{boot,setup} upon package removal. (bnc#892507)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1035-1 -- Security update for flash-playerSUSE Linux Enterprise Desktop 11flash-playerThis flash-player update fixes the several security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1073-1 -- Security update for gpgmeSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gpgmeThis gpgme update fixes the following security issue:
* bnc#890123: Fix possible overflow in gpgsm and uiserver engines
(CVE-2014-3564)
Security Issues:
* CVE-2014-3564
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3564>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1147-1 -- Recommended update for supportutilsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11supportutilsThis update for supportutils provides the following fixes:
* Fixed /sys/class/drm hang issue in supportconfig. (bnc#889946)
* Collect information about Novell DSfW.
* Fixed NSS errors when Manage_NSS is missing.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-RU-2014:1056-1 -- Recommended update for kernel-firmwareSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kernel-firmwareThis update for kernel-firmware provides the several fixes and
enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-OU-2014:1050-1 -- Optional update for grub2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11grub2This patch provides grub2-x86_64-xen. This new package should be installed
on Xen virtualization servers that host SUSE Linux Enterprise 12 virtual
machines.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1032-1 -- Recommended update for MesaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MesaThis update for Mesa provides the several fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1056-1 -- Recommended update for kernel-firmwareSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kernel-firmwareThis update for kernel-firmware provides the several fixes and
enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1106-1 -- Security update for net-snmpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11net-snmpThis update for net-snmp fixes a remote denial of service problem inside
snmptrapd when it is started with the "-OQ" option. (CVE-2014-3565,
bnc#894361)
Additionally, a timeout issue during SNMP MIB walk on OID 1.3.6.1.2.1.4.24
when using newer (v5.5+) versions of snmpwalk has been fixed. (bnc#865222)
Security Issues:
* CVE-2014-3565
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3565>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1209-1 -- Recommended update for udevSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11udevThis update for udev provides the following fixes:
* ata_id: Skip ATA commands if we find an optical drive. (bnc#880066)
* ata_id: Support SG_IO version 4 interface. (bnc#880066)
* path_id: Add delay when CCW attributes are not available.
(bnc#881358)
* udevd: Improve error reporting when worker exits. (bnc#884441)
* boot.udev_retry: Fix script to trigger failed events. (bnc#884441)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-RU-2014:1032-1 -- Recommended update for MesaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MesaThis update for Mesa provides the several fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-SU-2014:0989-1 -- Security update for krb5SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11krb5The several security issues have been fixed in kerberos 5.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1213-1 -- Security update for bashSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11bashash has been updated to fix a critical security issue.
In some circumstances, the shell would evaluate shellcode in environment
variables passed at startup time. This allowed code execution by local or
remote attackers who could pass environment variables to bash scripts.
(CVE-2014-6271)
Security Issues:
* CVE-2014-6271
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-SU-2014:1009-1 -- Security update for PythonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PythonThis update for Python provides fixes for the several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-SU-2014:1027-1 -- Security update for glibcSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11glibcThis glibc update contains one security and two non security fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1125-1 -- Security update for glibcSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11glibcThis glibc update fixes a critical privilege escalation problem and two
non-security issues:
* bnc#892073: An off-by-one error leading to a heap-based buffer
overflow was found in __gconv_translit_find(). An exploit that
targets the problem is publicly available. (CVE-2014-5119)
* bnc#892065: setenv-alloca.patch: Avoid unbound alloca in setenv.
* bnc#888347: printf-multibyte-format.patch: Don't parse %s format
argument as multi-byte string.
Security Issues:
* CVE-2014-5119
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1217-1 -- Recommended update for avahiSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11avahiThis update for Avahi provides the following fixes:
* Document service instance name length limit in avahi.service(5).
(bnc#825463)
* Fix setting of thread_running flag in event loop. (bnc#725386)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-SU-2014:1049-1 -- Security update for OpenSSLSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11OpenSSLThis OpenSSL update fixes the several security issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-SU-2014:1072-1 -- Security update for MySQLSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MySQLThis MySQL update provides the following:upgrade to version 5.5.39Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-SU-2014:1137-1 -- Security update for procmailSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11procmailocmail was updated to fix a security issue in its formail helper.
* When formail processed specially crafted e-mail headers a heap
corruption could be triggered, which would lead to a crash of
formail. (CVE-2014-3618)
Security Issues:
* CVE-2014-3618
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3618>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1003-1 -- Security update for pulseaudioSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pulseaudioThe several security issue is fixed in this updateSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-RU-2014:1057-1 -- Recommended update for sg3_utilsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11sg3_utilsThis update for sg3_utils provides the several fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-SU-2014:1001-1 -- Security update for pulseaudioSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pulseaudioThe several security issue is fixed in this update.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-RU-2014:1063-1 -- Recommended update for nss_ldapSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11nss_ldapThis update for nss_ldap provides fixes for the several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1107-1 -- Security update for MozillaFirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MozillaFirefoxMozilla Firefox was updated to the 24.8.0ESR release, fixing security
issues and bugs.
Only some of the published security advisories affect the Mozilla Firefox
24ESR codestream:
* MFSA 2014-72 / CVE-2014-1567: Security researcher regenrecht
reported, via TippingPoint's Zero Day Initiative, a use-after-free
during text layout when interacting with the setting of text
direction. This results in a use-after-free which can lead to
arbitrary code execution.
* MFSA 2014-67: Mozilla developers and community identified and fixed
several memory safety bugs in the browser engine used in Firefox and
other Mozilla-based products. Some of these bugs showed evidence of
memory corruption under certain circumstances, and we presume that with
enough effort at least some of these could be exploited to run arbitrary
code.
* Jan de Mooij reported a memory safety problem that affects Firefox
ESR 24.7, ESR 31 and Firefox 31. (CVE-2014-1562)
More information is referenced on:
https://www.mozilla.org/security/announce/
<https://www.mozilla.org/security/announce/> .
Security Issues:
* CVE-2014-1562
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1562>
* CVE-2014-1567
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1567>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1022-1 -- Security update for CUPSSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11CUPSThis update fixes various issues in CUPS.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1124-1 -- Security update for flash-playerSUSE Linux Enterprise Desktop 11flash-player
Security Issues:
* CVE-2014-0547
* CVE-2014-0548
* CVE-2014-0549
* CVE-2014-0550
* CVE-2014-0551
* CVE-2014-0552
* CVE-2014-0553
* CVE-2014-0554
* CVE-2014-0555
* CVE-2014-0556
* CVE-2014-0557
* CVE-2014-0559
]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1065-1 -- Recommended update for zipSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11zipThis update for zip provides the following fix:Don't clobber include/exclude pattern lists by removing path prefixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-RU-2014:1048-1 -- Recommended update for aaa_baseSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11aaa_baseThis update for aaa_base provides the several fixes and enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-SU-2014:1007-1 -- Security update for pulseaudioSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pulseaudioThe several security issue is fixed in this update.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-RU-2014:1065-1 -- Recommended update for zipSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11zipThis update for zip provides the following fix:Don't clobber include/exclude pattern lists by removing path prefixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-SU-2014:1247-1 -- Security update for bashSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11bashThe command-line shell 'bash' evaluates environment variables, which
allows the injection of characters and might be used to access files on
the system in some circumstances (CVE-2014-7169).
Please note that this issue is different from a previously fixed
vulnerability tracked under CVE-2014-6271 and is less serious due to the
special, non-default system configuration that is needed to create an
exploitable situation.
To remove further exploitation potential we now limit the
function-in-environment variable to variables prefixed with BASH_FUNC_.
This hardening feature is work in progress and might be improved in later
updates.
Additionally, two other security issues have been fixed:
* CVE-2014-7186: Nested HERE documents could lead to a crash of bash.
* CVE-2014-7187: Nesting of for loops could lead to a crash of bash.
Security Issues:
* CVE-2014-7169
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169>
* CVE-2014-7186
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186>
* CVE-2014-7187
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1142-1 -- Recommended update for yast2-coreSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-coreThis update for yast2-core enables line buffering for parsing agent
output. This fixes a case where certain configuration files (e.g.
/etc/sudoers) could take over 10 minutes to parse if they contained single
strings sized 100KB. (bnc#854809)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-SU-2014:1035-1 -- Security update for flash-playerSUSE Linux Enterprise Desktop 11flash-playerThis flash-player update fixes the several security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-SU-2014:0998-1 -- Security update for PythonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PythonThis update for Python provides fixes for the several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-RU-2014:0990-1 -- Recommended update for pesign-obs-integrationSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pesign-obs-integrationThis update for pesign-obs-integration includes the following fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1009-1 -- Security update for PythonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PythonThis update for Python provides fixes for the several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-YU-2014:1021-1 -- YOU update for Software Update StackSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Software Update StackThis update for the Software Update Stack provides the several fixes and
enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1148-1 -- Recommended update for rng-toolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11rng-toolsThis update fixes usage of RDRAND support from recent CPUs in rng-tools
initialization script.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSUSE-OU-2014:1036-1 -- Optional update for pulseaudioSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pulseaudioThis optional update provides 32-bit versions of libpulse-mainloop-glib0.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0999-1 -- Security update for pulseaudioSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pulseaudioThe several security issue is fixed in this update.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0998-1 -- Security update for PythonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PythonThis update for Python provides fixes for the several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1143-1 -- Recommended update for puppet, facterSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11puppetfacterThis update provides Puppet 2.7.26 and Facter 1.6.18, which bring many
fixes and enhancements.
Although the most common use cases have been tested with the new version,
customers using modules provided by other vendors are advised to apply
this update on non-production systems first and verify that there are no
incompatibilities.
For a comprehensive list of changes in this new version, please refer to
the release notes:
https://docs.puppetlabs.com/puppet/2.7/reference/release_notes.html
<https://docs.puppetlabs.com/puppet/2.7/reference/release_notes.html> and
https://docs.puppetlabs.com/facter/1.6/release_notes.html
<https://docs.puppetlabs.com/facter/1.6/release_notes.html> .Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1101-1 -- Recommended update for SLE Virtualization ToolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SLE Virtualization ToolsThis collective update provides fixes and enhancements for SLE
Virtualization Tools.
libvirt:
* Fix race conditions in setting/getting domain state. (bnc#882598)
* Add PCI multi-domain support to the qemu driver. (bnc#882661)
perl-Sys-Virt:
* Update to version 1.0.5, adding all new APIs and constants from
libvirt 1.0.5.
virt-manager:
* Fix error during Appliance configuration on 2nd hard disk.
(bnc#864351)
* Fix error on 'Generate from host NUMA configuration'. (bnc#852404)
* Fix displaying of domains for PCI devices. (bnc#876604)
* Fix connection to remote Xen virtual machines using virt-manager
from YaST. (bnc#874300)
* Fix issue that made block device disappear after disabling cache.
(bnc#847641)
vm-install:
* Add support for SLE 12 and RHEL 7 installations. (bnc#885052,
bnc#882092, bnc#862605, bnc#862608)
* Fix reporting of full system memory on KVM installations.
(bnc#881573)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1049-1 -- Security update for OpenSSLSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11OpenSSLThis OpenSSL update fixes the several security issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1113-1 -- Recommended update for microcode_ctlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11microcode_ctlThis update provides Intel's CPU microcode version 20140624.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1077-1 -- Security update for libgcryptSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libgcryptThis libgcrypt update fixes the following security issue:
* bnc#892464: Side-channel attack on Elgamal encryption subkeys.
(CVE-2014-5270)
Security Issues:
* CVE-2014-5270
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5270>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-SU-2014:1013-1 -- Security update for pulseaudioSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pulseaudioThe several security issue is fixed in this update.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-RU-2014:1276-1 -- Recommended update for yast2-samba-clientSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-samba-clientThis update for yast2-samba-client ensures that nmbd is restarted after a
nmbstatus lookup. (bnc#895319).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1152-2 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11timezoneThis update provides the latest timezone information (2014g) for your
system, including the following changes:
* Russia will subtract an hour from most of its time zones on
2014-10-26 at 02:00 local time.
* Turks & Caicos are switching from US eastern time to UTC-4
year-round, modeled as a switch from EST/EDT to AST on 2014-11-02 at
02:00.
* Many past time stamps were updated for correctness.
* Many time zone abbreviations were adjusted or fixed.
* Many performance enhancements and fixes in the time zone
manipulation utilities.
* A new file 'zone1970.tab' was added. The new file's extended format
allows multiple country codes per zone. New applications should use
the new file.
* Some code fixes in 'localtime', 'zic', 'mktime' and 'yearistype'.
For a comprehensive list of changes, refer to the release announces from
ICANN:
* http://mm.icann.org/pipermail/tz-announce/2014-August/000023.html
<http://mm.icann.org/pipermail/tz-announce/2014-August/000023.html>
* http://mm.icann.org/pipermail/tz-announce/2014-August/000024.html
<http://mm.icann.org/pipermail/tz-announce/2014-August/000024.html>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1088-1 -- Security update for pppSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pppThis ppp update fixes a potential security issue that an unprivileged
attacker could access privileged options:
* integer overflow in option parsing (CVE-2014-3158, bnc#891489)
Security Issues:
* CVE-2014-3158
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3158>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1048-1 -- Recommended update for aaa_baseSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11aaa_baseThis update for aaa_base provides the several fixes and enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0964-1 -- Recommended update for dnsmasqSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11dnsmasqThis update provides dnsmasq version 2.71, which brings several fixes and enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-OU-2014:1036-1 -- Optional update for pulseaudioSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pulseaudioThis optional update provides 32-bit versions of libpulse-mainloop-glib0.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-RU-2014:1057-1 -- Recommended update for sg3_utilsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11sg3_utilsThis update for sg3_utils provides the several fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-YU-2014:0968-1 -- YOU update for poptSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11poptThis update for RPM provides the several fixes and enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1072-1 -- Security update for MySQLSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MySQLThis MySQL update provides the following:upgrade to version 5.5.39Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1001-1 -- Security update for pulseaudioSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pulseaudioThe several security issue is fixed in this update.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-SU-2014:1022-1 -- Security update for CUPSSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11CUPSThis update fixes various issues in CUPS.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-SU-2014:1121-2 -- Security update for kdelibs4SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kdelibs4This update of the kdelibs4 KSSL interface makes it select a set of
default ciphers that is recommended for current usage. This update is
needed for Konqueror to restrict its cipher set when using https.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1093-1 -- Recommended update for SambaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SambaThis update for Samba provides the following fixes:
* Disable TDB mmap() on s390 systems. (bso#10765, bnc#886193,
bnc#882356)
* Reduce printer_list.tdb lock contention during printcap update.
(bso#10652, bnc#883870)
* Avoid double-free in get_print_db_byname. (bso#10699)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0896-1 -- Security update for GPG2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11GPG2GPG2 has been updated to fix a possible denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0833-1 -- Security update for compat-wireless, compat-wireless-debuginfo, compat-wireless-debugsource, compat-wireless-kmp-default, compat-wireless-kmp-pae, compat-wireless-kmp-trace, compat-wireless-kmp-xenSUSE Linux Enterprise Desktop 11compat-wirelesscompat-wireless-debuginfocompat-wireless-debugsourcecompat-wireless-kmp-defaultcompat-wireless-kmp-paecompat-wireless-kmp-tracecompat-wireless-kmp-xenThis update for the compat-wireless kernel modules provides many fixes and enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0817-1 -- Security update for popplerSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11popplerThis update fixes problems in DCTStream error handling in poppler.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0846-1 -- Security update for dbus-1SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11dbus-1dbus-1 was patched to prevent a possible denial of service issue in dbus-daemon.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0934-1 -- Recommended update for lvm2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11lvm2This collective update for lvm2 and lvm2-clvm provides several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0785-1 -- Security update for libvirtSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libvirtlibvirt has been patched to fix two security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0472-1 -- Recommended update for hwinfoSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11hwinfoThis update for hwinfo fixes the kernel log parser to
correctly read time stamps prefixed to each logged line
and adds support to a new model of fingerprint reader.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0453-1 -- Recommended update for cpupowerSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11cpupowerThis update for cpupower adds support for Intel IvyBridge
and Haswell CPUs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0271-1 -- Recommended update for gdmSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gdmThis update for the GNOME Display Manager (gdm) avoids that
a second X server is being started on virtual terminal 7
after hitting the 'switch user' button.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0441-1 -- Security update for PerlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PerlThis update of Perl 5 fixes the following security issues:
* fix rehash DoS [bnc#804415] [CVE-2013-1667]
* improve CGI crlf escaping [bnc#789994] [CVE-2012-5526]
* fix glob denial of service [bnc#796014]
[CVE-2011-2728]
* sanitize input in Maketext.pm [bnc#797060]
[CVE-2012-6329]Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0314-1 -- Recommended update for dhcpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11dhcpThis collective update for DHCP provides fixes for the
following issues:
* Ignore SIGPIPE instead of terminating in socket code
before the errno==EPIPE checks are reached (bnc#794578)
* Merge upstream fixes for memory leaks and
segmentation faults (bnc#794578)
* Fix timing values calculation in dhcpv6 client to
compare rebind value to infinity instead of renew
(bnc#794578)
* Fix discovery of interfaces which have only addresses
with a label assigned (bnc#791289)
* Fix parse buffer handling to avoid truncation of
config > ~8k from bigger LDAP objects (bnc#788787)
* Fix subclass name-ref and data quoting/escaping
(bnc#788787)
* Fix memory leaks on ldap_read_config errors
(bnc#788787)
* Fix dhclient-script to discard MTU lower-equal 576
rather than lower-than (bnc#791280)
* Fix a memory leak in dhcp-ldap's subnet range
processing (bnc#784640)
* Fix a parsing error when processing the second
dhcpService container that the dhcpServer object may refer
to (bnc#784640).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0835-1 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11timezoneThis update provides the latest timezone information for your system.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1013-1 -- Security update for pulseaudioSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pulseaudioThe several security issue is fixed in this update.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0850-1 -- Recommended update for grubSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11grubThis update for Grub adjusts the package's post installation scripts to fix creation of Kiwi images.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-OU-2014:0907-1 -- Optional update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThis SUSE Linux Enterprise 11 Service Pack 3 kernel update introduces the bigsmp kernel flavor which is optimized for very large systems.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0383-1 -- Recommended update for gnome-packagekitSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gnome-packagekitThis update fixes the conflicting id in OMF of
gnome-packagekit so that both gnome-packagekit and
gnome-power-manager are shown properly in GNOME help.
Additionally, it allows the resizing of message dialogs
when error details are shown.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0880-1 -- Security update for puppetSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11puppetPuppet was updated to fix the several security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0390-1 -- Recommended update for mdadmSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mdadmThis collective update for mdadm provides the following
features:
* Add md_monitor 4.16 (FATE#313624), with fixes
included from bnc#787826, bnc#770885, bnc#789202,
bnc#787819 and bnc#789535Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0936-1 -- Recommended update for SUSE Manager Proxy 2.1SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SUSE Manager Proxy 2.1This collective update for SUSE Manager Proxy 2.1 provides the fixes and enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0897-1 -- Security update for flash-playerSUSE Linux Enterprise Desktop 11flash-playerflash-player was updated to version 11.2.202.394 to fix security protection bypass issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0259-1 -- kernel update for SLE11 SP2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SLE11 SP2The SUSE Linux Enterprise 11 SP2 kernel was updated to
3.0.58, fixing various bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0808-1 -- Security update for openssl-certsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11openssl-certsopenssl-certs has been updated to include four new and remove two certificates/Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1064-1 -- Recommended update for yast2-countrySUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-countryThis update for YaST's Country Settings module (yast2-country) provides
the following fix:Do not try to save settings when the user did not change them.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0457-1 -- Security update for libqt4SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libqt4libqt4 has been updated to fix several security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0461-1 -- Recommended update for virt-utilsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11virt-utilsThis update for virt-utils fixes a syntactical error in
vm-snapshot-disk and provides a minor version update for
qemu-nbd and qemu-img utilities.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0322-1 -- Security update for wiresharkSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10wiresharkwireshark was updated to 1.8.5 (bnc#801131), fixing bugs
and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0328-1 -- Security update for JavaSUSE Linux Enterprise Desktop 11Javajava-1_6_0-openjdk has been updated to IcedTea 1.12.3
(bnc#804654) which contains security and bugfixes:
* Security fixes o S8006446: Restrict MBeanServer
access (CVE-2013-1486) o S8006777: Improve TLS handling of
invalid messages Lucky 13 (CVE-2013-0169) o S8007688:
Blacklist known bad certificate (issued by DigiCert)
* Backports o S8007393: Possible race condition after
JDK-6664509 o S8007611: logging behavior in applet changed
* Bug fixes o PR1319: Support GIF lib v5.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0937-1 -- Security update for ntpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11ntpThe NTP time service could have been used for remote denial of service amplification attacks.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1026-1 -- Recommended update for cronSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11cronThis update for cron provides the several fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0870-1 -- Security update for xalan-j2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xalan-j2xalan-j2 has been updated to ensure that secure processing can't be circumvented.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0776-1 -- Recommended update for biosdevnameSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11biosdevnameThis update for biosdevname fixes an issue in the port determination logic that could have resulted in more than one interface on a given PCI slot getting the same port number when renames are happening in parallel.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1282-1 -- Security update for python-lxmlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11python-lxmlThis security update for python-lxml fixes a input sanitization flaw in
clean_html. (CVE-2014-3146)
Security Issues:
* CVE-2014-3146
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3146>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0910-1 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0806-1 -- Security update for flash-playerSUSE Linux Enterprise Desktop 11flash-playerflash-player was updated to version 11.2.202.378 to fix the following security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0961-1 -- Security update for openjdkSUSE Linux Enterprise Desktop 11openjdkThis Critical Patch Update contains 20 new security fixes for Oracle Java SE.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0849-1 -- Recommended update for clamavSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11clamavThe antivirus scanner ClamAV has been updated to version 0.98.3, which includes the following fixes and enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0373-1 -- Security update for flash-playerSUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10flash-playerflash-player has been updated to 11.2.202.273 security
update, which fixes several critical security bugs that
could have been used by remote attackers to execute code.
(CVE-2013-0504, CVE-2013-0643, CVE-2013-0648)
More information can be found on:
https://www.adobe.com/support/security/bulletins/apsb13-08.h
tml
<https://www.adobe.com/support/security/bulletins/apsb13-08.
html>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0507-1 -- Recommended update for ekigaSUSE Linux Enterprise Desktop 11ekigaThis update for Ekiga adds an application icon to the
desktop menus.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0852-1 -- Recommended update for tsclientSUSE Linux Enterprise Desktop 11tsclientThis update adds FreeRDP compatibility to tsclient.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0452-1 -- Recommended update for SUSE Manager Client ToolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SUSE Manager Client ToolsThis collective update provides SUSE Manager Client Tools
version 1.7.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0470-1 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Mozilla FirefoxMozillaFirefox has been updated to the 17.0.4ESR release
which fixes one important security issue:
* MFSA 2013-29 / CVE-2013-0787: VUPEN Security, via
TippingPoint's Zero Day Initiative, reported a
use-after-free within the HTML editor when content script
is run by the document.execCommand() function while
internal editor operations are occurring. This could allow
for arbitrary code execution.
Security Issue reference:
* CVE-2013-0787
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0787
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0877-1 -- Recommended update for dhcpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11dhcpThis update for dhcp provides the several fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0931-1 -- Security update for libtasn1SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libtasn1libtasn1 has been updated to fix three security issues:asn1_get_bit_der() could have returned negative bit length, Multiple boundary check issues could have allowed DoS, Possible DoS by NULL pointer dereference in asn1_read_value_type.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0824-1 -- Security update for MozillaFirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11MozillaFirefoxMozillaFirefox was updated to version 24.6.0 to fix six security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0408-1 -- Recommended update for metacitySUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11metacityThis update for the Metacity window manager fixes a
segmentation fault when more than 16 virtual desktops are
used.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0315-1 -- Security update for Java 1.6.0SUSE Linux Enterprise Desktop 11Java 1.6.0java-1_6_0-openjdk based on Icedtea6-1.12.2 was released,
fixing various security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0818-1 -- Security update for opensshSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11opensshThis update for OpenSSH fixes the several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0287-1 -- Recommended update for nfs-clientSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11nfs-clientThis update for the NFS support utilities (nfs-client,
nfs-kernel-server) provides the following fixes:
* Allow gssd to work with more than 1024 connections,
depending on the 'nofile' resource limit. Increase this
limit to 4096 before starting rpc.gssd.
* Fix a signal handling issue that could cause silent
termination of the rpc.idmapd daemon.
* Don't convert user or group names with non-ASCII
characters to 'nobody' or 'nogroup'.
* Don't impose local-locking on /usr/sap.
* Skip processing files in /var/lib/nfs/rpc_pipefs/nfs
if they don't exist.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0399-1 -- Recommended update for microcode_ctlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11microcode_ctlThis update provides Intel's CPU microcode version 20130222.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0409-1 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10timezoneThis update provides the latest timezone information for
your system. The changes in detail are:
* Chile is changing its DST rules
* Estimate Morocco 2013-2038 transitions for Ramadan
* New alias Europe/Busingen for Europe/Zurich
* New zones Asia/Khandyga, Asia/Ust-Nera
* Libya moving to CET, but with DST.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0349-1 -- Security update for acroreadSUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10acroreadAcrobat Reader has been updated to 9.5.4 which fixes two
critical security issues where attackers supplying PDFs
could have caused code execution with acrobat.
(CVE-2013-0640, CVE-2013-0641)
More information can be found on:
https://www.adobe.com/support/security/bulletins/apsb13-07.h
tml
<https://www.adobe.com/support/security/bulletins/apsb13-07.
html>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0517-1 -- Security update for PostgreSQLSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PostgreSQLPostgreSQL has been updated to version 9.1.8 which fixes
various bugs and one security issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0959-1 -- Recommended update for mcelogSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mcelogThis update for mcelog provides the following fixes: Add model number of Haswell Server (0x3f), Add missing entry to Ivy Bridge memory controller decode table, Continue without DMI when there's no SMBIOS or SMBIOS=0x0 in /sys/firmware/efi/systabSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0759-2 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 SP2 kernel has been updated to
3.0.74 fix various security issues and bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0899-1 -- Security update for SambaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SambaSamba has been updated to fix two security issues and one non-security issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0821-1 -- Security update for nfs-clientSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11nfs-clientThis update fixes a DNS spoofing problem with NFS
rpc-gssd. (CVE-2013-1923)(bnc#813464) It also adds
MOUNTD_OPTIONS and GSSD_OPTIONS to /etc/sysconfig/nfs.
(bnc#818094, bnc#816897)
Security Issues:
* CVE-2013-1923
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1923
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0753-1 -- Recommended update for ModemManagerSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11ModemManagerThis update for ModemManager adds port initialization
settings for new models of ZTE modems.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0933-1 -- Recommended update for release-notes-sledSUSE Linux Enterprise Desktop 11release-notes-sledThis update provides the latest version of the release notes for SUSE Linux Enterprise Desktop 11 SP3.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0344-1 -- Recommended update for CUPSSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11CUPSThis update for CUPS removes the hard-coded printing delay
of 5 seconds from the "socket" backend.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1016-1 -- Recommended update for libgphoto2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libgphoto2This update of libgphoto2 fixes an issue where daemonized usage of
libgphoto2 like in gphotofs could have affected devices attached to
unrelated serial ports.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0489-1 -- Recommended update for aaa_baseSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11aaa_baseThis collective update for aaa_base provides the following
fixes and enhancements:
* Use of large UID numbers could cause the creation of
a huge "faillog" file in /var/log. When logging in as root,
the faillog(8) utility could read this file sequentially,
introducing long delays. This update removes the call to
faillog from the default login scripts. Users interested in
keeping this functionality are advised to use the PAM
module pam_tally2(8). (bnc#801037)
* During system shutdown, blogd(8) could close the
system console before all messages were printed.
(bnc#789893)
* Mime types for .docx, .dotx, .pptx, .xlsx and .xltx
were added to /etc/mime.types. (FATE#313237)Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0798-1 -- Security update for flash-playerSUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10flash-playerAdobe flash-player has been updated to 11.2.202.285
security update, which fixes various remote code execution
problems and other security issues.
Some more details can be found on:
https://www.adobe.com/support/security/bulletins/apsb13-14.h
tml
<https://www.adobe.com/support/security/bulletins/apsb13-14.
html>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-OU-2013:0702-1 -- Optional update for V4L plug-ins for GStreamerSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11V4L plug-ins for GStreamerThis update provides a collection of video4linux support
libraries and a video4linux plug-in for the Gstreamer
framework.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0329-1 -- Recommended update for auditSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11auditThe set of tools for Kernel Auditing (audit) has been
updated to version 1.8. The update brings many fixes and
enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0749-1 -- Recommended update for python-ethtoolSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11python-ethtoolThis update for python-ethtool allows pifconfig to display
information about single network interfaces.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0930-1 -- Security update for kdirstatSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kdirstatThe following security issue has been fixed:command injection in kcleanup.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0763-1 -- Recommended update for glib2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11glib2This update for glib2 adjusts SuSEconfig.glib2 to not check
for files that might not exist on new installations.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0761-1 -- Recommended update for kdelibs4SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kdelibs4This update for kdelibs4 provides the following fixes:
* Fix services not showing up in context menu when
multiple files are selected. (bnc#809065)
* Fix kfmclient openProfile. (bnc#807314)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0847-1 -- Security update for novell-qtgui, novell-ui-baseSUSE Linux Enterprise Desktop 11novell-qtguinovell-ui-basePackages novell-ui-base and novell-qtgui were updated to prevent erroneous rights assignment when a user is granted 'File Scan' rights (F).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0556-1 -- Recommended update for LibreOfficeSUSE Linux Enterprise Desktop 11LibreOfficeThis collective update for LibreOffice provides many fixes
and enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0793-1 -- Security update for strongswanSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11strongswanThis update fixes a NULL ptr dereference (DoS) via ID_DER_ASN1_DN ID payloads.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0252-1 -- Recommended update for sysconfigSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11sysconfigThis update for sysconfig provides the following fixes and
improvements:
* Use dhclient6 in dhcp6_client state variable
* Correctly apply STP constrains also to float time
values with a 1/100 sec precision
* Update bridge documentation link in ifcfg-bridge.5
* Do not report failure while setting unsupported power
management option in ifup-wireless
* Check and reject too long interface names or names
with suspect characters
* Do not wait when creation of virtual interface name
fails
* Do not start dhcp clients too early or they may be
unable to send packets
* Load af_packet module early and wait for link ready
* Check before running a script in netcontrol_services
* Allow suffixes in ETHTOOL_OPTIONS variable to apply
settings separately
* Add ETHTOOL_UP_RETRY and ETHTOOL_UP_WAIT variables to
wait until the link has been set up
* Updated ifcfg(5) man page
* Do not mount file systems with the noauto flag setSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0633-1 -- Security update for PostgreSQLSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PostgreSQLThis update to version 9.1.9 fixes:
* CVE-2013-1899: Fix insecure parsing of server
command-line switches.
* CVE-2013-1900: Reset OpenSSL randomness state in each
postmaster child process.
* CVE-2013-1901: Make REPLICATION privilege checks test
current user not authenticated user.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-SU-2014:1005-1 -- Security update for PythonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PythonThis update for Python provides fixes for the several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-RU-2014:1026-1 -- Recommended update for cronSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11cronThis update for cron provides the several fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-SU-2013:0697-1 -- Security update for telepathy-gabbleSUSE Linux Enterprise Desktop 11telepathy-gabbletelepathy-gabble was updated to fix several
remotely-triggerable NULL crashes (CVE-2013-1769)
Security Issues:
* CVE-2013-1769
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1769
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0960-1 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11Mozilla FirefoxMozilla Firefox has been updated to the 24.7ESR security release.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1001-1 -- Recommended update for supportutilsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10supportutilsThis update fixes the following issues:
- supportconfig: 2.25-370
- supportconfig: 2.25-359
- supportconfig: 2.25-358
- supportconfig: 2.25-350Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0645-1 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10Mozilla FirefoxMozillaFirefox has been updated to the 17.0.5ESR release
fixing bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1098-1 -- Security update for MesaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MesaThis update of Mesa fixes multiple integer overflows.
Security Issue reference:
* CVE-2013-1993
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1993
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0771-1 -- Security update for curlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11curlThis update fixes the cookie domain tailmatch vulnerability
in curl. CVE-2013-1944 has been assigned to this issue.
Security Issue reference:
* CVE-2013-1944
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1944
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0795-1 -- Security update for libtiffSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10libtiffThis update fixes two buffer overflow security issues with
libtiff:
* CVE-2013-1960
* CVE-2013-1961Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0904-1 -- Security update for lzoSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11lzolzo was updated to fix a potential denial of service issue or possible remote code execution by allowing an attacker, if the LZO decompression algorithm is used in a threaded or kernel context, to corrupt memory structures that control the flow of execution in other contexts.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0758-1 -- Recommended update for NetworkManagerSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11NetworkManagerThis update for NetworkManager provides the following fixes:
* Make modem disconnects synchronous in order to avoid
a race condition when disconnecting and then immediately
reconnecting. (bnc#659267)
* Fix an issue that prevented the reactivation of some
wireless devices if they were manually disabled before a
reboot. (bnc#760875)
* Fix a race condition when enabling wireless networks
at power management resume. (bnc#751273)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0626-1 -- Recommended update for kdumpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kdumpThis update for Kdump provides the following fixes and
enhancements:
* In multipath setups, make sure that only devices
actually required by kdump are initialized in kdump
environment. This reduces run-time memory requirements.
(bnc#738865)
* Add a new configuration option to set the number of
CPUs that will be available in the Kdump environment. On
SMP systems, makedumpfile will then enable the split mode
to dump data to multiple DUMPFILEs in parallel. (bnc#783592)
* Close a race condition between creating the kdump
initrd and restricting its file permissions to avoid
leaking sensitive information, such as private keys or
passwords needed to save a dump to a remote system.
(bnc#742884)
* Do not set up iommu pass-through for the kdump
kernel. (bnc#804800)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1130-1 -- Recommended update for multipath-toolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11multipath-toolsThis update for multipath-tools fixes a potential thread
stack overflow when using some functions from libudev.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0458-1 -- Security update for flash-playerSUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10flash-playerAdobe Flash Player has been updated to security release
11.2.202.275 (APSB13-09), fixing severe security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0549-1 -- Security update for OpenSSLSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11OpenSSLOpenSSL has been updated to fix several security issues:
* CVE-2012-4929: Avoid the openssl CRIME attack by
disabling SSL compression by default. Setting the
environment variable "OPENSSL_NO_DEFAULT_ZLIB" to "no"
enables compression again.
* CVE-2013-0169: Timing attacks against TLS could be
used by physically local attackers to gain access to
transmitted plain text or private keymaterial. This issue
is also known as the "Lucky-13" issue.
* CVE-2013-0166: A OCSP invalid key denial of service
issue was fixed.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0888-1 -- Recommended update for xorg-x11-serverSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-serverThis collective update for xorg-x11-server provides the several fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1059-2 -- Security update for clamavSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11clamavThis release of clamav provides version 0.97.8 and fixes
several potential security issues (bnc#816865):
* CVE-2013-2020: Fix heap corruption
* CVE-2013-2021: Fix overflow due to PDF key length
computation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0799-1 -- Recommended update for util-linuxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11util-linuxThis collective update for util-linux provides the
following fixes and enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0789-1 -- Recommended update for python-pywbemSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11python-pywbemThis update for python-pywbem fixes the following issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1074-1 -- Recommended update for bindSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11bindThe BIND DNS server package has been updated to version
9.9.2P2, which brings many fixes, enhancements and new
features, such as:
* Automated trust anchor maintenance for DNSSEC (RFC
5011)
* Simplified configuration of Dynamic DNS
* Simplified configuration of DNSSEC Lookaside
Validation (DLV)
* Fully automatic signing of zones
* Implementation of DNS64, a transition mechanism to
IPv6 deployment
* Inline Signing for DNSSEC
* DNSSEC NSEC performance improvements
* Multiprocessing performance improvements.
This update also contains several functional changes which
might need changes of certain configuration settings. More
information can be found in TID #7012684:
https://www.suse.com/support/kb/doc.php?id=7012684
<https://www.suse.com/support/kb/doc.php?id=7012684>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1175-1 -- Security update for MesaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MesaA memory corruption in the Mesa Intel drivers (OOB
read/write) has been fixed. (CVE-2013-1872) This could
have been potentially exploited by remote attackers who
would have been able to inject 3d graphics into the
attacked desktop.
Security Issue reference:
* CVE-2013-1872
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1872
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1075-1 -- Recommended update for tarSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11tarThis update for tar provides the following fixes:
* Don't print "lone zero blocks" warnings, as there are many tar
implementations around that create invalid archives with a zero
block in the middle. (bnc#881863)
* Fix creation of archives with large UIDs and POSIX format.
(bnc#864302)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0492-1 -- Recommended update for createrepo, deltarpm and yumSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11createrepodeltarpmyumThis collective update provides newer versions of
createrepo (v0.9.9), deltarpm (v3.5) and yum (v3.2.29).
The updated packages bring many fixes and enhancements,
including the capability of creating repositories with
delta RPM support.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1166-1 -- Security update for compat-curl2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10compat-curl2This update of compat-curl2 fixes a security vulnerability:
* libcurl URL decode buffer boundary flaw (bnc#824517 /
CVE-2013-2174)
Security Issue reference:
* CVE-2013-2174
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2174
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-YU-2013:1206-1 -- YOU update for libzyppSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libzyppThis update for libzypp fixes a potential log file
truncation introduced by the previous maintenance update.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0757-1 -- Security update for ImageMagickSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11ImageMagickImageMagick has been updated to fix an integer overflow
(CVE-2012-3438).
Also a slowness in "convert" when resizing JPEG images has
been addressed (bnc#754481).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1103-1 -- Security update for xorg-x11-libsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libsThis update of xorg-x11-libs fixes several integer and
buffer overflow issues (bnc#815451, bnc#821663).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0754-1 -- Recommended update for NetworkManagerSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11NetworkManagerThis update for NetworkManager-pptp allows users to set the
password of system-wide VPN connections.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0696-1 -- Security update for dhcpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11dhcpThe ISC DHCP server had a denial of service issue in
handling specific DDNS requests which could cause a out of
memory usage situation. (CVE-2013-2266)
This update also adds a dhcp6-server service template for
SuSEfirewall2 (bnc#783002)
Security Issues:
* CVE-2013-2266
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1059-1 -- Security update for clamavSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10clamavThis update contains clamav 0.97.8 which fixes security
issues (bnc#816865):
* CVE-2013-2020: Fix heap corruption
* CVE-2013-2021: Fix overflow due to PDF key length
computation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0388-1 -- Security update for pidginSUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10pidginidgin was updated to fix 4 security issues:
* Fixed a crash when receiving UPnP responses with
abnormally long values. (CVE-2013-0274, bnc#804742)
* Fixed a crash in Sametime protocol when a malicious
server sends us an abnormally long user ID. (CVE-2013-0273,
bnc#804742)
* Fixed a bug where the MXit server or a
man-in-the-middle could potentially send specially crafted
data that could overflow a buffer and lead to a crash or
remote code execution.(CVE-2013-0272, bnc#804742)
* Fixed a bug where a remote MXit user could possibly
specify a local file path to be written to. (CVE-2013-0271,
bnc#804742)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1017-1 -- Security update for augeasSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11augeasAugeas has been updated to fix a symlink overwrite problem.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0385-1 -- Recommended update for nautilusSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11nautilusThis update for the Nautilus desktop file manager improves
visibility of SUSE Linux Enterprise documentation showing
a desktop shortcut to the SUSE manual if present and
desired. In addition, it also fixes alignment of newly
added icons to avoid overlapping.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0789-1 -- Recommended update for xrdpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xrdpThis update for xrdp provides the following fixes:
* Enable support to 24bpp RDP connections. (bnc#807610)
* Dynamically select an RDP port that is not in use.
(bnc#810265)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1211-1 -- Recommended update for yast2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2This update fixes an issue in network setup that affects
only automated installations of Open Enterprise Server.
* bnc#817797: AutoYaST import can be overwritten by
Read in NetworkInterfaces.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1074-2 -- Recommended update for bindSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11bindThe BIND DNS server has been updated to version 9.9.2P2,
which brings many fixes, enhancements and new features,
such as:
* Automated trust anchor maintenance for DNSSEC (RFC
5011)
* Simplified configuration of Dynamic DNS
* Simplified configuration of DNSSEC Lookaside
Validation (DLV)
* Fully automatic signing of zones
* Implementation of DNS64, a transition mechanism to
IPv6 deployment
* Inline Signing for DNSSEC
* DNSSEC NSEC performance improvements
* Multiprocessing performance improvements
This update also contains several functional changes which
might need changes of certain configuration settings. More
information can be found in TID #7012684:
https://www.suse.com/support/kb/doc.php?id=7012684
<https://www.suse.com/support/kb/doc.php?id=7012684>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1238-1 -- Security update for java-1_6_0-openjdkSUSE Linux Enterprise Desktop 11java-1_6_0-openjdkjava-1_6_0-openjdk has been updated to Icedtea6-1.12.6
version.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0262-1 -- Security update for MySQLSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MySQLA stack-based buffer overflow in MySQL has been fixed that
could have caused a Denial of Service or potentially
allowed the execution of arbitrary code (CVE-2012-5611).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0670-1 -- Security update for flash-playerSUSE Linux Enterprise Desktop 11flash-playerAdobe Flash Player has been updated to 11.2.202.280 to fix
various bugs and security issues.
More information can be found on:
http://www.adobe.com/support/security/bulletins/apsb13-11.ht
ml
<http://www.adobe.com/support/security/bulletins/apsb13-11.h
tml>
* APSB13-11, CVE-2013-1378, CVE-2013-1379,
CVE-2013-1380, CVE-2013-2555Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0618-1 -- Security update for puppetSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11puppetuppet has been updated to fix 2.6.18 multiple
vulnerabilities and bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0320-1 -- Security update for libvirtSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libvirtlibvirt was updated to fix the following security issue:
* A flaw was found in the way message freeing on
connection cleanup was handled under certain error
conditions. A remote user able to issue commands to libvirt
daemon could use this flaw to crash libvirtd or,
potentially, escalate their privilages to that of libvirtd
process. (CVE-2013-0170)
Also following bug has been fixed:
* Add managedSave functions to legacy xen driver
bnc#782311
Security Issue reference:
* CVE-2013-0170
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0170
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0703-1 -- Recommended update for kshSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kshThis update to Korn Shell 93u+ provides fixes for many
issues, including:
* Fix segmentation fault on typeset on ENV variable.
(bnc#803613)
* Do not free data which is used later on in the hash
tree of reloaded shell functions. (bnc#795324)
* Make sure that tty is closed even if an interrupt
arrived during close. (bnc#790315)
* Fix truncation of variables when TMOUT is used.
(bnc#808956)
* Fix syntax error on command substitution in
here-document. (bnc#804998)
* Make Shift_JIS patch more reliable as requested by
upstream.
For a comprehensive list of fixes please refer to the
package's change log.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0834-1 -- Recommended update for yast2-networkSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-networkThis collective update for yast2-network fixes the several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0434-1 -- Security update for JavaSUSE Linux Enterprise Desktop 11JavaThis release of Icedtea6-1.12.4 fixes the following two
issues that allowed a remote attacker to execute arbitrary
code remotely by providing crafted images to the affected
code.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0341-1 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 SP2 kernel has been updated to
fix two issues:
One severe security issue:
* CVE-2013-0871: A race condition in ptrace(2) could be
used by local attackers to crash the kernel and/or execute
code in kernel context.
One severe regression issue:
* A regression in UNIX domain socket credential
passing. The default disabling of passing credentials
caused regression in some software packages that did not
expect this. One major software package affected by this
was the Open Enterprise Server stack.
Security Issue reference:
* CVE-2013-0871
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0871
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-YU-2013:1162-1 -- YOU update for libzyppSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libzyppThis update for the Software Update Stack provides the
following fixes and enhancements:
libzypp:
* Set log file permission upon file creation only.
(bnc#825490)
* Speedup scanning for modaliases, improving
performance on machines with large amounts of RAM.
(bnc#824110)
* Implement retrieval of packages from tftp servers.
(bnc#803316)
* Fix file probing via tftp://. (bnc#803316)
* Add modalias and multiversion spec to testcase.
zypper:
* Set default zypper.log mode to 0640. (bnc#825490)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0780-1 -- Recommended update for atftpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11atftpThis update for atftp adds generic capabilities to the
package specification, allowing other packages to depend
on the capability instead of the package name.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0744-1 -- Security update for libxml2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10libxml2libxml2 has been updated to fix entity expansion problems:
* CVE-2013-0338: Internal entity expansion within XML
was not bounded, leading to simple small XML files being
able to cause "out of memory" denial of service conditions.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1114-1 -- Recommended update for rshSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11rshThis update fixes an error handling issue in rlogind that
could make it fail to accept connections from rlogin
clients.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1121-1 -- Security update for libqt4SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libqt4This update of the QT4 QSSL interface makes it select a set of default
ciphers that is recommended for current usage. This update is needed for
Konqueror to restrict its cipher set when using https.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1039-2 -- Security update for flash-playerSUSE Linux Enterprise Desktop 11flash-playerAdobe flash-player has been updated to the 11.2.202.291
security update which fixes security issues (bnc#824512,
CVE-2013-3343, APSB13-16).
Security Issue reference:
* CVE-2013-3343
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3343
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1152-1 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Mozilla FirefoxMozilla Firefox has been updated to the 17.0.7 ESR version,
which fixes bugs and security fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1278-1 -- Recommended update for python-xmlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11python-xmlThis update fixes the python-xml package to no longer
provide and obsolete PyXML.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1184-1 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10timezoneThis update provides the latest timezone information for
your system. The changes in detail are:
* Morocco's midsummer transitions this year are July 7
and August 10
* Israel now falls back from DST on the last Sunday of
October
* Palestine observed DST starting March 29, 2013
* From 2013 on, Gaza and Hebron both observe DST.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1311-1 -- Recommended update for AppArmorSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11AppArmorAppArmor has been rebuilt to enable a new set of
capabilities available on SUSE Linux Enterprise 11 SP3.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0487-1 -- Recommended update for kernel-firmwareSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kernel-firmwareThis update for the Linux Kernel firmware files
(kernel-firmware) provides:
* QLogic's ql2400_fw.bin and ql2500_fw.bin version
5.08.00. The updated firmware fixes I/O stalls when
performing storage server controller reboots
* New firmware version for fixing the missing support
for Atheros MANGO and MANGO rev.2 Bluetooth module.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1111-1 -- Recommended update for irqbalanceSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11irqbalanceThis update for irqbalance fixes support for NUMA platforms
by linking the program against libnuma.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1304-1 -- Security update for puppetSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11puppetThis puppet update fixes a remote code execution issue:
* Unauthenticated Remote Code Execution Vulnerability
with YAML and REST API calls (bug#825878, CVE-2013-3567)
Security Issue reference:
* CVE-2013-3567
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3567
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0796-1 -- Recommended update for empathySUSE Linux Enterprise Desktop 11empathyThis update for Empathy adds an application icon to the
desktop menus.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1028-1 -- Security update for krb5SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11krb5This MIT krb5 update fixes a buffer overrun problem in kadmind.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1104-1 -- Security update for xorg-x11-libXvSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libXvThis update of xorg-x11-libXv fixes several integer and
buffer overflow issues (bnc#815451, bnc#821671,
CVE-2013-1989, CVE-2013-2066).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0617-1 -- Security update for ClamAVSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10ClamAVClamAV has been updated to the 0.97.7 release that contains
various security related hardening fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1054-1 -- Recommended update for gdmSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gdmThis update for gdm provides fixes for the several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0731-1 -- Security update for GnuTLSSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10GnuTLSThis GnuTLS update fixes incorrect padding which weakens
the encryption. CVE-2013-1619 has been assigned to this
issue.
Security Issue reference:
* CVE-2013-1619
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0439-1 -- Recommended update for qscintillaSUSE Linux Enterprise Desktop 11qscintillaThis update fixes python-qscintilla's compatibility to
newer versions of python-sip.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-YU-2013:0444-1 -- YOU update for Software Update StackSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Software Update StackThis update for the software update stack 2013/02 provides
some fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0817-1 -- Recommended update for pmtoolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pmtoolsThis update for pmtools fixes the following issue:
* In acpidump, skip processing RSDT if XSDT was already
processed and rsdt physical address is 0. This is the
minimum fix to prevent crashes on Itanium/IA64 machines
while not altering the output of acpidump on too many other
machines.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0859-1 -- Security update for XorgSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11XorgThis update of xorg-x11-server fixes one security issue and
two bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0814-1 -- Security update for java-1_6_0-openjdkSUSE Linux Enterprise Desktop 11java-1_6_0-openjdkjava-1_6_0-openjdk has been updated to version
Icedtea6-1.12.5 which fixes several security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1237-1 -- Security update for strongswanSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11strongswanThis update fixes the ECDSA signature vulnerability in
strongswan. CVE-2013-2944 has been assigned to this issue.
Security Issue reference:
* CVE-2013-2944
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2944
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1237-3 -- Security update for strongswanSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11strongswanThis update fixes the ECDSA signature vulnerability in
strongswan. CVE-2013-2944 was assigned to this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1314-1 -- Security update for XenSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11XenThe Xen hypervisor and toolset has been updated to 4.2.2_06
to fix various bugs and security issues:
The following security issues have been addressed:
* CVE-2013-2194: Various integer overflows in the ELF
loader were fixed. (XSA-55)
* CVE-2013-2195: Various pointer dereferences issues in
the ELF loader were fixed. (XSA-55)
* CVE-2013-2196: Various other problems in the ELF
loader were fixed. (XSA-55)
* CVE-2013-2078: A Hypervisor crash due to missing
exception recovery on XSETBV was fixed. (XSA-54)
* CVE-2013-2077: A Hypervisor crash due to missing
exception recovery on XRSTOR was fixed. (XSA-53)
* CVE-2013-2211: libxl allowed guest write access to
sensitive console related xenstore keys. (XSA-57)
* CVE-2013-2076: An information leak on XSAVE/XRSTOR
capable AMD CPUs (XSA-52) was fixed, where parts of this
state could leak to other VMs.
Also the following bugs have been fixed:
* performance issues in mirror lvm (bnc#801663)
* aacraid driver panics mapping INT A when booting
kernel-xen (bnc#808085)
* Fully Virtualized Windows VM install failed on Ivy
Bridge platforms with Xen kernel (bnc#808269)
* Did not boot with i915 graphics controller with VT-d
enabled (bnc#817210)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0546-1 -- Recommended update for coreutilsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11coreutilsThis update for GNU Core Utilities (coreutils) adds support
for GPFS and PANFS file systems to tail(1) and stat(1).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0770-1 -- Recommended update for tomboySUSE Linux Enterprise Desktop 11tomboyThis update for Tomboy protects the special note "Start
Here" from removal.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0838-1 -- Security update for rxvt-unicodeSUSE Linux Enterprise Desktop 11rxvt-unicodexvt-unicode was updated to ensure that window property values can not be queried in secure mode.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1167-1 -- Recommended update for udevSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11udevThis update for udev provides the following fixes:
* Rename virtual interfaces also in the guest.
(bnc#820930)
* Use SCSI_IDENT_LUN_T10 instead of ID_SERIAL for
partition in 61-msft.rules. (bnc#805059)
* Drop usage of ID_BUS in 61-msft.rules. (bnc#805059)
* Revert 'udev: fix crash in libudev', now fixed in
multipath-tools. (bnc#821419)
* Add dependency on sg3_utils. (bnc#805059)
* Add the full path of sg_inq, otherwise udev searches
for the binary in /lib/udev. (bnc#805059)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0764-1 -- Recommended update for kdebase4-workspace, kdm and kwinSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kdebase4-workspacekdmkwinThis update for kdebase4-workspace provides the following
fixes:
* Fixed truncating of desktop names in desktop pager.
(bnc#780828)
* Add support for newer versions of GDM. (bnc#802909)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0783-1 -- Recommended update for yast2-networkSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-networkThis update for YaST's Network Configuration module
(yast2-network) provides the following fixes:
* Fix a potential crash when editing settings of
unconfigured network interfaces. (bnc#817006, bnc#813835)
* Allow only L2-capable devices to be enslaved into
bond interfaces on s390x. (bnc#719881)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0793-1 -- Security update for sudoSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10sudoThis update fixes the following security issues which
allowed to bypass the sudo authentication: CVE-2013-1775,
CVE-2013-1776, CVE-2013-2776 and CVE-2013-2777.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0544-1 -- Recommended update for evolutionSUSE Linux Enterprise Desktop 11evolutionThis update for Evolution provides fixes for the following
issues:
* Appointments entered into calendar are not saved when
user is over quota. (bnc#671699, bnc#671703)
* Expanding the time slot of a calendar entry downwards
to alter the end time can cause a segmentation fault.
(bnc#746314)
* Evolution may crash when navigating the calendar with
Orca running. (bnc#771483)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1104-2 -- Security update for xorg-x11-libXvSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libXvThis update of xorg-x11-libXv fixes several integer and
buffer overflow issues.
Bug 815451/821671 CVE-2013-1989/CVE-2013-2066
Security Issues:
* CVE-2013-1989
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1989
>
* CVE-2013-2066
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2066
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0792-1 -- Recommended update for orcaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11orcaThis update for Orca improves compatibility with newer
versions of Mozilla Firefox.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0716-1 -- Recommended update for openmotifSUSE Linux Enterprise Desktop 11openmotifThis update for OpenMotif allows users to control how the
library draws fonts on disabled widgets.
When the environment variable SUSE_OPENMOTIF_ENABLE_STIPPLE
is unset, or set to a value other than 1, OpenMotif will
draw fonts on disabled labels as grayed-out, regardless of
their color when enabled.
When the variable is set to 1, OpenMotif reverts to the old
behavior and stipples font on disabled labels, keeping
font color. This does not work with XFT fonts (see
upstream bug #1381), but might be required by legacy
applications that rely on font color to show state.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1144-1 -- Recommended update for LibreOfficeSUSE Linux Enterprise Desktop 11LibreOfficeLibreOffice 4.0 provides significant improvements mainly
in interoperability with Microsoft Office, and other areas.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0562-1 -- Recommended update for libvirtSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libvirtThis update for libvirt fixes an issue that made emulated
interfaces on Xen VMs unusable when the interface
configuration contains type=ioemu.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0748-1 -- Recommended update for FUSESUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11FUSEThis update for FUSE provides the following fix:
In fuse_session_loop_mt() don't pause when exiting the
worker threads. The pause() was added in 2.2.1 to prevent
a segmentation fault on pthread_cancel() on an exited,
detached thread. Now that worker threads are no longer
detached, pthread_cancel() should work fine even after the
thread exited.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0759-1 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 SP2 kernel has been updated to
3.0.74 fix various security issues and bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0842-1 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Mozilla FirefoxMozilla Firefox has been updated to the17.0.6ESR security
release.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1210-1 -- Recommended update for gvfsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gvfsThis update fixes the following issue:
* #819859: sftp bookmarks don't work in NautilusSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0864-1 -- Recommended update for gstreamerSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gstreamerThis update for the GStreamer plug-ins enhances detection
of double-byte character sets in the meta-data of music
files (bnc#458213).
Additionally an issue has been fixed which avoids artifacts
caused by the edge effect (bnc#749974).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0868-1 -- Recommended update for udevSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11udevThis update for udev provides the following fixes and
enhancements:
* Automatically online CPUs on CPU hotplug add events
(bnc#703100, FATE#311831)
* Use unique names for temporary files created in /dev
(bnc#791503)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1184-2 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11timezoneThis update provides the latest timezone information for
your system. The changes in detail are:
* Morocco's midsummer transitions this year are July 7
and August 10
* Israel now falls back on the last Sunday of October
* Palestine observed DST starting March 29, 2013
* From 2013 on, Gaza and Hebron both observe DST.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1103-2 -- Security update for xorg-x11-libsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libsThis update of xorg-x11-libs fixes several integer and
buffer overflow issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0727-1 -- Security update for libxsltSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10libxsltlibxslt has been updated to fix two denial of service
issues via crashes by NULL pointer dereference on attacker
supplied XSLT scripts (CVE-2012-6139).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0885-1 -- Security update for kdebase4-workspaceSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kdebase4-workspaceThis kdebase4-workspace update fixes two security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1190-1 -- Security update for krb5SUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10krb5This krb5 update fixes a security issue.
* kpasswd UDP ping-pong (bug#825985 / CVE-2002-2443)
Security Issue reference:
* CVE-2002-2443
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2443
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1394-1 -- Recommended update for libvirtSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libvirtThis update of libvirt from version 1.0.5.1 to 1.0.5.4
contains fixes for the following reports:
* virsh memtune command fails to execute (bnc#819976)
* libvirt crashes on migration of graphics-less clients
(bnc#828502)
* libvirt fails on block migration (bnc#828508)
* libvirt reads out of bounds (bnc#828506)
* virsh snapshot fails with "virDomainSnapshotFree"
(bnc#829203)
* virsh vcpupin fails on UV server with 4048 physical
cpus (bnc#831709).
For the complete change log please go to
http://wiki.libvirt.org/page/Maintenance_Releases#1.0.5_seri
es
<http://wiki.libvirt.org/page/Maintenance_Releases#1.0.5_ser
ies>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1101-2 -- Security update for xorg-x11-libXtSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libXtThis update of xorg-x11-libXt fixes several integer and
buffer overflow issues.
Bug 815451/821670 CVE-2013-2002/CVE-2013-2005
Security Issues:
* CVE-2013-2002
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2002
>
* CVE-2013-2005
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2005
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0755-1 -- Recommended update for cronSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11cronThis update for cron prevents unnecessary reloads of
unchanged files from /etc/cron.d/.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0594-1 -- Recommended update for yast2-kdumpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-kdumpThis update for YaST's Kdump configuration module adds
support for LZO compressed kernel dumps.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0816-1 -- Security update for KVMSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11KVMSeveral security issues in KVM have been fixed.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0779-1 -- Recommended update for gnome-system-monitorSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gnome-system-monitorThis combined update provides the following fixes and
enhancements:
*
The System tab in GNOME System Monitor was redesigned
to display information in summarized format. Previously,
data about each CPU core was printed in one text line and
could be truncated on machines with many cores.
*
Additionally, libgtop was fixed to correctly read CPU
information from /proc/cpuinfo when the file is larger than
16Kb.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0851-1 -- Security update for icedtea-webSUSE Linux Enterprise Desktop 11icedtea-webThis update of icedtea-web fixes several bugs and security
issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0769-1 -- Recommended update for poptSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11poptNew rpm versions write the package database entries for
pubkeys in a slightly different way than the version of
rpm used in SLE 11 does, this results in rpm writing to
already freed memory and terminating with a segmentation
fault.
This issue may happen when building a SLE 11 image with
kiwi on a system that uses a new version of rpm.
This update makes rpm cope with the new entries.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1361-1 -- Recommended update for microcode_ctlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11microcode_ctlThis update provides Intel's CPU microcode version 20130808.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1460-1 -- Recommended update for python-dmidecodeSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11python-dmidecodeThis update for python-dmidecode fixes a segmentation fault
that was caused by missing checks for null DMI strings.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1164-1 -- Recommended update for pcsc-cyberjackSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pcsc-cyberjackThis update for pcsc-cyberjack adds support for new card
reader devices from Reiner-SCT.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1017-2 -- Recommended update for gnome-sessionSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gnome-sessionThis update for gnome-session fixes parsing of GNOME's
auto-start settings from SUSE Linux Enterprise 10.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1407-1 -- Recommended update for gnome-bluetoothSUSE Linux Enterprise Desktop 11gnome-bluetoothThis update for the GNOME Bluetooth graphical utilities
(gnome-bluetooth) fixes an issue with sending of files to
Bluetooth devices that were already paired. It also sets a
longer timeout for the SendFiles command.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1164-2 -- Recommended update for pcsc-cyberjackSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pcsc-cyberjackThis update for pcsc-cyberjack adds support to new card
reader devices from Reiner-SCT.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1096-1 -- Security update for xorg-x11-libxcbSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libxcbThis update for xorg-x11-libxcb addresses the following
security issues:
* Fix a deadlock with multi-threaded applications
running on real time kernels. (bnc#818829)
* Fix an integer overflow in read_packet().
(bnc#821584, CVE-2013-2064)
Security Issues:
* CVE-2013-2064
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2064
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0725-1 -- Recommended update for libnetcontrolSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libnetcontrolLibnetcontrol has been updated to version 0.2.8, resolving
the following issues:
* Fixed ncf_close to not close logger as ncf_init did
not open any. This caused SEGV's in libvirt, that redirects
the global logger to itself and is using multiple ncf
instances. (bnc#811002)
* Fixed pthreads detection and source enablement in
configure, added an explicit configure --enable-pthreads
option to spec file to cause a failure on detection
problems. (bnc#811002)
* Fixed SEGV at parsing not existing BRIDGE_PATHCOSTS
and memory leaks in in loop check, xml parsing and on
backup file creation failure while routes file rewrite.
(bnc#810381)
* Fixed a bridge variable initialization in try_bridge.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1254-1 -- Security update for java-1_7_0-openjdkSUSE Linux Enterprise Desktop 11java-1_7_0-openjdkThis update to icedtea-2.4.1 fixes various security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1095-2 -- Security update for xorg-x11-libXrenderSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libXrenderThis update of xorg-x11-libXrender fixes several integer
overflow issues.
Bug 815451/821669 CVE-2013-1987
Security Issues:
* CVE-2013-1987
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1987
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0547-1 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10timezoneThis update provides the latest timezone information for
your system. The changes in detail are:
* Haiti uses US daylight-saving rules this year
* Paraguay will end DST on March 24 this year
* Morocco does not observe DST during Ramadan.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1312-1 -- Recommended update for yelpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yelpThis update for Yelp fixes the search path of the F-Spot
documentation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1390-1 -- Security update for MySQLSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MySQLThis version upgrade of mysql to 5.5.32 fixes multiple
security issues:
CVE-2013-1861, CVE-2013-3783, CVE-2013-3793, CVE-2013-3794,
CVE-2013-3795, CVE-2013-3796, CVE-2013-3798,
CVE-2013-3801, CVE-2013-3802, CVE-2013-3804,
CVE-2013-3805, CVE-2013-3806, CVE-2013-3807, CVE-2013-3808,
CVE-2013-3809, CVE-2013-3810, CVE-2013-3811, CVE-2013-3812
Additionally, it contains numerous bug fixes and
improvements.:
* making mysqldump work with MySQL 5.0 (bnc#768832)
* fixed log rights (bnc#789263 and bnc#803040)
* binlog disabled in default configuration (bnc#791863)
* fixed dependencies for client package (bnc#780019)
* minor polishing of spec/installation
* avoiding file conflicts with mytop
* better fix for hardcoded libdir issue
* fix hardcoded plugin paths (bnc#834028)
* Use chown --no-dereference instead of chown to
improve security (bnc#834967)
* Adjust to spell !includedir correctly in /etc/my.cnf
(bnc#734436)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0379-1 -- Recommended update for pam_krb5SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pam_krb5This update for the PAM module for Kerberos Authentication
(pam_krb5) fixes a file descriptor leak.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1468-1 -- Security update for SambaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SambaThe Samba server suite received a security update to fix a
denial of service problem in integer wrap protection.
(CVE-2013-4124).
Additionally, the following stability fixes are included in
this update:
* Fix libreplace license ambiguity. (bnc#765270)
* Document idmap_ad rfc2307 attribute requirements.
(bnc#820531)
* The pam_winbind require_membership_of option allows
for a list of SID, but currently only provides buffer space
for ~20. (bnc#806501).
Security Issue reference:
* CVE-2013-4124
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1487-1 -- Recommended update for perl-BootloaderSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11perl-BootloaderThis update for perl-Bootloader provides the following
fixes and enhancements:
* Speed up device scanning code by avoiding external
program calls. (bnc #823601)
* Fix duplicate boot label handling. (bnc #828498)
* Propagate file close error. (bnc #820339)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0025-1 -- Security update for openssl-certsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11openssl-certsopenssl-certs was updated with the current certificate data
available from mozilla.org.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1465-1 -- Recommended update for release-notes-sledSUSE Linux Enterprise Desktop 11release-notes-sledThis update provides the latest version of the Release
Notes for SUSE Linux Enterprise Desktop 11 SP3 with the
following changes:
* New entry: Migrating from SP2 to SP3 with YaST or the
Update Applet.
* Changed entry: Migrating to SLE 11 SP3 Using Zypper.
* Changed entry: openJDK 7 as a Replacement for openJDK
6.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1102-1 -- Security update for xorg-x11-libXpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libXpThis update of xorg-x11-libXp fixes several integer
overflow issues (bnc#815451, bnc#821668, CVE-2013-2062).
Security Issue reference:
* CVE-2013-2062
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2062
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0296-1 -- Security update for flash-playerSUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10flash-playerThis update for flash-player to version 11.2.202.270,
tracked as ABSP13-05Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0398-1 -- Recommended update for yast2-backupSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-backupThis update for YaST's Backup module replaces calls to Perl
functions that are only available in newer versions of the
language. This dependency was erroneously added by the
previous update.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1323-1 -- Recommended update for supportutilsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11supportutilsThis update fixes the following issues:
* disk full on /proc/timer_list (bnc#829927)
* failed uploads when using -Qu (bnc#825767)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0722-1 -- Recommended update for libpcapSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libpcapThis update for libpcap fixes an issue that caused high CPU
utilization when a network interface was restarted during
packet capture.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0762-1 -- Recommended update for kdebase4SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kdebase4This update for kdebase4 provides the following fixes:
* Konqueror is not starting through the slab menu.
(bnc#809957)
* "Undecodable sequence" errors when starting Konsole.
(bnc#710342)
* Identify konqueror as a KDE application that supports
KIO. (bnc#807314)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1242-2 -- Recommended update for PythonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PythonThe SSL module in Python has been adjusted to switch to
default SSL certificate handling when no CA path is passed
(bnc#827982). Additionally, the python-xml RPM now
explicitly obsoletes pyxml (bnc#824713).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1784-1 -- Security update for wiresharkSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11wiresharkWireshark has been updated to version 1.8.11 to fix bugs
and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1260-3 -- Security update for rubySUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11rubyRuby failed to check hostnames correctly when setting up a
SSL client connection. CVE-2013-4073 was assigned to this
issue.
Security Issue reference:
* CVE-2013-4073
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4073
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1466-1 -- Recommended update for udevSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11udevThis update fixes the following issues:
* System crashes with kernel oops while doing DLPAR
operations under stress (xmon) (bnc#818146)
* udevd: Allow children created immediately to exit
after timeout (bnc#809540)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0714-1 -- Security update for wiresharkSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10wiresharkwireshark has been updated to 1.8.6 which fixes bugs and
security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0352-1 -- Recommended update for trousersSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11trousersThis collective update for the trousers library and daemon
fixes the following issues:
*
One minor security issue for cases where tcsd is
enabled for TCP: CVE-2012-0698: tcsd in TrouSerS allowed
remote attackers to cause a denial of service (daemon
crash) via a crafted type_offset value in a TCP packet to
port 30003.
*
An issue in the trousers library which prevents
disabling of TPM physical presence.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1101-1 -- Security update for xorg-x11-libXtSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libXtThis update of xorg-x11-libXt fixes several integer and
buffer overflow issues (bnc#815451, bnc#821670,
CVE-2013-2002, CVE-2013-2005).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0357-1 -- Recommended update for ethtoolSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11ethtoolThis update for ethtool improves reporting of port types
from BladeCenter backplanes (KX and KX4 PHY modes).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1385-1 -- Recommended update for suseRegisterSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11suseRegisterThis update for suseRegister adds a new command line
parameter to clientSetup4SMT.sh, allowing the user to
accept a CA certificate in a non-interactive way by
providing the fingerprint. (bnc#821853)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1088-1 -- Recommended update for yast2-networkSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-networkThis update for YaST's Network Configuration module
(yast2-network) provides the following fixes:
* Do not propose bridge devices when virtualization is
used on s390x. (bnc#817943)
* Fixed parsing of hostname in DNS module. (bnc#813232)
* Added loading tun/tap settings from netconfig.
(bnc#793367)
* Fixed biosdevname renaming in case of buggy SMBIOS.
(bnc#821427)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0558-1 -- Security update for Kerberos 5SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Kerberos 5This update for Kerberos 5 fixes one security issue:
The KDC plugin for PKINIT can dereference a null pointer
when processing malformed packets, leading to a crash of
the KDC process. (bnc#806715, CVE-2013-1415)
Additionally, it improves compatibility with processes that
handle large numbers of open files. (bnc#787272)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1232-1 -- Recommended update for SLED release notesSUSE Linux Enterprise Desktop 11SLED release notesThis update provides the latest version of the Release
Notes for SUSE Linux Enterprise Desktop 11 SP3.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0712-1 -- Recommended update for yast2-wagonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-wagonThis update for YaST's Service Pack Migration Tool
(yast2-wagon) adds support for script hooks, fixes online
migration of WebYaST and adjusts the work flow to support
migration to SUSE Linux Enterprise 11 SP3.
Migration hooks allow to run custom external scripts during
the migration process. These scripts can be used to fix
problems which cannot be handled via usual RPM scripts, or
to execute extra steps during migration which are not
required during normal package update. More details about
this new feature can be found in Migration_Hooks.md, in
the package's documentation directory. (FATE#314132)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1922-1 -- Recommended update for vm-installSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11vm-installThis update for vm-install provides the following fixes:
* Fix user interface issue when changing a NIC's MAC on
Xen guests. (bnc#838791)
* Fix PXE boot max memory less that initial memory.
(bnc#825292)
* Work around libvirt internal client socket error.
(bnc#825292)
* Allow creation of VMs with up to 255 virtual CPUs.
(bnc#818222)
* Set default for NetWare disks to non-sparse for
performance reasons.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1389-1 -- Recommended update for ethtoolSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11ethtoolThis update for ethtool improves reporting of KR PHY link modes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0044-1 -- Recommended update for yast2-storageSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-storageThis collective update for yast2-storage disables
unintended use of unsupported btrfs features.
Additionally, it provides the following fixes:
* Fix handling of default subvolumes for root fs when
formatting but not creating a partition.
* Fix add volumes to btrfs when format is true and
primary volume was not btrfs previously.
* Fix encrypted volumes on multiple disks via AutoYaST.
* Fix update with EVMS.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1783-1 -- Security update for openvpnSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11openvpnOpenVPN used a non-constant-time memcmp in HMAC comparison
in openvpn_decrypt that might have allowed remote
attackers to gain knowledge of plaintext data.
(CVE-2013-2061)
Security Issues:
* CVE-2013-2061
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2061
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0760-1 -- Recommended update for kdebase4, kdelibs4, kdm-branding and kio_sysinfoSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kdebase4kdelibs4kdm-brandingkio_sysinfoThis update fixes KDM's default template to correctly show
the SUSE logo when the user's list is disabled.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1209-1 -- Recommended update for yast2-mailSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-mailThis update fixes the following issues:
* ag_postfix_mastercf process freezed the system, when
saving mail server settings with the YaST2 "Mail Server"
module (bnc#800788)
* AutoYaST configuration of mail services failed
(bnc#822285)
* automatic installation stopped with error during
Postfix configuration (bnc#821632)
* YaST2 mail server enhanced module was not able to
detect mail domains (bnc#818544)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1666-1 -- Security update for OpenJDK 7SUSE Linux Enterprise Desktop 11OpenJDK 7This release updates our OpenJDK 7 support in the 2.4.x
series with a number of security fixes and synchronises it
with upstream development. The security issues fixed (a
long list) can be found in the following link:
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-O
ctober/025087.html
<http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-
October/025087.html>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1250-1 -- Security update for lcms2SUSE Linux Enterprise Desktop 11lcms2lcms2 has been updated to the version 2.5 which is a
maintenance release to fix various security and other bugs.
* User defined parametric curves can now be saved in
ICC profiles.
* RGB profiles using same tone curves for several
channels are storing now only one copy of the curve
* update black point detection algorithm to reflect ICC
changes
* Added new cmsPlugInTHR() and fixed some race
conditions
* Added error descriptions on cmsSmoothToneCurve
* Several improvements in cgats parser.
* Fixed devicelink generation for 8 bits
* Added a reference for Mac MLU tag
* Added a way to read the profile creator from header
* Added identity curves support for write V2 LUT
* Added TIFF Lab16 handling on tifficc
* Fixed a bug in parametric curves
* Rendering intent used when creating the transform is
now propagated to profile header in cmsTransform2Devicelink.
* Transform2Devicelink now keeps white point when
guessing deviceclass is enabled
* Added some checks for non-happy path, mostly failing
mallocs (bnc#826097).
For further changes please see the ChangeLog in the RPM.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1364-1 -- Security update for telepathy-idleSUSE Linux Enterprise Desktop 11telepathy-idleTelepathy-idle did not check SSL certificates.
CVE-2007-6746 was assigned to this issue.
Security Issue reference:
* CVE-2007-6746
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6746
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0717-1 -- Security update for icedtea-webSUSE Linux Enterprise Desktop 11icedtea-webThis update to version 1.3.2 fixes several security updates
and common fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0719-1 -- Recommended update for pure-ftpdSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pure-ftpdThis update for pure-ftpd improves SSL/TLS compatibility
with some FTP clients.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1345-1 -- Security update for OpenSSHSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11OpenSSHThis update for OpenSSH provides the following fixes:
* Implement remote denial of service hardening.
(bnc#802639, CVE-2010-5107)
* Use only FIPS 140-2 approved algorithms when FIPS
mode is detected. (bnc#755505, bnc#821039)
* Do not link OpenSSH binaries with LDAP libraries.
(bnc#826906)
Security Issue reference:
* CVE-2010-5107
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5107
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1212-1 -- Recommended update for postfixSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11postfixThis update fixes the following issues:
* bnc#821632 - automatic installation stops with error
during Postfix configuration
* bnc#768637 - chown: cannot access
postfix-doc/README_FILESSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1099-1 -- Security update for xorg-x11-libXextSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libXextThis update of xorg-x11-libXext fixes several integer
overflow issues (bnc#815451, bnc#821665, CVE-2013-1982)
Security Issue reference:
* CVE-2013-1982
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1982
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1094-2 -- Recommended update for SUSE Manager client toolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SUSE Manager client toolsThis update fixes the following issues:
rhnlib: - Make timeout of yum-rhn-plugin calls through
rhn-client-tools configurable - Make Proxy timeouts
configurable.
spacewalk-client-tools: - Create mgr* program symbolic
links - Correctly handle a deactivated account error
message - Require rhnlib with timeout option - Make
timeout configurable.
zypp-plugin-spacewalk: - Always disable gpgcheck for
repositories in spacewalk service - Use timeout also for
XMLRPC calls if possible - Read transfer_timeout from
zypp.conf and provide it via URL.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1875-1 -- Security update for krb5SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11krb5This update for krb5 fixes the following security issue:
* If a KDC serves multiple realms, certain requests
could cause setup_server_realm() to dereference a null
pointer, crashing the KDC. (CVE-2013-1418)
Security Issues:
* CVE-2013-1418
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1601-1 -- Recommended update for eliloSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11eliloThis update contains the following changes in elilo:
* SecureBoot: cope with separate '/boot' file-system.
(bnc#825932)
* SecureBoot: improve detection of file-system UUIDs.
(bnc#828835)
* Correctly handle installation to 'BOOT'.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1970-1 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11timezoneThis update provides the latest timezone information for
your system. The changes in detail are:
* Jordan switches back to standard time at 00:00 on
December 20 2013
* The compile-time flag NOSOLAR has been removed
* The files solar87, solar88, solar89 are no longer
distributed.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1490-1 -- Recommended update for multipath-toolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11multipath-toolsThis consolidated update for multipath-tools provides the
following fixes:
* Reset queue_if_no_path if flush failed. (bnc#828868)
* Fix setting of fast_io_fail_tmo. (bnc#824148)
* Create correct symbolic links for PATH_FAILED events.
(bnc#797799)
* Increase dev_loss_tmo prior to fast_io_fail.
(bnc#800353)
* alua: Do not add preferred path priority for
active/optimized. (bnc#802456)
* Document 'infinity' as possible value for
dev_loss_tmo. (bnc#802837, bnc#803262)
* Add 'Datacore Virtual Disk' to internal hardware
table. (bnc#802837)
* Add path when transitioned from 'blocked' state.
(bnc#789008)
* Handle blocked FC rports. (bnc#787438)
* Document rr_min_io_rq. (bnc#774610)
* Backport miscellaneous fixes from mainline: o Don't
set queue_if_no_path without multipathd o Open
stdout/stderr in read/write mode o Better argument type
checking o Use VECTOR_SIZE for vector_foreach_slot_after()
o Fix memory leak in add_map_without_path() o Shorten
timeout for alua prio callout o Handle offlined path o Set
ACT_RESIZE when the size has changed o Check header file
instead of installed lib o kpartx: verify GUID partition
entry size.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1812-1 -- Recommended update for yast2-ldap-clientSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-ldap-clientThis update fixes yast2-ldap-client do no longer modify the
nscd cache value when running on Open Enterprise Server.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1874-1 -- Recommended update for Mesa, libdrm and xorg-x11-driver-videoSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Mesalibdrmxorg-x11-driver-videoThis collective update for Mesa, xorg-x11-driver-video and
libdrm adds support for new Intel Haswell video chipsets.
Additionally, the following issues have been fixed:
* Fix intel_reg_dumper tool for Intel Gen2/3 platforms.
(bnc#808855)
* Do not change DPMS mode on unconnected outputs.
(bnc#817998)
* Remove GLU debug output on normal builds. (bnc#845820)
* Add missing initialization of return status in
i830CreateContext(). (bnc#847068)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0326-1 -- Security update for SambaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SambaThe Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 4.0.1 was affected by a cross-site request
forgery (CVE-2013-0214) and a click-jacking attack
(CVE-2013-0213). This has been fixed.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1867-1 -- Security update for XenSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11XenXen has been updated to fix a security issue and a bug:
* CVE-2013-4494: XSA-73: A lock order reversal between
page allocation and grant table locks could lead to host
crashes or even host code execution.
A non-security bug has also been fixed:
* It is possible to start a VM twice on the same node
(bnc#840997)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1570-1 -- Recommended update for postfixSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11postfixThis update fixes the following issues:
* Automatic installation stops with error during
Postfix configuration.
* SuSEconfig.postfix: don't mount /proc inside chroot.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1378-1 -- Recommended update for yast2-soundSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-soundThis update of YaST's Sound module resolves the following
issue:
* Do not restore mixer settings when displaying the
main dialog. (bnc#740333)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1075-1 -- Security update for XenSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11XenXEN has been updated to 4.1.5 c/s 23509 to fix various bugs
and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1173-1 -- Recommended update for icedtea-webSUSE Linux Enterprise Desktop 11icedtea-webThis update for icedtea-web fixes a regression introduced
by the latest OpenJDK update.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1923-1 -- Security update for XenSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11XenThe Xen hypervisor and tool-suite have been updated to fix
security issues and bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1866-1 -- Security update for strongswanSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11strongswanThis strongswan update fixes security issues and bugs:
* CVE-2013-5018: Specially crafted XAuth usernames and
EAP identities could cause a crash in strongswan.
* CVE-2013-6075: A crafted ID packet can be used by
remote attackers to crash the server or potentially gain
authentication privileges under certain circumstances.
Additionally, a bug in route recursion limits was fixed:
* Charon segfaults when left=%any / recursion limit.
(bnc#840826)
Security Issues:
* CVE-2013-5018
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5018
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1102-2 -- Security update for xorg-x11-libXpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libXpThis update of xorg-x11-libXp fixes several integer
overflow issues.
Bug 815451/821668 CVE-2013-2062
Security Issues:
* CVE-2013-2062
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2062
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1551-2 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11timezoneThis update provides the latest timezone information for
your system. The changes in detail are:
* Morocco now observes DST from the last Sunday in
March to the last Sunday in October, not April to September
respectively.
* Tocantins will very likely not observe DST starting
this spring
* Jordan will likely stay at UTC+3 indefinitely
* Palestine will fall back at 00:00, not 01:00
* This year Fiji will start DST on October 27, not
October 20
* Use WIB/WITA/WIT rather than WIT/CIT/EIT for
alphabetic Indonesian time zone abbreviations since 1932
* Use ART (UTC-3, standard time), rather than WARST
(also UTC-3, but daylight saving time) for San Luis,
Argentina since 2009.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1097-1 -- Security update for xorg-x11-libXfixesSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libXfixesThis update of xorg-x11-libXfixes fixes a integer overflow
issue (bnc#815451, bnc#821667, CVE-2013-1983).
Security Issue reference:
* CVE-2013-1983
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1983
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0272-1 -- Recommended update for gnome-sessionSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gnome-sessionThis update to gnome-session fixes a login failure when the
"Create Home Dir" option is not selected in the Windows
Domain membership for an Active Directory user.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0750-1 -- Recommended update for ncpfsSUSE Linux Enterprise Desktop 11ncpfsThis update for ncpfs provides the following fix:
* Do not log watchdog messages every minute.
(bnc#777618)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1598-1 -- Recommended update for kdumpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kdumpThis update for kdump fixes the following issue:
* #833323: kernel dump output storing over SSH does not
workSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1972-1 -- Recommended update for xkeyboard-configSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xkeyboard-configThis update for xkeyboard-config provides the following
fixes:
* On the Netherlands keyboard layout, Alt-Gr + key-5
should send the "1/2" symbol instead of the "Euro" symbol.
(bnc#849906)
* On the Portuguese keyboard layout, Alt-Gr + key-<
should send the backslash ("") instead of the pipe ("|")
symbol. (bnc#821683)
* Add missing backslash/bar mapping to "us"
international variants. (bnc#773804)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1273-1 -- Recommended update for open-iscsiSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11open-iscsiThe Open-iSCSI Software Initiator has been updated to
version 2.0.873, which brings improved IPv6 support and
fixes many issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1967-1 -- Security update for acroreadSUSE Linux Enterprise Desktop 11acroreadAdobe has discontinued the support of Adobe Reader for
Linux in June 2013.
Newer security problems and bugs are no longer fixed.
As the Adobe Reader is binary only software and we cannot
provide a replacement, SUSE declares the acroread package
of Adobe Reader as being out of support and unmaintained.
If you do not need Acrobat Reader, we recommend to
uninstall the "acroread" package.
This update removes the Acrobat Reader PDF plugin to avoid
automatic exploitation by clicking on web pages with
embedded PDFs.
The stand alone "acroread" binary is still available, but
again, we do not recommend to use it.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1100-1 -- Security update for xorg-x11-libX11SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libX11This update of xorg-x11-libX11 fixes several security
issues (bnc#815451, bnc#821664).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0791-1 -- Recommended update for util-linuxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11util-linuxThis update for util-linux provides the several fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0689-1 -- Recommended update for yast2-networkSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-networkThis collective update for YaST's Network Configuration
module (yast2-network) provides some fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0644-1 -- Recommended update for glibcSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11glibcThis collective update for the GNU C library (glibc)
provides the following fixes and enhancements:
* Fix nearbyintf() to avoid inexact exceptions when
fractional arguments are used. (bnc#795129)
* Make sure /var/run/nscd exists before starting nscd.
(bnc#793146)
* Avoid stack overflow in getaddrinfo() when host has
many addresses. (bnc#785041)
* Disable nscd host caching by default. (fate#313420)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1866-2 -- Security update for strongswanSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11strongswanThis strongswan update fixes security issues and bugs:
* CVE-2013-5018: Specially crafted XAuth usernames and
EAP identities can cause a crash in strongswan.
* CVE-2013-6075: A crafted ID packet can be used by
remote attackers to crash the server or potentially gain
authentication privileges under certain circumstances.
Also a bug with route recursion limits was fixed:
* Charon SEGFAULT when left=%any / recursion limit.
(bnc#840826)
Security Issues:
* CVE-2013-5018
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5018
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1525-1 -- Recommended update for kernel-firmwareSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kernel-firmwareThis update for kernel-firmware provides the following
enhancement:
* Update rtl_nic/rtl8168e-3.fw to the latest version
and add rtl8168f-{1,2}.fw. (bnc#805371)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1174-1 -- Security update for icedtea-webSUSE Linux Enterprise Desktop 11icedtea-webThis update to IcedTea-Web 1.4 provides some fixes
and enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1828-1 -- Security update for rubySUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11rubyThe following security issue has been fixed:
* CVE-2013-4164: heap overflow in float point parsingSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1275-1 -- Recommended update for GStreamer plug-insSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11GStreamer plug-insThis update for the GStreamer plug-ins enhances detection
of double-byte character sets in the meta-data of music
files (bnc#458213).
Additionally an issue has been fixed which avoids artifacts
caused by the edge effect (bnc#749974).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1100-2 -- Security update for xorg-x11-libX11SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libX11This update of xorg-x11-libX11 fixes several security
issues.
Bug 815451/821664
CVE-2013-1981 CVE-2013-1997 CVE-2013-2004
Security Issues:
* CVE-2013-1981
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1981
>
* CVE-2013-1997
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1997
>
* CVE-2013-2004
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2004
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1384-1 -- Recommended update for suseRegisterSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11suseRegisterThis update for suseRegister adds a new command line
parameter to clientSetup4SMT.sh, allowing the user to
accept a CA certificate in a non-interactive way by
providing the fingerprint. (bnc#821853)
Additionally, the following issues have been fixed:
* Escape special chars from proxy user and password.
(bnc#812475)
* Pass correct proxy authentication flags to libcurl.
(bnc#812475)
* Fix syntax errors in clientSetup4SMT.sh. (bnc#834801)
* Specify a timeouts while getting the certificate.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0886-1 -- Security update for cabextractSUSE Linux Enterprise Desktop 11cabextractcabextract was updated to fix two security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1325-1 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Mozilla FirefoxThis update to Firefox 17.0.8esr (bnc#833389) addresses:
* MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 (bmo#855331,
bmo#844088, bmo#858060, bmo#870200, bmo#874974, bmo#861530,
bmo#854157, bmo#893684, bmo#878703, bmo#862185, bmo#879139,
bmo#888107, bmo#880734)
Miscellaneous memory safety hazards have been fixed
(rv:23.0 / rv:17.0.8):
* MFSA 2013-66/CVE-2013-1706/CVE-2013-1707 (bmo#888314,
bmo#888361) Buffer overflow in Mozilla Maintenance Service
and Mozilla Updater
* MFSA 2013-68/CVE-2013-1709 (bmo#848253) Document URI
misrepresentation and masquerading
* MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests
allow for code execution and XSS attacks
* MFSA 2013-71/CVE-2013-1712 (bmo#859072) Further
Privilege escalation through Mozilla Updater
* MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong
principal used for validating URI for some Javascript
components
* MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin
bypass with web workers and XMLHttpRequest
* MFSA 2013-75/CVE-2013-1717 (bmo#406541) Local Java
applets may read contents of local file systemSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1524-1 -- Recommended update for kernel-firmwareSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kernel-firmwareThis update for kernel-firmware provides the following
enhancements:
* Add the new Intel Wilkins Peak BT firmwares (version
2e)
* Update rtl_nic/rtl8168e-3.fw to its current version
and add rtl8168f-{1, 2}.fw
* Add firmware for Realtek RTL8188EE
* Remove duplicated sb16/* and yamaha/* firmware files
that conflict with alsa-firmware package
* Add firmware files for Wilkins Peak 1/2 WiFi
(FATE#313607)
* Update ar3k firmwares to v20130729 to fix loading
errors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1231-1 -- Recommended update for kdumpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kdumpThis update for Kdump fixes an issue that prevented
mkdumprd from re-generating the kdump ramdisk after a
configuration file modification.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1402-1 -- Recommended update for libwebkitSUSE Linux Enterprise Desktop 11libwebkitThis update fixes a regression in libwebkit, because the
previous security update contained a patch that disabled
JavaScript erroneously.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1060-1 -- Security update for GnuTLSSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10GnuTLSThis update of GnuTLS fixes a regression introduced by the
previous update that could have resulted in a Denial of
Service (application crash).
Security Issue reference:
* CVE-2013-2116
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1474-1 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 Service Pack 2 kernel has been
updated to version 3.0.93 and includes various bug and
security fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1242-1 -- Recommended update for PythonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PythonThe SSL module in Python has been adjusted to switch to
default SSL certificate handling when no CA path is
passed. Additionally, python-xml now explicitly obsoletes
pyxml.
* #827982: Python: Enable SSL default certificate
validation.
* #824713: python-xml should provide/obsolete pyxml.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0251-1 -- Recommended update for autofsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11autofsThis update for AutoFS enables support to auto-mounting NFS
volumes on IPv6 networks. Additionally, it includes the
following fixes and improvements:
* Fix isspace() wild card substitution
* Fix mountd version retry
* Mount using address for DNS round robin host names
* Fix sanity checks for brackets in server name
* Fix simple bind without SASL support
* Fix nfs4 contacts portmap
* Miscellaneous code analysis fixesSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0023-1 -- Security update for pixmanSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pixmanThis update fixes the following security issue with pixman:
* Integer underflow when handling trapezoids.
(bnc#853824, CVE-2013-6425)
Security Issues:
* CVE-2013-6425
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6425
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1095-1 -- Security update for xorg-x11-libXrenderSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libXrenderThis update of xorg-x11-libXrender fixes several integer
overflow issues (bnc#815451, bnc#821669, CVE-2013-1987).
Security Issue reference:
* CVE-2013-1987
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1987
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1807-1 -- Security update for mozilla-nspr, mozilla-nssSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11mozilla-nsprmozilla-nssMozilla NSPR and NSS were updated to fix various security
bugs that could be used to crash the browser or
potentially execute code.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1909-1 -- Recommended update for virt-managerSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11virt-managerThis update for virt-manager provides the following fixes:
* Don't write 'ram' XML attribute for video devices
other than QXL. (bnc#829284)
* Allow allocation of hdb for emulated IDE disks.
(bnc#824720)
* Don't reset DomU's 'Autostart' option after hardware
configuration changes. (bnc#822531)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1642-1 -- Security update for libvirtSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libvirtlibvirt has been updated to the 1.0.5.6 stable release that
fixes bugs and security issues:
* CVE-2013-4296: Fix crash in
remoteDispatchDomainMemoryStats
* CVE-2013-5651: virBitmapParse out-of-bounds read
access Libvirt on SLES 11 SP3 is not affected:
* CVE-2013-4311: Add support for using 3-arg pkcheck
syntax for process ()
* CVE-2013-4291: security: provide supplemental groups
even when parsing label ()
Changes in this version:
* virsh: fix change-media bug on disk block type
* Include process start time when doing polkit checks
* qemuDomainChangeGraphics: Check listen address change
by listen type
* python: return dictionary without value in case of no
blockjob
* virbitmap: Refactor virBitmapParse to avoid access
beyond bounds of array
Also the following bug has been fixed:
* Fix retrieval of SRIOV VF info, which prevented using
some SRIOV virtual functions in guest domains with ""
(bnc#837329)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1220-1 -- Recommended update for BraseroSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11BraseroThis update for Brasero fixes creation of mp3 audio
projects.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1771-1 -- Recommended update for grubSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11grubThis update for grub provides fixes for the following
issues:
* grub post-install might freeze in chroot
* grub tries to access incomplete disk tracks.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0966-1 -- Recommended update for pmtoolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pmtoolsThis update for pmtools includes dmidecode 2.12, which brings many fixes and enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1395-1 -- Recommended update for ipmitoolSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11ipmitoolThis update changes the default cipher suite used on IPMIv2
lanplus connections to RAKP-HMAC-SHA1 (authentication),
HMAC-SHA1-96 (integrity) and AES-CBC-128 (encryption).
These are the same algorithms used by ipmitool on SUSE
Linux Enterprise 11 SP2.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1629-1 -- Recommended update for glib2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11glib2This update for glib2 fixes GFileMonitor when /etc/mtab is
a symbolic link to /proc/mounts.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0083-1 -- Recommended update for openldap2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11openldap2This update for openldap2 fixes an issue in the package's
pre-installation script that could cause an install error
when building images with Kiwi.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1214-1 -- Security update for KVMSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11KVMThis update fixes a file permission issue with qga (the
QEMU Guest Agent) from the qemu/kvm package and includes
several bug-fixes.
(bnc#818182) (CVE-2013-2007) (bnc#786813) (bnc#725008)
(bnc#712137) (bnc#824340)
Security Issues:
* CVE-2013-2007
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2007
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1213-1 -- Security update for flash-playerSUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10flash-playerAdobe flash-player has been updated to version 11.2.202.291
(ABSP13-17) which fixes bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0179-1 -- Security update for bindSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11bindThis update fixes a DoS vulnerability in bind when handling
malformed NSEC3-signed zones. CVE-2014-0591 has been
assigned to this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1060-2 -- Security update for GnuTLSSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11GnuTLSThis update of GnuTLS fixes a regression introduced by the
previous update that could have resulted in a Denial of
Service (application crash).
Security Issue reference:
* CVE-2013-2116
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0155-1 -- Security update for puppetSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11puppetThis update for puppet fixes a remote code execution
vulnerability in the "resource_type" service.
(CVE-2013-4761)
Additionally, the update prevents puppet from executing
initialization scripts that could trigger a system reboot
when handling "puppet resource service" calls.
Security Issue reference:
* CVE-2013-4761
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0265-1 -- Security update for libQtSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libQtThe Qt library was updated to fix a XML entity expansion
attack (XXE). (CVE-2013-4549)
Security Issue reference:
* CVE-2013-4549
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4549
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0845-1 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 SP2 Realtime kernel has been
updated to fix a critical security issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0004-1 -- Security update for curlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11curlThis update fixes the following security issues with curl:
* bnc#849596: ssl cert checks with unclear behaviour
(CVE-2013-4545)
Security Issue reference:
* CVE-2013-4545
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4545
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0133-1 -- Recommended update for sysstatSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11sysstatThis update for sysstat provides the following fixes:
* Fix 'iostat -n' crashing on nfs volumes. (bnc#799920)
* Handle overflow of the {rd,wr}_ticks counters.
(bnc#839091)
* Inform user if sar is called without parameters and
data collecting isn't enabled. (bnc#816833)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0121-1 -- Recommended update for perl-Bootloader and yast2-bootloaderSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11perl-Bootloaderyast2-bootloaderThis combined update for perl-Bootloader and
yast2-bootloader speeds up device scanning, significantly
reducing the time needed to setup the boot loader on
systems with many disks and LUNs (bnc#823601, bnc#826632).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1629-2 -- Recommended update for glib2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11glib2This update for glib2 fixes GFileMonitor when /etc/mtab is
a symbolic link to /proc/mounts.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0460-1 -- Recommended update for mokutilSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mokutilThis update fixes an issue with logouts or reboots on UEFI
systems. The cause was that mokutil used the wrong the
UEFI Globally unique identifier (GUID), which is needed to
access the UEFI db variable for checking the enrolled
certificates.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0402-1 -- Recommended update for augeasSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11augeasThis update for augeas fixes a memory corruption issue in
libaugeas that could be triggered by rubygem-ruby-augeas
and puppet.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0461-1 -- Security update for PostgreSQL 9.1SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PostgreSQL 9.1The PostgreSQL database server was updated to version
9.1.12 to fix various security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0041-1 -- Recommended update for aideSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11aideThe filesystem intrusion detection tool "aide" was not able
to load gzip compressed databases anymore on SUSE Linux
Enterprise Server 11 SP3 as the zlib API was changed
slightly. This update fixes this problem and gzip
compressed databases can be opened again.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1473-1 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been
updated to version 3.0.93 and to fix various bugs and
security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0249-1 -- Recommended update for ipmitoolSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11ipmitoolThis collective update for ipmitool provides the following
fixes:
* Fix reading of FRU data from servers where FRU/SDR
device #0, LUN 0 is absent (bnc#789624)
* Fix a string handling problem in ipmi_sel.c that
could cause a segmentation fault (bnc#788393)
* Fix reading of sensors from some specific servers
over lanplus (bnc#794160)
* Handle "BCDplus" fields in FRU descriptors correctly.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-YU-2014:0378-1 -- YOU update for libzypp, yast2-pkg-bindings, zypperSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libzyppyast2-pkg-bindingszypperThis update for the Software Update Stack provides the
following fixes and enhancements:
libzypp:
* Remove license text from test data. (bnc#862471)
* Fix missing priority in RepoInfo::dumpAsXML.
(bnc#855845)
yast2-pkg-bindings:
* Fix package disk usage computation. (bnc#852943)
zypper:
* Remove license text from test data. (bnc#862471)
* Zypper must refresh CD/DVD if no raw metadata is
present. (bnc#859160)
* Don't read metadata from CD/DVD repo if --no-check
was used. (bnc#859160)
* Fix missing priority in RepoInfo::dumpAsXML.
(bnc#855845)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1455-1 -- Recommended update for multipath-toolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11multipath-toolsThis update for multipath-tools provides the following
fixes:
* Specify checker_timeout in seconds. (bnc#824913)
* Fix setting of fast_io_fail_tmo. (bnc#824148)
* Reset queue_if_no_path if flush failed. (bnc#828868)
* Document 'wwids_file' and 'reservation_key'.
(bnc#820899)
* Correctly display 'timeout' checker status.
* Fix typo in retain_attached_hw_handler.
* Do not print 'path is up' for removed paths.
(bnc#789239)
* Proactively remove path. (bnc#789239)
* Do not call tur in sync mode if pthread_cancel fails.
(bnc#832796)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1772-1 -- Recommended update for apparmorSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11apparmorThis update for Apparmor fixes an issue that prevented
Tomcat 6 from starting in a confined environment.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1097-2 -- Security update for xorg-x11-libXfixesSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libXfixesThis update of xorg-x11-libXfixes fixed a integer overflow
issue.
Bug 815451/821667 CVE-2013-1983
Security Issues:
* CVE-2013-1983
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1983
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1641-1 -- Security update for libvirtSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libvirtThis libvirt update fixes a security issue.
* bnc#838638: CVE-2013-4296: EMBARGOED: libvirt: Fix
crash in remoteDispatchDomainMemoryStats
* bnc#817008: Regression: vm-install fails to display
on SLES 11 SP2 UV2000
Security Issue reference:
* CVE-2013-4296
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4296
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1434-2 -- Recommended update for kvmSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kvmThis update from kvm 1.4.1 to 1.4.2 provides the following
additional fixes and enhancements:
* Backport TLS support for VNC Websockets from QEMU
v1.5.0 (bnc#821819, fate#315032)
* Fixes for s390x dictzip support (bnc#824340).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1469-1 -- Security update for SambaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SambaThe Samba server suite received a security update to fix a
denial of service problem in integer wrap protection.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0167-1 -- Recommended update for release-notes-sledSUSE Linux Enterprise Desktop 11release-notes-sledThis update for the Release Notes for SUSE Linux Enterprise
Desktop 11 SP2 provides the following change:
* New entry: Adobe Discontinues Support for Adobe
Reader on Linux. (bnc#847002 via fate#316596).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0819-1 -- Security update for the Linux Kernel (x86)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11the Linux Kernel (x86)This update to the SUSE Linux Enterprise 11 SP2 kernel
fixes the following critical security issue:
* A bounds checking problem in the perf systemcall
could be used by local attackers to crash the kernel or
execute code in kernel context. (CVE-2013-2094
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2094
> )Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0711-1 -- Recommended update for auditSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11auditThis update changes audit to use the new kernel interface
to adjust the OOM-Killer score, avoiding warnings at boot
time.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0132-1 -- Recommended update for sysstatSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11sysstatThis update for sysstat provides the following fixes:
* Handle overflow of the {rd,wr}_ticks counters.
(bnc#839091)
* Inform user if sar is called without parameters and
data collecting isn't enabled. (bnc#816833)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0217-1 -- Recommended update for libdrmSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libdrmThis update for libdrm adds support for VEBOX on Haswell
Media Server.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0351-1 -- Security update for inkscapeSUSE Linux Enterprise Desktop 11inkscapeinkscape was updated to fix a XXE (Xml eXternal Entity)
attack during rasterization of SVG images (CVE-2012-5656),
where the rendering of malicious SVG images could have
connected from inkscape to internal hosts.
Also inkscape would have loaded .EPS files from untrusted
/tmp occasionaly instead from the current directory.
(CVE-2012-6076)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1115-1 -- Recommended update for kshSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10kshThis update for Korn Shell provides fixes for the following
issues:
* #808449: set -k does not work properly with
ksh-93t-13.17 and higher
* #814135: crash in bestreclaim() after traversing a
memory block with a very large size
* #824187: set -k breaks aliases with ksh-93u.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0051-2 -- Security update for xorg-x11-serverSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-serverThis update fixes the following security issue with
xorg-x11-server:
* bnc#853846: integer underflow when handling
trapezoids (CVE-2013-6424)
Security Issue reference:
* CVE-2013-6424
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6424
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0432-1 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11timezoneThis update provides the latest timezone information for
your system. The changes in detail are:
* Turkey begins DST on 2014-03-31, not 2014-03-30
* Misc changes affecting past time stamps
* An uninitialized-storage bug in 'localtime' has been
fixed.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1903-1 -- Recommended update for udevSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11udevThis collective update for udev provides the following
fixes:
* Add MSFT compatibility rules. (bnc#805059)
* Drop memory/cpu hotplug rules for ppc/ppc64 arch.
(bnc#818146)
* Use device_new_from_id_filename. (bnc#819331)
* Implement virtual function interface renaming.
(bnc#812050)
* Be more informative when renaming interfaces.
(bnc#812050)
* scsi_id: Export ID_SCSI_VPD and decode MD5
identifiers. (bnc#820574)
* path_id: Handle ATA/S-ATA devices if we are using
libata. (bnc#815263)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1215-1 -- Recommended update for SLES-for-VMware-SP3-migration and SLES-for-VMware-releaseSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SLES-for-VMware-SP3-migrationSLES-for-VMware-releaseThis update prepares the system for a System Upgrade to
SUSE Linux Enterprise Server for VMware 11 SP3.
Please follow the technical instruction document for the
information on how to upgrade your system to SUSE Linux
Enterprise Server for VMware 11 SP3:
http://www.suse.com/support/documentLink.do?externalID=70123
68
<http://www.suse.com/support/documentLink.do?externalID=7012
368>
Please have a look for more Information and Resources about
SUSE Linux Enterprise Server 11 SP3 here:
http://www.suse.com/promo/sle11sp3.html
<http://www.suse.com/promo/sle11sp3.html>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0466-1 -- Security update for xinetdSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xinetdThe multiplexing system xinetd was updated to fix security
issues and a bug.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1631-2 -- Security update for vinoSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11vinovino has been updated to fix a remote denial of service
problem where remote attackers could have caused a
infinite loop in vino (CPU consumption). (CVE-2013-5745)
Security Issue reference:
* CVE-2013-5745
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5745
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0920-1 -- Security update for glibcSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11glibcglibc has been updated to fix one security issue that could have resulted in free-after-use situations.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0417-1 -- Recommended update for checkmediaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11checkmediaThis update fixes checkmedia on big endian platforms such
as IBM Power and s390x.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0747-1 -- Recommended update for autofsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11autofsThis collective update for AutoFS provides fixes for the
following issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0459-1 -- Security update for Linux KernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux KernelThe SUSE Linux Enterprise 11 Service Pack 3 kernel was
updated to fix various bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0535-1 -- Security update for flash-playerSUSE Linux Enterprise Desktop 11flash-playerAdobe flash-player has been updated to version 11.2.202.350
to resolve security issues and bugs. More information can
be found at
http://helpx.adobe.com/security/products/flash-player/apsb14
-09.html
<http://helpx.adobe.com/security/products/flash-player/apsb1
4-09.html>
The following security issues have been fixed:
* a use-after-free vulnerability that could have
resulted in arbitrary code execution (CVE-2014-0506).
* a buffer overflow vulnerability that could have
resulted in arbitrary code execution (CVE-2014-0507).
* a security bypass vulnerability that could have lead
to information disclosure (CVE-2014-0508).
* a cross-site-scripting vulnerability (CVE-2014-0509).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0355-1 -- Recommended update for pidgin-otrSUSE Linux Enterprise Desktop 11pidgin-otrThis update for pidgin-otr fixes authentication of OTR
messaging when using the Groupwise Instant Messaging
protocol.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0116-1 -- Security update for flash-playerSUSE Linux Enterprise Desktop 11flash-playerThis update fixes the following security issues with
flash-player:
*
flash-player: security protection bypass
(bnc#858822)(APSB14-02)
o These updates resolve a vulnerability that
could be used to bypass Flash Player security protections
(CVE-2014-0491). o
These updates resolve an address leak
vulnerability that could be used to defeat memory address
layout randomization (CVE-2014-0492).
o
Ref.:
http://helpx.adobe.com/security/products/flash-player/apsb14
-02.html
<http://helpx.adobe.com/security/products/flash-player/apsb1
4-02.html>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0531-1 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been
updated to fix various bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1896-1 -- Security update for flash-playerSUSE Linux Enterprise Desktop 11flash-playerThis update fixes the following security issues with
flash-player:
* bnc#854881: flash-plugin: multiple code execution
flaws (APSB13-28) o These updates resolve a type confusion
vulnerability that could lead to code execution
(CVE-2013-5331). o These updates resolve a memory
corruption vulnerability that could lead to code execution
(CVE-2013-5332). o Ref:
http://helpx.adobe.com/security/products/flash-player/apsb13
-28.html
<http://helpx.adobe.com/security/products/flash-player/apsb1
3-28.html>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0642-1 -- Recommended update for microcode_ctlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11microcode_ctlThis update provides Intel's CPU microcode version 20140430.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1326-1 -- Recommended update for mkinitrdSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mkinitrdThis update for mkinitrd provides the following fixes:
* Add a udev rule to fix HyperV VM migration from
Windows 2008/2012 to Windows 2012R2 hosts
* Fix network configuration when using iBFT
* Do not add duplicate static IPs
* Recognize default network interface if more than one
is present
* Support /dev/md/ subdir in setup-storage.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0400-1 -- Recommended update for tcshSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11tcshThis update for tcsh includes enhancements to speed up
loading and saving the history file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1854-1 -- Security update for glibcSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11glibcThis update for glibc contains the following fixes:
* Fix integer overflows in malloc (CVE-2013-4332,
bnc#839870)
* Fix buffer overflow in glob (bnc#691365)
* Fix buffer overflow in strcoll (CVE-2012-4412,
bnc#779320)
* Update mount flags in <sys/mount.h> (bnc#791928)
* Fix buffer overrun in regexp matcher (CVE-2013-0242,
bnc#801246)
* Fix memory leaks in dlopen (bnc#811979)
* Fix stack overflow in getaddrinfo with many results
(CVE-2013-1914, bnc#813121)
* Fix check for XEN build in glibc_post_upgrade that
causes missing init re-exec (bnc#818628)
* Don't raise UNDERFLOW in tan/tanf for small but
normal argument (bnc#819347)
* Properly cross page boundary in SSE4.2 implementation
of strcmp (bnc#822210)
* Fix robust mutex handling after fork (bnc#827811)
* Fix missing character in IBM-943 charset (bnc#828235)
* Fix use of alloca in gaih_inet (bnc#828637)
* Initialize pointer guard also in static executables
(CVE-2013-4788, bnc#830268)
* Fix readdir_r with long file names (CVE-2013-4237,
bnc#834594).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0387-1 -- Security update for flash-playerSUSE Linux Enterprise Desktop 11flash-playerAdobe Flash Player was updated to version 11.2.202.346 to
fix security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0580-1 -- Security update for python-pywbemSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11python-pywbemThis update fixes a TOCTOU vulnerability during certificate
validation. CVE-2013-6418 has been assigned to this issue.
This update also introduces a new dependency on
python-m2crypto.
Security Issue reference:
* CVE-2013-6418
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6418
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0828-1 -- Recommended update for beagleSUSE Linux Enterprise Desktop 11beagleDue to compatibility issues, the Beagle plug-in for
MozillaFirefox is being temporarily disabled by this
update.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0573-1 -- Recommended update for rpcbindSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11rpcbindThis update for rpcbind fixes the following issues:
* Make is_loopback check more permissive. (bnc#821054)
* Set SO_REUSEADDR on NC_TPI_COTS listening sockets.
(bnc#823079)
* In the %post section, check if portmap binary exists
before using checkproc to verify whether it's running.
(bnc#823079)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1423-1 -- Recommended update for sblim-sfcbSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11sblim-sfcbThis update for sblim-sfcb provides the following fixes:
* Improve robustness of sblim-sfcb request header
parsing, fixing errors when the XML header of posted
request is too big.
* Fix a resource leak leading to failure to operate
when using the 'SfcbLocal' client interface together with
Openwsman.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0214-1 -- Security update for gimpSUSE Linux Enterprise Desktop 11gimpThis update fixes the following security issues with gimp:
* bnc#853423: XWD plugin g_new() integer overflow
(CVE-2013-1913)
* bnc#853425: XWD plugin color map heap-based buffer
overflow (CVE-2013-1978)
* bnc#791372: memory corruption via XWD files
(CVE-2012-5576)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1434-1 -- Recommended update for KVMSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11KVMThis update from kvm 1.4.1 to 1.4.2 provides the following
fixes and enhancements:
* Backport TLS support for VNC Websockets from QEMU
v1.5.0 (bnc#821819, fate#315032)
* Fixes for s390x dictzip support (bnc#824340).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0166-1 -- Recommended update for release-notes-sledSUSE Linux Enterprise Desktop 11release-notes-sledThis update for the Release Notes for SUSE Linux Enterprise
Desktop 11 SP3 provides the following changes:
* New entry: Adobe Discontinues Support for Adobe
Reader on Linux. (bnc#847002 via fate#316596).
* Obsolete entries: Firefox lockdown. (bnc#860086)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0413-1 -- Security update for libssh2SUSE Linux Enterprise Desktop 11libssh2This update of libssh fixes the following security issue:
* When libssh operates in server mode, the randomness
pool was not switched on fork, so two pools could operate
on the same randomness and could generate the same keys.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0578-1 -- Recommended update for python-m2cryptoSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11python-m2cryptoThis update to python-m2crypto 0.21.1 provides many fixes
and enhancements, including:
* Allow SSL peer certificate to have subjectAltName
without DNSName and use commonName for hostname check.
* Allow more blocking OpenSSL functions to run without
GIL.
* Fixed httpslib to send only the path+query+fragment
part of the URL when using CONNECT proxy.
* Added support for RSASSA-PSS signing and verifying.
* Added support for disabling padding when using RSA
encryption.
* ASN1_INTEGERs can now be larger than fits in an int,
for example to support X509 certificates with large serial
numbers.
* Deprecated M2Crypto.PGP subpackage.
* Add support for OpenSSL 1.0.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1352-1 -- Security update for libgcryptSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libgcryptThis update of libgcrypt mitigates the Yarom/Falkner
flush+reload side-channel attack on RSA secret keys
(CVE-2013-4242).
Security Issue reference:
* CVE-2013-4242
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0298-1 -- Recommended update for kvmSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kvmThis update for KVM provides support for the Ceph
components of SUSE Cloud by implementing compatibility
with a dynamically loaded rbd plug-in. Currently, this
plug-in is not delivered with SUSE Linux Enterprise
Server. (FATE#316580, bnc#858858)
Additionally, the following issues have been fixed:
* Provide dummy color map for VNC viewers which may
request a color map. (bnc#842088)
* Allow cross migration from SP2's qemu-kvm 0.15 to
qemu 1.4. (bnc#812836, bnc#841080)
* Fix potential rtl8139/pcnet network stalls.
* Update to new s390-ccw.img firmware from v1.6.0.
(bnc#812983)
* Add fix for virtio-ccw reset. (bnc#812983)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0300-1 -- Recommended update for glib2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11glib2This update for glib2 adds a workaround to ignore multiple
calls to g_thread_init(), preventing issues with some
upstream Java implementations.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0743-1 -- Recommended update for supportutilsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11supportutilsThis update for supportutils contains the following fixes and enhancements:
* novell-nss.txt should capture VolumeInfo.xml file. (bnc#871536)
* Added novell-ncs-resource*.txt files.
* Included NCS parsed log information. (bnc#870451)
* Fixed duplicate snapshot listings. (bnc#870473)
* Scanning base_reachable_time excluded. (bnc#863234)
* Removed schealth. It's superseded by the SCA Appliance.
* Excluded ldauditor logs from security-audit.txt. (bnc#860003)
* Limited mcelog to VAR_OPTION_LINE_COUNT.
* Fixed HAE cib location for SLE 11-SP3. (bnc#855230)
* Fixed Apparmor error messages during basic health check. (bnc#850741)
* Added /etc/xinetd.d/ to chkconfig.txt. (bnc#850568)
* Fixed find /boot errors. (bnc#850566)
* Added gfx hardware information to x.txt. (bnc#816468)
* Option -k now excludes all known loaded modules. (bnc#846676)
* Option -y now sets ADD_OPTION_MAXYAST. (bnc#846512)
* Removed ADD_OPTION_MINYAST.
* Excluded invalid /proc files. (bnc#846679)
* Supportconfig gets symlinks in /etc/pam.d. (bnc#846491)
* Supports xz compressed ramdisks. (bnc#839664)
* Fixed long NIC name processing. (bnc#840841)
* RPM package requires tar. (bnc#839098)
* Included dmidecode in hardware.txt. (fate#315500)
* Changed parted output units to sectors. (fate#314621)
* Added findmnt to fs-diskio.txt. (fate#314619)
* Added lsblk to fs-diskio.txt. (fate#314620)
* Added lsscsi -H to fs-diskio.txt. (fate#314618)
For a comprehensive list of changes, please read the package's change log.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0510-1 -- Security update for puppetSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11puppetThe deployment framework puppet received an update for a
security issue in January.
The backport of this security issue was however incomplete
and broke existing setups. As the scope of the problem is
limited to local scenarios where an attacker likely has
access already, and backporting is not trivial, this
update reverts the fix for now.
We are evaluating the possibility of an update to puppet
2.7 in the future.
Security Issue reference:
* CVE-2013-4761
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1631-1 -- Security update for vinoSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11vinovino has been updated to fix a remote denial of service
problem where remote attackers could have caused a
infinite loop in vino (CPU consumption). (CVE-2013-5745)
Security Issue reference:
* CVE-2013-5745
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5745
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0247-1 -- Recommended update for python-sip, python-kde4 and python-qt4SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11python-sippython-kde4python-qt4This update for python-sip fixes code generation for
classes that have an alternate mapped type implementation.
This problem affected the QSettings class of python-qt4,
more specifically the functions that serialize objects and
save them to persistent storage.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1551-1 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11timezoneThis update provides the latest timezone information for
your system. The changes in detail are:
* Morocco now observes DST from the last Sunday in
March to the last Sunday in October, not April to September
respectively.
* Tocantins will very likely not observe DST starting
this spring
* Jordan will likely stay at UTC+3 indefinitely
* Palestine will fall back at 00:00, not 01:00
* This year Fiji will start DST on October 27, not
October 20
* Use WIB/WITA/WIT rather than WIT/CIT/EIT for
alphabetic Indonesian time zone abbreviations since 1932
* Use ART (UTC-3, standard time), rather than WARST
(also UTC-3, but daylight saving time) for San Luis,
Argentina since 2009.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-YU-2014:0091-1 -- YOU update for Software Update StackSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Software Update StackThis update for the Software Update Stack provides the
following fixes and enhancements:
libzypp:
* Fix disk usage computation for single packages.
(bnc#852943)
* Filter control chars illegal in XML 1.0. (bnc#850907)
* Always properly initialize pool storage. (bnc#846565)
zypper:
* Fix groff .TP commands in manpage. (bnc#854784)
* Fix callback handling if media download error is
ignored.
* Fix detection of multiversion packages in transaction
summary. (bnc#844373)
* Improve prompt with more options hidden behind '?'.
(bnc#844373)
* Fix message typo. (bnc#845619)
* Avoid duplicated product entries. (bnc#841473)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0431-1 -- Security update for wiresharkSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11wiresharkThis update fixes a security problem in the BSSGP network
protocol dissector that could crash wireshark.
Security Issue reference:
* CVE-2013-7113
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7113
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1830-1 -- Recommended update for halSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11halThis update for hal includes the following fix:
* Removable media sporadically not automatically
mounted (bnc#808143)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0162-1 -- Security update for libvirtSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libvirtThis update fixes a crash in LXC's memtune code.
CVE-2013-6436 has been assigned to this issue.
Security Issue reference:
* CVE-2013-6436
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6436
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0215-1 -- Security update for openjdkSUSE Linux Enterprise Desktop 11openjdkThis openjdk update fixes several security issues. For a
complete list of fixed vulnerabilities and their
description please refer to:
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-J
anuary/025800.html
<http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-
January/025800.html>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1182-2 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been
updated to 3.0.82 and to fix various bugs and security
issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0524-1 -- Security update for net-snmpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11net-snmpThe net-snmp remote service received security and bugfixes:
*
A remote denial of service flaw in Linux
implementation of ICMP-MIB has been fixed (CVE-2014-2284)
*
snmptrapd could have crashed when using a trap with
empty community string. This has been fixed. (CVE-2014-2285)
*
The AgentX subagent of net-snmp could have been
stalled when a manager sent a multi-object request with a
different number of subids. (CVE-2014-2310)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0672-1 -- Recommended update for man-pagesSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11man-pagesThis update for man-pages provides the following fixes:
* fseek.3: Complete EINVAL return code description.
* core.5: PID in core file name.
* proc.5: Extend descriptions of /proc/[pid]/smaps fields.
* pthread_attr_setaffinity_np.3: Fix function prototypes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0124-1 -- Recommended update for autofsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11autofsThis update for AutoFS provides fixes for the following
issues:
* A segmentation fault caused by thread-unsafe
initialization and clean-up of libldap. (bnc#820585,
bnc#853469)
* A segmentation fault caused by thread-unsafe usage of
glibc's netconfig() functions. (bnc#842622, bnc#833733)
* A race condition that could make automount quit after
receiving a SIGHUP. (bnc#855883)
* A deadlock when trying to lock a mutex that's already
owned by the same thread. (bnc#859969)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0475-1 -- Security update for sudoSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11sudoThis collective update for sudo provides fixes for the
following issues:
* Security policy bypass when env_reset is disabled.
(CVE-2014-0106, bnc#866503)
* Regression in the previous update that causes a
segmentation fault when running "sudo -s". (bnc#868444)
* Command "who -m" prints no output when using
log_input/log_output sudo options. (bnc#863025)
Security Issues references:
* CVE-2014-0106
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0106
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1966-1 -- Recommended update for python-lxmlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11python-lxmlThis update fixes the following issue with python-lxml:
* bnc#657698: python-lxml must not require pyxmlSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1099-2 -- Security update for xorg-x11-libXextSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libXextThis update of xorg-x11-libXext fixes several integer
overflow issues.
Bug 815451/821665 CVE-2013-1982
Security Issues:
* CVE-2013-1982
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1982
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0103-1 -- Recommended update for mailxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mailxThis update for mailx enables IPv6 support and includes the
following fixes:
* Crop off the brackets of an ipv6 address if found.
(bnc#853246)
* Enable mailx to parse IPv6 addresses including a port
([ipv6]:port). (bnc#853246)
* Do not pseudo detect Latin nor UTF-8 in binary
attachments. (bnc#827010)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1618-1 -- Security update for PythonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PythonThis python update fixes a certificate hostname issue.
* bnc#834601: CVE-2013-4238: python: SSL module does
not handle certificates that contain hostnames with NULL
bytes
Security Issue reference:
* CVE-2013-4238
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0723-1 -- Recommended update for gzipSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gzipThis update for GNU Zip (gzip) provides one fix:
* When reading files from Hierarchical Storage
Management systems in non-blocking mode, read() might fail
with EAGAIN. In cases like this, gzip will now switch to
blocking mode and try again.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0150-1 -- Security update for libxml2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libxml2This update fixes a DoS vulnerability in libxml2.
CVE-2013-2877 has been assigned to this issue.
Security Issue reference:
* CVE-2013-2877
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-YU-2013:1408-1 -- Security update for libzyppSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libzypplibzypp did not handle multiple gpg pubkeys in the
repomd.xml.key and content.key consistently and secure.
Attackers could have exploited this to add their own keys
and pretend it's from SUSE.
Security Issue reference:
* CVE-2013-3704
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3704
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0337-1 -- Security update for pythonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pythonThis update for Python fixes the following security issues:
* bnc#834601: SSL module does not handle certificates
that contain hostnames with NULL bytes. (CVE-2013-4238)
* bnc#856836: Various stdlib read flaws. (CVE-2013-1752)
Additionally, the following non-security issues have been
fixed:
* bnc#859068: Turn off OpenSSL's aggressive
optimizations that conflict with Python's GC.
* bnc#847135: Setting fips=1 at boot time causes
problems with Python due to MD5 usage.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1920-1 -- Security update for libfreebl3SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libfreebl3Mozilla NSS has been updated to the 3.15.3.1 security
release.
The update blacklists an intermediate CA that was abused to
create man in the middle certificates.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0790-1 -- Security update for libgaduSUSE Linux Enterprise Desktop 11libgaduA memory corruption vulnerability has been fixed in libgadu. CVE-2013-6487 has been assigned to this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1640-1 -- Recommended update for net-snmpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11net-snmpThis collective update for net-snmp provides the following
fixes:
* Fix a race condition in hrSWRunTable when processes
exit in the middle of processing. (bnc#822368)
* Fix hrSWRunPath of swapped-out processes. (bnc#822368)
* Fix MIB representation of timeout values. (bnc#833153)
* Fix infinite loop when SIGTERM arrives in the middle
of internal query processing. (bnc#833191)
* Merge some upstream fixes for memory leaks.
(bnc#833191)
* If the daemon is still running 10 seconds after
SIGTERM, force the stop with SIGKILL. (bnc#828081)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0230-1 -- Recommended update for cpupowerSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11cpupowerThis update for cpupower introduces the new "idle-set"
sub-command, which allows the user to enable or disable
the sleep states of a CPU. For more details, refer to the
cpupower-idle-set(1) man page.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0331-1 -- Security update for openssl-certsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11openssl-certsThe openssl-certs package was updated to match the
certificates contained in the Mozilla NSS 3.15.4 release.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0911-1 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues.elected taints for tracepoint modules.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0579-1 -- Recommended update for autoyast2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11autoyast2This collective update for AutoYaST 2 provides the
following fixes:
* Fix usage of "totaldisk" and "xserver" rules in
rules.xml. (bnc#836366)
* Fix cloning of software section with invisible
patterns. (bnc#864421)
* Fix an issue where autoyast created primary partition
when logical ones were requested. (bnc#852617)
* Fix an issue handling LVM VGs on existing partitions.
(bnc#830253)
* Fix scripts with chrooted=true via NFS. (bnc#829265)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0795-1 -- Recommended update for SLE ManualsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SLE ManualsThis update provides the latest version of the SUSE Linux Enterprise 11-SP3 manuals, which brings fixes and enhancements in the following areas.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0189-1 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 Service Pack 3 kernel was
updated to 3.0.101 and also includes various other bug and
security fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0623-1 -- Security update for kvmSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kvmThe QEMU embedded within KVM received various security
fixes.
Various issues in the block layer have been fixed:
* A virtio security issue in config io space handling
(CVE-2013-2016).
* A SCSI report LUNs buffer overflow (CVE-2013-4344).
* A buffer overflow in the QEMU USB stack
(CVE-2013-4541).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1615-1 -- Recommended update for microcode_ctlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11microcode_ctlThis update provides Intel's CPU microcode version 20130906.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0290-1 -- Security update for flash-playerSUSE Linux Enterprise Desktop 11flash-playerThis update of Adobe Flash Player fixes the following
issues:
* A stack overflow vulnerability that could have
resulted in arbitrary code execution. (CVE-2014-0498)
* A memory leak vulnerability that could have been used
to defeat memory address layout randomization.
(CVE-2014-0499)
* A double free vulnerability that could have resulted
in arbitrary code execution. (CVE-2014-0502)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1515-1 -- Recommended update for xml-commonsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xml-commonsThis update relaxes dependencies between xml-commons and
its sub-packages to fix an issue in online migration.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0175-2 -- Security update for curlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11curlThis update fixes the re-use of wrong HTTP NTLM connections
in libcurl. (CVE-2014-0015)
Security Issue reference:
* CVE-2014-0015
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0291-1 -- Recommended update for mdadmSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mdadmThis update for mdadm provides many fixes and enhancements:
* Don't wait so long when creating arrays. (bnc#816382)
* Allow array to be stopped using the kernel name.
(bnc#821861)
* If mpath is in use, disable mdadm auto-assembly
except on dm devices. (bnc#838528)
* Fix size handling for RAID0 arrays during reshape.
(bnc#821934)
* Fix problem with calculation of space available for
reshape. (bnc#821934)
* Clarify connection between action=re-add and bitmaps
in mdadm.conf.5. (bnc#773010)
* Print correct size for large external metadata
arrays. (bnc#797116)
* Retry failed removes in mdadm. (bnc#808647)
* Don't assemble the same array with two different
names. (bnc#828436)
* Attempt to remove from an array any device which
disappear. (bnc#819331)
* Fix problems with RAID10 re-sync and recovery not
completing properly. (bnc#834041)
* Allow mdadm to create arrays with more than 1000
devices. (bnc#819930)
* Remove partitions from device when included in an
'external' array. (bnc#817841)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0373-1 -- Security update for XenSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11XenThe SUSE Linux Enterprise Server 11 Service Pack 3 Xen
hypervisor and toolset has been updated to 4.2.4 to fix
various bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0661-1 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11timezoneThis update provides the latest timezone information for your system. The
changes in detail are:
* Egypt observes DST starting 2014-05-15 at 24:00
* Crimea switched to Moscow time on 2014-03-30 at 02:00 local time
* New entry for Troll Station, Antarctica.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0336-1 -- Recommended update for sg3_utilsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11sg3_utilsThis update for sg3_utils provides the following fixes and
enhancements:
* Update to rescan-scsi-bus.sh to improve scanning of
DMMP devices. (bnc#846660)
* Update sg_xcopy to version 0.39 for invoking XCOPY on
NetApp FAS LUs. (bnc#852420)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0575-1 -- Recommended update for mono-coreSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mono-coreThis update adds handling of SHA256 hashes to parts of the
X509 Certificate classes in the C# implementation of Mono
(bnc#871362) and improves handling of non-existing
certificate revocation lists (bnc#810747, bnc#606002).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1240-1 -- Recommended update for AutoYaST2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11AutoYaST2This update fixes the following issues:
* #820499: AutoYaST module creates a bad ask-list
* #822009: AutoYaST module crashes while saving the
profile
* #799725: Problem reusing large number of partitions
* #794403: Unattended upgrade dependency errors when
update repos are present in 'autoupg.xml'
* #788593: Problem handling script notifications in UI
* #752318: Fix cloning of raidsSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0219-1 -- Security update for xorg-x11SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11This update fixes a stack buffer overflow in xorg-x11 in
the bdfReadCharacters() function. CVE-2013-6462 has been
assigned to this issue.
Security Issue reference:
* CVE-2013-6462
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1512-1 -- Recommended update for puppetSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11puppetThis update for puppet fixes a regression introduced by the
fix for CVE-2013-3567.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0769-1 -- Security update for MySQLSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MySQLMySQL was updated to version 5.5.37 to address various security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0175-1 -- Security update for curlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11curlThis update fixes the re-use of wrong HTTP NTLM connections
in libcurl. (CVE-2014-0015)
Security Issue reference:
* CVE-2014-0015
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0124-2 -- Recommended update for autofsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11autofsThis update for AutoFS provides fixes for the following
issues:
* A segmentation fault caused by thread-unsafe
initialization and clean-up of libldap. (bnc#820585,
bnc#853469)
* A segmentation fault caused by thread-unsafe usage of
glibc's netconfig() functions. (bnc#842622, bnc#833733)
* A race condition that could make automount quit after
receiving a SIGHUP. (bnc#855883)
* A deadlock when trying to lock a mutex that's already
owned by the same thread. (bnc#859969)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0397-1 -- Security update for icedtea-webSUSE Linux Enterprise Desktop 11icedtea-webThe OpenJDK Java Plugin IcedTea Web was released to fix a
temporary file access problem.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0356-1 -- Recommended update for microcode_ctlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11microcode_ctlThis update provides Intel's CPU microcode version 20140122.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0731-1 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11timezoneThe latest update to timezone 2014c introduced changes in the binary format
of timezone files generated by zic(1) to improve handling of low-valued
timestamps. This change caused problems for some applications that rely
on the stability of the binary format, so this update reverts it.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1451-1 -- Recommended update for SUSE Manager Client ToolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SUSE Manager Client ToolsThis collective update provides the following fixes and
enhancements:
rhnlib:
* Fix some issues with the new timeout option.
spacewalk-client-tools:
* Print prompt on tty instead of stdout
* Add Unicode support for Remote Command scripts.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0582-1 -- Recommended update for linux-kernel-headersSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11linux-kernel-headersThis update for linux-kernel-headers includes the following
fixes:
* The <linux/vt.h> header has been fixed not to used
the C++ reserved keyword "new".
* Headers <scsi/scsi_bsg_fc.h>,
<scsi/scsi_netlink.h> and <scsi/scsi_netlink_fc.h> have
been included.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0188-1 -- Security update for hplipSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11hpliphplip was updated to fix three security issues:
*
CVE-2013-0200: Some local file overwrite problems via
predictable /tmp filenames were fixed.
*
CVE-2013-4325: hplip used an insecure polkit DBUS API
(polkit-process subject race condition) which could lead to
local privilege escalation.
*
CVE-2013-6402: hplip uses arbitrary file
creation/overwrite (via hardcoded file name
/tmp/hp-pkservice.log)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1912-1 -- Recommended update for SUSE Manager Client ToolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SUSE Manager Client ToolsThis collective update provides the following fixes and
enhancements:
spacewalk-client-tools:
* Uptime report: respect xmlrpc's integer limits.
zypp-plugin-spacewalk:
* Avoid crashes when a channel's metadata contains
UTF-8 data. (bnc#850105)
* Call zypper with --auto-agree-with-licenses, as
interactive agreement is not possible from remote.
(bnc#847254)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1656-1 -- Security update for libxsltSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11libxsltlibxslt received a security update to fix a security issue:
* CVE-2013-4520: The XSL implementation in libxslt
allowed remote attackers to cause a denial of service
(crash) via an invalid DTD. (addendum due to incomplete fix
for CVE-2012-2825)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1919-1 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Mozilla FirefoxMozillaFirefox has been updated to the 24.2.0 ESR security
release.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0051-1 -- Security update for xorg-x11-serverSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-serverThis update fixes the following security issue with
xorg-x11-server:
* bnc#853846: integer underflow when handling
trapezoids (CVE-2013-6424)
Security Issue reference:
* CVE-2013-6424
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6424
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0171-1 -- Security update for curlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11curlThis update fixes the re-use of wrong HTTP NTLM connections
in libcurl. (CVE-2014-0015)
Security Issue reference:
* CVE-2014-0015
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0662-2 -- Recommended update for python-dmidecodeSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11python-dmidecodeThis update for python-dmidecode fixes an "Illegal instruction" exception
that could occur on systems under heavy memory load.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1094-1 -- Recommended update for SUSE Manager client toolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SUSE Manager client toolsThis update fixes the following issues:
rhnlib:
* Make timeout of yum-rhn-plugin calls through
rhn-client-tools configurable
* Make Proxy timeouts configurable.
spacewalk-client-tools:
* Create mgr* program symbolic links
* Correctly handle a deactivated account error message
* Require rhnlib with timeout option
* Make timeout configurable.
zypp-plugin-spacewalk:
* Always disable gpgcheck for repositories in spacewalk
service
* Use timeout also for XMLRPC calls if possible
* Read transfer_timeout from zypp.conf and provide it
via URL.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1655-1 -- Security update for CUPSSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11CUPSThe following security issue has been fixed in the CUPS
print daemon CVE-2012-5519:
The patch adds better default protection against misuse of
privileges by normal users who have been specifically
allowed by root to do cupsd configuration changes
The new ConfigurationChangeRestriction cupsd.conf directive
specifies the level of restriction for cupsd.conf changes
that happen via HTTP/IPP requests to the running cupsd
(e.g. via CUPS web interface or via the cupsctl command).
By default certain cupsd.conf directives that deal with
filenames, paths, and users can no longer be changed via
requests to the running cupsd but only by manual editing
the cupsd.conf file and its default file permissions
permit only root to write the cupsd.conf file.
Those directives are: ConfigurationChangeRestriction,
AccessLog, BrowseLDAPCACertFile, CacheDir, ConfigFilePerm,
DataDir, DocumentRoot, ErrorLog, FileDevice, FontPath,
Group, LogFilePerm, PageLog, Printcap, PrintcapFormat,
PrintcapGUI, RemoteRoot, RequestRoot, ServerBin,
ServerCertificate, ServerKey, ServerRoot, StateDir,
SystemGroup, SystemGroupAuthKey, TempDir, User.
The default group of users who are allowed to do cupsd
configuration changes via requests to the running cupsd
(i.e. the SystemGroup directive in cupsd.conf) is set to
'root' only.
Additionally the following bug has been fixed:
* strip trailing "@REALM" from username for Kerberos
authentication (CUPS STR#3972 bnc#827109)
Security Issue reference:
* CVE-2012-5519
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5519
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1409-1 -- Recommended update for xorg-x11-driver-inputSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-driver-inputThis update for X.Org input drivers adds an option to the
evdev driver for better supporting Advanced Silicon
CoolTouch device.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1829-1 -- Recommended update for nfs-clientSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11nfs-clientThis update for nfs-utils provides the following fixes:
* Fix decoding of octal encoded fields in idmapd.
(bnc#802823)
* Improve support for GSS security negotiation with old
servers. (bnc#844015)
* Correctly handle sub-directory exports from file
systems with 64-bit inode numbers. (bnc#841971)
* Ensure ldconfig cache is updated when libraries exist
on NFS mounted file system. (bnc#834164)
* Make it easy to enable NFSv4.1 support on server.
(bnc#832264)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1513-1 -- Recommended update for facterSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11facterThis update for facter removes the relationship between the
domain fact and LDAP/NIS domains. The domain fact now
relates exclusively to the DNS domain.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0809-1 -- Security update for Acrobat ReaderSUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10Acrobat ReaderAcrobat Reader has been updated to version 9.5.5.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1373-1 -- Security update for libpixmanSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libpixmanA stack based buffer overflow in the pixman library has
been fixed. (CVE-2013-1591)
Security Issue reference:
* CVE-2013-1591
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1591
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0568-1 -- Recommended update for compat-wireless KMPSUSE Linux Enterprise Desktop 11compat-wireless KMPThis update for the compat-wireless kernel modules provides
many fixes and enhancements:
* Add support for Atheros MANGO rev2 devices.
* Improve support for Intel WiFi, Atheros WiFi and
Realtek WiFi chips.
* Fix support for Intel Wilkins Peak 1/2 and Realtek
RTL8188EE WiFi chips.
* Fix an issue on Intel Wilkins Peak 1/2 after resuming
from S3/S4.
* Add support for btusb, fixing Intel Wilkins Peak BT
issues.
* Fix the missing HID driver registration in hidp
driver.
* Add support for new PCI SSID entries for Intel
Wireless chips.
* Fix firmware loading on Intel BT at S3/S4.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1559-1 -- Security update for kdelibs4SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kdelibs4This kdelibs4 update fixes several security issues related
to khtml/konqueror.
* Fix security issues and null pointer references in
khtml/konqueror (bnc#787520) (CVE-2012-4512, CVE-2012-4513,
CVE-2012-4515)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0237-1 -- Security update for pwlibSUSE Linux Enterprise Desktop 11pwlibThis update fixes a XML DoS vulnerability in pwlib.
CVE-2013-1864 has been assigned to this issue.
Security Issue reference:
* CVE-2013-1864
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1864
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0221-1 -- Security update for flash-playerSUSE Linux Enterprise Desktop 11flash-playerThis update resolves an integer underflow vulnerability
that could have been exploited to execute arbitrary code
on the affected system (CVE-2014-0497).
More information:
http://helpx.adobe.com/security/products/flash-player/apsb14
-04.html
<http://helpx.adobe.com/security/products/flash-player/apsb1
4-04.html>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0912-1 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0115-1 -- Security update for wiresharkSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11wiresharkwireshark was updated to security update version 1.8.12,
fixing bugs and security issues.
* The SIP dissector could go into an infinite loop.
wnpa-sec-2013-66 CVE-2013-7112
* The NTLMSSP v2 dissector could crash. Discovered by
Garming Sam. wnpa-sec-2013-68 CVE-2013-7114
Further bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.8.12.htm
l
<https://www.wireshark.org/docs/relnotes/wireshark-1.8.12.ht
ml>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0546-1 -- Recommended update for zshSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11zshThis update for zsh fixes tilde expansion of user names
that contain a dot.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1426-1 -- Recommended update for halSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11halThis update for hal adds support for the "Mute Microphone"
key found on HP Elitebook Folio 9470m.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0614-1 -- Recommended update for gcc47SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gcc47This update fixes an issue in libstdc++ where it wrongly
identified exceptions in construction as being uncaught.
This problem could affect some newer C++ applications.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0639-1 -- Security update for OpenJDKSUSE Linux Enterprise Desktop 11OpenJDKThis java-1_7_0-openjdk update to version 2.4.7 fixes the following
security and non-security issues:
*
Security fixes
o S8023046: Enhance splashscreen support o S8025005: Enhance
CORBA initializations o S8025010, CVE-2014-2412: Enhance AWT contexts o
S8025030, CVE-2014-2414: Enhance stream handling o S8025152,
CVE-2014-0458: Enhance activation set up o S8026067: Enhance signed jar
verification o S8026163, CVE-2014-2427: Enhance media provisioning o
S8026188, CVE-2014-2423: Enhance envelope factory o S8026200: Enhance
RowSet Factory o S8026716, CVE-2014-2402: (aio) Enhance asynchronous
channel handling o S8026736, CVE-2014-2398: Enhance Javadoc pages o
S8026797, CVE-2014-0451: Enhance data transfers o S8026801, CVE-2014-0452:
Enhance endpoint addressing o S8027766, CVE-2014-0453: Enhance RSA
processing o S8027775: Enhance ICU code. o S8027841, CVE-2014-0429:
Enhance pixel manipulations o S8028385: Enhance RowSet Factory o S8029282,
CVE-2014-2403: Enhance CharInfo set up o S8029286: Enhance subject
delegation o S8029699: Update Poller demo o S8029730: Improve audio device
additions o S8029735: Enhance service mgmt natives o S8029740,
CVE-2014-0446: Enhance handling of loggers o S8029745, CVE-2014-0454:
Enhance algorithm checking o S8029750: Enhance LCMS color processing
(in-tree LCMS) o S8029760, CVE-2013-6629: Enhance AWT image libraries
(in-tree libjpeg) o S8029844, CVE-2014-0455: Enhance argument validation o
S8029854, CVE-2014-2421: Enhance JPEG decodings o S8029858, CVE-2014-0456:
Enhance array copies o S8030731, CVE-2014-0460: Improve name service
robustness o S8031330: Refactor ObjectFactory o S8031335, CVE-2014-0459:
Better color profiling (in-tree LCMS) o S8031352, CVE-2013-6954: Enhance
PNG handling (in-tree libpng) o S8031394, CVE-2014-0457: (sl) Fix
exception handling in ServiceLoader o S8031395: Enhance LDAP processing o
S8032686, CVE-2014-2413: Issues with method invoke o S8033618,
CVE-2014-1876: Correct logging output o S8034926, CVE-2014-2397: Attribute
classes properly o S8036794, CVE-2014-0461: Manage JavaScript instances
*
Backports
o S8004145: New improved hgforest.sh, ctrl-c now properly
terminates mercurial processes. o S8007625: race with nested repos in
/common/bin/hgforest.sh o S8011178: improve common/bin/hgforest.sh python
detection (MacOS) o S8011342: hgforest.sh : 'python --version' not
supported on older python o S8011350: hgforest.sh uses non-POSIX sh
features that may fail with some shells o S8024200: handle hg wrapper with
space after #! o S8025796: hgforest.sh could trigger unbuffered output
from hg without complicated machinations o S8028388: 9 jaxws tests failed
in nightly build with java.lang.ClassCastException o S8031477: [macosx]
Loading AWT native library fails o S8032370: No "Truncated file" warning
from IIOReadWarningListener on JPEGImageReader o S8035834:
InetAddress.getLocalHost() can hang after JDK-8030731 was fixed
*
Bug fixes
o PR1393: JPEG support in build is broken on non-system-libjpeg
builds o PR1726: configure fails looking for ecj.jar before even trying to
find javac o Red Hat local: Fix for repo with path statting with / . o
Remove unused hgforest scriptSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0758-1 -- Security update for gnutlsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gnutlsGnuTLS has been patched to ensure proper parsing of session ids during the
TLS/SSL handshake. Additionally, three issues inherited from libtasn1 have
been fixed.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1827-1 -- Recommended update for gtk-vncSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gtk-vncThis update for gtk-vnc allows applications to configure
the key sequence to grab and release the console.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0410-1 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Mozilla FirefoxMozillaFirefox has been updated to the 17.0.3ESR release.
Important: due to compatibility issues, the Beagle plug-in
for MozillaFirefox is temporarily disabled by this update.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0774-1 -- Security update for xorg-x11-libsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libsxorg-x11-libs was patched to fix the following security issues:
* Integer overflow of allocations in font metadata file parsing.
(CVE-2014-0209)
* libxfont not validating length fields when parsing xfs protocol
replies. (CVE-2014-0210)
* Integer overflows causing miscalculating memory needs for xfs
replies. (CVE-2014-0211)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0288-1 -- Security update for flash-playerSUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10flash-playerAdobe Flash Player was updated to release 11.2.202.262,
fixing bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-OU-2014:0571-1 -- Optional OpenSSL 1.0 versions of cyrus-sasl, libcurl4 and libldapSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11compat-libldap-2_3-0libldap-2_4-2openldap2openldap2-back-metaopenldap2-clientlibldap-2_4-2-32bitThis update includes variants of existing libraries built
against OpenSSL 1.0.
As OpenSSL 0.8.9j and OpenSSL 1.0.1 are not binary
compatible, but have the same function names, care must be
taken that they are not loaded by the same program.
As some system libraries also link against libssl.so or
libcrypto.so, these need to be available in variants
linked against OpenSSL 1.0. These libraries are installed
below the /opt/suse/ directory hierarchy.
The version and the APIs of these "shadow" libraries are
exactly the same as the versions in the system, and so are
interchangeable.
For building your OpenSSL 1.0 enabled program, link using
the linkflags
-L/opt/suse/lib64 -Wl, -rpath, /opt/suse/lib64 (on 32bit
systems, use lib instead of lib64).
This update provides variants for the OpenLDAP2 client,
libcurl4 and cyrus-sasl libraries.
Additionally, two bugs have been fixed in openldap2
regarding IPv6 support:
* tls_checkpeer does not work with IPv6 address as
Subject Alternative Name. (bnc#862623)
* getaddrinfo does not return if ldap is used for host
lookups on IPv6 environments. (bnc#843697)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0713-1 -- Recommended update for smt-clientSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11smt-clientThis update for smt-client fixes the enforcement of http timeouts during
SSL handshakes. (bnc#876609)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0759-1 -- Security update for OpenSSLSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11OpenSSLOpenSSL was updated to fix several vulnerabilities:
* SSL/TLS MITM vulnerability. (CVE-2014-0224)
* DTLS recursion flaw. (CVE-2014-0221)
* Anonymous ECDH denial of service. (CVE-2014-3470)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1576-1 -- Security update for gpg2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gpg2This GnuPG update fixes two security issues:
* CVE-2013-4351: GnuPG treated no-usage-permitted keys
as all-usages-permitted.
* CVE-2013-4402: An infinite recursion in the
compressed packet parser was fixed.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0541-1 -- Security update for OpenSSLSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11OpenSSLOpenSSL has been updated to fix an attack on ECDSA Nonces.
Using the FLUSH+RELOAD Cache Side-channel Attack the Nonces
could have been recovered.
This update also ensures that the stack is marked
non-executable on x86 32bit (bnc#870192). On other
processor platforms it was already marked as
non-executable before.
Security Issue reference:
* CVE-2014-0076
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0581-1 -- Security update for a2psSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11a2psThe text to postscript converter a2ps received a security
update.
The fixps script did not call ghostscript with the -DSAFER
option, allowing command execution by attacker supplied
postscript files.
Security Issue reference:
* CVE-2014-0466
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0466
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0631-1 -- Security update for pamSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pamThis update changes the broken default behavior of
pam_pwhistory to not enforce checks when the root user
requests password changes. In order to enforce pwhistory
checks on the root user, the "enforce_for_root" parameter
needs to be set for the pam_pwhistory.so module.
This pam update fixes the following security and
non-security issues:
* bnc#870433: Fixed pam_timestamp path injection
problem (CVE-2014-2583)
* bnc#848417: Fixed pam_pwhistory root password
enforcement when resetting non-root user's passwordSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0140-1 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 Service Pack 2 kernel was
updated to 3.0.101 and also includes various other bug and
security fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0755-1 -- Recommended update for udevSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11udevThis collective update for udev provides the following fixes:
* udev: Increase result size for stdout. (bnc#867840).
* rules: Add cciss by-id links when using hpsa module. (bnc#858663)
* rules: Rewrite CPU/memory hotplug rules to make it more robust.
(bnc#849840)
* udevd: Add support for max_childs to cmdline. (bnc#837804)
* udevd: Limit the number of workers count to 16. (bnc#837804)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0784-1 -- Recommended update for sblim-cmpi-fsvolSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11sblim-cmpi-fsvolThis update for sblim-cmpi-fsvol fixes enumeration of file
systems mounted by unique ID (UUID=) or volume label
(LABEL=) in fstab(5). Previously, these mount points were
shown as disabled.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0164-1 -- Recommended update for mdadmSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mdadmThis update for mdadm provides many fixes and enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1363-1 -- Recommended update for libfprint and pam_fpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libfprintpam_fpThis update for libfprint and pam_fp adds support for the
new Validity fingerprint reader VFS495.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0643-1 -- Security update for lxcSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11lxcThe container framework LXC has been updated to fix various bugs and a
security issue:
* CVE-2013-6441: The sshd template allowed privilege escalation on the
host.
* SLES container time not aligned with host time (bnc#839653)
* SLES container boot takes ages (bnc#839663)
* lxc mounts /dev/pts with wrong options (bnc#869663)
Security Issues:
* CVE-2013-6441
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6441>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0529-1 -- Security update for strongswanSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11strongswanThe following security issue is fixed by this update:
* bnc#870572: strongswan has been updated to fix an
authentication problem where attackers could have bypassed
the IKEv2 authentication. (CVE-2014-2338)
Security Issue reference:
* CVE-2014-2338
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2338
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0663-1 -- Recommended update for yast2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2This update for YaST2 improves the check for a running chef-client to
avoid false positives.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0576-1 -- Security update for PythonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PythonPython was updated to fix a security issue in the
socket.recvfrom_into function, where data could be written
over the end of the buffer. (CVE-2014-1912)
Security Issue reference:
* CVE-2014-1912
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1912
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0374-1 -- Recommended update for ctagsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11ctagsThis update for ctags fixes an issue that could result in
the creation of corrupted TAGS files when running etags(1)
on large source repositories.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0760-1 -- Security update for glibcSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11glibcThis update for the GNU Lib C fixes security issues, some bugs and
introduces one new feature.
The following security issues have been fixed:
* CVE-2013-4357: Various potential stack overflows in getaddrinfo() and
others were fixed. (bnc#844309)
* CVE-2013-4458: A stack (frame) overflow in getaddrinfo() when called
with AF_INET6.
The following new feature has been implemented:
* On PowerLinux, a vDSO entry for getcpu() was added for possible
performance enhancements. (FATE#316816, bnc#854445)
The following issues have been fixed:
* Performance problems with threads in __lll_lock_wait_private and
__lll_unlock_wake_private. (bnc#836746)
* IPv6: Memory leak in getaddrinfo() when many RRs are returned.
(bnc#863499)
* Using profiling C library (-lc_p) can trigger a segmentation fault.
(bnc#872832)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0236-1 -- Recommended update for paprefsSUSE Linux Enterprise Desktop 11paprefsThis update fixes the missing options of paprefs and
pavucontrol programs due to incompatible module
directories for PulseAudio on SLE 11-SP1.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0289-1 -- Recommended update for halSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11halThis update for hal provides the following fixes and
enhancements:
* Do not install a signal handler on the forked hal
daemon before being able to properly handle it.
* Allow disabling storage device probing by setting
HALD_IGNORE_STORAGE to "yes" in /etc/sysconfig/hal.
* Do not kill the child when it takes too long to probe
devices, as it will only shutdown hald after the probe is
complete.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1789-1 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11timezoneThis update provides the latest timezone information for
your system. The changes in detail are:
* Update to version 2013h (bnc#850462): o Lybia has
switched back to UTC+2 o Western Sahara uses Morocco's DST
rules o Acre switches from UTC-4 to UTC-5 on Nov. 10th
* Define TM_GMTOFF and TM_ZONE like glibc did
(bnc#807624)
* Correct path expansion for local time link
(bnc#845530).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0076-1 -- Recommended update for ipmitoolSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11ipmitoolThis update for ipmitool provides the following fixes:
* Add an explicit requirement on insserv, fixing
installation problems on minimal environments. (bnc#852176)
* Implement the "status" operation in the ipmievd init
script. (bnc#854886)
* Fix pid file reference in ipmievd init script.
(bnc#854886)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1638-1 -- Security update for libtiffSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11libtiffThis tiff update fixes several security issues.
* bnc#834477: CVE-2013-4232 CVE-2013-4231: tiff: buffer
overflows/use after free problem
* bnc#834779: CVE-2013-4243: libtiff (gif2tiff):
heap-based buffer overflow in readgifimage()
* bnc#834788: CVE-2013-4244: libtiff (gif2tiff): OOB
Write in LZW decompressorSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0319-1 -- Security update for gnutlsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gnutlsThe GnuTLS library received a critical security fix and
other updates:
* CVE-2014-0092: The X.509 certificate verification had
incorrect error handling, which could lead to broken
certificates marked as being valid.
* CVE-2009-5138: A verification problem in handling V1
certificates could also lead to V1 certificates incorrectly
being handled.
Additionally a memory leak in PSK authentication has been
fixed (bnc#835760).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0757-1 -- Recommended update for yast2-samba-clientSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-samba-clientThis update for yast2-samba-client provides the following fixes:
* Remove CTDB crm resource hierarchy assumption. (bnc#813462)
* Fix standalone Active Directory join from a HA cluster. (bnc#865445)
* Fix handling of CTDB primitives containing hyphens.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0667-1 -- Security update for Linux KernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux KernelThe SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix the
following severe security issues:
*
CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c
in the Linux kernel through 3.14.3 does not properly handle error
conditions during processing of an FDRAWCMD ioctl call, which allows local
users to trigger kfree operations and gain privileges by leveraging write
access to a /dev/fd device. (bnc#875798)
*
CVE-2014-1738: The raw_cmd_copyout function in
drivers/block/floppy.c in the Linux kernel through 3.14.3 does not
properly restrict access to certain pointers during processing of an
FDRAWCMD ioctl call, which allows local users to obtain sensitive
information from kernel heap memory by leveraging write access to a
/dev/fd device. (bnc#875798)
*
CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in
the Linux kernel through 3.14.3 does not properly manage tty driver access
in the "LECHO & !OPOST" case, which allows local users to cause a denial
of service (memory corruption and system crash) or gain privileges by
triggering a race condition involving read and write operations with long
strings. (bnc#875690)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1058-2 -- Security update for gpg2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gpg2This update for gpg2 provides the following fixes:
* #780943: Set proper file permissions when
en/de-crypting files.
* #798465: Fix an issue that could cause corruption of
the public keys database. (CVE-2012-6085)
* #808958: Select proper ciphers when running in FIPS
mode.
Security Issue reference:
* CVE-2012-6085
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6085
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0375-1 -- Recommended update for multipath-toolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11multipath-toolsThis collective update for multipath-tools provides the
following fixes and enhancements:
* Blacklist HP Virtual devices. (bnc#862250)
* Save 'root_mpath' variable in mkinitrd. (bnc#854243)
* Remove trailing spaces from sysfs attributes.
(bnc#839593)
* Allow whitespaces in CLI commands. (bnc#846575)
* Set priority to '0' for PATH_BLOCKED or PATH_DOWN.
(bnc#831608)
* Update multipathd man page. (bnc#834871)
* Do not issue a table reload on every check.
(bnc#854244)
* Use RTPG data in RDAC checker. (bnc#854244)
* Reset timezone information on reconfigure.
(bnc#830511)
* Double uevent stacksize yet again. (bnc#855379)
* Do not fail discovery on individual devices.
(bnc#860850)
* Filter for missing property in get_refwwid.
(bnc#862250)
* Do not flush multipath tables on shutdown.
(bnc#854025)
* Prefer deprecated 'getuid' callout. (bnc#861534)
* Skip paths with empty wwid. (bnc#861534)
* Correctly terminate string in strlcpy(). (bnc#861534)
* Include defaults for HP P6300. (bnc#845987)
* Update NetApp defaults. (bnc#846662)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1265-1 -- Security update for wiresharkSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11wiresharkThis wireshark version update to 1.8.8 includes several
security and general bug fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1518-1 -- Recommended update for release-notes-sledSUSE Linux Enterprise Desktop 11release-notes-sledThis update for the Release Notes for SUSE Linux Enterprise
Desktop 11 SP3 provides the following changes:
* FreeRDP is going to replace rdesktop (bnc#836922, via
fate#311422)
* Migrating to SLE 11 SP3 using zypper (bnc#838463).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0238-1 -- Recommended update for fontconfigSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11fontconfigThis update for fontconfig fixes a segmentation fault when
handling empty strings in BDF font properties
(SETWIDTH_NAME or SPACING).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1831-1 -- Recommended update for blktraceSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11blktraceThis update for blktrace provides a fix for the following
issue:
If two instances of blktrace are executed on the same
device, one would fail to initialize and then tear down
the devices it was configured to use, even when they
weren't set up by that instance.
This could result in tearing down running traces, which
would end up leaving the debugfs files around without a
way to clean them up. Further instances of blktrace on
that device would fail.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0729-1 -- Recommended update for SUSE Linux Enterprise Desktop 11 SP3 manualsSUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 11 SP3 manualsThis update provides the latest version of the SUSE Linux Enterprise
Desktop 11 SP3 manuals, which brings fixes and enhancements in the
following areas:
* Supported Upgrade Paths to SLES 11-SP3. (bnc#839890)
* Btrfs compression function under development. (bnc#864606)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0312-1 -- Recommended update for sudoSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11sudoThis update for sudo provides the following fixes:
* Escape "sudo -i" and "sudo -s" command arguments to
prevent command line corruption. (bnc#823796)
* Adjust the sudoers(5) manual page to reflect
SUSE-specific changes. (bnc#823292)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1327-1 -- Recommended update for mkinitrdSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mkinitrdThis update for mkinitrd provides the following fixes:
* Add a udev rule to fix HyperV VM migration from
Windows 2008/2012 to Windows 2012R2 hosts
* Fix network configuration when using iBFT
* Do not add duplicate static IPs
* Recognize default network interface if more than one
is present.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0330-1 -- Recommended update for libopensslSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libopensslThis update brings various enhancements for OpenSSL:
*
IPv6 support was added to the openssl s_client and
s_server command line tool. (bnc#859228)
*
The openssl command line tool now checks certificates
by default against /etc/ssl/certs (this can be changed via
the -CApath option). (bnc#860332)
*
The Elliptic Curve Diffie-Hellman key exchange
selector was enabled and can be selected by kECDHE, kECDH,
ECDH tags in the SSL cipher string. (bnc#859924)
*
If an optional "openssl1" command line tool is
installed in parallel, c_rehash uses it to generate
certificate hashes in both OpenSSL 0 and OpenSSL 1 style.
This allows parallel usage of OpenSSL 0.9.8j and OpenSSL
1.x client libraries with a shared certificate store.
(bnc#862181)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0557-1 -- Recommended update for nfs-clientSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10nfs-clientThis update for the NFS support utilities (nfs-client,
nfs-kernel-server) enhances gssd to work with more than
1024 connections, respecting the 'nofile' resource limit.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0638-1 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Mozilla FirefoxThis Mozilla Firefox and Mozilla NSS update to 24.5.0esr fixes the
following several security and non-security issues:
* MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards
* MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG
images
* MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object
as XBL
* MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web
Notification API
* MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history
navigations
* MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while
resizing images
* MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver
Mozilla NSS has been updated to 3.16:
* required for Firefox 29
* CVE-2014-1492: In a wildcard certificate, the wildcard character
should not be embedded within the U-label of an internationalized domain
name. See the last bullet point in RFC 6125, Section 7.2.
* Update of root certificates.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0472-1 -- Recommended update for logrotateSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11logrotateThis update for logrotate fixes calling of
prerotate/postrotate scripts in nosharedscripts mode.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1144-2 -- Recommended update for LibreOfficeSUSE Linux Enterprise Desktop 11LibreOfficeLibreOffice 4.0 provides significant improvements mainly
in interoperability with Microsoft Office, and other areas.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0702-1 -- Security update for finchSUSE Linux Enterprise Desktop 11finchThe pidgin Instant Messenger has been updated to fix various security
issues:
* CVE-2014-0020: Remotely triggerable crash in IRC argument parsing
* CVE-2013-6490: Buffer overflow in SIMPLE header parsing
* CVE-2013-6489: Buffer overflow in MXit emoticon parsing
* CVE-2013-6487: Buffer overflow in Gadu-Gadu HTTP parsing
* CVE-2013-6486: Pidgin uses clickable links to untrusted executables
* CVE-2013-6485: Buffer overflow parsing chunked HTTP responses
* CVE-2013-6484: Crash reading response from STUN server
* CVE-2013-6483: XMPP doesn't verify 'from' on some iq replies
* CVE-2013-6482: NULL pointer dereference parsing SOAP data in MSN
* CVE-2013-6482: NULL pointer dereference parsing OIM data in MSN
* CVE-2013-6482: NULL pointer dereference parsing headers in MSN
* CVE-2013-6481: Remote crash reading Yahoo! P2P message
* CVE-2013-6479: Remote crash parsing HTTP responses
* CVE-2013-6478: Crash when hovering pointer over a long URL
* CVE-2013-6477: Crash handling bad XMPP timestamp
* CVE-2012-6152: Yahoo! remote crash from incorrect character encodingSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0670-1 -- Security update for fileSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11fileThe command line tool file(1) and its library libmagic have been updated
to fix the following issues:
* file(1) crashed when parsing some PE executables. (CVE-2014-2270,
bnc#866750)
* file(1) did not set return code on non-existing files. (bnc#863450)
Security Issue reference:
* CVE-2014-2270
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0671-1 -- Security update for flash-playerSUSE Linux Enterprise Desktop 11flash-playerAdobe flash-player was updated to version 11.2.202.359 to resolve several
security issues:
* Remote attackers could execute arbitrary code and bypass a sandbox
protection mechanism via unspecified vectors. (CVE-2014-0510)
* Remote attackers could bypass the Same Origin Policy via unspecified
vectors. (CVE-2014-0516)
* Bypass intended access restrictions via unspecified vectors.
(CVE-2014-0517, CVE-2014-0518, CVE-2014-0519, CVE-2014-0520)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0703-1 -- Recommended update for snapperSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11snapperThis update for snapper provides fixes for the following issues:
* A potential segmentation fault when snapper interacts with DBus.
(bnc#860119)
* File mode (setuid bit) was not restored after "undochange".
(bnc#862964)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0497-1 -- Security update for SambaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SambaThe Samba fileserver suite was updated to fix bugs and
security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0724-1 -- Security update for libpngSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libpngThis libpng update fixes the following two overflow security issues.
* bnc#873123: Fixed integer overflow that could have lead to a
heap-based buffer overflow in png_set_sPLT() and png_set_text_2()
(CVE-2013-7354).
* bnc#873124: Fixed integer overflow that could have lead to a
heap-based buffer overflow in png_set_unknown_chunks()
(CVE-2013-7353).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0714-1 -- Recommended update for open-iscsiSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11open-iscsiThis collective update for open-iscsi provides the following fixes:
* Init script now handles LVM stacked use of partitions. (bnc#867934)
* Fix init script module load logic, removing bogus "FATAL ..."
message when starting service. (bnc#867657)
* Removed problematic check_for_node_onboot() in mkinitrd setup
script. (bnc#834256)
* Update mkinitrd open-iscsi setup script to handle both root and
non-root iSCSI volumes, including iBFT. (bnc#834256, bnc#630434)
* Correctly regenerate initrd after update. (bnc#831934)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0024-1 -- Security update for SambaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SambaThis update fixes the following security issues with Samba:
* bnc#844720: DCERPC frag_len not checked
(CVE-2013-4408)
* bnc#853347: winbind pam security problem
(CVE-2012-6150)
* bnc#848101: No access check verification on stream
files (CVE-2013-4475)
And fixes the following non-security issues:
* bnc#853021: libsmbclient0 package description
contains comments
* bnc#817880: rpcclient adddriver and setdrive do not
set all needed registry entries
* bnc#838472: Client trying to delete print job fails:
Samba returns: WERR_INVALID_PRINTER_NAME
* bnc#854520 and bnc#849226: various upstream fixesSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1775-1 -- Recommended update for sg3_utilsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11sg3_utilsThis update for sg3_utils provides the following fixes:
* Add -f option to rescan-scsi-bus.sh to flush failed
multipath devices
* Add --export option to sg_inq for 61-msft.rules
* Fixup T10 Vendor designator display
* In rescan-scsi-bus.sh, check if the HBA driver
exports issue_lip in sysfs before using it.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0596-1 -- Security update for popplerSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11popplerThis update of poppler fixes the following vulnerabilities:
* CVE-2013-1788: Various invalid memory issues could be
used by attackers supplying PDFs to crash the PDF viewer or
potentially execute code.
* CVE-2013-1789: A crash in poppler could be used by
attackers providing PDFs to crash the PDF viewer.
* CVE-2013-1790: An uninitialized memory read could be
used by attackers providing PDFs to crash the PDF viewer.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1852-1 -- Security update for glibcSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11glibcThis update for glibc contains the following fixes:
* Fix integer overflows in malloc (CVE-2013-4332,
bnc#839870)
* Fix buffer overflow in glob (bnc#691365)
* Fix buffer overflow in strcoll (CVE-2012-4412,
bnc#779320)
* Update mount flags in <sys/mount.h> (bnc#791928)
* Fix buffer overrun in regexp matcher (CVE-2013-0242,
bnc#801246)
* Fix memory leaks in dlopen (bnc#811979)
* Fix stack overflow in getaddrinfo with many results
(CVE-2013-1914, bnc#813121)
* Don't raise UNDERFLOW in tan/tanf for small but
normal argument (bnc#819347)
* Properly cross page boundary in SSE4.2 implementation
of strcmp (bnc#822210)
* Fix robust mutex handling after fork (bnc#827811)
* Fix missing character in IBM-943 charset (bnc#828235)
* Fix use of alloca in gaih_inet (bnc#828637)
* Initialize pointer guard also in static executables
(CVE-2013-4788, bnc#830268)
* Fix readdir_r with long file names (CVE-2013-4237,
bnc#834594).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0047-1 -- Recommended update for lsscsiSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11lsscsiThis update for lsscsi provides the following fixes and
enhancements:
* Merge FC layout fixes.
* Print additional SAS information.
* Print additional FC information. (bnc#844851)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1151-1 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 Service Pack 2 kernel was
respun with the 3.0.80 update to fix a severe
compatibility problem with kernel module packages (KMPs)
like e.g. drbd.
An incompatible ABI change could lead to those modules not
correctly working or crashing on loading and is fixed by
this update.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0188-2 -- Security update for hplipSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11hpliphplip was updated to fix three security issues:
*
CVE-2013-0200: Some local file overwrite problems via
predictable /tmp filenames were fixed.
*
CVE-2013-4325: hplip used an insecure polkit DBUS API
(polkit-process subject race condition) which could lead to
local privilege escalation.
*
CVE-2013-6402: hplip uses arbitrary file
creation/overwrite (via hardcoded file name
/tmp/hp-pkservice.log).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0487-1 -- Security update for wiresharkSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11wiresharkWireshark was updated to version 1.8.13 to fix security and
stability issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0768-1 -- Recommended update for mkinitrdSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mkinitrdThis collective update for mkinitrd provides the following
fixes and enhancements:
* Skip static interfaces when configuring DHCP
interfaces. (bnc#755642)
* Handle moving ibft interface between interfaces and
subnets. (bnc#755642)
* Fix boot from mdraid on top of multipath devices.
(bnc#784613)
* Do not tell the user to refresh the bootloader when
generating the kdump initrd. (bnc#801984)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1497-1 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Mozilla FirefoxThis update to Firefox 17.0.9esr (bnc#840485) addresses:
* MFSA 2013-91 User-defined properties on DOM proxies
get the wrong "this" object o (CVE-2013-1737)
* MFSA 2013-90 Memory corruption involving scrolling o
use-after-free in mozilla::layout::ScrollbarActivity
(CVE-2013-1735) o Memory corruption in
nsGfxScrollFrameInner::IsLTR() (CVE-2013-1736)
* MFSA 2013-89 Buffer overflow with multi-column,
lists, and floats o buffer overflow at
nsFloatManager::GetFlowArea() with multicol, list, floats
(CVE-2013-1732)
* MFSA 2013-88 compartment mismatch re-attaching
XBL-backed nodes o compartment mismatch in
nsXBLBinding::DoInitJSClass (CVE-2013-1730)
* MFSA 2013-83 Mozilla Updater does not lock MAR file
after signature verification o MAR signature bypass in
Updater could lead to downgrade (CVE-2013-1726)
* MFSA 2013-82 Calling scope for new Javascript objects
can lead to memory corruption o ABORT: bad scope for new
JSObjects: ReparentWrapper / document.open (CVE-2013-1725)
* MFSA 2013-79 Use-after-free in Animation Manager
during stylesheet cloning o Heap-use-after-free in
nsAnimationManager::BuildAnimations (CVE-2013-1722)
* MFSA 2013-76 Miscellaneous memory safety hazards
(rv:24.0 / rv:17.0.9) o Memory safety bugs fixed in Firefox
17.0.9 and Firefox 24.0 (CVE-2013-1718)
* MFSA 2013-65 Buffer underflow when generating CRMF
requests o ASAN heap-buffer-overflow (read 1) in
cryptojs_interpret_key_gen_type (CVE-2013-1705)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0488-1 -- Recommended update for multipath-toolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11multipath-toolsThis update for multipath-tools fixes a potential
segmentation fault when reading multipath's configuration
file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1310-1 -- Security update for bindSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11bindA specially crafted query with malicious rdata could have
caused a crash (DoS) in named.
Security Issue reference:
* CVE-2013-4854
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4854
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0588-1 -- Recommended update for trousersSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11trousersTrousers would terminate with a segmentation fault when
trying to wrap a key longer than 2048 bits.
As this is not possible due to TPM size limitation, the key
length is now restricted to 2048 bits or less.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1058-1 -- Security update for gpg2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gpg2This update for gpg2 provides the following fixes:
* Set proper file permissions when en/de-crypting files
(bnc#780943)
* Fix an issue that could cause corruption of the
public keys database. (CVE-2012-6085, #798465)
* Select proper ciphers when running in FIPS mode
(bnc#808958)
Security Issue reference
* CVE-2012-6085
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6085
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0299-1 -- Recommended update for mkinitrdSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mkinitrdThis update for mkinitrd provides the following fixes:
* Fix waiting for multipath when using md on top of
multipath. (bnc#848293)
* Add support for two network interfaces in the iBFT.
(bnc#830968)
* Really include mmc_block driver. (bnc#480808)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0414-1 -- Security update for clamavSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11clamavThe antivirus scanner ClamAV has been updated to version
0.98.1, which includes the following fixes:
* Code quality fixes in libclamav, clamd, sigtool,
clamav-milter, clamconf, and clamdtop.
* Code quality fixes in libclamav, libclamunrar and
freshclam.
* bb #8385: a PDF ASCII85Decode zero-length fix.
* bb #7436: elf64 header early exit.
* libclamav: SCAN_ALL mode fixes.
* iso9660: iso_scan_file rewrite.
Version 0.98.1 also implements support for new file types,
and quality improvements, including Extraction,
decompression, and scanning of files within the Extensible
Archive (XAR)/Apple Disk Image (DMG) format, support for
decompression and scanning of files in the "Xz" compression
format.
Additionally, improvements and fixes were done to
extraction and scanning of OLE formats. An option to force
all scanned data to disk was added. Various improvements
to ClamAV configuration, support of third party libraries,
and unit tests were done.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0002-1 -- Security update for curlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11curlThis update fixes the following security issues with curl:
* bnc#849596: ssl cert checks with unclear behaviour
(CVE-2013-4545)
* bnc#810760: wrap tftp sequence number, fixes large
files transfer
Security Issue reference:
* CVE-2013-4545
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4545
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0685-1 -- Recommended update for release-notes-sledSUSE Linux Enterprise Desktop 11release-notes-sledThis update for the Release Notes for SUSE Linux Enterprise Desktop 11 SP3
provides the following changes:
* Cosmetic changes: delete now empty section; fix wording and typos.
(bnc#873438)
* New entry: X.Org: fbdev Used in UEFI Secure Boot Mode (ASpeed
Chipset). (FATE#314487)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0775-1 -- Security update for Linux KernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux KernelThe SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix a
critical privilege escalation security issue:
* CVE-2014-3153: The futex acquisition code in kernel/futex.c can be
used to gain ring0 access via the futex syscall. This could be used
for privilege escalation by non-root users. (bnc#880892)
Security Issue reference:
* CVE-2014-3153
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1808-1 -- Security update for OpenJDK 1.6SUSE Linux Enterprise Desktop 11OpenJDK 1.6OpenJDK 1.6 was updated to the new Icedtea release 1.12.7,
which includes many fixes for bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1574-1 -- Recommended update for iproute2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11iproute2This update for iproute2 provides fixes for the following
issues:
* VF spoofchk flag support missing in iproute2 although
supported by driver. (bnc#838349)
* VF information not shown by "ip link". (bnc#750550,
bnc#836972)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1153-1 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10Mozilla FirefoxMozilla Firefox has been updated to the 17.0.7 ESR version,
which fixes bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE Linux Enterprise Desktop 10 is installedSUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Desktop 10 is installed.Thomas R. JonesDRAFTJonathan BakerINTERIMACCEPTEDNicholas HansenINTERIMACCEPTEDChandan SINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSUSE Linux Enterprise Server 10 is installedSUSE Linux Enterprise Server 10SUSE Linux Enterprise Server 10 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDNicholas HansenINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10:serverSUSE-SU-2014:0318-1 -- Security update for libvirtSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libvirtThis update fixes the following one non-security and two
security issues with libvirt:
* bnc#817407: Fixing device assignment problem with
Broadcom 57810 NIC to Guest OS.
* bnc#857492: qemu job usage issue in several API
leading to libvirtd crash (CVE-2013-6458)
* bnc#858817: denial of service with keepalive
(CVE-2014-1447)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0005-1 -- Recommended update for ethtoolSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11ethtoolThis update for ethtool includes the following fixes and
enhancements:
* Recognize 20Gbps and 40Gbps link speed modes.
(bnc#838396)
* Fix dumping of registers on certain ixgbe network
cards. (bnc#848811)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0305-1 -- Recommended update for yast2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2This collective update for YaST2 provides the following
fixes:
* Fix /sbin/yast2 to start correctly in non UTF-8
environment. (bnc#827031)
* Fix misinterpretation of IPv6 prefixes when
converting to netmask. (bnc#837517)
* Warn the user if Chef could overwrite changes.
(bnc#803358)
* Check for Chef outside in the yast2 shell script to
catch modules not using CommandLine. (bnc#803358)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0689-1 -- Security update for RubySUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11RubyThis Ruby update fixes the following security issue:
* bnc#808137: Fixed entity expansion DoS vulnerability in REXML
(CVE-2013-1821).
Security Issue reference:
* CVE-2013-1821
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1821>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0401-1 -- Recommended update for starSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11starThis update fixes detection of gzip failures in star(1).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1774-1 -- Security update for XenSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11XenXEN has been updated to version 4.2.3 c/s 26170, fixing
various bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1313-1 -- Recommended update for GNOME Power ManagerSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11GNOME Power ManagerThis update for GNOME Power Manager provides the following
fixes:
* Implements synchronization with GNOME Screen Saver's
unlock dialog so that it can be serialized to pm-utils
hooks.
* The battery charge percentage printed in the "Device
Information" dialog and in the panel icon's tool tip is not
up to date.
* Turn off the monitor backlight on the lid-close event
to avoid a screen flicker in some machines.
* Fix the idle status in after waking up from S3/S4
when the screen lock is disabled explicitly.
* Fix the missing back light control for NVidia
graphics drivers.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1575-1 -- Recommended update for mcelogSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mcelogThis update for mcelog provides the following fixes and
enhancements:
* Support AMD family 15 CPUs and only bail out on AMD
processors of families above 15. (bnc#807336)
* Fix mcelog in virtual environments that virtualize
CPUs of type SandyBridge or newer, but do not support MSR
calls for extended (IMC) error messages. (bnc#827616)
* Add latest Haswell CPU models. (bnc#824707)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1261-1 -- Recommended update for NetworkManager-openvpnSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11NetworkManager-openvpnThe following issue has been fixed:
* #831378: NetworkManager applet missing SHA512 in VPN
HMAC authtification GUISergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1387-1 -- Recommended update for PulseAudioSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PulseAudioThis update for PulseAudio provides the following fixes:
* Silence noise when moving streams among sinks/sources
* Fix wrong extension check in parecord
* Fix poll event and mmap checks in ALSA backend
* Make bluetooth A2DP audio more robust under poor
radio conditions
* Fix corrupted sound on channel panning.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0691-1 -- Security update for curlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11curlThis curl update fixes the following security issues:
* bnc#868627: wrong re-use of connections (CVE-2014-0138).
* bnc#868629: IP address wildcard certificate validation
(CVE-2014-0139).
* bnc#870444: --insecure option inappropriately enforcing security
safeguard.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0622-1 -- Recommended update for suse-build-keySUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11suse-build-keyThe SUSE GPG signing keys that are used for repository
integrity checking have been extended to March 17th, 2018.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0302-1 -- Recommended update for btrfsprogsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11btrfsprogsThis update for btrfsprogs fixes udev's detection rule in
systems with LVM. This issue could prevent some file
systems from being mounted at boot time.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0605-1 -- Security update for flash-playerSUSE Linux Enterprise Desktop 11flash-playerThis flash-player update to version 11.2.202.356 fixes the
following critical security issue:
* bnc#875577: buffer overflow vulnerability that leads
to arbitrary code execution (CVE-2014-0515)
Adobe Security Bulletin (APSB14-13)
http://helpx.adobe.com/security/products/flash-player/apsb14
-13.html
<http://helpx.adobe.com/security/products/flash-player/apsb1
4-13.html>
Security Issue reference:
* CVE-2014-0515
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0515
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0418-1 -- Security update for MozillaFirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MozillaFirefoxMozilla Firefox was updated to 24.4.0ESR release, fixing
various security issues and bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0229-1 -- kernel update for SLE11 SP2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SLE11 SP2The SUSE Linux Enterprise 11 Service Pack 2 kernel was
updated to fix a regression introduced by the last update.
Regression fix:
- scsi_dh_alua: Incorrect reference counting in the SCSI
ALUA initialization code lead to system crashes on boot
(bnc#858831).
As the update introducing the regression was marked
security, this is also marked security even though this bug
is not security relevant.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1553-1 -- Recommended update for binutilsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11binutilsThis update for binutils provides the following:
* Add .gnu.warning.* sections also to shared libraries.
(bnc#830516)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0726-1 -- Recommended update for wgetSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11wgetThis update for wget implements checking of Subject Alternative Names in
SSL x509 certificates.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0046-1 -- Recommended update for grub2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11grub2This update for Grub2 provides the following fixes and
enhancements:
* UEFI/PXE fails with error "couldn't send network
packet". (bnc#841466)
* Disable kernel module loading in grub.efi if secure
boot is enabled. (bnc#852070)
* Misaligned stack could crash grub2 randomly.
(bnc#852055, bnc#841426)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0248-1 -- Security update for MozillaFirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MozillaFirefoxThis updates the Mozilla Firefox browser to the 24.3.0ESR
security release. The Mozilla NSS libraries are now on
version 3.15.4.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0082-1 -- Recommended update for dnsmasqSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11dnsmasqThis update for dnsmasq provides new utilities
dhcp_lease_time and dhcp_release.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0523-1 -- Security update for python-setuptoolsSUSE Linux Enterprise Desktop 11python-setuptoolsython-setuptools so far used only HTTP to retrieve
packages, which could have lead to man in the middle
attacks on newly installed python code.
This update adjusts it to use HTTPS, guaranteeing better
connection integrity.
Security Issue reference:
* CVE-2013-1633
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1633
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0359-1 -- Security update for ImageMagickSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11ImageMagickThe image converter program and library set of ImageMagick
received an update that fixes a buffer overflow when
handling PSD images.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0471-1 -- Security update for muttSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11muttThe mailreader mutt was updated to fix a security issue in
displaying mail headers, where a crafted e-mail could
cause a heap overflow, which in turn might be used by
attackers to crash mutt or potentially even execute code.
Security Issues references:
* CVE-2014-0467
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0467
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0699-1 -- Recommended update for hwinfoSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11hwinfoThis collective update for hwinfo provides fixes for the following issues:
* Incorrect dbus usage that could have resulted in a segmentation
fault. (bnc #870660)
* Incorrect memory size reported on Xen guests. (bnc #867915)
* Incomplete information about Intel 82599 network adapters. (bnc
#813172)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0621-1 -- Recommended update for x11-input-wacomSUSE Linux Enterprise Desktop 11x11-input-wacomThis updates provides a new version of X.Org's Wacom input
driver, fixing issues and bringing various enhancements:
* Fix namespace of non-static driver functions to not
conflict with other drivers.
* Make sure serial number is available for proximity
event logging.
* Fix the 'lost button event' issue when pen hits the
tablet too fast.
* Implement logging of events and fix up some of the
existing debug messages in the driver.
* Add new options to the wacom(4) man page.
(bnc#869431, bnc#860803, FATE#316712)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0690-1 -- Recommended update for crashSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11crashThis collective update for the Kdump stack provides the following fixes
and enhancements:
crash:
* Fix display of the CPU number in back traces on systems with more
than 255 cores. (bnc#847353)
* Add support for kernel dumps from systems with 46-bit addressing
enabled. (bnc#841145, FATE#316838)
* Fix NMI backtrace for kernels patched to handle nested NMIs.
(bnc#874179)
kdump:
* Unmount all filesystems prior to reboot. (bnc#849621)
* Provide per-filesystem mount points in kdump environment.
(bnc#839999)
* Add disable_cpu_apicid for BSP to the crash kernel commandline.
(bnc#861981)
* Add NOSPLIT flag to disable makedumpfile split mode. (bnc#854600)
* Add '-X' to makedumpfile when dumping a Xen host. (bnc#864910)
makedumpfile:
* Add support for kernel dumps on systems with 46-bit addressing
enabled. (bnc#841145, FATE#316838)
* Allow --dump-dmesg for Xen vmcores. (bnc#864910, bnc#829646)
* Fix creation of kernel dumps on Xen systems. (bnc#864910, bnc#829646)
* Calculate cyclic buffer size according to info->num_dumpfile.
(bnc#854600)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE Linux Enterprise Desktop 11.x is installedSUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 11.x is installed.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDSUSE Linux Enterprise Server 11.x is installedSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 11.x is installed.Maria KedovskayaDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDlibicu-32biticulibicu-doclibicugnu-efishimwpa_supplicantwpa_supplicant-guievolution-data-server-32bitevolution-data-server-langevolution-data-serverlibFLAC8-32bitlibFLAC++6libFLAC8perl-Test-Simpleperl-Module-Buildlibwsman1openwsman-serveropenwsman-clientcompat-openssl097g-32bitcompat-openssl097ggcc-gij-32bitgcc-localelibstdc++-devel-32bitgcc-c++libstdc++-develgcc-32bitcppgccgcc-infogcc-c++-32bitgcc-gijpsmisclibevent-1_4-2pesign-obs-integrationatyast2-countryyast2-country-datalibgphoto2-langlibgphoto2-32bitlibgphoto2grub2-x86_64-xennss_ldap-32bitgpgmelibgpgme11grub2-x86_64-xennet-snmpbash-docavahi-monolibavahi-common3-32bitlibavahi-glib1libavahi-client3libdns_sdlibavahi-ui0avahi-utilsavahilibavahi-glib1-32bitlibavahi-core5libdns_sd-32bitlibavahi-gobject0avahi-langlibavahi-common3libavahi-client3-32bitprocmailnss_ldap-32bitnss_ldapaaa_base-11zipreadline-develreadline-devel-32bitlibreadline5-32bitreadline-docreadline-32bitlibreadline5bashreadlinebash-docyast2-corepesign-obs-integrationrng-toolslibpulse-mainloop-glib0-32bitperl-Sys-Virtlibgcrypt11-32bitlibgcrypt11ppplibpulse-mainloop-glib0-32bitrpm-pythongpg2-langdbus-1dbus-1-32bitdbus-1-x11lvm2cpupowerperlperl-docperl-32bitperl-basedhcpkernel-bigsmp-basekernel-bigsmp-develoracleasm-kmp-bigsmpofed-kmp-bigsmpkernel-bigsmpiscsitarget-kmp-bigsmpgnome-packagekitgnome-packagekit-langmdadmyast2-country-datayast2-countrylibqt4-sql-postgresql-32bitlibqt4-sqlqt4-x11-toolslibqt4-sql-mysqllibqt4-x11libqt4-sql-unixODBC-32bitlibQtWebKit4-32bitlibqt4-sql-unixODBClibqt4-qt3support-32bitlibqt4-sql-sqlitelibqt4libqt4-sql-mysql-32bitlibqt4-qt3supportlibQtWebKit4libqt4-32bitlibqt4-x11-32bitlibqt4-sql-sqlite-32bitlibqt4-sql-32bitlibqt4-sql-postgresqlvirt-utilsntpntp-docxalan-j2biosdevnameekiga-langekigatsclienttsclient-langspacewalk-client-setupspacewalk-client-toolsspacewalk-checksuseRegisterInforhnlibdhcplibtasn1-3-32bitlibtasn1-3libtasn1metacitymetacity-langopenssh-askpass-gnomenfs-clientnfs-kernel-servernfs-docmicrocode_ctltimezone-javatimezoneacroread-cmapsacroread-fonts-koacroread-fonts-zh_TWacroread-fonts-jaacroread-fonts-zh_CNpostgresql-serverpostgresql-contribpostgresqlpostgresql-docssamba-32bitlibwbclient0-32bitsamba-krb-printinglibtdb1ldapsmblibsmbclient0-32bitsambasamba-client-32bitlibtdb1-32bitsamba-winbind-32bitlibsmbclient0libwbclient0nfs-clientModemManagerlibgphoto2libgphoto2-langlibgphoto2-32bitaaa_baseflash-player-gnomeflash-player-kde4libv4lconvert0-32bitlibv4l1-0-32bitlibv4l1-0libv4l2-0-32bitgstreamer-0_10-plugins-v4llibv4llibv4l2-0libv4lconvert0audit-libs-pythonaudit-audispd-pluginspython-ethtoolkdirstatlibgio-2_0-0libgthread-2_0-0-32bitlibgio-famlibgthread-2_0-0libgmodule-2_0-0-32bitlibgio-2_0-0-32bitglib2-langlibglib-2_0-0-32bitlibgobject-2_0-0libgobject-2_0-0-32bitlibgmodule-2_0-0libglib-2_0-0libkde4-32bitkdelibs4-doclibkde4libkdecore4libkdecore4-32bitkdelibs4kdelibs4-corenovell-ui-basenovell-qtgui-clinovell-qtguilibreoffice-icon-themeslibreoffice-l10n-sklibreoffice-help-gu-INlibreoffice-l10n-kolibreoffice-help-jalibreoffice-help-itlibreoffice-help-en-GBlibreoffice-l10n-dalibreoffice-l10n-filibreoffice-help-cslibreoffice-l10n-zh-TWlibreoffice-l10n-calibreoffice-help-nllibreoffice-l10n-itlibreoffice-l10n-en-GBlibreoffice-help-hulibreoffice-l10n-nllibreoffice-help-eslibreoffice-help-ptlibreoffice-base-drivers-postgresqllibreoffice-base-extensionslibreoffice-help-dalibreoffice-l10n-aflibreoffice-l10n-gu-INlibreoffice-help-hi-INlibreoffice-filters-optionallibreoffice-help-frlibreoffice-l10n-svlibreoffice-help-delibreoffice-l10n-eslibreoffice-l10n-xhlibreoffice-l10n-pt-BRlibreoffice-help-kolibreoffice-gnomelibreoffice-l10n-zulibreoffice-l10n-zh-CNlibreoffice-impress-extensionslibreoffice-l10n-pllibreoffice-help-svlibreoffice-l10n-hi-INlibreoffice-help-rulibreoffice-l10n-nblibreoffice-l10n-cslibreoffice-l10n-jalibreoffice-monolibreoffice-help-pllibreoffice-l10n-frlibreoffice-l10n-nnlibreoffice-officebeanlibreoffice-writer-extensionslibreoffice-l10n-delibreoffice-l10n-ptlibreoffice-l10n-hulibreoffice-l10n-arlibreoffice-mailmergelibreoffice-help-zh-TWlibreoffice-help-en-USlibreoffice-l10n-rulibreoffice-calc-extensionslibreoffice-help-zh-CNlibreoffice-help-pt-BRlibreoffice-kde4libreoffice-kdelibreoffice-draw-extensionssysconfigpostgresql91-docspostgresql91-serverlibpq5postgresql91-contriblibpq5-32bitpostgresql91libecpg6telepathy-gabblesupportutilslibfreebl3-32bitmozilla-nspr-32bitMozillaFirefoxMozillaFirefox-translationslibfreebl3mozilla-nss-toolsmozilla-nss-32bitlibcurl4libcurl4-32bitlibtiff-32bitlibtiff3-32bittifflibtiff-devel-32bitlibtiff3liblzo2-2-32bitliblzo2-2NetworkManagerNetworkManager-glibkdumpmultipath-toolslibopenssl0_9_8-32bitlibopenssl0_9_8-hmacopenssl-doclibopenssl0_9_8-hmac-32bitlibopenssl0_9_8xorg-x11-server-extraxorg-x11-XvncMesa-32bitMesatardeltarpmlibcurl4-32bitcompat-curl2-32bitlibcurl4compat-curl2libzypplibMagickWand1libMagick++1libMagickCore1libMagickCore1-32bitxorg-x11-libs-32bitNetworkManager-pptpNetworkManager-pptp-gnomedhcp-serverdhcp-relaydhcp-clientdhcplibpurple-meanwhilelibpurple-langnautilusnautilus-32bitnautilus-langxrdpyast2bindjava-1_6_0-openjdkjava-1_6_0-openjdk-develjava-1_6_0-openjdk-demomysql-toolslibmysqlclient_r15mysql-clientlibmysqlclient_r15-32bitlibmysqlclient15-32bitlibmysqlclient15mysql-Maxflash-player-gnomeflash-player-kde4puppet-serverpuppetlibvirt-client-32bitlibvirt-docjava-1_6_0-openjdk-develjava-1_6_0-openjdkjava-1_6_0-openjdk-demokernel-trace-extrakernel-default-basekernel-ec2kernel-ec2-develkernel-symskernel-trace-develkernel-xen-extrakernel-pae-develkernel-pae-extrakernel-ec2-basekernel-trace-basekernel-xen-basexen-kmp-tracekernel-default-extrakernel-tracekernel-defaultkernel-default-develkernel-pae-basexen-kmp-defaultkernel-paezypperlibzyppzypper-logatftptftplibxml2-devellibxml2-32bitlibxml2-devel-32bitlibxml2-docrsh-serverrshflash-player-gnomeflash-player-kde4timezone-javatimezonepam_apparmortomcat_apparmorperl-apparmorlibapparmor1-32bitlibapparmor1pam_apparmor-32bitirqbalancepuppet-serverpuppetempathy-langempathyxorg-x11-libXvxorg-x11-libXv-32bitxorg-x11-libXv-develgdm-langgdm-branding-upstreamgdmlibgnutls26libgnutls26-32bitlibgnutls-extra26libqscintilla2-5satsolver-toolszypper-logzypp-plugin-spacewalkzypperlibzyppperl-satsolverpython-satsolverxorg-x11-server-extraxorg-x11-Xvncjava-1_6_0-openjdkjava-1_6_0-openjdk-develjava-1_6_0-openjdk-demostrongswanstrongswan-docxen-doc-pdfxen-toolsxen-kmp-paexen-tools-domUxen-kmp-defaultxen-doc-htmlxen-libs-32bitcoreutils-langcoreutilstomboy-langtomboyrxvt-unicodelibudev0libudev0-32bitlibgudev-1_0-0libgudev-1_0-0-32bityast2-networkevolution-langevolutionevolution-pilotxorg-x11-libXvxorg-x11-libXv-32bitorca-langorcaopenmotif-libsopenmotif-libs-32bitlibvirt-client-32bitlibvirt-doclibfuse2fuseMozillaFirefox-translationsMozillaFirefoxgvfs-backendsgvfs-langgvfslibgvfscommon0gvfs-fusegstreamer-0_10-plugins-good-docgstreamer-0_10-plugins-good-langgstreamer-0_10-plugins-v4lgstreamer-0_10-plugins-goodlibgudev-1_0-0-32bitlibgudev-1_0-0libudev0-32bitlibudev0timezonetimezone-javaxorg-x11-libs-32bitlibxslt-devel-32bitlibxslt-32bitkdmkdebase4-workspacekde4-kgreeter-pluginskdebase4-workspace-ksysguarddkdebase4-wallpaperskwinkrb5-develkrb5-devel-32bitkrb5-apps-serverskrb5-clientkrb5-32bitkrb5-apps-clientslibvirt-client-32bitlibvirt-docxorg-x11-libXt-32bitxorg-x11-libXtcronyast2-kdumpgnome-system-monitor-langlibgtop-2_0-7libgtop-docgnome-system-monitorlibgtoplibgtop-langrpmpoptrpm-32bitpopt-32bitpython-dmidecodepcsc-cyberjackgnome-session-langgnome-bluetoothgnome-bluetooth-langlibgnome-bluetooth7ctapi-cyberjack-32bitctapi-cyberjackpcsc-cyberjackxorg-x11-libxcb-32bitxorg-x11-libxcb-develxorg-x11-libxcblibnetcontrol0-32bitlibnetcontrol0java-1_7_0-openjdk-develjava-1_7_0-openjdkjava-1_7_0-openjdk-demoxorg-x11-libXrenderxorg-x11-libXrender-32bittimezonetimezone-javayelpyelp-langlibmysqlclient15-32bitlibmysql55client_r18libmysql55client18-32bitmysql-toolslibmysqlclient_r15-32bitlibmysql55client_r18-32bitlibmysqlclient_r15libmysqlclient15mysql-clientlibmysql55client18pam_krb5pam_krb5-32bitperl-Bootloaderopenssl-certsxorg-x11-libXp-32bitxorg-x11-libXp-develxorg-x11-libXpyast2-backupsupportutilslibpcap0libpcap0-32bitkinfocenterkfindkwritekeditbookmarksdolphinkdialoglibkonq5kdepasswdkdebase4-libkonqkdebase4-nspluginkonsolekdebase4konquerorruby-tkruby-doc-htmllibgudev-1_0-0libudev0-32bitlibudev0libgudev-1_0-0-32bitwireshark-devellibtspi1libtspi1-32bittrousersxorg-x11-libXt-develxorg-x11-libXt-32bitxorg-x11-libXtyast2-networkkrb5-apps-serverskrb5-32bitkrb5-plugin-kdb-ldapkrb5-plugin-preauth-pkinitkrb5-apps-clientskrb5-clientrelease-notes-sledyast2-wagonvm-installyast2-storageyast2-storage-libopenvpnopenvpn-auth-pam-pluginkdm-branding-SLEDkio_sysinfokdebase4-runtime-branding-SLEDkdebase4-SLED-langkdelibs4-branding-SLEDkio_sysinfo-branding-SLEDkdebase4-workspace-branding-SLEDkdebase4-SLEDyast2-mailyast2-mail-pluginsjava-1_7_0-openjdkjava-1_7_0-openjdk-demojava-1_7_0-openjdk-develliblcms2-2lcms2telepathy-idlepure-ftpdopenssh-askpassopensshpostfixpostfix-mysqlpostfix-docxorg-x11-libXext-develxorg-x11-libXextxorg-x11-libXext-32bitkrb5-plugin-preauth-pkinitkrb5-apps-serverskrb5krb5-32bitkrb5-plugin-kdb-ldapkrb5-dockrb5-clientkrb5-apps-clientskrb5-servereliloyast2-ldap-clientlibdrmlibdrm-32bitMesa-32bitxorg-x11-driver-videoMesalibtalloc1libsmbclient0-32bitlibsmbclient0libtalloc2-32bitlibwbclient0-32bitsamba-krb-printinglibtalloc1-32bitlibtdb1libwbclient0libtdb1-32bitlibtevent0samba-32bitldapsmblibtalloc2samba-client-32bitsambalibldb1-32bitlibtevent0-32bitlibldb1samba-winbind-32bitxen-kmp-tracepostfix-docpostfixpostfix-mysqlyast2-soundxen-kmp-paexen-libs-32bitxen-tools-domUxen-toolsxen-doc-htmlxen-doc-pdfxorg-x11-libXp-32bitxorg-x11-libXpxorg-x11-libXfixesxorg-x11-libXfixes-32bitxorg-x11-libXfixes-develgnome-session-langgnome-sessionncpfsncpfs-32bitkdumpxkeyboard-configopen-iscsiacroread-fonts-jaacroread-cmapsacroread-fonts-zh_CNacroread-fonts-koacroread-fonts-zh_TWacroread_jaxorg-x11-libX11-develxorg-x11-libX11xorg-x11-libX11-32bitlibuuid-devellibblkid1-32bitutil-linuxlibblkid1libuuid1util-linux-langlibuuid1-32bituuid-runtimeyast2-networkstrongswan-docstrongswanruby-doc-htmlruby-tkgstreamer-0_10-plugins-good-docgstreamer-0_10-plugins-v4lgstreamer-0_10-plugins-goodgstreamer-0_10-plugins-good-langxorg-x11-libX11xorg-x11-libX11-32bitsuseRegistercabextractkernel-firmwarekdumplibwebkit-1_0-2libwebkit-langgnutls-32bitgnutls-devel-32bitgnutls-develxen-kmp-tracekernel-trace-extrapython-baselibpython2_6-1_0python-demopython-base-32bitlibpython2_6-1_0-32bitpython-cursespython-tkpython-xmlpython-idlepython-gdbmpython-32bitlibpixman-1-0-devellibpixman-1-0-32bitlibpixman-1-0xorg-x11-libXrenderxorg-x11-libXrender-develxorg-x11-libXrender-32bitmozilla-nss-develmozilla-nspr-develmozilla-nspr-32bitvirt-managerbraserolibbrasero-burn0brasero-langlibbrasero-media0grubpmtoolsopenldap2-back-metaopenldap2libldap-2_4-2-32bitcompat-libldap-2_3-0libldap-2_4-2openldap2-clientflash-player-kde4flash-player-gnomebindlibgnutls26libgnutls-extra26libgnutls26-32bitpuppetpuppet-serverlibqt4-sql-postgresql-32bitlibqt4-sql-postgresqllibqt4-32bitlibqt4-sqlqt4-x11-toolslibqt4-sql-mysqllibqt4-x11libqt4-sql-unixODBC-32bitlibQtWebKit4-32bitlibqt4-sql-sqlitelibqt4-qt3supportlibqt4-sql-mysql-32bitlibqt4-qt3support-32bitlibqt4-sql-32bitlibqt4-sql-unixODBClibQtWebKit4libqt4-sql-sqlite-32bitlibqt4-x11-32bitlibqt4perl-Bootloaderyast2-bootloaderlibgthread-2_0-0glib2-langlibgmodule-2_0-0libglib-2_0-0libglib-2_0-0-32bitlibgio-famlibgobject-2_0-0libgthread-2_0-0-32bitlibgio-2_0-0-32bitlibgio-2_0-0libgmodule-2_0-0-32bitlibgobject-2_0-0-32bitmokutilaugeas-lenseslibaugeas0augeaslibpq5-32bitlibpq5postgresql91-serverpostgresql91postgresql91-contribpostgresql91-docslibecpg6aidekernel-default-extrakernel-trace-develkernel-xen-extrakernel-defaultkernel-paexen-kmp-paekernel-symskernel-pae-develxen-kmp-defaultkernel-trace-basekernel-xen-basekernel-default-basekernel-ec2-develkernel-tracekernel-pae-basekernel-default-develkernel-ec2-basekernel-pae-extrakernel-ec2yast2-pkg-bindingslibzyppzypper-logzyppermultipath-toolsperl-libapparmorapparmor-parserapache2-mod_apparmorlibapparmor1apparmor-utilstomcat_apparmorapparmor-docspam_apparmorperl-apparmorlibapparmor1-32bitpam_apparmor-32bitxorg-x11-libXfixesxorg-x11-libXfixes-32bitlibvirt-client-32bitlibvirt-doclibtalloc2libtevent0-32bitlibwbclient0libldb1libsmbclient0libtalloc2-32bitlibtalloc1-32bitsamba-client-32bitsamba-32bitlibtdb1-32bitlibldb1-32bitsamba-krb-printinglibwbclient0-32bitsambalibtdb1samba-winbind-32bitldapsmblibsmbclient0-32bitlibtevent0libtalloc1kernel-pae-basekernel-xen-extrakernel-ec2kernel-tracekernel-trace-extrakernel-default-extrakernel-pae-develkernel-symskernel-trace-basekernel-pae-extrakernel-ec2-develkernel-default-basekernel-ec2-basexen-kmp-tracekernel-defaultxen-kmp-defaultkernel-default-develkernel-xen-basekernel-paekernel-trace-develaudit-libsaudit-libs-32bitauditsysstat-isagsysstatlibdrm-32bitlibdrminkscape-langinkscape-extensions-extrainkscape-extensions-diainkscape-extensions-figinkscape-extensions-gimpinkscapekshksh-develtimezone-javatimezonelibgudev-1_0-0-32bitlibgudev-1_0-0libudev0libudev0-32bitSUSE_SLED-SP3-migrationSUSE_SLES-SP3-migrationxinetdcheckmediapidgin-otrkernel-tracekernel-xen-extrakernel-ec2kernel-trace-basekernel-ec2-develkernel-defaultkernel-xen-basekernel-pae-extrakernel-pae-develkernel-default-extrakernel-ec2-basekernel-paekernel-default-basekernel-symskernel-default-develkernel-pae-basekernel-trace-develflash-player-kde4flash-player-gnomemicrocode_ctltcshpython-pywbembeagle-langrpcbindsblim-sfcbgimp-plugins-pythongimp-langgimprelease-notes-sledlibssh2python-m2cryptolibgcrypt11libgcrypt11-32bitlibglib-2_0-0libgio-2_0-0glib2-langglib2-doclibgthread-2_0-0libgthread-2_0-0-32bitlibgmodule-2_0-0-32bitlibgmodule-2_0-0libglib-2_0-0-32bitglib2libgio-2_0-0-32bitlibgobject-2_0-0glib2-devellibgio-famlibgobject-2_0-0-32bitsupportutilspuppetpuppet-servervinovino-langpython-qt4python-siptimezone-javatimezonezypper-loglibzyppzypperlibvirt-client-32bitlibvirt-docjava-1_7_0-openjdk-develjava-1_7_0-openjdkjava-1_7_0-openjdk-demoperl-SNMPlibsnmp15libsnmp15-32bitsnmp-mibsnet-snmpman-pagespython-lxmlxorg-x11-libXext-32bitxorg-x11-libXextmailxpython-cursespython-gdbmpython-32bitpython-tklibpython2_6-1_0python-basepython-idlepython-base-32bitpython-demolibpython2_6-1_0-32bitpython-xmlgziplibxml2-pythonlibxml2-32bitlibxml2-doclibxml2libzypplibgaduperl-SNMPsnmp-mibslibsnmp15-32bitlibsnmp15net-snmpcpupoweropenssl-certssles-tuning_en-pdfsles-installquick_en-pdfsles-security_en-pdfsles-storage_en-pdfsles-xen_en-pdfsles-autoyast_en-pdfsles-lxcquick_en-pdfsles-admin_en-pdfsles-kvm_en-pdfsles-deployment_en-pdfsle-audit-quick_en-pdfsles-manuals_ensle-apparmor-quick_en-pdfsles-hardening_en-pdfkvmmicrocode_ctlxml-commonsxml-commons-apisxen-doc-pdfxen-doc-htmlxen-toolsxen-tools-domUxen-kmp-defaultxen-kmp-paexen-libs-32bitsg3_utilsmono-data-sybasemono-data-postgresqlmono-locale-extrasmono-data-oraclemono-data-firebirdmono-webmonodoc-coremono-wcfibm-data-db2mono-corebytefx-data-mysqlmono-winformsmono-develmono-jscriptmono-nunitmono-data-sqlitemono-extrasmono-dataautoyast2-installationautoyast2xorg-x11-libs-32bitxorg-x11-develpuppet-serverpuppetlibmysqlclient_r15libmysql55client_r18-32bitmysqllibmysqlclient_r15-32bitlibmysql55client18-32bitmysql-clientlibmysqlclient15-32bitlibmysql55client18mysql-toolslibmysqlclient15libmysql55client_r18autofsicedtea-webmicrocode_ctltimezone-javatimezonespacewalk-checkrhnlibspacewalk-client-toolsspacewalk-client-setuplinux-kernel-headerszypp-plugin-spacewalkspacewalk-checkspacewalk-client-toolsspacewalk-client-setuplibxslt-devel-32bitlibxslt-devellibxslt-32bitlibxsltMozillaFirefox-translationslibfreebl3MozillaFirefoxlibsoftokn3mozilla-nss-32bitlibsoftokn3-32bitmozilla-nss-toolslibfreebl3-32bitxorg-x11-serverxorg-x11-server-extraxorg-x11-Xvnclibcurl4libcurl4-32bitpython-dmidecodespacewalk-checkspacewalk-client-setupzypp-plugin-spacewalkspacewalk-client-toolsrhnlibcups-libs-32bitcups-clientcups-libscupsxorg-x11-driver-inputnfs-docnfs-kernel-servernfs-clientfacteracroread-cmapsacroread-fonts-zh_CNacroread-fonts-jaacroread-fonts-koacroread-fonts-zh_TWacroreadlibpixman-1-0-32bitlibpixman-1-0compat-wireless-kmp-xencompat-wireless-kmp-defaultcompat-wireless-kmp-paelibkdecore4kdelibs4-corelibkde4-32bitkdelibs4-doclibkdecore4-32bitkdelibs4libkde4pwlibpwlib-plugins-v4l2pwlib-plugins-dcpwlib-plugins-avcflash-player-kde4flash-player-gnomezshlibstdc++6-32bitlibgcc_s1-32bitlibgomp1libstdc++6libgcc_s1libgomp1-32bitjava-1_7_0-openjdk-demojava-1_7_0-openjdkjava-1_7_0-openjdk-devellibgnutls26-32bitlibgnutls-extra26libgnutls26libgtk-vnc-1_0-0python-gtk-vncbeagle-guilibfreebl3libfreebl3-32bitMozillaFirefoxbeaglemozilla-nspr-32bitmozilla-nss-toolsmhtml-firefoxbeagle-langbeagle-firefoxmozilla-nss-32bitbeagle-evolutionMozillaFirefox-translationsxorg-x11-libsxorg-x11-libs-32bitflash-player-kde4flash-player-gnomeopenldap2-clientlibldap-2_4-2-32bitcompat-libldap-2_3-0openldap2libldap-2_4-2openldap2-back-metasmt-clientlibopenssl0_9_8-32bitlibopenssl0_9_8-hmac-32bitopenssl-doclibopenssl0_9_8-hmaclibopenssl0_9_8gpg2-langa2pspampam-docpam-32bitlibudev0udevlibudev0-32bitlibgudev-1_0-0libgudev-1_0-0-32bitsblim-cmpi-fsvolmdadmpam_fppam_fp-32bitlibfprint0libfprint0-32bitlxcstrongswanstrongswan-docyast2pythonpython-develpython-xmlpython-gdbmpython-doc-pdfpython-base-32bitpython-32bitpython-demolibpython2_6-1_0libpython2_6-1_0-32bitpython-idlepython-cursespython-tkpython-docpython-basectagspaprefspavucontrolhal-32bithalhal-doctimezonetimezone-javaipmitooltifflibtiff-32bitlibtifflibtiff3libtiff3-32bitlibtiff-devel-32bitlibtiff-devellibgnutls26libgnutls26-32bitlibgnutls-extra26gnutlsyast2-samba-clientrelease-notes-sledfontconfigfontconfig-32bitblktracesled-tuning_en-pdfsled-admin_en-pdfsled-security_en-pdfsled-deployment_en-pdfsled-manuals_ensled-xen_en-pdfsled-libreofficequick_en-pdfsled-kdeuser_en-pdfsled-gnomequick_en-pdfsled-kdequick_en-pdfsled-gnomeuser_en-pdfsled-installquick_en-pdfsled-apps_en-pdfsudomkinitrdlibopenssl0_9_8libopenssl0_9_8-hmac-32bitopenssl-doclibopenssl0_9_8-hmaclibopenssl0_9_8-32bitopensslnfs-kernel-servernfs-docnfs-utilsnfs-clientmozilla-nss-32bitlibsoftokn3-32bitMozillaFirefoxmozilla-nss-toolsmozilla-nspr-32bitMozillaFirefox-translationslibfreebl3-32bitlibsoftokn3libfreebl3logrotatelibreoffice-l10n-ptlibreoffice-l10n-svlibreoffice-l10n-arlibreoffice-l10n-xhlibreoffice-l10n-zulibreoffice-help-rulibreoffice-help-kolibreoffice-branding-SLEDlibreoffice-help-eslibreoffice-help-svlibreoffice-languagetool-itlibreoffice-help-cslibreoffice-help-itlibreoffice-l10n-gu-INlibreoffice-mathlibreoffice-l10n-hi-INlibreoffice-l10n-zh-TWlibreoffice-l10n-filibreoffice-icon-themeslibreoffice-filters-optionallibreoffice-help-zh-TWlibreoffice-draw-extensionslibreoffice-help-delibreoffice-l10n-calibreoffice-l10n-nnlibreoffice-mailmergelibreoffice-l10n-jalibreoffice-help-nllibreoffice-impress-extensionslibreoffice-help-hi-INlibreoffice-languagetool-frlibreoffice-l10n-pllibreoffice-help-en-GBlibreoffice-help-gu-INlibreoffice-kdelibreoffice-pyunolibreoffice-languagetool-enlibreoffice-languagetool-eslibreoffice-help-zh-CNlibreoffice-l10n-nblibreoffice-languagetool-nllibreoffice-help-pt-BRlibreoffice-l10n-en-GBlibreoffice-l10n-frlibreoffice-monolibreoffice-l10n-delibreoffice-calclibreoffice-baselibreoffice-officebeanlibreoffice-writer-extensionslibreoffice-l10n-kolibreoffice-help-ptlibreoffice-l10n-dalibreoffice-l10n-cslibreoffice-impresslibreoffice-languagetool-delibreoffice-help-hulibreoffice-l10n-eslibreoffice-l10n-sklibreoffice-languagetoollibreoffice-l10n-rulibreoffice-kde4libreoffice-drawlibreoffice-l10n-nllibreoffice-gnomelibreoffice-calc-extensionslibreoffice-help-jalibreoffice-base-extensionslibreoffice-l10n-itlibreoffice-writerlibreoffice-languagetool-pllibreoffice-l10n-aflibreoffice-languagetool-svlibreofficelibreoffice-l10n-hulibreoffice-l10n-pt-BRlibreoffice-l10n-zh-CNlibreoffice-help-en-USlibreoffice-help-frlibreoffice-base-drivers-postgresqllibreoffice-help-dalibreoffice-help-plfinchlibpurple-langpidginlibpurple-tcllibpurple-meanwhilelibpurplefilefile-32bitflash-player-kde4flash-player-gnomesnapper-zypp-pluginsnapperlibsnapper2libtevent0-32bitsamba-client-32bitlibldb1-32bitlibwbclient0libldb1libsmbclient0-32bitsambalibsmbclient0libtdb1-32bitlibtevent0samba-krb-printinglibwbclient0-32bitldapsmbsamba-32bitlibtdb1samba-winbind-32bitlibtalloc2libtalloc2-32bitlibpng12-0libpng12-0-32bitopen-iscsisamba-krb-printinglibtdb1libtalloc1-32bitsamba-32bitldapsmblibtalloc1libtevent0-32bitsambalibsmbclient0-32bitlibtalloc2samba-docsamba-winbindlibldb1samba-winbind-32bitsamba-clientlibtevent0libwbclient0libldb1-32bitlibwbclient0-32bitlibtalloc2-32bitlibsmbclient0libtdb1-32bitsamba-client-32bitsg3_utilslibpoppler-qt4-3libpoppler5poppler-toolslibpoppler-glib4glibc-locale-32bitglibc-32bitglibcglibc-infoglibc-profileglibc-i18ndatanscdglibc-develglibc-htmlglibc-profile-32bitglibc-devel-32bitglibc-localelsscsikernel-pae-basekernel-xen-basekernel-trace-basekernel-default-extrakernel-pae-develkernel-ec2-basekernel-tracekernel-trace-extraxen-kmp-defaultkernel-xen-extrakernel-default-develkernel-default-basekernel-defaultkernel-paekernel-symskernel-ec2kernel-pae-extraxen-kmp-tracekernel-trace-develkernel-ec2-develhplip-hpijshplipwiresharkmkinitrdMozillaFirefox-translationsMozillaFirefoxmultipath-toolskpartxbind-libs-32bitbind-utilsbind-libsbind-docbind-chrootenvbindlibtspi1libtspi1-32bittrousersgpg2-langgpg2mkinitrdclamavlibcurl4-32bitlibcurl4release-notes-sledkernel-default-develxen-kmp-defaultkernel-ec2-develxen-kmp-paekernel-ec2-basekernel-defaultkernel-default-basekernel-pae-extrakernel-trace-develkernel-xen-basekernel-paekernel-pae-basekernel-tracekernel-default-extrakernel-symskernel-ec2kernel-pae-develkernel-trace-basekernel-xen-extrajava-1_6_0-openjdk-demojava-1_6_0-openjdkjava-1_6_0-openjdk-develiproute2MozillaFirefoxMozillaFirefox-translationslibvirt-lock-sanlocklibvirt-client-32bitlibvirt-clientlibvirtlibvirt-doclibvirt-pythonethtoolyast2ruby-doc-htmlruby-tkrubystarxen-toolsxen-libs-32bitxen-doc-pdfxen-doc-htmlxenxen-kmp-paexen-libsxen-kmp-defaultxen-tools-domUgnome-power-manager-langgnome-power-managergnome-applets-brightnessgnome-applets-inhibit-powersavemcelogNetworkManager-openvpnNetworkManager-openvpn-gnomepulseaudiopulseaudio-module-bluetoothpulseaudio-module-x11pulseaudio-module-zeroconfpulseaudio-module-jackpulseaudio-gdm-hookspulseaudio-module-lirclibpulse0-32bitlibpulse-browse0pulseaudio-langpulseaudio-esound-compatpulseaudio-module-gconflibpulse0pulseaudio-utilslibpulse-mainloop-glib0libcurl4-32bitlibcurl4curlsuse-build-keybtrfsprogslibbtrfs0flash-player-kde4flash-player-gnomeflash-playermozilla-nspr-32bitMozillaFirefoxmozilla-nsprMozillaFirefox-translationsxen-kmp-paekernel-trace-extrakernel-defaultkernel-pae-basexen-kmp-tracekernel-trace-develkernel-xen-develkernel-trace-basekernel-ec2-develkernel-default-extrakernel-default-develkernel-sourcekernel-tracexen-kmp-defaultkernel-default-basekernel-xenkernel-ec2-basekernel-paekernel-pae-develkernel-pae-extrakernel-ec2kernel-xen-basekernel-symskernel-xen-extrabinutilswgetgrub2-x86_64-efiMozillaFirefox-branding-SLEDlibsoftokn3-32bitlibsoftokn3MozillaFirefoxmozilla-nss-32bitMozillaFirefox-translationslibfreebl3mozilla-nsslibfreebl3-32bitmozilla-nss-toolsdnsmasqpython-setuptoolslibMagickCore1libMagick++1libMagickWand1libMagickCore1-32bitImageMagickmutthwinfox11-input-wacomx11-input-wacom-toolssled-releasesles-releasemakedumpfilecrashcrash-sialkdump0:4.0-7.28.10:0.98.5-0.5.10:0.98.5-0.7.10:1.0.22-3.25.10:1.4.2-0.22.31.10:3.0u-0.7.20:0.7.318.81ee561d-0.9.20:11.2.202.425-0.3.10:0.7.1-6.15.10:11.2.202.424-0.3.10:2.28.2-0.32.10:1.2.1-68.17.10:4.0.3.3.26-0.10.10:4.0.3.3.26-0.10.20:4.24-43.27.10:6.4.3.6-7.30.10:1.11.4-1.19.10:0.9.8j-0.66.10:2.6-8.33.10:2.6.9-0.33.10:31.0-0.8.10:31.2.0esr-0.14.20:31.2.0esr-0.9.10:31.0-0.3.10:1.7.0.71-0.7.10:0.72-0.70.10:0.2808.01-0.70.10:5.10.0-64.70.10:2.2.3-0.8.10:1.10.11-0.2.10:31.2.0esr-0.11.11.10:4.10.7-0.3.30:31.0-0.5.5.10:31.2.0esr-0.16.10:31.0-0.10.10:3.17.2-0.3.10:3.17.2-0.8.10:11.2.202.418-0.3.10:2.6.6-0.25.20:4.2.4_04_3.0.101_0.40-0.7.30:4.2.4_04_3.0.101_0.40-0.9.10:4.2.4_04-0.9.10:0.9.7g-146.22.25.10:2.7.6-0.31.10:31.3.0esr-0.8.10:31.3.0esr-0.3.10:31.3.0esr-0.5.10:1.6.3-133.49.64.10:2.0.9-143.44.10:1.5.4.1_3.0.101_0.40-0.13.890:1.4.20_3.0.101_0.40-0.38.830:2.0.5_3.0.101_0.40-7.39.890:3.0.101-0.40.10:11.2.202.411-0.3.10:4.3-62.200.20:11.2.202.310-0.3.10:22.7-7.3.10:1.4.5-24.24.10:1.4.2-0.17.10:1.10.10-0.2.10:3.16.5-0.7.10:1.6.3-133.49.60.10:10.0-0.22.10:7.4-13.52.10:3.1.8-921.25.3.10:3.1.8-1069.22.22.10:3.1.8-921.31.10:2.11.3-17.68.10:2.24.0-24.96.30:2.17.55-0.7.10:2.4.3-3.27.10:0.17.8-0.5.10:1.6.315-0.7.150:0.44.5-0.5.1480:9.37.8-0.7.100:2.00-0.45.10:1.6.3-133.49.62.10:0.4.89.61-0.7.10:262-11.32.39.10:2.00-0.45.160:1.2.10-3.31.10:0.9.0-3.15.10:4.0.3.3.26-0.6.10:4.0.3.3.26-0.6.20:2.4.2-0.92.20:11.2.202.400-0.3.10:1.1.6-25.32.10:1.20-0.111.20:20110923-0.52.30:2.00-0.45.10:9.0.3-0.27.20:20110923-0.52.30:5.4.2.1-8.12.22.10:147-0.94.10:9.0.3-0.27.20:1.6.3-133.49.60.10:3.1-24.32.10:3.2-147.14.20.10:3.2-147.20.10:5.2-147.20.10:5.2-147.14.20.10:5.1-24.32.10:2.11.3-17.68.10:2.11.3-17.72.140:0.6.23-13.32.10:0.6.23-11.32.10:0.9.8j-0.62.10:5.5.39-0.7.10:5.0.96-0.6.130:3.22-240.8.10:1.35-0.15.10:262-11.32.39.10:4.10.7-0.3.10:3.16.4-0.8.10:24.8.0esr-0.8.10:1.3.9-8.46.52.20:11.2.202.406-0.3.10:3.0-4.9.10:6.94.1-00:3.0-4.9.10:3.1-24.34.10:5.2-147.22.10:5.2-147.14.22.10:3.2-147.14.22.10:5.1-24.34.10:3.2-147.22.10:2.17.46-0.5.10:11.2.202.400-0.3.10:10.0-0.22.10:9.37.8-0.7.100:0.44.5-0.5.1480:1.6.315-0.7.150:0.17.8-0.5.10:4-0.11.10:0.9.23-0.17.10:2.6-8.31.10:2.6.9-0.31.10:1.6.18-0.3.10:2.7.26-0.3.70:1.0.5-0.7.20:0.6.29-0.7.20:0.9.4-0.23.10:1.0.5.9-0.11.20:0.9.8j-0.62.10:1.17-102.74.10:1.5.0-0.17.10:0.9.23-0.15.10:2.17.30-0.7.10:2014g-0.5.10:2014g-0.3.10:2.4.5.git-2.29.10:11-6.94.10:2.71-0.11.10:0.9.23-0.17.10:1.35-0.15.10:4.4.2.3-37.58.10:1.7-37.58.10:5.0.96-0.6.130:5.5.39-0.7.10:1.3.9-8.46.52.20:4.3.5-0.14.10:1.34b-12.54.20:3.6.3-0.54.20:2.0.9-25.33.39.10:3.13_3.0.101_0.31-0.9.10:0.12.3-1.10.10:1.2.10-3.29.10:2.02.98-0.29.10:1.0.5.9-0.9.10:15.48-0.6.6.10:2.6.39-2.12.18.10:2.24.0-24.89.10:5.10.0-64.61.61.10:4.2.4.P2-0.9.10:2014e-0.8.10:2014e-0.6.10:0.9.23-0.15.10:0.97-162.172.10:2.0.5_3.0.101_0.35-7.39.710:1.5.4.1_3.0.101_0.35-0.13.690:1.4.20_3.0.101_0.35-0.38.630:0.3.14-2.86.100:2.6.18-0.16.10:3.2.2-0.39.10:2.5.69.4-0.7.60:11.2.202.394-0.3.10:4.1.3_06_3.0.58_0.6.2-0.7.160:3.0.58-0.6.2.10:1.97-0.3.10:2.17.55-0.7.10:4.6.3-5.20.23.10:1.1.8-0.14.10:1.8.5-0.2.10:1.6.13-0.5.10:1.6.0.0_b27.1.12.3-0.2.10:4.2.4p8-1.24.10:4.1-194.209.10:2.7.0-217.26.10:0.4.1-0.11.10:2.3.6-0.13.10:11.2.202.378-0.3.10:1.7.0.65-0.7.40:0.98.3-0.11.10:11.2.202.273-0.5.10:11.2.202.273-0.3.10:3.0.1-2.37.10:2.0.2-8.25.10:1.7.14.14-0.5.10:1.7.3-0.5.30:2.5.51.3-0.7.100:17.0.4esr-0.5.10:4.2.4.P2-0.20.10:1.5-1.28.10:24-0.7.480:4.10.6-0.3.10:3.16.1-0.8.10:3.16.1-0.5.10:4.10.6-0.5.10:24.6.0esr-0.8.10:24.6.0esr-0.5.20:24-0.12.10:2.28.1-0.16.10:1.6.0.0_b27.1.12.2-0.2.10:6.2p2-0.13.10:1.2.3-18.27.20:1.17-102.55.10:2013a-0.4.10:2013a-0.6.10:9.5.4-0.3.10:9.4.6-0.6.600:9.5.4-0.6.10:9.4.6-0.4.3.10:8.3.23-0.4.10:9.1.8-0.5.10:1.0.2013.01.18-0.19.10:4.1.4_02_3.0.74_0.6.6-0.5.220:1.34b-12.52.50:3.6.3-0.52.50:1.2.3-18.31.10:0.4-3.14.10:11.3.27-0.7.10:1.3.9-8.46.46.10:2.4.3-3.27.10:11-6.77.77.10:11.2.202.285-0.5.10:11.2.202.285-0.3.10:0.10.30-0.10.40:0.6.4-0.5.10:1.8-0.28.10:0.7-0.15.15.10:2.4.4-255.28.10:2.22.5-0.8.8.10:4.3.5-0.10.10:3.0.0-0.10.10:3.0.0-0.20.10:3.6.5.2.15-0.3.10:4.4.0-6.25.10:0.71.48-0.7.10:9.1.9-0.3.10:2.6-8.31.10:2.6.9-0.31.10:4.1-194.209.10:0.7.10-2.19.10:24.7.0esr-0.3.10:24.7.0esr-0.8.20:3.16.2-0.5.10:3.16.2-0.3.10:24.7.0esr-0.5.10:3.16.2-0.8.10:1.20-0.28.73.10:1.20-0.73.10:7-0.10.110:17.0.5esr-0.4.10:7-0.6.9.170:17.0.5esr-0.8.10:4.9.6-0.3.10:4.9.6-0.5.10:3.14.3-0.4.3.10:3.14.3-0.5.10:7.11.2-0.9.10:7.19.7-1.20.25.10:3.8.2-141.152.10:3.8.2-5.34.10:2.03-12.3.10:0.7.1_git20090811-3.28.20:0.7.8-1.33.46.10:0.4.9-0.85.30:11.2.202.275-0.5.10:11.2.202.275-0.3.10:0.9.8j-0.50.10:7.4-27.97.10:2.19.1-6.33.47.10:0.7-6.22.10:9.0.3-0.19.10:1.26-1.2.6.10:3.5.git-4.9.30:7.19.7-1.20.27.10:7.19.7-1.28.10:7.11.0-20.11.10:9.36.4-0.7.10:6.4.3.6-7.26.10:7.4-8.26.36.10:0.7.1-3.5.10:4.2.4.P2-0.11.13.10:0.97.8-0.5.10:0.97.8-0.2.10:2.6.6-0.20.10:2.6.6-0.19.10:0.9.0-3.15.10:2.28.4-1.16.16.40:0.4.1-28.21.21.10:2.17.130-0.7.10:9.9.2P2-0.11.10:1.6.0.0_b27.1.12.6-0.2.10:5.0.96-0.6.10:11.2.202.280-0.3.10:2.6.18-0.4.20:0.9.6-0.25.10:93u-0.18.10:2.17.199-0.7.20:1.6.0.0_b27.1.12.4-0.2.10:4.1.3_06_3.0.58_0.6.6-0.7.220:3.0.58-0.6.6.10:9.36.3-0.7.10:1.6.308-0.9.160:0.7.0-135.16.16.10:0.48-101.26.26.10:2.6.23-15.37.10:2.7.6-0.23.10:0.17-706.20.10:4.6.3-5.32.10:11.2.202.291-0.3.10:7-0.12.10:17.0.7esr-0.8.10:2.6.8-0.21.10:2013d-0.3.10:2013d-0.5.10:2.5.1.r1445-55.62.30:20110923-0.19.21.100:1.0.4-0.11.10:2.6.18-0.6.10:2.28.2-0.12.3.10:1.6.3-133.49.62.10:0.97.7-0.3.10:0.97.7-0.5.10:2.24.0-24.96.30:1.2.10-13.32.10:2.4.1-24.39.45.10:2.3.2-1.34.10:0.17.7-0.6.2.10:0.9.1-0.7.10:1.6.170-0.5.20:9.12.11-0.5.90:0.44.5-0.5.680:20071116-44.20.4.10:7.4-27.70.72.10:1.6.0.0_b27.1.12.5-0.2.10:4.4.0-6.17.20:4.4.0-6.17.50:4.2.2_06_3.0.82_0.7-0.7.10:4.2.2_06-0.7.10:8.12-6.25.27.10:1.0.1-0.14.10:9.05-1.19.10:147-0.88.10:4.3.5-0.12.12.10:2.17.182.8-0.5.30:1.7.6p2-0.2.12.10:1.6.9p23-0.18.10:2.28.2-0.30.10:2.28.3-0.3.10:2.3.1-3.15.10:0.9.6-0.27.10:2.7.2-61.25.10:3.0.74-0.6.6.20:17.0.6esr-0.4.10:1.4.3-0.17.19.10:0.10.30-0.12.10:0.10.30-5.12.10:147-0.69.69.10:2013d-0.3.10:7.4-8.26.38.10:1.1.15-15.20.10:1.1.24-19.21.10:4.3.5-0.11.18.10:4.3.5-0.12.18.10:1.4.3-19.49.53.10:1.6.3-133.49.56.10:1.0.5.4-0.9.20:7.4-1.19.20:4.1-194.207.10:2.17.22-0.4.3.10:1.4.2-0.15.20:2.28.0-1.9.9.10:2.28.0-1.4.10:1.4-0.5.10:4.4.2.3-37.56.10:1.7-37.56.10:1.17-102.57.60.10:1.17-102.66.10:3.10.11-0.10.10:3.3.0-3.27.3.10:2.28.0-3.11.90:2.28.6-0.11.420:3.3.0-3.27.3.50:7.4-1.22.5.10:0.2.8-0.5.10:1.7.0.6-0.19.20:2013b-0.5.10:2013b-0.4.10:2.28.1-1.12.1100:2.28.1-1.12.1110:5.0.96-0.6.90:5.5.32-0.9.10:2.3.1-47.12.10:1.34b-12.42.10:3.6.3-0.42.10:0.4.89.56-0.7.10:1.95-0.4.10:11.3.22-0.7.10:11.2.202.270-0.3.10:11.2.202.270-0.5.10:2.17.14-0.5.10:1.20-0.28.76.10:1.20-0.75.10:0.9.8-50.10.10:4.3.5-0.3.5.10:1.8.11-0.2.10:1.8.7.p357-0.9.11.10:147-0.90.80:1.8.6-0.2.10:1.6.14-0.5.10:0.3.7-3.9.10:7.4-1.19.10:6.2.6.39-0.13.10:1.4-1.33.10:2.17.182.12-0.5.110:1.6.3-133.49.54.10:11.3.20-0.9.30:11.3.20-0.9.40:2.17.32.4-0.5.10:0.6.24-0.7.10:6.2.6.39-0.18.10:2.17.145-0.7.30:2.0.9-143.33.3.10:2.0.9-143.40.50:11-25.22.22.10:2.17.6-0.13.10:1.7.0.6-0.21.10:2.5-0.7.10:0.1.5-1.5.10:1.3.2-0.5.10:1.0.22-3.19.10:5.1p1-41.57.10:2.5.13-0.21.10:7.4-1.18.10:0.9.2-0.5.50:1.7.14.16-0.5.20:1.6.3-133.49.58.10:3.14-0.32.10:2013i-0.6.10:0.4.9-0.70.72.10:2.17.38-0.7.20:2.4.41-0.10.80:7.4.0.1-0.85.50:9.0.3-0.25.10:3.4.3-1.42.110:1.34b-12.30.10:3.6.3-0.30.10:4.1.6_04_3.0.101_0.5-0.5.10:4.1.6_04-0.5.10:2.9.4-0.15.10:2.17.21-0.5.1510:2.17.21-0.5.1490:4.1.5_02-0.5.10:4.1.5_02_3.0.74_0.6.10-0.5.10:1.4-0.7.10:4.2.3_08_3.0.101_0.8-0.7.10:4.2.3_08-0.7.10:7.4-1.18.10:2013g-0.6.10:2.28.0-3.9.10:2.2.6-147.31.10:0.8.4-0.37.10:1.5-4.44.10:2.0.873-0.6.3.10:9.5.5-0.5.5.10:9.4.6-0.4.5.10:9.4.2-0.4.10:7.4-5.11.11.10:2.19.1-6.54.10:2.17.182.7-0.5.10:2.11.3-17.45.45.10:4.4.0-6.21.10:20110923-0.19.23.10:1.4-0.10.10:1.8.7.p357-0.9.13.10:0.10.30-0.12.140:0.10.30-5.12.150:7.4-5.11.11.10:1.4-1.26.5.10:1.2-2.10.10:17.0.8esr-0.7.20:17.0.8esr-0.4.2.10:20110923-0.48.10:0.8.4-0.31.10:1.2.7-0.17.10:1.2.10-13.36.10:4.1.5_02_3.0.93_0.5-0.5.390:3.0.93-0.5.10:2.6.8-0.19.10:5.0.6-3.4.10:0.24.4-0.15.10:0.16.0-1.4.10:7.4-1.16.10:3.15.3-0.5.10:4.10.2-0.5.10:3.15.3-0.3.10:4.10.2-0.3.10:3.15.3-0.8.10:0.9.4-0.21.10:1.0.5.6-0.7.10:2.28.3-0.5.5.10:0.97-162.170.10:20071116-44.33.10:1.8.12-0.17.10:2.3.37-2.26.10:2.4.26-0.26.10:0.15.1-0.27.10:11.2.202.297-0.5.20:11.2.202.297-0.3.10:9.9.4P2-0.6.10:2.4.1-24.39.47.10:2.6.18-0.12.10:4.6.3-5.29.20:3.0.74-0.6.10.10:4.1.4_02_3.0.74_0.6.10-0.5.320:7.19.7-1.30.10:8.1.5-7.38.40.10:0.4.89.57-0.7.50:2.17.97-0.7.280:2.22.5-0.8.10.20:0.1.0-0.21.10:0.9.0-3.11.10:9.1.12-0.3.10:0.13.1-40.16.10:4.2.2_06_3.0.93_0.8-0.7.170:3.0.93-0.8.20:1.8.11-0.20.20.20:2.17.59.1-0.7.10:9.37.6-0.7.10:1.6.314-0.7.20:0.4.9-0.91.10:2.3-51.16.40:2.5.1.r1445-55.61.61.10:2.5.1.r1445-55.64.10:7.4-1.16.20:0.9.6-0.29.10:1.4.2-0.7.150:1.34b-12.33.35.10:3.6.3-0.33.35.10:3.4.3-1.46.20:11.2.27-0.7.10:4.1.4_02_3.0.74_0.6.8-0.5.260:3.0.74-0.6.8.10:1.8-0.30.10:8.1.5-7.47.10:2.4.41-0.12.30:0.46-62.38.10:93u-0.22.10:93u-0.27.50:7.4-27.70.76.10:2014a-0.5.10:2014a-0.7.10:147-0.69.71.10:11.2-1.270:11.2-1.5380:11.2-1.5400:11.2-1.240:2.3.14-130.133.10:2.11.3-17.66.10:3.0-0.9.10:5.0.6-3.8.10:4.2.4_02_3.0.101_0.18-0.7.50:3.0.101-0.18.10:11.2.202.350-0.3.10:3.2.0-1.42.20:11.2.202.335-0.4.10:4.2.4_02_3.0.101_0.21-0.7.120:3.0.101-0.21.10:11.2.202.332-0.3.10:1.17-102.72.10:2.4.2-0.57.61.10:6.15.00-93.37.10:2.11.3-17.45.49.10:11.2.202.346-0.3.10:0.7-6.20.10:0.3.8-56.51.260:0.1.6+git20080930-6.20.10:1.3.11-0.23.20:2.6.2-3.34.45.10:1.4.2-0.7.10:11.3.25-0.7.10:0.2-5.20.10:0.21.1-2.4.10:1.5.0-0.15.20:1.4.2-0.9.10:2.22.5-0.8.12.10:1.20-0.102.10:2.6.18-0.14.10:2.28.1-2.5.10:4.6.2-0.4.20:4.9.3-1.3.20:2013g-0.4.10:2013g-0.4.4.10:9.37.4-0.7.20:1.6.311-0.7.30:9.16.4-0.5.20:1.6.178-0.5.30:1.8.12-0.4.10:0.5.12-23.72.10:1.0.5.8-0.7.10:1.7.0.6-0.23.10:4.2.2_04_3.0.82_0.7-0.9.30:3.0.82-0.7.90:5.4.2.1-8.12.20.10:3.15-2.27.10:1.7.6p2-0.21.10:2.3.6-0.11.10:7.4-1.18.20:12.5-1.5.10:2.6.8-0.23.10:1.3.12-69.23.10:2.7.6-0.25.10:9.37.1-0.7.10:9.16.1-0.5.10:2.6-8.25.10:2.6.9-0.25.10:3.15.3.1-0.4.2.10:1.8.2-1.24.10:5.4.2.1-8.12.18.10:2.6.39-2.21.10:1.96-0.4.10:2.17.73-0.7.10:11.3-0.25.20:4.2.3_08_3.0.101_0.15-0.7.220:3.0.101-0.15.10:1.4.2-0.11.10:1.17-102.68.10:1.17-102.57.62.10:11.2.202.341-0.3.10:1.3.02-227.31.30:7.19.7-1.32.10:3.2.6-0.23.10:4.2.4_02_3.0.101_0.15-0.7.10:4.2.4_02-0.7.10:2014c-0.3.10:1.35-0.13.10:2.6.7-0.11.20:2.17.57.3-0.5.10:7.4-8.26.40.10:2.6.18-0.8.10:5.0.96-0.6.110:5.5.37-0.7.10:5.0.6-3.10.16.10:1.4.2-0.7.10:1.17-102.70.10:2014c-0.5.10:2014c-0.7.10:2.5.51.5-0.5.10:1.7.14.17-0.5.10:2.6.32-1.15.10:0.9.5-0.5.50:1.7.14.18-0.5.20:1.1.15-15.22.10:1.1.24-19.23.10:24.2.0esr-0.7.10:24-0.7.40:3.15.3.1-0.7.10:7.4-27.85.10:7.19.7-1.20.31.10:3.10.11-0.12.10:0.9.2-0.5.10:1.7.14.16-0.5.10:2.5.51.4-0.5.10:1.3.9-8.46.48.10:7.4-13.46.170:1.2.3-18.33.10:1.5.2-1.22.3.10:9.5.5-0.3.10:9.4.6-0.4.3.20:9.4.6-0.6.630:9.5.5-0.6.10:0.24.4-0.13.10:3.9.99.2_3.0.101_0.15-0.15.200:4.3.5-0.12.10:1.10.10-120.35.10:11.2.202.336-0.3.10:4.2.4_02_3.0.101_0.35-0.7.450:3.0.101-0.35.10:1.8.12-0.2.10:4.3.6-67.9.10:0.5.12-23.70.410:4.7.2_20130108-0.17.20:1.7.0.6-0.27.10:2.4.1-24.39.51.10:0.3.9-1.3.10:0.5-1.47.51.50:4.9.5-0.3.20:7-0.6.9.50:3.14.2-0.4.3.20:0.3.8-56.51.10:17.0.3esr-0.4.4.10:7.4-8.26.42.10:11.2.202.262-0.5.10:11.2.202.262-0.3.10:2.3.37-2.28.50:2.4.26-0.28.50:0.3.0-0.5.10:0.9.8j-0.58.10:2.0.9-25.33.37.10:0.9.8j-0.54.10:4.13-1326.37.10:1.1.5-0.12.10:4.1.6_04_3.0.101_0.7.15-0.5.120:3.0.101-0.7.15.10:147-0.92.10:1.5.0-1.4.10:3.2.2-0.47.10:0.1-12.34.290:0.0.6-18.22.280:0.8.0-0.21.60:4.1.10-0.20.10:4.4.0-6.17.10:4.4.0-6.23.10:2.17.135-0.7.60:2.6-8.27.10:2.6.9-0.27.10:2013.10.2-0.3.10:2.11.3-17.62.10:0.9.9-1.6.10:0.9.10-1.5.10:0.5.12-23.74.10:2013h-0.7.10:1.8.12-0.21.10:1.8.11-0.20.30.10:3.8.2-141.154.10:3.8.2-5.36.10:2.4.1-24.39.49.10:2.17.29-0.7.10:4.2.4_02_3.0.101_0.29-0.7.240:3.0.101-0.29.10:2.0.9-25.33.33.50:0.4.9-0.95.10:1.8.8-0.2.10:11.3.23-0.7.10:2.6.0-10.17.10:1.0.3-0.7.10:11.3-0.27.20:1.7.6p2-0.19.10:2.4.2-0.84.10:0.9.8j-0.52.10:1.0.7-36.50.10:1.2.3-18.29.10:4.10.4-0.3.10:24-0.7.360:24.5.0esr-0.8.10:3.16-0.8.10:3.7.7-10.28.10:4.0-0.3.20:2.0-0.3.70:4.0.3.3.5-0.5.10:2.6.6-0.23.10:4.24-43.25.10:11.2.202.359-0.3.10:0.1.2-0.17.10:1.34b-12.50.10:3.6.3-0.50.10:1.2.31-5.33.10:2.0.873-0.23.10:1.34b-12.46.10:1.34b-12.33.39.10:3.4.3-1.50.10:3.6.3-0.33.39.10:3.6.3-0.46.10:1.31-1.19.10:0.12.3-1.8.10:2.11.3-17.56.20:0.23-0.12.10:4.1.5_02_3.0.80_0.7-0.5.180:3.0.80-0.7.10:3.11.10-0.6.11.10:1.8.13-0.5.10:2.4.2-0.57.57.10:17.0.9esr-0.7.10:17.0.9esr-0.3.10:0.4.9-0.97.10:9.9.3P2-0.5.10:0.3.10-0.11.10:2.0.9-25.33.33.10:2.4.2-0.88.10:0.98.1-0.10.10:7.19.7-1.20.29.10:11.3.26-0.7.10:4.2.4_02_3.0.101_0.31-0.7.330:3.0.101-0.31.10:1.6.0.0_b27.1.12.7-0.2.10:2.6.29.1-6.35.1^(i586$)|(x86_64$)$(none)100:7-0.6.9.310:17.0.7esr-0.3.10:17.0.7esr-0.6.10:7-0.10.280:1.0.5.9-0.7.10:6.2.6.39-0.20.10:6.2.6.39-0.15.15.10:2.17.134-0.7.10:1.8.7.p357-0.9.15.10:1.5final-28.23.25.10:4.2.3_02_3.0.93_0.8-0.7.10:4.2.3_02-0.7.10:2.24.1-17.67.10:1.0.2013.01.18-0.15.10:0.7.1-3.7.10:0.9.23-0.13.10:7.19.7-1.38.10:1.0-907.44.10:0.20-0.39.10:11.2.202.356-0.3.10:24-0.7.230:4.10.4-0.3.10:24.4.0esr-0.8.10:4.1.6_04_3.0.101_0.7.17-0.5.160:3.0.101-0.7.17.10:2.23.1-0.19.20:1.11.4-1.17.10:2.00-0.41.10:24-0.7.140:24.3.0esr-0.8.10:3.15.4-0.7.10:2.45-12.25.10:0.6c8-10.19.6.10:6.4.3.6-7.28.10:1.5.17-42.37.10:15.53-0.13.10:0.9.8-0.7.1^11(\.\d)*$^11(\.\d)*$0:1.5.1-0.15.10:6.0.7-0.16.10:0.8.4-0.39.2