The OVAL Repository5.62015-09-03T07:17:04.972-04:00SUSE-SU-2015:1144-1 -- Security update for icu (moderate)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11icuThis update fixes the following security issue in icu:Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1574-1 -- Security update for clamav (important)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11clamavclamav was updated to version 0.98.5 to fix three security issues and
several non-security issues.
These security issues have been fixed:
* Crash when scanning maliciously crafted yoda's crypter files
(CVE-2013-6497).
* Heap-based buffer overflow when scanning crypted PE files
(CVE-2014-9050).
* Crash when using 'clamscan -a'.
These non-security issues have been fixed:
* Support for the XDP file format and extracting, decoding, and
scanning PDF files within XDP files.
* Addition of shared library support for LLVM versions 3.1 - 3.5 for
the purpose of just-in-time(JIT) compilation of ClamAV bytecode
signatures.
* Enhancements to the clambc command line utility to assist ClamAV
bytecode signature authors by providing introspection into compiled
bytecode programs.
* Resolution of many of the warning messages from ClamAV compilation.
* Improved detection of malicious PE files.
* ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode
(bnc#904207).
* Fix server socket setup code in clamd (bnc#903489).
* Change updateclamconf to prefer the state of the old config file
even for commented-out options (bnc#903719).
* Fix infinite loop in clamdscan when clamd is not running.
* Fix buffer underruns when handling multi-part MIME email attachments.
* Fix configuration of OpenSSL on various platforms.
* Fix linking issues with libclamunrar.
Security Issues:
* CVE-2013-6497
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6497>
* CVE-2014-9050
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9050>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1558-1 -- Security update for pure-ftpd (moderate)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pure-ftpdure-ftpd was updated to fix one security issue and two non-security bugs:
* SSLv2 and SSLv3 have been disabled to avoid the attack named POODLE
(CVE-2014-3566, bnc#902229).
* Added the disable_ascii option (bnc#828469).
* Fixed wait on TLS handshake (bnc#856424).
Security Issues:
* CVE-2014-3566
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2015:1152-1 -- Security update for KVM (important)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11KVMKVM was updated to fix two security issues:Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1619-1 -- Security update for shim (important)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11shimshim has been updated to fix three security issues:
* OOB read access when parsing DHCPv6 packets (remote DoS)
(CVE-2014-3675).
* Heap overflow when parsing IPv6 addresses provided by tftp:// DHCPv6
boot option (RCE) (CVE-2014-3676).
* Memory corruption when processing user provided MOK lists
(CVE-2014-3677).
Security Issues:
* CVE-2014-3675
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3675>
* CVE-2014-3676
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3676>
* CVE-2014-3677
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3677>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1356-1 -- Security update for wpa_supplicant (important)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11wpa_supplicantThis update fixes a remote code execution vulnerability in
wpa_supplicant's wpa_cli and hostapd_cli tools. CVE-2014-3686 has been
assigned to this issue.
Additionally, password based authentication with PKCS#5v2 has been enabled.
Security Issues:
* CVE-2014-3686
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3686>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1519-1 -- Security update for evolution-data-server (moderate)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11evolution-data-serverevolution-data-server has been updated to disable support for SSLv3.
This security issues has been fixed:
* SSLv3 POODLE attack (CVE-2014-3566)
Security Issues:
* CVE-2014-3566
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1577-1 -- Security update for flac (low)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11flacflac was updated to fix two security issues:
* Stack overflow may result in arbitrary code execution
(CVE-2014-8962).
* Heap overflow via specially crafted .flac files (CVE-2014-9028).
Security Issues:
* CVE-2014-8962
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8962>
* CVE-2014-9028
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9028>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1473-1 -- Security update for file (moderate)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11filefile was updated to fix one security issue.
* An out-of-bounds read flaw file's donote() function. This could
possibly lead to file executable crash (CVE-2014-3710).
Security Issues:
* CVE-2014-3710
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1631-1 -- Security update for Image Magick (moderate)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Image MagickImageMagick has been updated to fix four security issues:
* Crafted jpeg file could have lead to a Denial of Service
(CVE-2014-8716).
* Out-of-bounds memory access in resize code (CVE-2014-8354)
* Out-of-bounds memory access in PCX parser (CVE-2014-8355).
* Out-of-bounds memory error in DCM decode (CVE-2014-8562).
Security Issues:
* CVE-2014-8716
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8716>
* CVE-2014-8355
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8355>
* CVE-2014-8354
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8354>
* CVE-2014-8562
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8562>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1366-2 -- Security update for wget (important)SUSE Linux Enterprise Server 11wgetwget was updated to fix one security issue and two non-security issues:
* FTP symbolic link arbitrary filesystem access (CVE-2014-4877).
* Fix displaying of download time (bnc#901276).
* Fix 0 size FTP downloads after failure (bnc#885069).
Security Issues:
* CVE-2014-4877
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1366-1 -- Security update for wget (important)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11wgetwget has been updated to fix one security issue and two non-security
issues.
This security issue has been fixed:
* FTP symlink arbitrary filesystem access (CVE-2014-4877).
These non-security issues have been fixed:
* Fix displaying of download time (bnc#901276).
* Fix 0 size FTP downloads after failure (bnc#885069).
Security Issues:
* CVE-2014-4877
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1352-1 -- Security update for nagios-plugins (low)SUSE Linux Enterprise Server 11nagios-pluginsThis security update fixes the following issues:
* Removed the requirement for root access from
plugins-root/check_icmp.c and plugins-root/check_icmp.c. The
necessary capabilities(7) were added to the README file.
* Fixed array out of bounds issue in plugins-root/check_dhcp.c.
Security Issues:
* CVE-2014-4701
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4701>
* CVE-2014-4702
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4702>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1361-1 -- Security update for OpenSSL (important)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11OpenSSLThis OpenSSL update fixes the following issues:
* Session Ticket Memory Leak (CVE-2014-3567)
* Build option no-ssl3 is incomplete (CVE-2014-3568)
* Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE)
Security Issues:
* CVE-2014-3567
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567>
* CVE-2014-3566
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>
* CVE-2014-3568
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1518-1 -- Security update for Python (moderate)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PythonPython was updated to fix one security issue:
* Potential wraparound/overflow in buffer() (CVE-2014-7185)
As an additional hardening measure SSLv2 has been disabled (bnc#901715).
Security Issues:
* CVE-2014-7185
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7185>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1571-1 -- Security update for clamav (important)SUSE Linux Enterprise Server 11clamavclamav was updated to version 0.98.5 to fix five security issues:
* Crash when scanning maliciously crafted yoda's crypter files
(CVE-2013-6497).
* Heap-based buffer overflow when scanning crypted PE files
(CVE-2014-9050).
* Fix heap corruption (CVE-2013-2020).
* Fix overflow due to PDF key length computation (CVE-2013-2021).
* Crash when using 'clamscan -a'.
Several non-security issues have also been fixed, please refer to the
package's change log for details.
Security Issues:
* CVE-2013-6497
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6497>
* CVE-2014-9050
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9050>
* CVE-2013-2021
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2021>
* CVE-2013-2020
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2020>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1526-1 -- Security update for IBM Java (important)SUSE Linux Enterprise Server 11IBM Javajava-1_7_0-ibm has been updated to version 1.7.0_sr7.2 to fix 21 security
issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1385-1 -- Security update for MozillaFirefox (important)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MozillaFirefox
* CVE-2014-1575
* CVE-2014-1576
* CVE-2014-1577
* CVE-2014-1578
* CVE-2014-1581
* CVE-2014-1583
* CVE-2014-1585
* CVE-2014-1586
]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1321-1 -- Security update for perl (low)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11perlThis update fixes a memory leak and an infinite recursion in Data::Dumper.
(CVE-2014-4330)
Security Issues:
* CVE-2014-4330
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4330>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1441-1 -- Security update for php53 (moderate)SUSE Linux Enterprise Server 11php53This update fixes the following vulnerabilities in php:
* Heap corruption issue in exif_thumbnail(). (CVE-2014-3670)
* Integer overflow in unserialize(). (CVE-2014-3669)
* Xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime().
(CVE-2014-3668)
Security Issues:
* CVE-2014-3669
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669>
* CVE-2014-3670
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670>
* CVE-2014-3668
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1447-1 -- Security update for openwsman (moderate)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11openwsmanThis update adds a configuration option to disable SSLv2 and SSLv3 in
openwsman. This is required to mitigate CVE-2014-3566.
To use the new option, edit /etc/openwsman/openwsman.conf and add the
following line to the [server] section:
ssl_disabled_protocols = SSLv2 SSLv3
Security Issues:
* CVE-2014-3566
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1520-1 -- Security update for wireshark (moderate)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11wireshark
Security Issues:
* CVE-2014-8711
* CVE-2014-8710
* CVE-2014-8714
* CVE-2014-8712
* CVE-2014-8713
]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1386-1 -- Security update for OpenSSL (important)SUSE Linux Enterprise Server 11OpenSSLThis OpenSSL update fixes the following issues:
* Session Ticket Memory Leak (CVE-2014-3567)
* Build option no-ssl3 is incomplete ((CVE-2014-3568)
* Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE)
Security Issues:
* CVE-2014-3513
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513>
* CVE-2014-3567
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567>
* CVE-2014-3566
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>
* CVE-2014-3568
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1458-1 -- Security update for MozillaFirefox (important)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MozillaFirefox
* CVE-2014-1575
* CVE-2014-1576
* CVE-2014-1577
* CVE-2014-1578
* CVE-2014-1581
* CVE-2014-1583
* CVE-2014-1585
* CVE-2014-1586
]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1319-1 -- Security update for Linux kernel (important)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix
various bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1318-1 -- Security update for Xen (moderate)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Xen
* CVE-2013-4540
* CVE-2014-2599
* CVE-2014-3967
* CVE-2014-3968
* CVE-2014-4021
* CVE-2014-7154
* CVE-2014-7155
* CVE-2014-7156
* CVE-2014-7188
]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1440-1 -- Security update for libxml2 (moderate)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libxml2This update fixes a denial of service via recursive entity expansion.
(CVE-2014-3660)
Security Issues:
* CVE-2014-3660
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1624-1 -- Security update for Mozilla Firefox (important)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11Mozilla Firefox
* CVE-2014-1588
* CVE-2014-1589
* CVE-2014-1590
* CVE-2014-1591
* CVE-2014-1592
* CVE-2014-1593
* CVE-2014-1594
* CVE-2014-1595
]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1410-1 -- Security update for krb5 (low)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11krb5This update for krb5 fixes the following issues:
* When randomizing the keys for a service principal, current keys
could be returned. (CVE-2014-5351)
* klist -s crashes when handling multiple referral entries.
(bnc#890623)
Security Issues:
* CVE-2014-5351
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1605-1 -- Security update for OpenVPN (important)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11OpenVPNThis update fixes a critical denial of service vulnerability in OpenVPN:
* CVE-2014-8104: Critical denial of service vulnerability in OpenVPN
servers that can be triggered by authenticated attackers.
Also an incompatibility with OpenVPN and OpenSSL in FIPS mode has been
fixed. (bnc#895882)
Security Issues:
* CVE-2014-8104
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8104>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1316-1 -- Security update for Linux kernel (important)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix
various bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1458-2 -- Security update for MozillaFirefox (important)SUSE Linux Enterprise Server 11MozillaFirefox
* CVE-2014-1575
* CVE-2014-1576
* CVE-2014-1577
* CVE-2014-1578
* CVE-2014-1581
* CVE-2014-1583
* CVE-2014-1585
* CVE-2014-1586
]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-OU-2014:1304-1 -- Optional update for gccSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gccThis optional update for gcc provides bi-arch variants of packages gcc-c++
and libstdc++-devel, for example: gcc-c++-32bit and libstdc++-devel-32bit
on x86_64.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1301-1 -- Recommended update for psmiscSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11psmiscThis update for psmisc fixes formatting of 6-digit process IDs in fuser(1).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1283-1 -- Security update for libeventSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libeventThis update fixes a buffer overflow in the buffered event handling in
libevent. (CVE-2014-6272)
Security Issues:
* CVE-2014-6272
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6272>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1278-1 -- Security update for kvmSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kvmkvm has been updated to fix issues in the embedded qemu:
*
CVE-2014-0223: An integer overflow flaw was found in the QEMU block
driver for QCOW version 1 disk images. A user able to alter the QEMU disk
image files loaded by a guest could have used this flaw to corrupt QEMU
process memory on the host, which could potentially have resulted in
arbitrary code execution on the host with the privileges
of the QEMU process.
*
CVE-2014-3461: A user able to alter the savevm data (either on the
disk or over the wire during migration) could have used this flaw to to
corrupt QEMU process memory on the (destination) host, which could have
potentially resulted in arbitrary code execution on the host with the
privileges of the QEMU process.
*
CVE-2014-0222: An integer overflow flaw was found in the QEMU block
driver for QCOW version 1 disk images. A user able to alter the QEMU disk
image files loaded by a guest could have used this flaw to corrupt QEMU
process memory on the host, which could have potentially resulted in
arbitrary code execution on the host with the privileges
of the QEMU process.
Non-security bugs fixed:
* Fix exceeding IRQ routes that could have caused freezes of guests.
(bnc#876842)
* Fix CPUID emulation bugs that may have broken Windows guests with
newer -cpu types (bnc#886535)
Security Issues:
* CVE-2014-0222
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0222>
* CVE-2014-0223
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0223>
* CVE-2014-3461
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3461>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1269-1 -- Recommended update for yast2-dns-serverSUSE Linux Enterprise Server 11yast2-dns-serverThis update for yast2-dns-server provides the following fixes:
* Fixed splitting/joining longer TXT and SPF records. (bnc#867596)
* Added support for SPF records. (bnc#758769)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1306-1 -- Recommended update for yast2-instserverSUSE Linux Enterprise Server 11yast2-instserverThis update for yast2-instserver adds support for the SLE 12 product
family:
* Write "cpeid" attribute to SLP configuration (SLE12 products).
* Save FTP firewall port configuration option.
* Install "nfs-kernel-server" package when NFS server is selected.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1221-1 -- Security update for wiresharkSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11wireshark and
https://www.wireshark.org/docs/relnotes/wireshark-1.10.9.html
.
Security Issues:
* CVE-2014-5161
* CVE-2014-5162
* CVE-2014-5163
* CVE-2014-5164
* CVE-2014-5165
* CVE-2014-6421
* CVE-2014-6422
* CVE-2014-6423
* CVE-2014-6424
* CVE-2014-6427
* CVE-2014-6428
* CVE-2014-6429
* CVE-2014-6430
* CVE-2014-6431
* CVE-2014-6432
]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-SU-2014:1006-1 -- Security update for PythonSUSE Linux Enterprise Server 11PythonPython has been updated to version 2.6.9, which brings many fixes for bugs
and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-SU-2014:1220-1 -- Security update for mozilla-nssSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mozilla-nssMozilla NSS was updated to version 3.16.5 to fix a RSA certificate forgery
issue.
MFSA 2014-73 / CVE-2014-1568: Antoine Delignat-Lavaud, security researcher
at Inria Paris in team Prosecco, reported an issue in Network Security
Services (NSS) libraries affecting all versions. He discovered that NSS is
vulnerable to a variant of a signature forgery attack previously published
by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values
involved in a signature and could lead to the forging of RSA certificates.
The Advanced Threat Research team at Intel Security also independently
discovered and reported this issue.
Security Issues:
* CVE-2014-1568
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-SU-2014:0989-1 -- Security update for krb5SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11krb5The several security issues have been fixed in kerberos 5.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-SU-2014:1003-1 -- Security update for pulseaudioSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pulseaudioThe several security issue is fixed in this updateSergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-SU-2014:1012-1 -- Security update for PythonSUSE Linux Enterprise Server 11PythonPython has been updated to version 2.6.9, which brings many fixes for bugs
and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-SU-2014:1011-1 -- Security update for PythonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PythonThis update for Python provides fixes for the following issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-SU-2014:1007-1 -- Security update for pulseaudioSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pulseaudioThe several security issue is fixed in this update.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-RU-2014:0990-1 -- Recommended update for pesign-obs-integrationSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pesign-obs-integrationThis update for pesign-obs-integration includes the following fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-RU-2014:1222-1 -- Recommended update for xorg-x11-driver-inputSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-driver-inputThis update for xorg-x11-driver-input improves handling of devices which
send both absolute and relative coordinates in the evdev driver.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1299-1 -- Recommended update for atSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11atThis update for the at(1) job manager fixes a regression caused by the
latest security updates for bash. at(1) now sanitizes the environment it
passes to the shell, allowing only variables whose keys are of the form
/^[A-Z_][A-Z0-9_]/i.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-SU-2014:1027-1 -- Security update for glibcSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11glibcThis glibc update contains one security and two non security fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-RU-2014:1054-1 -- Recommended update for gdmSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gdmThis update for gdm provides fixes for the several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-SU-2014:1055-1 -- Security update for IBM JavaSUSE Linux Enterprise Server 11IBM Javajava-1_6_0-ibm has been updated to fix several security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-RU-2014:1064-1 -- Recommended update for yast2-countrySUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-countryThis update for YaST's Country Settings module (yast2-country) provides
the following fix:Do not try to save settings when the user did not change them.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-SU-2014:0999-1 -- Security update for pulseaudioSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pulseaudioThe several security issue is fixed in this update.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-RU-2014:1016-1 -- Recommended update for libgphoto2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libgphoto2This update of libgphoto2 fixes an issue where daemonized usage of
libgphoto2 like in gphotofs could have affected devices attached to
unrelated serial ports.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-SU-2014:1220-2 -- Security update for mozilla-nssSUSE Linux Enterprise Server 11mozilla-nssMozilla NSS was updated to 3.16.5 to fix a RSA certificate forgery issue.
MFSA 2014-73 / CVE-2014-1568: Antoine Delignat-Lavaud, security researcher
at Inria Paris in team Prosecco, reported an issue in Network Security
Services (NSS) libraries affecting all versions. He discovered that NSS is
vulnerable to a variant of a signature forgery attack previously published
by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values
involved in a signature and could lead to the forging of RSA certificates.
The Advanced Threat Research team at Intel Security also independently
discovered and reported this issue.
Security Issues:
* CVE-2014-1568
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-SU-2014:1023-1 -- Security update for CUPSSUSE Linux Enterprise Server 11CUPSThis update fixes various issues in CUPS.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-YU-2014:1021-1 -- YOU update for Software Update StackSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Software Update StackThis update for the Software Update Stack provides the several fixes and
enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-OU-2014:1050-1 -- Optional update for grub2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11grub2This patch provides grub2-x86_64-xen. This new package should be installed
on Xen virtualization servers that host SUSE Linux Enterprise 12 virtual
machines.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-RU-2014:1087-1 -- Recommended update for apache2-mod_jkSUSE Linux Enterprise Server 11apache2-mod_jkThis update provides apache2-mod_jk 1.2.40, which brings many fixes and
enhancements, such as improved IPv6 support. (FATE#317689)
For a comprehensive list of changes in this version refer to
http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html
<http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html> .Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-SU-2014:1028-1 -- Security update for krb5SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11krb5This MIT krb5 update fixes a buffer overrun problem in kadmind.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-RU-2014:1102-1 -- Recommended update for perl-BootloaderSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11perl-BootloaderThis update adjusts perl-Bootloader to work even if no kernel is
installed; in particular: allow empty boot configuration, remember kernel
options of last removed kernel, tolerate temporarily invalid boot entry on
s390x. (bnc#821465)
Additionally, the following minor fixes are included in this update:
* Remove old and no longer needed workaround-script
bootloader_fix_xen. (bnc#817168)
* Fix superfluous error message. (bnc#873231)
* Require coreutils during post for chmod.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1141-1 -- Security update for php53SUSE Linux Enterprise Server 11php53This php53 update fixes the following security issues:
* Insecure temporary file used for cache data was fixed by switching
to a different root only directory /var/cache/php-pear.
(CVE-2014-5459)
* An incomplete fix for CVE-2014-4049. (CVE-2014-3597)
Security Issues:
* CVE-2014-5459
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5459>
* CVE-2014-4049
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-RU-2014:1063-1 -- Recommended update for nss_ldapSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11nss_ldapThis update for nss_ldap provides fixes for the several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-SU-2014:1146-1 -- Security update for dbus-1SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11dbus-1Various denial of service issues were fixed in the DBUS service.
* CVE-2014-3638: dbus-daemon tracks whether method call messages
expect a reply, so that unsolicited replies can be dropped. As
currently implemented, if there are n parallel method calls in
progress, each method reply takes O(n) CPU time. A malicious user
could exploit this by opening the maximum allowed number of parallel
connections and sending the maximum number of parallel method calls
on each one, causing subsequent method calls to be unreasonably
slow, a denial of service.
* CVE-2014-3639: dbus-daemon allows a small number of "incomplete"
connections (64 by default) whose identity has not yet been
confirmed. When this limit has been reached, subsequent connections
are dropped. Alban's testing indicates that one malicious process
that makes repeated connection attempts, but never completes the
authentication handshake and instead waits for dbus-daemon to time
out and disconnect it, can cause the majority of legitimate
connection attempts to fail.
Security Issues:
* CVE-2014-3638
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638>
* CVE-2014-3638
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1140-1 -- Security update for squid3SUSE Linux Enterprise Server 11squid3Squid3 was updated to fix a denial of service in Range Header processing,
which would have allowed proxy users to crash the squid proxy process.
(CVE-2014-3609)
Security Issues:
* CVE-2014-3609
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3609>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-SU-2014:1017-1 -- Security update for augeasSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11augeasAugeas has been updated to fix a symlink overwrite problem.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-SU-2014:1005-1 -- Security update for PythonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PythonThis update for Python provides fixes for the several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1294-1 -- Security update for rsyslogSUSE Linux Enterprise Server 11rsyslogsyslog has been updated to fix a remote denial of service issue:
* Under certain configurations, a local or remote attacker able to
send syslog messages to the server could have crashed the log server
due to an array overread. (CVE-2014-3634, CVE-2014-3683)
Security Issues:
* CVE-2014-3634
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634>
* CVE-2014-3683
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3683>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-SU-2014:1037-1 -- Security update for IBM Java 1.7.0SUSE Linux Enterprise Server 11IBM Java 1.7.0IBM Java 1.7.0 has been updated to fix 14 security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-SU-2014:1011-1 -- Security update for PythonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PythonThis update for Python provides fixes for the following issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1216-1 -- Recommended update for mkinitrdSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mkinitrdThis collective update for mkinitrd provides the following fixes and
enhancements:
* Fix matching of device numbers in /proc/partitions in setup-storage.
(bnc#887683)
* Complete support of 2nd ibft iscsi interface. (bnc#830968)
* Include USB HID support whenever the kernel supports it. (bnc#879502)
* Respect the sixth field (fs_passno) in /etc/fstab for the root
device entry. (bnc#858023)
* Fix network setup with mkinitrd -f ifup. (bnc#872435)
* Include ifup dependencies even if ifup is not used. (bnc#891573)
* Retry nfs mount if network is not yet up. (bnc#891573)
* Add cciss compat rules to mkinitrd. (bnc#858663)
* Cleanup /lib/mkinitrd/{boot,setup} upon package removal. (bnc#892507)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1152-1 -- Recommended update for timezoneSUSE Linux Enterprise Server 11timezoneThis update provides the latest timezone information (2014g) for your
system, including the following changes:
* Russia will subtract an hour from most of its time zones on
2014-10-26 at 02:00 local time.
* Turks & Caicos are switching from US eastern time to UTC-4
year-round, modeled as a switch from EST/EDT to AST on 2014-11-02 at
02:00.
* Many past time stamps were updated for correctness.
* Many time zone abbreviations were adjusted or fixed.
* Many performance enhancements and fixes in the time zone
manipulation utilities.
* A new file 'zone1970.tab' was added. The new file's extended format
allows multiple country codes per zone. New applications should use
the new file.
* Some code fixes in 'localtime', 'zic', 'mktime' and 'yearistype'.
For a comprehensive list of changes, refer to the release announces from
ICANN:
* http://mm.icann.org/pipermail/tz-announce/2014-August/000023.html
<http://mm.icann.org/pipermail/tz-announce/2014-August/000023.html>
* http://mm.icann.org/pipermail/tz-announce/2014-August/000024.html
<http://mm.icann.org/pipermail/tz-announce/2014-August/000024.html>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1073-1 -- Security update for gpgmeSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gpgmeThis gpgme update fixes the following security issue:
* bnc#890123: Fix possible overflow in gpgsm and uiserver engines
(CVE-2014-3564)
Security Issues:
* CVE-2014-3564
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3564>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1147-1 -- Recommended update for supportutilsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11supportutilsThis update for supportutils provides the following fixes:
* Fixed /sys/class/drm hang issue in supportconfig. (bnc#889946)
* Collect information about Novell DSfW.
* Fixed NSS errors when Manage_NSS is missing.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1081-1 -- Security update for apache2SUSE Linux Enterprise Server 11apache2This apache2 update fixes the following security and non-security issues:
* mod_cgid denial of service (CVE-2014-0231, bnc#887768)
* mod_status heap-based buffer overflow (CVE-2014-0226, bnc#887765)
* mod_dav denial of service (CVE-2013-6438, bnc#869105)
* log_cookie mod_log_config.c remote denial of service (CVE-2014-0098,
bnc#869106)
* Support ECDH in Apache2 (bnc#859916)
* apache fails to start with SSL on Xen kernel at boot time
(bnc#852401)
Security Issues:
* CVE-2014-0098
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098>
* CVE-2013-6438
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438>
* CVE-2014-0226
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226>
* CVE-2014-0231
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-RU-2014:1056-1 -- Recommended update for kernel-firmwareSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kernel-firmwareThis update for kernel-firmware provides the several fixes and
enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-OU-2014:1050-1 -- Optional update for grub2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11grub2This patch provides grub2-x86_64-xen. This new package should be installed
on Xen virtualization servers that host SUSE Linux Enterprise 12 virtual
machines.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1032-1 -- Recommended update for MesaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MesaThis update for Mesa provides the several fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1056-1 -- Recommended update for kernel-firmwareSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kernel-firmwareThis update for kernel-firmware provides the several fixes and
enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1106-1 -- Security update for net-snmpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11net-snmpThis update for net-snmp fixes a remote denial of service problem inside
snmptrapd when it is started with the "-OQ" option. (CVE-2014-3565,
bnc#894361)
Additionally, a timeout issue during SNMP MIB walk on OID 1.3.6.1.2.1.4.24
when using newer (v5.5+) versions of snmpwalk has been fixed. (bnc#865222)
Security Issues:
* CVE-2014-3565
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3565>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1209-1 -- Recommended update for udevSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11udevThis update for udev provides the following fixes:
* ata_id: Skip ATA commands if we find an optical drive. (bnc#880066)
* ata_id: Support SG_IO version 4 interface. (bnc#880066)
* path_id: Add delay when CCW attributes are not available.
(bnc#881358)
* udevd: Improve error reporting when worker exits. (bnc#884441)
* boot.udev_retry: Fix script to trigger failed events. (bnc#884441)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-RU-2014:1032-1 -- Recommended update for MesaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MesaThis update for Mesa provides the several fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-SU-2014:0989-1 -- Security update for krb5SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11krb5The several security issues have been fixed in kerberos 5.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1105-1 -- Security update for the Linux KernelSUSE Linux Enterprise Server 11the Linux Kernel
* CVE-2014-0055
* CVE-2014-0077
* CVE-2014-1739
* CVE-2014-2706
* CVE-2014-2851
* CVE-2014-3144
* CVE-2014-3145
* CVE-2014-3917
* CVE-2014-4508
* CVE-2014-4652
* CVE-2014-4653
* CVE-2014-4654
* CVE-2014-4655
* CVE-2014-4656
* CVE-2014-4667
* CVE-2014-4699
* CVE-2014-5077
]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1213-1 -- Security update for bashSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11bashash has been updated to fix a critical security issue.
In some circumstances, the shell would evaluate shellcode in environment
variables passed at startup time. This allowed code execution by local or
remote attackers who could pass environment variables to bash scripts.
(CVE-2014-6271)
Security Issues:
* CVE-2014-6271
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-SU-2014:1009-1 -- Security update for PythonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PythonThis update for Python provides fixes for the several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-SU-2014:1027-1 -- Security update for glibcSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11glibcThis glibc update contains one security and two non security fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1125-1 -- Security update for glibcSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11glibcThis glibc update fixes a critical privilege escalation problem and two
non-security issues:
* bnc#892073: An off-by-one error leading to a heap-based buffer
overflow was found in __gconv_translit_find(). An exploit that
targets the problem is publicly available. (CVE-2014-5119)
* bnc#892065: setenv-alloca.patch: Avoid unbound alloca in setenv.
* bnc#888347: printf-multibyte-format.patch: Don't parse %s format
argument as multi-byte string.
Security Issues:
* CVE-2014-5119
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1217-1 -- Recommended update for avahiSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11avahiThis update for Avahi provides the following fixes:
* Document service instance name length limit in avahi.service(5).
(bnc#825463)
* Fix setting of thread_running flag in event loop. (bnc#725386)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-SU-2014:1049-1 -- Security update for OpenSSLSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11OpenSSLThis OpenSSL update fixes the several security issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-SU-2014:0997-1 -- Security update for PythonSUSE Linux Enterprise Server 11PythonPython has been updated to version 2.6.9, which brings many fixes for bugs
and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-SU-2014:1072-1 -- Security update for MySQLSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MySQLThis MySQL update provides the following:upgrade to version 5.5.39Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-SU-2014:1137-1 -- Security update for procmailSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11procmailocmail was updated to fix a security issue in its formail helper.
* When formail processed specially crafted e-mail headers a heap
corruption could be triggered, which would lead to a crash of
formail. (CVE-2014-3618)
Security Issues:
* CVE-2014-3618
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3618>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1003-1 -- Security update for pulseaudioSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pulseaudioThe several security issue is fixed in this updateSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-RU-2014:1057-1 -- Recommended update for sg3_utilsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11sg3_utilsThis update for sg3_utils provides the several fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-RU-2014:1018-1 -- Recommended update for openssl-ibmcaSUSE Linux Enterprise Server 11openssl-ibmcaThis update for openssl-ibmca fixes the message digest length definition
in the SHA-256 template.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-SU-2014:1001-1 -- Security update for pulseaudioSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pulseaudioThe several security issue is fixed in this update.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-SU-2014:1037-1 -- Security update for IBM Java 1.7.0SUSE Linux Enterprise Server 11IBM Java 1.7.0IBM Java 1.7.0 has been updated to fix 14 security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1063-1 -- Recommended update for nss_ldapSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11nss_ldapThis update for nss_ldap provides fixes for the several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1107-1 -- Security update for MozillaFirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MozillaFirefoxMozilla Firefox was updated to the 24.8.0ESR release, fixing security
issues and bugs.
Only some of the published security advisories affect the Mozilla Firefox
24ESR codestream:
* MFSA 2014-72 / CVE-2014-1567: Security researcher regenrecht
reported, via TippingPoint's Zero Day Initiative, a use-after-free
during text layout when interacting with the setting of text
direction. This results in a use-after-free which can lead to
arbitrary code execution.
* MFSA 2014-67: Mozilla developers and community identified and fixed
several memory safety bugs in the browser engine used in Firefox and
other Mozilla-based products. Some of these bugs showed evidence of
memory corruption under certain circumstances, and we presume that with
enough effort at least some of these could be exploited to run arbitrary
code.
* Jan de Mooij reported a memory safety problem that affects Firefox
ESR 24.7, ESR 31 and Firefox 31. (CVE-2014-1562)
More information is referenced on:
https://www.mozilla.org/security/announce/
<https://www.mozilla.org/security/announce/> .
Security Issues:
* CVE-2014-1562
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1562>
* CVE-2014-1567
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1567>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1022-1 -- Security update for CUPSSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11CUPSThis update fixes various issues in CUPS.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1065-1 -- Recommended update for zipSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11zipThis update for zip provides the following fix:Don't clobber include/exclude pattern lists by removing path prefixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-RU-2014:1048-1 -- Recommended update for aaa_baseSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11aaa_baseThis update for aaa_base provides the several fixes and enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-SU-2014:1015-1 -- Security update for tomcat6SUSE Linux Enterprise Server 11tomcat6Tomcat has been updated to version 6.0.41, which brings security and bug
fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-SU-2014:1007-1 -- Security update for pulseaudioSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pulseaudioThe several security issue is fixed in this update.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-RU-2014:1065-1 -- Recommended update for zipSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11zipThis update for zip provides the following fix:Don't clobber include/exclude pattern lists by removing path prefixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-SU-2014:1247-1 -- Security update for bashSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11bashThe command-line shell 'bash' evaluates environment variables, which
allows the injection of characters and might be used to access files on
the system in some circumstances (CVE-2014-7169).
Please note that this issue is different from a previously fixed
vulnerability tracked under CVE-2014-6271 and is less serious due to the
special, non-default system configuration that is needed to create an
exploitable situation.
To remove further exploitation potential we now limit the
function-in-environment variable to variables prefixed with BASH_FUNC_.
This hardening feature is work in progress and might be improved in later
updates.
Additionally, two other security issues have been fixed:
* CVE-2014-7186: Nested HERE documents could lead to a crash of bash.
* CVE-2014-7187: Nesting of for loops could lead to a crash of bash.
Security Issues:
* CVE-2014-7169
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169>
* CVE-2014-7186
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186>
* CVE-2014-7187
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1142-1 -- Recommended update for yast2-coreSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-coreThis update for yast2-core enables line buffering for parsing agent
output. This fixes a case where certain configuration files (e.g.
/etc/sudoers) could take over 10 minutes to parse if they contained single
strings sized 100KB. (bnc#854809)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1122-1 -- Security update for glibcSUSE Linux Enterprise Server 11glibc
* CVE-2014-4043
* CVE-2012-4412
* CVE-2013-0242
* CVE-2013-4788
* CVE-2013-4237
* CVE-2013-4332
]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-SU-2014:0998-1 -- Security update for PythonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PythonThis update for Python provides fixes for the several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-SU-2014:1112-1 -- Security update for MozillaFirefoxSUSE Linux Enterprise Server 11MozillaFirefoxMozilla Firefox was updated to the 24.8.0ESR release, fixing security
issues and bugs.
Only some of the published security advisories affect the Mozilla Firefox
24ESR codestream:
* MFSA 2014-72 / CVE-2014-1567: Security researcher regenrecht
reported, via TippingPoint's Zero Day Initiative, a use-after-free
during text layout when interacting with the setting of text
direction. This results in a use-after-free which can lead to
arbitrary code execution.
* MFSA 2014-67: Mozilla developers and community identified and fixed
several memory safety bugs in the browser engine used in Firefox and
other Mozilla-based products. Some of these bugs showed evidence of
memory corruption under certain circumstances, and we presume that with
enough effort at least some of these could be exploited to run arbitrary
code.
* Jan de Mooij reported a memory safety problem that affects Firefox
ESR 24.7, ESR 31 and Firefox 31. (CVE-2014-1562)
More information is referenced on:
https://www.mozilla.org/security/announce/
<https://www.mozilla.org/security/announce/> .
Security Issues:
* CVE-2014-1562
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1562>
* CVE-2014-1567
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1567>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0990-1 -- Recommended update for pesign-obs-integrationSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pesign-obs-integrationThis update for pesign-obs-integration includes the following fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1023-1 -- Security update for CUPSSUSE Linux Enterprise Server 11CUPSThis update fixes various issues in CUPS.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1009-1 -- Security update for PythonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PythonThis update for Python provides fixes for the several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-YU-2014:1021-1 -- YOU update for Software Update StackSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Software Update StackThis update for the Software Update Stack provides the several fixes and
enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1148-1 -- Recommended update for rng-toolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11rng-toolsThis update fixes usage of RDRAND support from recent CPUs in rng-tools
initialization script.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1006-1 -- Security update for PythonSUSE Linux Enterprise Server 11PythonPython has been updated to version 2.6.9, which brings many fixes for bugs
and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-OU-2014:1036-1 -- Optional update for pulseaudioSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pulseaudioThis optional update provides 32-bit versions of libpulse-mainloop-glib0.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0999-1 -- Security update for pulseaudioSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pulseaudioThe several security issue is fixed in this update.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0998-1 -- Security update for PythonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PythonThis update for Python provides fixes for the several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1138-1 -- Security update for the Linux KernelSUSE Linux Enterprise Server 11Linux kernel
* CVE-2013-4162
* CVE-2013-7266
* CVE-2013-7267
* CVE-2013-7268
* CVE-2013-7269
* CVE-2013-7270
* CVE-2013-7271
* CVE-2014-0203
* CVE-2014-3144
* CVE-2014-3145
* CVE-2014-3917
* CVE-2014-4508
* CVE-2014-4652
* CVE-2014-4653
* CVE-2014-4654
* CVE-2014-4655
* CVE-2014-4656
* CVE-2014-4667
* CVE-2014-4699
* CVE-2014-4943
* CVE-2014-5077
]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1012-1 -- Security update for PythonSUSE Linux Enterprise Server 11PythonPython has been updated to version 2.6.9, which brings many fixes for bugs
and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1143-1 -- Recommended update for puppet, facterSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11puppetfacterThis update provides Puppet 2.7.26 and Facter 1.6.18, which bring many
fixes and enhancements.
Although the most common use cases have been tested with the new version,
customers using modules provided by other vendors are advised to apply
this update on non-production systems first and verify that there are no
incompatibilities.
For a comprehensive list of changes in this new version, please refer to
the release notes:
https://docs.puppetlabs.com/puppet/2.7/reference/release_notes.html
<https://docs.puppetlabs.com/puppet/2.7/reference/release_notes.html> and
https://docs.puppetlabs.com/facter/1.6/release_notes.html
<https://docs.puppetlabs.com/facter/1.6/release_notes.html> .Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1101-1 -- Recommended update for SLE Virtualization ToolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SLE Virtualization ToolsThis collective update provides fixes and enhancements for SLE
Virtualization Tools.
libvirt:
* Fix race conditions in setting/getting domain state. (bnc#882598)
* Add PCI multi-domain support to the qemu driver. (bnc#882661)
perl-Sys-Virt:
* Update to version 1.0.5, adding all new APIs and constants from
libvirt 1.0.5.
virt-manager:
* Fix error during Appliance configuration on 2nd hard disk.
(bnc#864351)
* Fix error on 'Generate from host NUMA configuration'. (bnc#852404)
* Fix displaying of domains for PCI devices. (bnc#876604)
* Fix connection to remote Xen virtual machines using virt-manager
from YaST. (bnc#874300)
* Fix issue that made block device disappear after disabling cache.
(bnc#847641)
vm-install:
* Add support for SLE 12 and RHEL 7 installations. (bnc#885052,
bnc#882092, bnc#862605, bnc#862608)
* Fix reporting of full system memory on KVM installations.
(bnc#881573)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1049-1 -- Security update for OpenSSLSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11OpenSSLThis OpenSSL update fixes the several security issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1055-1 -- Security update for IBM JavaSUSE Linux Enterprise Server 11IBM Javajava-1_6_0-ibm has been updated to fix several security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1113-1 -- Recommended update for microcode_ctlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11microcode_ctlThis update provides Intel's CPU microcode version 20140624.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1077-1 -- Security update for libgcryptSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libgcryptThis libgcrypt update fixes the following security issue:
* bnc#892464: Side-channel attack on Elgamal encryption subkeys.
(CVE-2014-5270)
Security Issues:
* CVE-2014-5270
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5270>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-SU-2014:1013-1 -- Security update for pulseaudioSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pulseaudioThe several security issue is fixed in this update.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-RU-2014:1276-1 -- Recommended update for yast2-samba-clientSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-samba-clientThis update for yast2-samba-client ensures that nmbd is restarted after a
nmbstatus lookup. (bnc#895319).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1152-2 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11timezoneThis update provides the latest timezone information (2014g) for your
system, including the following changes:
* Russia will subtract an hour from most of its time zones on
2014-10-26 at 02:00 local time.
* Turks & Caicos are switching from US eastern time to UTC-4
year-round, modeled as a switch from EST/EDT to AST on 2014-11-02 at
02:00.
* Many past time stamps were updated for correctness.
* Many time zone abbreviations were adjusted or fixed.
* Many performance enhancements and fixes in the time zone
manipulation utilities.
* A new file 'zone1970.tab' was added. The new file's extended format
allows multiple country codes per zone. New applications should use
the new file.
* Some code fixes in 'localtime', 'zic', 'mktime' and 'yearistype'.
For a comprehensive list of changes, refer to the release announces from
ICANN:
* http://mm.icann.org/pipermail/tz-announce/2014-August/000023.html
<http://mm.icann.org/pipermail/tz-announce/2014-August/000023.html>
* http://mm.icann.org/pipermail/tz-announce/2014-August/000024.html
<http://mm.icann.org/pipermail/tz-announce/2014-August/000024.html>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1088-1 -- Security update for pppSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pppThis ppp update fixes a potential security issue that an unprivileged
attacker could access privileged options:
* integer overflow in option parsing (CVE-2014-3158, bnc#891489)
Security Issues:
* CVE-2014-3158
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3158>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1048-1 -- Recommended update for aaa_baseSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11aaa_baseThis update for aaa_base provides the several fixes and enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1080-1 -- Security update for apache2SUSE Linux Enterprise Server 11apache2This apache2 update fixes the following security and non security issues:
* mod_cgid denial of service (CVE-2014-0231, bnc#887768)
* mod_status heap-based buffer overflow (CVE-2014-0226, bnc#887765)
* mod_dav denial of service (CVE-2013-6438, bnc#869105)
* log_cookie mod_log_config.c remote denial of service (CVE-2014-0098,
bnc#869106)
* Support ECDH in Apache2 (bnc#859916)
Security Issues:
* CVE-2014-0098
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098>
* CVE-2013-6438
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438>
* CVE-2014-0226
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226>
* CVE-2014-0231
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0970-1 -- Recommended update for release-notes-slesSUSE Linux Enterprise Server 11release-notes-slesThis update provides the latest version of the release notes for SUSE Linux Enterprise Server 11 SP3.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0964-1 -- Recommended update for dnsmasqSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11dnsmasqThis update provides dnsmasq version 2.71, which brings several fixes and enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-OU-2014:1036-1 -- Optional update for pulseaudioSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pulseaudioThis optional update provides 32-bit versions of libpulse-mainloop-glib0.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-RU-2014:1057-1 -- Recommended update for sg3_utilsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11sg3_utilsThis update for sg3_utils provides the several fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1083-1 -- Recommended update for apache2-mod_nssSUSE Linux Enterprise Server 11apache2-mod_nssThis update brings several improvements to apache2-mod_nss.
*
More TLS 1.2 ciphers have been added, including AES-GCM and Camelia
ciphers. These can be selected by their tags:
o rsa_aes_128_sha256
o rsa_aes_128_gcm_sha
o rsa_aes_256_sha256
o rsa_camellia_128_sha
o rsa_camellia_256_sha
o ecdh_ecdsa_aes_128_gcm_sha
o ecdhe_ecdsa_aes_128_sha256
o ecdhe_ecdsa_aes_128_gcm_sha
o ecdh_rsa_aes_128_gcm_sha
o ecdhe_rsa_aes_128_sha256
*
The mod_nss.conf.in template was updated to include those ciphers.
(bnc#863035)
*
VirtualHost settings in /etc/apache2/conf.d/mod_nss.conf is now
externalized to /etc/apache2/vhosts.d/vhost-nss.template and not
activated/read by default. (bnc#878681)
*
The Server Name Indication (SNI) extension was implemented.
*
Reading the pass phrase during start-up was improved. (bnc#863518)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0967-1 -- Security update for the Apache Web ServerSUSE Linux Enterprise Server 11the Apache Web ServerThis update for the Apache Web Server provides several fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-YU-2014:0968-1 -- YOU update for poptSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11poptThis update for RPM provides the several fixes and enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1072-1 -- Security update for MySQLSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MySQLThis MySQL update provides the following:upgrade to version 5.5.39Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1001-1 -- Security update for pulseaudioSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pulseaudioThe several security issue is fixed in this update.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-SU-2014:1022-1 -- Security update for CUPSSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11CUPSThis update fixes various issues in CUPS.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-SU-2014:1015-1 -- Security update for tomcat6SUSE Linux Enterprise Server 11tomcat6Tomcat has been updated to version 6.0.41, which brings security and bug
fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1220-3 -- Security update for mozilla-nssSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10mozilla-nssMozilla NSS was updated to version 3.16.5 to fix a RSA certificate forgery
issue.
MFSA 2014-73 / CVE-2014-1568: Antoine Delignat-Lavaud, security researcher
at Inria Paris in team Prosecco, reported an issue in Network Security
Services (NSS) libraries affecting all versions. He discovered that NSS is
vulnerable to a variant of a signature forgery attack previously published
by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values
involved in a signature and could lead to the forging of RSA certificates.
The Advanced Threat Research team at Intel Security also independently
discovered and reported this issue.
Security Issues:
* CVE-2014-1568
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1121-2 -- Security update for kdelibs4SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kdelibs4This update of the kdelibs4 KSSL interface makes it select a set of
default ciphers that is recommended for current usage. This update is
needed for Konqueror to restrict its cipher set when using https.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0997-1 -- Security update for PythonSUSE Linux Enterprise Server 11PythonPython has been updated to version 2.6.9, which brings many fixes for bugs
and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1093-1 -- Recommended update for SambaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SambaThis update for Samba provides the following fixes:
* Disable TDB mmap() on s390 systems. (bso#10765, bnc#886193,
bnc#882356)
* Reduce printer_list.tdb lock contention during printcap update.
(bso#10652, bnc#883870)
* Avoid double-free in get_print_db_byname. (bso#10699)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0869-1 -- Security update for php53SUSE Linux Enterprise Server 11php53hp53 was updated to fix the following security vulnerabilities.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0896-1 -- Security update for GPG2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11GPG2GPG2 has been updated to fix a possible denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0839-1 -- Security update for SambaSUSE Linux Enterprise Server 11SambaSamba, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0817-1 -- Security update for popplerSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11popplerThis update fixes problems in DCTStream error handling in poppler.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1104-1 -- Security update for OpenSSLSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10OpenSSLThis OpenSSL update fixes the following security issues:
* bnc#890764: Information leak in pretty printing functions.
(CVE-2014-3508)
* bnc#890767: Double Free when processing DTLS packets. (CVE-2014-3505)
* bnc#890768: DTLS memory exhaustion. (CVE-2014-3506)
* bnc#890769: DTLS memory leak from zero-length fragments.
(CVE-2014-3507)
* bnc#890770: DTLS anonymous EC(DH) denial of service. (CVE-2014-3510)
Security Issues:
* CVE-2014-3508
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508>
* CVE-2014-3505
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505>
* CVE-2014-3506
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506>
* CVE-2014-3507
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507>
* CVE-2014-3510
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0873-2 -- Security update for PHP5SUSE Linux Enterprise Server 11PHP5PHP5 has been updated to fix four security vulnerabilities.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0846-1 -- Security update for dbus-1SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11dbus-1dbus-1 was patched to prevent a possible denial of service issue in dbus-daemon.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0934-1 -- Recommended update for lvm2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11lvm2This collective update for lvm2 and lvm2-clvm provides several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0785-1 -- Security update for libvirtSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libvirtlibvirt has been patched to fix two security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0456-3 -- Security update for JavaSUSE Linux Enterprise Server 11JavaIBM Java 6 has been updated to SR13 which fixes various
critical security issues and bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0472-1 -- Recommended update for hwinfoSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11hwinfoThis update for hwinfo fixes the kernel log parser to
correctly read time stamps prefixed to each logged line
and adds support to a new model of fingerprint reader.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0929-2 -- Recommended update for release-notes-slesSUSE Linux Enterprise Server 11release-notes-slesThis update provides the latest version of the release notes for SUSE Linux Enterprise Server 11 SP2 LTSS.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0453-1 -- Recommended update for cpupowerSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11cpupowerThis update for cpupower adds support for Intel IvyBridge
and Haswell CPUs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1112-2 -- Security update for MozillaFirefoxSUSE Linux Enterprise Server 11MozillaFirefoxMozilla Firefox was updated to the 24.8.0ESR release, fixing security
issues and bugs.
Only some of the published security advisories affect the Mozilla Firefox
24ESR codestream:
* MFSA 2014-72 / CVE-2014-1567: Security researcher regenrecht
reported, via TippingPoint's Zero Day Initiative, a use-after-free
during text layout when interacting with the setting of text
direction. This results in a use-after-free which can lead to
arbitrary code execution.
* MFSA 2014-67: Mozilla developers and community identified and fixed
several memory safety bugs in the browser engine used in Firefox and
other Mozilla-based products. Some of these bugs showed evidence of
memory corruption under certain circumstances, and we presume that with
enough effort at least some of these could be exploited to run arbitrary
code.
* Jan de Mooij reported a memory safety problem that affects Firefox
ESR 24.7, ESR 31 and Firefox 31. (CVE-2014-1562)
More information is referenced on:
https://www.mozilla.org/security/announce/
<https://www.mozilla.org/security/announce/> .
Security Issues:
* CVE-2014-1562
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1562>
* CVE-2014-1567
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1567>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0271-1 -- Recommended update for gdmSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gdmThis update for the GNOME Display Manager (gdm) avoids that
a second X server is being started on virtual terminal 7
after hitting the 'switch user' button.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1018-1 -- Recommended update for openssl-ibmcaSUSE Linux Enterprise Server 11openssl-ibmcaThis update for openssl-ibmca fixes the message digest length definition
in the SHA-256 template.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0441-1 -- Security update for PerlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PerlThis update of Perl 5 fixes the following security issues:
* fix rehash DoS [bnc#804415] [CVE-2013-1667]
* improve CGI crlf escaping [bnc#789994] [CVE-2012-5526]
* fix glob denial of service [bnc#796014]
[CVE-2011-2728]
* sanitize input in Maketext.pm [bnc#797060]
[CVE-2012-6329]Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0440-3 -- Security update for JavaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10JavaIBM Java 1.4.2 has been updated to SR13-FP15 which fixes
various critical security issues and bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0314-1 -- Recommended update for dhcpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11dhcpThis collective update for DHCP provides fixes for the
following issues:
* Ignore SIGPIPE instead of terminating in socket code
before the errno==EPIPE checks are reached (bnc#794578)
* Merge upstream fixes for memory leaks and
segmentation faults (bnc#794578)
* Fix timing values calculation in dhcpv6 client to
compare rebind value to infinity instead of renew
(bnc#794578)
* Fix discovery of interfaces which have only addresses
with a label assigned (bnc#791289)
* Fix parse buffer handling to avoid truncation of
config > ~8k from bigger LDAP objects (bnc#788787)
* Fix subclass name-ref and data quoting/escaping
(bnc#788787)
* Fix memory leaks on ldap_read_config errors
(bnc#788787)
* Fix dhclient-script to discard MTU lower-equal 576
rather than lower-than (bnc#791280)
* Fix a memory leak in dhcp-ldap's subnet range
processing (bnc#784640)
* Fix a parsing error when processing the second
dhcpService container that the dhcpServer object may refer
to (bnc#784640).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0835-1 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11timezoneThis update provides the latest timezone information for your system.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0871-1 -- Security update for xinetdSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10xinetdXinetd receives a LTSS roll-up update to fix two security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0863-1 -- Recommended update for WALinuxAgentSUSE Linux Enterprise Server 11WALinuxAgentWALinuxAgent has been updated to version 2.0.5, bringing many fixes and enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1013-1 -- Security update for pulseaudioSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pulseaudioThe several security issue is fixed in this update.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0850-1 -- Recommended update for grubSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11grubThis update for Grub adjusts the package's post installation scripts to fix creation of Kiwi images.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-OU-2014:0907-1 -- Optional update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThis SUSE Linux Enterprise 11 Service Pack 3 kernel update introduces the bigsmp kernel flavor which is optimized for very large systems.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0383-1 -- Recommended update for gnome-packagekitSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gnome-packagekitThis update fixes the conflicting id in OMF of
gnome-packagekit so that both gnome-packagekit and
gnome-power-manager are shown properly in GNOME help.
Additionally, it allows the resizing of message dialogs
when error details are shown.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0919-1 -- Security update for xorg-x11-libXrenderSUSE Linux Enterprise Server 11xorg-x11-libXrenderThis is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of xorg-x11-libXrender which fixes a security issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0880-1 -- Security update for puppetSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11puppetPuppet was updated to fix the several security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0844-1 -- Security update for rubySUSE Linux Enterprise Server 11rubyRuby received an LTSS roll-up update to fix the following security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0390-1 -- Recommended update for mdadmSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mdadmThis collective update for mdadm provides the following
features:
* Add md_monitor 4.16 (FATE#313624), with fixes
included from bnc#787826, bnc#770885, bnc#789202,
bnc#787819 and bnc#789535Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0936-1 -- Recommended update for SUSE Manager Proxy 2.1SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SUSE Manager Proxy 2.1This collective update for SUSE Manager Proxy 2.1 provides the fixes and enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0259-1 -- kernel update for SLE11 SP2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SLE11 SP2The SUSE Linux Enterprise 11 SP2 kernel was updated to
3.0.58, fixing various bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0808-1 -- Security update for openssl-certsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11openssl-certsopenssl-certs has been updated to include four new and remove two certificates/Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1064-1 -- Recommended update for yast2-countrySUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-countryThis update for YaST's Country Settings module (yast2-country) provides
the following fix:Do not try to save settings when the user did not change them.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0457-1 -- Security update for libqt4SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libqt4libqt4 has been updated to fix several security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0461-1 -- Recommended update for virt-utilsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11virt-utilsThis update for virt-utils fixes a syntactical error in
vm-snapshot-disk and provides a minor version update for
qemu-nbd and qemu-img utilities.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0322-1 -- Security update for wiresharkSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10wiresharkwireshark was updated to 1.8.5 (bnc#801131), fixing bugs
and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0937-1 -- Security update for ntpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11ntpThe NTP time service could have been used for remote denial of service amplification attacks.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1026-1 -- Recommended update for cronSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11cronThis update for cron provides the several fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0870-1 -- Security update for xalan-j2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xalan-j2xalan-j2 has been updated to ensure that secure processing can't be circumvented.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0776-1 -- Recommended update for biosdevnameSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11biosdevnameThis update for biosdevname fixes an issue in the port determination logic that could have resulted in more than one interface on a given PCI slot getting the same port number when renames are happening in parallel.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0327-1 -- Security update for squidSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 10squidA denial of service problem in Squid via invalid
Content-Length headers and memory leaks has been fixed.
(CVE-2012-5643,CVE-2013-0189, SQUID-2012:1)
Also a logrotate permission issue has been fixed.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1282-1 -- Security update for python-lxmlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11python-lxmlThis security update for python-lxml fixes a input sanitization flaw in
clean_html. (CVE-2014-3146)
Security Issues:
* CVE-2014-3146
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3146>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0910-1 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0849-1 -- Recommended update for clamavSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11clamavThe antivirus scanner ClamAV has been updated to version 0.98.3, which includes the following fixes and enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0436-1 -- Recommended update for WALinuxAgentSUSE Linux Enterprise Server 11WALinuxAgentThis update provides WALinuxAgent 1.3.2, which includes the
following fixes and enhancements:
* Capture all system command output if an error has
occurred
* Normalization of shell commands on Python subprocess
module
* Add support to serial logging from boot when
console=/dev/ttyS0 is set in the kernel boot options
* Fix typo in DVD mounting procedure
* Change default filesystem to ext3
* Fix name error in _HttpGet/HttpPost exception
handlers.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0452-1 -- Recommended update for SUSE Manager Client ToolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SUSE Manager Client ToolsThis collective update provides SUSE Manager Client Tools
version 1.7.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0356-1 -- Security update for freeradiusSUSE Linux Enterprise Server 11freeradiusThis update for freeradius-server provides the following
fixes and improvements:
* Increase the vendor IDs limit from 32767 to 65535
(bnc#791666)
* Fix issues with escaping special characters in
password (bnc#797515)
* Respect expired passwords and accounts when using the
unix module (bnc#797313, CVE-2011-4966).
Security Issue reference:
* CVE-2011-4966
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4966
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0864-1 -- Recommended update for nmapSUSE Linux Enterprise Server 11nmapThis update for nmap fixes the following issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0883-1 -- Security update for xorg-x11-libXextSUSE Linux Enterprise Server 11xorg-x11-libXextThis is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of xorg-x11-libXext, fixing a security issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0470-1 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Mozilla FirefoxMozillaFirefox has been updated to the 17.0.4ESR release
which fixes one important security issue:
* MFSA 2013-29 / CVE-2013-0787: VUPEN Security, via
TippingPoint's Zero Day Initiative, reported a
use-after-free within the HTML editor when content script
is run by the document.execCommand() function while
internal editor operations are occurring. This could allow
for arbitrary code execution.
Security Issue reference:
* CVE-2013-0787
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0787
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0877-1 -- Recommended update for dhcpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11dhcpThis update for dhcp provides the several fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0900-1 -- Security update for xorg-x11-libXfixesSUSE Linux Enterprise Server 11xorg-x11-libXfixesThis is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of xorg-x11-libXfixes, fixing a security issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0893-1 -- Security update for xorg-x11-libX11SUSE Linux Enterprise Server 11xorg-x11-libX11This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of xorg-x11-libX11, fixing a security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0898-1 -- Security update for xorg-x11-libXtSUSE Linux Enterprise Server 11xorg-x11-libXtThis is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of xorg-x11-libXt, fixing security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0931-1 -- Security update for libtasn1SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libtasn1libtasn1 has been updated to fix three security issues:asn1_get_bit_der() could have returned negative bit length, Multiple boundary check issues could have allowed DoS, Possible DoS by NULL pointer dereference in asn1_read_value_type.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0824-1 -- Security update for MozillaFirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11MozillaFirefoxMozillaFirefox was updated to version 24.6.0 to fix six security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0824-2 -- Security update for MozillaFirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10MozillaFirefoxMozillaFirefox was updated to version 24.6.0 to fix six security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0292-1 -- Security update for MozillaFirefoxSUSE Linux Enterprise Server 11MozillaFirefoxMozilla Firefox was updated to the 10.0.12ESR release for
LTSS.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0408-1 -- Recommended update for metacitySUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11metacityThis update for the Metacity window manager fixes a
segmentation fault when more than 16 virtual desktops are
used.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0493-1 -- Recommended update for release-notes-slesSUSE Linux Enterprise Server 11release-notes-slesThis update provides the latest version of the Release
Notes for SUSE Linux Enterprise Server 11 SP2.
The changes in detail are:
* Fix default value for vm.dirty_background_ratio
(bnc#805838).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0788-1 -- Security update for GnuTLSSUSE Linux Enterprise Server 11GnuTLSGnuTLS was patched to ensure proper parsing of session ids during the TLS/SSL handshake. Additionally three issues inherited from libtasn1 were fixed.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0669-1 -- Security update for systemtapSUSE Linux Enterprise Server 11systemtapThis collective update for systemtap provides the following
fixes:
* Change how systemtap looks for tracepoint header
files. (bnc#796574)
* Systemtap manually loads libebl backends. Add libebl1
dependency. (bnc#800335)
* Fix kernel panic when processing malformed DWARF
unwind data. (bnc#748564, CVE-2012-0875)
Security Issue reference:
* CVE-2012-0875
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0875
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0972-1 -- Security update for apache2-mod_security2SUSE Linux Enterprise Server 11apache2-mod_security2This apache2-mod_security2 update fixes the several security issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0818-1 -- Security update for opensshSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11opensshThis update for OpenSSH fixes the several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0287-1 -- Recommended update for nfs-clientSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11nfs-clientThis update for the NFS support utilities (nfs-client,
nfs-kernel-server) provides the following fixes:
* Allow gssd to work with more than 1024 connections,
depending on the 'nofile' resource limit. Increase this
limit to 4096 before starting rpc.gssd.
* Fix a signal handling issue that could cause silent
termination of the rpc.idmapd daemon.
* Don't convert user or group names with non-ASCII
characters to 'nobody' or 'nogroup'.
* Don't impose local-locking on /usr/sap.
* Skip processing files in /var/lib/nfs/rpc_pipefs/nfs
if they don't exist.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0399-1 -- Recommended update for microcode_ctlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11microcode_ctlThis update provides Intel's CPU microcode version 20130222.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0409-1 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10timezoneThis update provides the latest timezone information for
your system. The changes in detail are:
* Chile is changing its DST rules
* Estimate Morocco 2013-2038 transitions for Ramadan
* New alias Europe/Busingen for Europe/Zurich
* New zones Asia/Khandyga, Asia/Ust-Nera
* Libya moving to CET, but with DST.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0837-1 -- Security update for Linux KernelSUSE Linux Enterprise Server 11Linux KernelThe SUSE Linux Enterprise 11 Service Pack 2 LTSS kernel was updated to fix a critical security issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0517-1 -- Security update for PostgreSQLSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PostgreSQLPostgreSQL has been updated to version 9.1.8 which fixes
various bugs and one security issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0915-1 -- Security update for xorg-x11-libXpSUSE Linux Enterprise Server 11xorg-x11-libXpThis is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of xorg-x11-libXp which fixes a security issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0959-1 -- Recommended update for mcelogSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mcelogThis update for mcelog provides the following fixes: Add model number of Haswell Server (0x3f), Add missing entry to Ivy Bridge memory controller decode table, Continue without DMI when there's no SMBIOS or SMBIOS=0x0 in /sys/firmware/efi/systabSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0759-2 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 SP2 kernel has been updated to
3.0.74 fix various security issues and bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0899-1 -- Security update for SambaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SambaSamba has been updated to fix two security issues and one non-security issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0821-1 -- Security update for nfs-clientSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11nfs-clientThis update fixes a DNS spoofing problem with NFS
rpc-gssd. (CVE-2013-1923)(bnc#813464) It also adds
MOUNTD_OPTIONS and GSSD_OPTIONS to /etc/sysconfig/nfs.
(bnc#818094, bnc#816897)
Security Issues:
* CVE-2013-1923
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1923
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0753-1 -- Recommended update for ModemManagerSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11ModemManagerThis update for ModemManager adds port initialization
settings for new models of ZTE modems.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0344-1 -- Recommended update for CUPSSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11CUPSThis update for CUPS removes the hard-coded printing delay
of 5 seconds from the "socket" backend.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1016-1 -- Recommended update for libgphoto2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libgphoto2This update of libgphoto2 fixes an issue where daemonized usage of
libgphoto2 like in gphotofs could have affected devices attached to
unrelated serial ports.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0489-1 -- Recommended update for aaa_baseSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11aaa_baseThis collective update for aaa_base provides the following
fixes and enhancements:
* Use of large UID numbers could cause the creation of
a huge "faillog" file in /var/log. When logging in as root,
the faillog(8) utility could read this file sequentially,
introducing long delays. This update removes the call to
faillog from the default login scripts. Users interested in
keeping this functionality are advised to use the PAM
module pam_tally2(8). (bnc#801037)
* During system shutdown, blogd(8) could close the
system console before all messages were printed.
(bnc#789893)
* Mime types for .docx, .dotx, .pptx, .xlsx and .xltx
were added to /etc/mime.types. (FATE#313237)Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-OU-2013:0702-1 -- Optional update for V4L plug-ins for GStreamerSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11V4L plug-ins for GStreamerThis update provides a collection of video4linux support
libraries and a video4linux plug-in for the Gstreamer
framework.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0329-1 -- Recommended update for auditSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11auditThe set of tools for Kernel Auditing (audit) has been
updated to version 1.8. The update brings many fixes and
enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0749-1 -- Recommended update for python-ethtoolSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11python-ethtoolThis update for python-ethtool allows pifconfig to display
information about single network interfaces.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0837-2 -- Security update for Linux KernelSUSE Linux Enterprise Server 11Linux KernelThe SUSE Linux Enterprise 11 Service Pack 2 LTSS kernel was updated to fix a critical security issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0327-2 -- Security update for squid3SUSE Linux Enterprise Server 11squid3A denial of service problem in Squid3 initiated via invalid
Content-Length headers and memory leaks has been fixed.
(CVE-2012-5643,CVE-2013-0189, SQUID-2012:1)
Also a logrotate permission issue has been fixed.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0872-1 -- Security update for sendmailSUSE Linux Enterprise Server 11sendmailsendmail has been updated to fix the following security issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0930-1 -- Security update for kdirstatSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kdirstatThe following security issue has been fixed:command injection in kcleanup.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0882-1 -- Security update for xorg-x11-libXvSUSE Linux Enterprise Server 11xorg-x11-libXvThis is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of xorg-x11-libXv, fixing security issues and some bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0763-1 -- Recommended update for glib2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11glib2This update for glib2 adjusts SuSEconfig.glib2 to not check
for files that might not exist on new installations.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0761-1 -- Recommended update for kdelibs4SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kdelibs4This update for kdelibs4 provides the following fixes:
* Fix services not showing up in context menu when
multiple files are selected. (bnc#809065)
* Fix kfmclient openProfile. (bnc#807314)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0793-1 -- Security update for strongswanSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11strongswanThis update fixes a NULL ptr dereference (DoS) via ID_DER_ASN1_DN ID payloads.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0252-1 -- Recommended update for sysconfigSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11sysconfigThis update for sysconfig provides the following fixes and
improvements:
* Use dhclient6 in dhcp6_client state variable
* Correctly apply STP constrains also to float time
values with a 1/100 sec precision
* Update bridge documentation link in ifcfg-bridge.5
* Do not report failure while setting unsupported power
management option in ifup-wireless
* Check and reject too long interface names or names
with suspect characters
* Do not wait when creation of virtual interface name
fails
* Do not start dhcp clients too early or they may be
unable to send packets
* Load af_packet module early and wait for link ready
* Check before running a script in netcontrol_services
* Allow suffixes in ETHTOOL_OPTIONS variable to apply
settings separately
* Add ETHTOOL_UP_RETRY and ETHTOOL_UP_WAIT variables to
wait until the link has been set up
* Updated ifcfg(5) man page
* Do not mount file systems with the noauto flag setSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0633-1 -- Security update for PostgreSQLSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PostgreSQLThis update to version 9.1.9 fixes:
* CVE-2013-1899: Fix insecure parsing of server
command-line switches.
* CVE-2013-1900: Reset OpenSSL randomness state in each
postmaster child process.
* CVE-2013-1901: Make REPLICATION privilege checks test
current user not authenticated user.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0610-1 -- Security update for jakartaSUSE Linux Enterprise Server 11jakartaThe following issue has been fixed:
* SSL certificate hostname verification was not done
and is fixed by this update. (CVE-2012-5783)
Security Issue reference:
* CVE-2012-5783
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: SUSE-SU-2014:1005-1 -- Security update for PythonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PythonThis update for Python provides fixes for the several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: SUSE-RU-2014:1026-1 -- Recommended update for cronSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11cronThis update for cron provides the several fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDSUSE-RU-2013:1004-1 -- Recommended update for OFEDSUSE Linux Enterprise Server 11OFEDOFED has been updated to fix compatibility issues with the
latest SUSE Linux Enterprise kernels that might have lead
to crashes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-FU-2013:0397-1 -- Feature update for certification-sles-eal4SUSE Linux Enterprise Server 11certification-sles-eal4This package is made available to all SUSE Linux Enterprise
Server 11 Service Pack 2 systems to allow a Common
Criteria evaluated configuration of the system through the
installation using AutoYaST profiles. Have a look at the
files in /usr/share/doc/packages/certification-sles-eal4,
or use "man SLES11SP2-EAL4-Configuration-Guide" for
details.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0843-1 -- Security update for rubySUSE Linux Enterprise Server 11rubyRuby received an LTSS roll-up update to fix the following security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0960-1 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11Mozilla FirefoxMozilla Firefox has been updated to the 24.7ESR security release.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1001-1 -- Recommended update for supportutilsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10supportutilsThis update fixes the following issues:
- supportconfig: 2.25-370
- supportconfig: 2.25-359
- supportconfig: 2.25-358
- supportconfig: 2.25-350Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0645-1 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10Mozilla FirefoxMozillaFirefox has been updated to the 17.0.5ESR release
fixing bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0840-1 -- Recommended update for sapconfSUSE Linux Enterprise Server 11sapconfThis update for sapconf changes the default value of
vm.max_map_count for SAP HANA.
Please read TID #7000830 for possible side effects of this
change:
http://www.suse.com/support/kb/doc.php?id=7000830
<http://www.suse.com/support/kb/doc.php?id=7000830>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1098-1 -- Security update for MesaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MesaThis update of Mesa fixes multiple integer overflows.
Security Issue reference:
* CVE-2013-1993
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1993
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0807-1 -- Security update for Linux KernelSUSE Linux Enterprise Server 11Linux KernelThe SUSE Linux Enterprise Server 11 SP1 LTSS kernel received a roll-up update to fix security and non-security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0771-1 -- Security update for curlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11curlThis update fixes the cookie domain tailmatch vulnerability
in curl. CVE-2013-1944 has been assigned to this issue.
Security Issue reference:
* CVE-2013-1944
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1944
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0835-3 -- Security update for IBM JavaSUSE Linux Enterprise Server 11IBM JavaIBM Java 1.6.0 has been updated to SR13-FP2 which fixes
bugs and security issues.
http://www.ibm.com/developerworks/java/jdk/alerts/
<http://www.ibm.com/developerworks/java/jdk/alerts/>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0795-1 -- Security update for libtiffSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10libtiffThis update fixes two buffer overflow security issues with
libtiff:
* CVE-2013-1960
* CVE-2013-1961Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0904-1 -- Security update for lzoSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11lzolzo was updated to fix a potential denial of service issue or possible remote code execution by allowing an attacker, if the LZO decompression algorithm is used in a threaded or kernel context, to corrupt memory structures that control the flow of execution in other contexts.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0758-1 -- Recommended update for NetworkManagerSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11NetworkManagerThis update for NetworkManager provides the following fixes:
* Make modem disconnects synchronous in order to avoid
a race condition when disconnecting and then immediately
reconnecting. (bnc#659267)
* Fix an issue that prevented the reactivation of some
wireless devices if they were manually disabled before a
reboot. (bnc#760875)
* Fix a race condition when enabling wireless networks
at power management resume. (bnc#751273)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0358-1 -- Security update for nagiosSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10nagiosThis update fixes a stack overflow in the nagios web
interface. CVE-2012-6096 has been assigned.
Security Issue reference:
* CVE-2012-6096
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6096
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0626-1 -- Recommended update for kdumpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kdumpThis update for Kdump provides the following fixes and
enhancements:
* In multipath setups, make sure that only devices
actually required by kdump are initialized in kdump
environment. This reduces run-time memory requirements.
(bnc#738865)
* Add a new configuration option to set the number of
CPUs that will be available in the Kdump environment. On
SMP systems, makedumpfile will then enable the split mode
to dump data to multiple DUMPFILEs in parallel. (bnc#783592)
* Close a race condition between creating the kdump
initrd and restricting its file permissions to avoid
leaking sensitive information, such as private keys or
passwords needed to save a dump to a remote system.
(bnc#742884)
* Do not set up iommu pass-through for the kdump
kernel. (bnc#804800)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1130-1 -- Recommended update for multipath-toolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11multipath-toolsThis update for multipath-tools fixes a potential thread
stack overflow when using some functions from libudev.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0549-1 -- Security update for OpenSSLSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11OpenSSLOpenSSL has been updated to fix several security issues:
* CVE-2012-4929: Avoid the openssl CRIME attack by
disabling SSL compression by default. Setting the
environment variable "OPENSSL_NO_DEFAULT_ZLIB" to "no"
enables compression again.
* CVE-2013-0169: Timing attacks against TLS could be
used by physically local attackers to gain access to
transmitted plain text or private keymaterial. This issue
is also known as the "Lucky-13" issue.
* CVE-2013-0166: A OCSP invalid key denial of service
issue was fixed.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0888-1 -- Recommended update for xorg-x11-serverSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-serverThis collective update for xorg-x11-server provides the several fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1059-2 -- Security update for clamavSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11clamavThis release of clamav provides version 0.97.8 and fixes
several potential security issues (bnc#816865):
* CVE-2013-2020: Fix heap corruption
* CVE-2013-2021: Fix overflow due to PDF key length
computation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0799-1 -- Recommended update for util-linuxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11util-linuxThis collective update for util-linux provides the
following fixes and enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1193-1 -- Security update for ibutilsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10ibutilsVarious tmp races in ibdiagnet of ibutils have been fixed
that could have been used by local attackers on machines
where infiband was debugged to gain privileges.
Security Issue reference:
* CVE-2013-1894
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1894
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0709-1 -- Security update for stunnelSUSE Linux Enterprise Server 11stunnelThis update for stunnel fixes a buffer overflow
vulnerability caused by incorrect integer conversion in
the NTLM authentication of the CONNECT protocol
negotiation (CVE-2013-1762).
Security Issue reference:
* CVE-2013-1762
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1762
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0934-1 -- Security update for Java 1.4.2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10Java 1.4.2IBM Java 1.4.2 has been updated to SR13-FP17 fixing bugs
and security issues.
http://www.ibm.com/developerworks/java/jdk/alerts/
<http://www.ibm.com/developerworks/java/jdk/alerts/>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0479-1 -- Recommended update for yast2-dns-serverSUSE Linux Enterprise Server 11yast2-dns-serverThis collective update for YaST's DNS Server configuration
module (yast2-dns-server) provides the following fixes:
* Enhanced checking for errors while writing to LDAP
(bnc#768708)
* Checking for return values while writing into LDAP
and reporting errors (bnc#768708)
* Report errors correctly when the bind package is not
installed (bnc#765445).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0789-1 -- Recommended update for python-pywbemSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11python-pywbemThis update for python-pywbem fixes the following issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1074-1 -- Recommended update for bindSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11bindThe BIND DNS server package has been updated to version
9.9.2P2, which brings many fixes, enhancements and new
features, such as:
* Automated trust anchor maintenance for DNSSEC (RFC
5011)
* Simplified configuration of Dynamic DNS
* Simplified configuration of DNSSEC Lookaside
Validation (DLV)
* Fully automatic signing of zones
* Implementation of DNS64, a transition mechanism to
IPv6 deployment
* Inline Signing for DNSSEC
* DNSSEC NSEC performance improvements
* Multiprocessing performance improvements.
This update also contains several functional changes which
might need changes of certain configuration settings. More
information can be found in TID #7012684:
https://www.suse.com/support/kb/doc.php?id=7012684
<https://www.suse.com/support/kb/doc.php?id=7012684>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0955-1 -- Security update for lzoSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10lzolzo has been updated to fix a potential denial of service issue or possible remote code execution by allowing an attacker, if the LZO decompression algorithm is used in a threaded or kernel context, to corrupt memory structures that control the flow of execution in other contexts.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1175-1 -- Security update for MesaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MesaA memory corruption in the Mesa Intel drivers (OOB
read/write) has been fixed. (CVE-2013-1872) This could
have been potentially exploited by remote attackers who
would have been able to inject 3d graphics into the
attacked desktop.
Security Issue reference:
* CVE-2013-1872
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1872
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1075-1 -- Recommended update for tarSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11tarThis update for tar provides the following fixes:
* Don't print "lone zero blocks" warnings, as there are many tar
implementations around that create invalid archives with a zero
block in the middle. (bnc#881863)
* Fix creation of archives with large UIDs and POSIX format.
(bnc#864302)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0492-1 -- Recommended update for createrepo, deltarpm and yumSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11createrepodeltarpmyumThis collective update provides newer versions of
createrepo (v0.9.9), deltarpm (v3.5) and yum (v3.2.29).
The updated packages bring many fixes and enhancements,
including the capability of creating repositories with
delta RPM support.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1166-1 -- Security update for compat-curl2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10compat-curl2This update of compat-curl2 fixes a security vulnerability:
* libcurl URL decode buffer boundary flaw (bnc#824517 /
CVE-2013-2174)
Security Issue reference:
* CVE-2013-2174
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2174
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-YU-2013:1206-1 -- YOU update for libzyppSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libzyppThis update for libzypp fixes a potential log file
truncation introduced by the previous maintenance update.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0757-1 -- Security update for ImageMagickSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11ImageMagickImageMagick has been updated to fix an integer overflow
(CVE-2012-3438).
Also a slowness in "convert" when resizing JPEG images has
been addressed (bnc#754481).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0250-1 -- Recommended update for WALinuxAgentSUSE Linux Enterprise Server 11WALinuxAgentThis update provides WALinuxAgent 1.3, which includes the
following fixes and enhancements:
* Improve error checking and robustness of DVD mounting
operation during provisioning
* Remove redundant check for IP and Port in
LoadBalancerProbe
* Add check to self.computername to detect empty host
name in configuration
* Fix initialization script to start the daemon only
once
* Fix encoding of the README file by converting it to
UTF8 and UNIX format
* Add README.SUSE to document how the package should be
usedSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1103-1 -- Security update for xorg-x11-libsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libsThis update of xorg-x11-libs fixes several integer and
buffer overflow issues (bnc#815451, bnc#821663).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0754-1 -- Recommended update for NetworkManagerSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11NetworkManagerThis update for NetworkManager-pptp allows users to set the
password of system-wide VPN connections.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0561-1 -- Recommended update for pidentdSUSE Linux Enterprise Server 11pidentdThis update for pidentd fixes an issue that prevented the
service from accepting IPv4 connections when IPv6 was
disabled.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0696-1 -- Security update for dhcpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11dhcpThe ISC DHCP server had a denial of service issue in
handling specific DDNS requests which could cause a out of
memory usage situation. (CVE-2013-2266)
This update also adds a dhcp6-server service template for
SuSEfirewall2 (bnc#783002)
Security Issues:
* CVE-2013-2266
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1059-1 -- Security update for clamavSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10clamavThis update contains clamav 0.97.8 which fixes security
issues (bnc#816865):
* CVE-2013-2020: Fix heap corruption
* CVE-2013-2021: Fix overflow due to PDF key length
computation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0879-1 -- Security update for quaggaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10quaggaQuagga received an update fixing two security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1017-1 -- Security update for augeasSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11augeasAugeas has been updated to fix a symlink overwrite problem.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0385-1 -- Recommended update for nautilusSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11nautilusThis update for the Nautilus desktop file manager improves
visibility of SUSE Linux Enterprise documentation showing
a desktop shortcut to the SUSE manual if present and
desired. In addition, it also fixes alignment of newly
added icons to avoid overlapping.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0881-1 -- Security update for xorg-x11-libsSUSE Linux Enterprise Server 11xorg-x11-libsThis is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of xorg-x11-libs, fixing security issues and some bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0789-1 -- Recommended update for xrdpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xrdpThis update for xrdp provides the following fixes:
* Enable support to 24bpp RDP connections. (bnc#807610)
* Dynamically select an RDP port that is not in use.
(bnc#810265)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1211-1 -- Recommended update for yast2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2This update fixes an issue in network setup that affects
only automated installations of Open Enterprise Server.
* bnc#817797: AutoYaST import can be overwritten by
Read in NetworkInterfaces.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1074-2 -- Recommended update for bindSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11bindThe BIND DNS server has been updated to version 9.9.2P2,
which brings many fixes, enhancements and new features,
such as:
* Automated trust anchor maintenance for DNSSEC (RFC
5011)
* Simplified configuration of Dynamic DNS
* Simplified configuration of DNSSEC Lookaside
Validation (DLV)
* Fully automatic signing of zones
* Implementation of DNS64, a transition mechanism to
IPv6 deployment
* Inline Signing for DNSSEC
* DNSSEC NSEC performance improvements
* Multiprocessing performance improvements
This update also contains several functional changes which
might need changes of certain configuration settings. More
information can be found in TID #7012684:
https://www.suse.com/support/kb/doc.php?id=7012684
<https://www.suse.com/support/kb/doc.php?id=7012684>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0262-1 -- Security update for MySQLSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MySQLA stack-based buffer overflow in MySQL has been fixed that
could have caused a Denial of Service or potentially
allowed the execution of arbitrary code (CVE-2012-5611).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0618-1 -- Security update for puppetSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11puppetuppet has been updated to fix 2.6.18 multiple
vulnerabilities and bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0320-1 -- Security update for libvirtSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libvirtlibvirt was updated to fix the following security issue:
* A flaw was found in the way message freeing on
connection cleanup was handled under certain error
conditions. A remote user able to issue commands to libvirt
daemon could use this flaw to crash libvirtd or,
potentially, escalate their privilages to that of libvirtd
process. (CVE-2013-0170)
Also following bug has been fixed:
* Add managedSave functions to legacy xen driver
bnc#782311
Security Issue reference:
* CVE-2013-0170
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0170
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0703-1 -- Recommended update for kshSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kshThis update to Korn Shell 93u+ provides fixes for many
issues, including:
* Fix segmentation fault on typeset on ENV variable.
(bnc#803613)
* Do not free data which is used later on in the hash
tree of reloaded shell functions. (bnc#795324)
* Make sure that tty is closed even if an interrupt
arrived during close. (bnc#790315)
* Fix truncation of variables when TMOUT is used.
(bnc#808956)
* Fix syntax error on command substitution in
here-document. (bnc#804998)
* Make Shift_JIS patch more reliable as requested by
upstream.
For a comprehensive list of fixes please refer to the
package's change log.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0834-1 -- Recommended update for yast2-networkSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-networkThis collective update for yast2-network fixes the several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0440-2 -- Security update for JavaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10JavaIBM Java 1.4.2 has been updated to SR13-FP15 which fixes
various critical security issues and bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1138-1 -- Recommended update for release-notes-slesSUSE Linux Enterprise Server 11release-notes-sles* Version 11.2.0.46 (bnc#815270) contains the
following: o Updated entries:
+ Video and Stream Processing (bnc#818303,
via fate#314884)
+ Major advances in supporting iSCSI and
FCoE (bnc#818299, via fate#311801)
+ Automated LUN scanning (NPIV only)
(bnc#825298, via fate) o New entry: Lustre kernel support
(bnc#802764, via fate#314679)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1241-1 -- Recommended update for createrepoSUSE Linux Enterprise Server 11createrepoThis update for createrepo fixes modifyrepo to no longer
use sub-second resolution in timestamp attributes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1239-1 -- Recommended update for SLES release notesSUSE Linux Enterprise Server 11SLES release notesThis update provides the latest version of the Release
Notes for SUSE Linux Enterprise Server 11 SP3.
* Updated entries: o Service Pack for HP Linux ProLiant
(bnc#826123) o Move UEFI section to a better location
(bnc#828056) o Add pointer to fadump config (bnc#817831) o
Update support statement (bnc#828478).
* New entries: o Capturing kdump on a Target using
Devicemapper (Incl. Multipath) (bnc#827016) o Lower Version
Numbers in SUSE Linux Enterprise 11 SP3 than in SP2
(bnc#827325).
* Removed entries: o iSCSI Installations with Multiple
NICs Losing Network Connectivity (bnc#825141).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0341-1 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 SP2 kernel has been updated to
fix two issues:
One severe security issue:
* CVE-2013-0871: A race condition in ptrace(2) could be
used by local attackers to crash the kernel and/or execute
code in kernel context.
One severe regression issue:
* A regression in UNIX domain socket credential
passing. The default disabling of passing credentials
caused regression in some software packages that did not
expect this. One major software package affected by this
was the Open Enterprise Server stack.
Security Issue reference:
* CVE-2013-0871
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0871
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-YU-2013:1162-1 -- YOU update for libzyppSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libzyppThis update for the Software Update Stack provides the
following fixes and enhancements:
libzypp:
* Set log file permission upon file creation only.
(bnc#825490)
* Speedup scanning for modaliases, improving
performance on machines with large amounts of RAM.
(bnc#824110)
* Implement retrieval of packages from tftp servers.
(bnc#803316)
* Fix file probing via tftp://. (bnc#803316)
* Add modalias and multiversion spec to testcase.
zypper:
* Set default zypper.log mode to 0640. (bnc#825490)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0780-1 -- Recommended update for atftpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11atftpThis update for atftp adds generic capabilities to the
package specification, allowing other packages to depend
on the capability instead of the package name.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0633-2 -- Security update for PostgreSQLSUSE Linux Enterprise Server 11PostgreSQLThis update of PostgreSQL to version 9.1.9 fixes:
* CVE-2013-1899: Fix insecure parsing of server
command-line switches.
* CVE-2013-1900: Reset OpenSSL randomness state in each
postmaster child process.
* CVE-2013-1901: Make REPLICATION privilege checks test
current user not authenticated user.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1129-1 -- Security update for glibcSUSE Linux Enterprise Server 11glibcThis glibc update fixes a critical privilege escalation problem and two
additional issues:
* bnc#892073: An off-by-one error leading to a heap-based buffer
overflow was found in __gconv_translit_find(). An exploit that
targets the problem is publicly available. (CVE-2014-5119)
* bnc#836746: Avoid race between {, __de}allocate_stack and
__reclaim_stacks during fork.
* bnc#844309: Fixed various overflows, reading large /etc/hosts or
long names. (CVE-2013-4357)
* bnc#894553, bnc#894556: Fixed various crashes on invalid input in
IBM gconv modules. (CVE-2014-6040, CVE-2012-6656)
Security Issues:
* CVE-2012-6656
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6656>
* CVE-2013-4357
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4357>
* CVE-2014-5119
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119>
* CVE-2014-6040
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0744-1 -- Security update for libxml2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10libxml2libxml2 has been updated to fix entity expansion problems:
* CVE-2013-0338: Internal entity expansion within XML
was not bounded, leading to simple small XML files being
able to cause "out of memory" denial of service conditions.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1114-1 -- Recommended update for rshSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11rshThis update fixes an error handling issue in rlogind that
could make it fail to accept connections from rlogin
clients.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1121-1 -- Security update for libqt4SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libqt4This update of the QT4 QSSL interface makes it select a set of default
ciphers that is recommended for current usage. This update is needed for
Konqueror to restrict its cipher set when using https.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1152-1 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Mozilla FirefoxMozilla Firefox has been updated to the 17.0.7 ESR version,
which fixes bugs and security fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1278-1 -- Recommended update for python-xmlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11python-xmlThis update fixes the python-xml package to no longer
provide and obsolete PyXML.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0698-1 -- Recommended update for timezoneSUSE Linux Enterprise Server 11timezoneThis update provides the latest timezone information
(2013b) for your system.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1184-1 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10timezoneThis update provides the latest timezone information for
your system. The changes in detail are:
* Morocco's midsummer transitions this year are July 7
and August 10
* Israel now falls back from DST on the last Sunday of
October
* Palestine observed DST starting March 29, 2013
* From 2013 on, Gaza and Hebron both observe DST.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1219-1 -- Security update for nagios-nrpe, nagios-plugins-nrpeSUSE Linux Enterprise Server 11nagios-nrpenagios-plugins-nrpeNagios NRPE was updated to add more blacklisting to avoid
shell injection via nagios request packets (CVE-2013-1362).
Security Issues:
* CVE-2013-1362
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1362
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1311-1 -- Recommended update for AppArmorSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11AppArmorAppArmor has been rebuilt to enable a new set of
capabilities available on SUSE Linux Enterprise 11 SP3.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0487-1 -- Recommended update for kernel-firmwareSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kernel-firmwareThis update for the Linux Kernel firmware files
(kernel-firmware) provides:
* QLogic's ql2400_fw.bin and ql2500_fw.bin version
5.08.00. The updated firmware fixes I/O stalls when
performing storage server controller reboots
* New firmware version for fixing the missing support
for Atheros MANGO and MANGO rev.2 Bluetooth module.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1255-1 -- Security update for java-1_6_0-ibmSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10java-1_6_0-ibmIBM Java 1.6.0 has been updated to SR14 to fix bugs and
security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1111-1 -- Recommended update for irqbalanceSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11irqbalanceThis update for irqbalance fixes support for NUMA platforms
by linking the program against libnuma.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0844-1 -- Recommended update for openCryptokiSUSE Linux Enterprise Server 11openCryptokiThis update for openCryptoki changes the default mode of
/var/lock/openCryptoki to allow writes from members of
group pkcs11.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1304-1 -- Security update for puppetSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11puppetThis puppet update fixes a remote code execution issue:
* Unauthenticated Remote Code Execution Vulnerability
with YAML and REST API calls (bug#825878, CVE-2013-3567)
Security Issue reference:
* CVE-2013-3567
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3567
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1028-1 -- Security update for krb5SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11krb5This MIT krb5 update fixes a buffer overrun problem in kadmind.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1104-1 -- Security update for xorg-x11-libXvSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libXvThis update of xorg-x11-libXv fixes several integer and
buffer overflow issues (bnc#815451, bnc#821671,
CVE-2013-1989, CVE-2013-2066).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0617-1 -- Security update for ClamAVSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10ClamAVClamAV has been updated to the 0.97.7 release that contains
various security related hardening fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:1054-1 -- Recommended update for gdmSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gdmThis update for gdm provides fixes for the several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0440-1 -- Security update for JavaSUSE Linux Enterprise Server 11JavaIBM Java 7 was updated to SR4, fixing various critical
security issues and bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0731-1 -- Security update for GnuTLSSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10GnuTLSThis GnuTLS update fixes incorrect padding which weakens
the encryption. CVE-2013-1619 has been assigned to this
issue.
Security Issue reference:
* CVE-2013-1619
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-YU-2013:0444-1 -- YOU update for Software Update StackSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Software Update StackThis update for the software update stack 2013/02 provides
some fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0817-1 -- Recommended update for pmtoolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pmtoolsThis update for pmtools fixes the following issue:
* In acpidump, skip processing RSDT if XSDT was already
processed and rsdt physical address is 0. This is the
minimum fix to prevent crashes on Itanium/IA64 machines
while not altering the output of acpidump on too many other
machines.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0859-1 -- Security update for XorgSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11XorgThis update of xorg-x11-server fixes one security issue and
two bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1124-1 -- Recommended update for suse-ami-toolsSUSE Linux Enterprise Server 11suse-ami-toolsThis update provides the following fixes and enhancements:
* Fix the OBS and IBS targets for suse-ami-tools
* Add motd files for openSUSE 13.1, 12.3 and 12.2
* Remove motd files for no longer supported openSUSE
11.4
* Fix the repo path for WebYaST for SLE 11 SP3
* Create repo setup for 32 bit SLE 11 SP3
* Add OBS target to Makefile to update the OBS project
* Add support for SLE11 SP3.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1237-1 -- Security update for strongswanSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11strongswanThis update fixes the ECDSA signature vulnerability in
strongswan. CVE-2013-2944 has been assigned to this issue.
Security Issue reference:
* CVE-2013-2944
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2944
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1237-3 -- Security update for strongswanSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11strongswanThis update fixes the ECDSA signature vulnerability in
strongswan. CVE-2013-2944 was assigned to this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1314-1 -- Security update for XenSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11XenThe Xen hypervisor and toolset has been updated to 4.2.2_06
to fix various bugs and security issues:
The following security issues have been addressed:
* CVE-2013-2194: Various integer overflows in the ELF
loader were fixed. (XSA-55)
* CVE-2013-2195: Various pointer dereferences issues in
the ELF loader were fixed. (XSA-55)
* CVE-2013-2196: Various other problems in the ELF
loader were fixed. (XSA-55)
* CVE-2013-2078: A Hypervisor crash due to missing
exception recovery on XSETBV was fixed. (XSA-54)
* CVE-2013-2077: A Hypervisor crash due to missing
exception recovery on XRSTOR was fixed. (XSA-53)
* CVE-2013-2211: libxl allowed guest write access to
sensitive console related xenstore keys. (XSA-57)
* CVE-2013-2076: An information leak on XSAVE/XRSTOR
capable AMD CPUs (XSA-52) was fixed, where parts of this
state could leak to other VMs.
Also the following bugs have been fixed:
* performance issues in mirror lvm (bnc#801663)
* aacraid driver panics mapping INT A when booting
kernel-xen (bnc#808085)
* Fully Virtualized Windows VM install failed on Ivy
Bridge platforms with Xen kernel (bnc#808269)
* Did not boot with i915 graphics controller with VT-d
enabled (bnc#817210)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-OU-2013:1125-1 -- Optional update for WALinuxAgentSUSE Linux Enterprise Server 11WALinuxAgentThe Windows Azure Linux Agent supports the provisioning and
running of Linux VMs in the Windows Azure cloud. This
package should be installed on Linux disk images that are
built to run in the Windows Azure environment.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0546-1 -- Recommended update for coreutilsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11coreutilsThis update for GNU Core Utilities (coreutils) adds support
for GPFS and PANFS file systems to tail(1) and stat(1).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1167-1 -- Recommended update for udevSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11udevThis update for udev provides the following fixes:
* Rename virtual interfaces also in the guest.
(bnc#820930)
* Use SCSI_IDENT_LUN_T10 instead of ID_SERIAL for
partition in 61-msft.rules. (bnc#805059)
* Drop usage of ID_BUS in 61-msft.rules. (bnc#805059)
* Revert 'udev: fix crash in libudev', now fixed in
multipath-tools. (bnc#821419)
* Add dependency on sg3_utils. (bnc#805059)
* Add the full path of sg_inq, otherwise udev searches
for the binary in /lib/udev. (bnc#805059)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0710-1 -- Security update for IBM JavaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10IBM JavaIBM Java 1.4.2 has been updated to SR13 FP16 which fixes
bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0764-1 -- Recommended update for kdebase4-workspace, kdm and kwinSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kdebase4-workspacekdmkwinThis update for kdebase4-workspace provides the following
fixes:
* Fixed truncating of desktop names in desktop pager.
(bnc#780828)
* Add support for newer versions of GDM. (bnc#802909)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1251-1 -- Security update for glibcSUSE Linux Enterprise Server 11glibcThis collective update for the GNU C library (glibc)
provides the following fixes and enhancements:
Security issues fixed:
* Fix stack overflow in getaddrinfo with many results.
(bnc#813121, CVE-2013-1914)
* Fix a different stack overflow in getaddrinfo with
many results. (bnc#828637)
* Fix array overflow in floating point parser
[bnc#775690] (CVE-2012-3480)
* Fix strtod integer/buffer overflows [bnc#775690]
(CVE-2012-3480)
* Add patches for fix overflows in vfprintf. [bnc
#770891, CVE-2012-3405, CVE-2012-3406]
* Fix buffer overflow in glob. (bnc#691365)
(CVE-2010-4756)
* Flush stream in addmntent, to catch errors like
reached file size limits. [bnc #676178, CVE-2011-1089]
Bugs fixed:
* Fix locking in _IO_cleanup. (bnc#796982)
* Fix resolver when first query fails, but seconds
succeeds. [bnc #767266]Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0783-1 -- Recommended update for yast2-networkSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-networkThis update for YaST's Network Configuration module
(yast2-network) provides the following fixes:
* Fix a potential crash when editing settings of
unconfigured network interfaces. (bnc#817006, bnc#813835)
* Allow only L2-capable devices to be enslaved into
bond interfaces on s390x. (bnc#719881)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1285-2 -- Security update for PHP5SUSE Linux Enterprise Server 11PHP5The following security issues have been fixed:
* CVE-2013-4635 (bnc#828020): o Integer overflow in
SdnToJewish()
* CVE-2013-1635 and CVE-2013-1643 (bnc#807707): o
reading system files via untrusted SOAP input o
soap.wsdl_cache_dir function did not honour PHP open_basedir
* CVE-2013-4113 (bnc#829207): o heap corruption due to
badly formed xmlSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0793-1 -- Security update for sudoSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10sudoThis update fixes the following security issues which
allowed to bypass the sudo authentication: CVE-2013-1775,
CVE-2013-1776, CVE-2013-2776 and CVE-2013-2777.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1104-2 -- Security update for xorg-x11-libXvSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libXvThis update of xorg-x11-libXv fixes several integer and
buffer overflow issues.
Bug 815451/821671 CVE-2013-1989/CVE-2013-2066
Security Issues:
* CVE-2013-1989
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1989
>
* CVE-2013-2066
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2066
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0792-1 -- Recommended update for orcaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11orcaThis update for Orca improves compatibility with newer
versions of Mozilla Firefox.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0562-1 -- Recommended update for libvirtSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libvirtThis update for libvirt fixes an issue that made emulated
interfaces on Xen VMs unusable when the interface
configuration contains type=ioemu.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1256-1 -- Security update for java-1_7_0-ibmSUSE Linux Enterprise Server 11java-1_7_0-ibmIBM Java 1.7.0 has been updated to SR5 to fix bugs and
security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0748-1 -- Recommended update for FUSESUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11FUSEThis update for FUSE provides the following fix:
In fuse_session_loop_mt() don't pause when exiting the
worker threads. The pause() was added in 2.2.1 to prevent
a segmentation fault on pthread_cancel() on an exited,
detached thread. Now that worker threads are no longer
detached, pthread_cancel() should work fine even after the
thread exited.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0720-1 -- Recommended update for yast2-ldap-serverSUSE Linux Enterprise Server 11yast2-ldap-serverThis update for YaST's LDAP server configuration module
fixes an issue in the Access Control user interface that
could cause duplication of syncrepl ACLs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0759-1 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 SP2 kernel has been updated to
3.0.74 fix various security issues and bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0842-1 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Mozilla FirefoxMozilla Firefox has been updated to the17.0.6ESR security
release.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1210-1 -- Recommended update for gvfsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gvfsThis update fixes the following issue:
* #819859: sftp bookmarks don't work in NautilusSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0868-1 -- Security update for PHP5SUSE Linux Enterprise Server 11PHP5PHP5 has been updated to fix two security vulnerabilities.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0864-1 -- Recommended update for gstreamerSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gstreamerThis update for the GStreamer plug-ins enhances detection
of double-byte character sets in the meta-data of music
files (bnc#458213).
Additionally an issue has been fixed which avoids artifacts
caused by the edge effect (bnc#749974).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1264-1 -- Security update for java-1_4_2-ibmSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10java-1_4_2-ibmIBM Java 1.4.2 has been updated to SR13-FP18 to fix bugs
and security issues.
Please see also
http://www.ibm.com/developerworks/java/jdk/alerts/
<http://www.ibm.com/developerworks/java/jdk/alerts/>
Also the following bug has been fixed:
* mark files in jre/bin and bin/ as executable
(bnc#823034)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0868-1 -- Recommended update for udevSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11udevThis update for udev provides the following fixes and
enhancements:
* Automatically online CPUs on CPU hotplug add events
(bnc#703100, FATE#311831)
* Use unique names for temporary files created in /dev
(bnc#791503)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1184-2 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11timezoneThis update provides the latest timezone information for
your system. The changes in detail are:
* Morocco's midsummer transitions this year are July 7
and August 10
* Israel now falls back on the last Sunday of October
* Palestine observed DST starting March 29, 2013
* From 2013 on, Gaza and Hebron both observe DST.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1103-2 -- Security update for xorg-x11-libsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libsThis update of xorg-x11-libs fixes several integer and
buffer overflow issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0727-1 -- Security update for libxsltSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10libxsltlibxslt has been updated to fix two denial of service
issues via crashes by NULL pointer dereference on attacker
supplied XSLT scripts (CVE-2012-6139).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0885-1 -- Security update for kdebase4-workspaceSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kdebase4-workspaceThis kdebase4-workspace update fixes two security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0906-1 -- Security update for MesaSUSE Linux Enterprise Server 11MesaThis is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of Mesa, fixing security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1190-1 -- Security update for krb5SUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10krb5This krb5 update fixes a security issue.
* kpasswd UDP ping-pong (bug#825985 / CVE-2002-2443)
Security Issue reference:
* CVE-2002-2443
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2443
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1394-1 -- Recommended update for libvirtSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libvirtThis update of libvirt from version 1.0.5.1 to 1.0.5.4
contains fixes for the following reports:
* virsh memtune command fails to execute (bnc#819976)
* libvirt crashes on migration of graphics-less clients
(bnc#828502)
* libvirt fails on block migration (bnc#828508)
* libvirt reads out of bounds (bnc#828506)
* virsh snapshot fails with "virDomainSnapshotFree"
(bnc#829203)
* virsh vcpupin fails on UV server with 4048 physical
cpus (bnc#831709).
For the complete change log please go to
http://wiki.libvirt.org/page/Maintenance_Releases#1.0.5_seri
es
<http://wiki.libvirt.org/page/Maintenance_Releases#1.0.5_ser
ies>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0648-1 -- Security update for ApacheSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10ApacheApache2 has been updated to fix multiple XSS flaws.
*
CVE-2012-4558: Multiple cross-site scripting (XSS)
vulnerabilities in the balancer_handler function in the
manager interface in mod_proxy_balancer.c in the
mod_proxy_balancer module in the Apache HTTP Server
potentially allowed remote attackers to inject arbitrary
web script or HTML via a crafted string.
*
CVE-2012-3499: Multiple cross-site scripting (XSS)
vulnerabilities in the Apache HTTP Server allowed remote
attackers to inject arbitrary web script or HTML via
vectors involving hostnames and URIs in the (1)
mod_imagemap, (2) mod_info, (3) mod_ldap, (4)
mod_proxy_ftp, and (5) mod_status modules.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1374-1 -- Security update for tomcat6SUSE Linux Enterprise Server 11tomcat6This update of tomcat6 fixes:
* apache-tomcat-CVE-2012-3544.patch (bnc#831119)
* use chown --no-dereference to prevent symlink attacks
on log (bnc#822177#c7/prevents CVE-2013-1976)
* Fix tomcat init scripts generating malformed
classpath ( http://youtrack.jetbrains.com/issue/JT-18545
<http://youtrack.jetbrains.com/issue/JT-18545> ) bnc#804992
(patch from m407)
* fix a typo in initscript (bnc#768772 )
* copy all shell scripts (bnc#818948)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0743-1 -- Security update for libxml2SUSE Linux Enterprise Server 11libxml2libxml2 has been updated to fix two security bugs.
* CVE-2013-0338: Internal entity expansion within XML
was not bounded, leading to simple small XML files being
able to cause "out of memory" denial of service conditions.
* CVE-2012-5134: Heap-based buffer underflow in the
xmlParseAttValueComplex function in parser.c in libxml2
allowed remote attackers to cause a denial of service or
possibly execute arbitrary code via crafted entities in an
XML document.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1101-2 -- Security update for xorg-x11-libXtSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libXtThis update of xorg-x11-libXt fixes several integer and
buffer overflow issues.
Bug 815451/821670 CVE-2013-2002/CVE-2013-2005
Security Issues:
* CVE-2013-2002
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2002
>
* CVE-2013-2005
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2005
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0755-1 -- Recommended update for cronSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11cronThis update for cron prevents unnecessary reloads of
unchanged files from /etc/cron.d/.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0701-1 -- Security update for java-1_7_0-ibmSUSE Linux Enterprise Server 11java-1_7_0-ibmIBM Java 7 was updated to SR4-FP1, fixing bugs and security
issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0594-1 -- Recommended update for yast2-kdumpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-kdumpThis update for YaST's Kdump configuration module adds
support for LZO compressed kernel dumps.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0816-1 -- Security update for KVMSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11KVMSeveral security issues in KVM have been fixed.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1317-1 -- Security update for PHP5SUSE Linux Enterprise Server 11PHP5The following security issues have been fixed:
* CVE-2013-4635 (bnc#828020): o Integer overflow in
SdnToJewish()
* CVE-2013-1635 and CVE-2013-1643 (bnc#807707): o
reading system files via untrusted SOAP input o
soap.wsdl_cache_dir function did not honour PHP open_basedir
* CVE-2013-4113 (bnc#829207): o heap corruption due to
badly formed xml
Security Issues:
* CVE-2013-4635
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4635
>
* CVE-2013-4113
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4113
>
* CVE-2013-1635
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1635
>
* CVE-2013-1643
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1643
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0779-1 -- Recommended update for gnome-system-monitorSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gnome-system-monitorThis combined update provides the following fixes and
enhancements:
*
The System tab in GNOME System Monitor was redesigned
to display information in summarized format. Previously,
data about each CPU core was printed in one text line and
could be truncated on machines with many cores.
*
Additionally, libgtop was fixed to correctly read CPU
information from /proc/cpuinfo when the file is larger than
16Kb.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0769-1 -- Recommended update for poptSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11poptNew rpm versions write the package database entries for
pubkeys in a slightly different way than the version of
rpm used in SLE 11 does, this results in rpm writing to
already freed memory and terminating with a segmentation
fault.
This issue may happen when building a SLE 11 image with
kiwi on a system that uses a new version of rpm.
This update makes rpm cope with the new entries.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1361-1 -- Recommended update for microcode_ctlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11microcode_ctlThis update provides Intel's CPU microcode version 20130808.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1460-1 -- Recommended update for python-dmidecodeSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11python-dmidecodeThis update for python-dmidecode fixes a segmentation fault
that was caused by missing checks for null DMI strings.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0871-1 -- Security update for IBM Java 1.7.0SUSE Linux Enterprise Server 11IBM Java 1.7.0IBM Java 1.7.0 has been updated to SR4-FP2 which fixes
several bugs and security issues.
http://www.ibm.com/developerworks/java/jdk/alerts/
<http://www.ibm.com/developerworks/java/jdk/alerts/>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1164-1 -- Recommended update for pcsc-cyberjackSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pcsc-cyberjackThis update for pcsc-cyberjack adds support for new card
reader devices from Reiner-SCT.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1017-2 -- Recommended update for gnome-sessionSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gnome-sessionThis update for gnome-session fixes parsing of GNOME's
auto-start settings from SUSE Linux Enterprise 10.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1164-2 -- Recommended update for pcsc-cyberjackSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pcsc-cyberjackThis update for pcsc-cyberjack adds support to new card
reader devices from Reiner-SCT.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1096-1 -- Security update for xorg-x11-libxcbSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libxcbThis update for xorg-x11-libxcb addresses the following
security issues:
* Fix a deadlock with multi-threaded applications
running on real time kernels. (bnc#818829)
* Fix an integer overflow in read_packet().
(bnc#821584, CVE-2013-2064)
Security Issues:
* CVE-2013-2064
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2064
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0725-1 -- Recommended update for libnetcontrolSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libnetcontrolLibnetcontrol has been updated to version 0.2.8, resolving
the following issues:
* Fixed ncf_close to not close logger as ncf_init did
not open any. This caused SEGV's in libvirt, that redirects
the global logger to itself and is using multiple ncf
instances. (bnc#811002)
* Fixed pthreads detection and source enablement in
configure, added an explicit configure --enable-pthreads
option to spec file to cause a failure on detection
problems. (bnc#811002)
* Fixed SEGV at parsing not existing BRIDGE_PATHCOSTS
and memory leaks in in loop check, xml parsing and on
backup file creation failure while routes file rewrite.
(bnc#810381)
* Fixed a bridge variable initialization in try_bridge.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1470-1 -- Security update for quaggaSUSE Linux Enterprise Server 11quaggaThis update of quagga fixes two security issues:
* CVE-2013-0149: specially-crafted OSPF packets could
have caused the routing table to be erased (bnc#822572)
* CVE-2013-2236: local network stack overflow
(bnc#828117)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1293-2 -- Security update for IBM Java 1.4.2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10IBM Java 1.4.2IBM Java 1.4.2 has been updated to SR13-FP18 to fix bugs
and security issues:
CVE-2013-3009, CVE-2013-3011, CVE-2013-3012, CVE-2013-2469,
CVE-2013-2465, CVE-2013-2464, CVE-2013-2463, CVE-2013-2473,
CVE-2013-2472, CVE-2013-2471, CVE-2013-2470, CVE-2013-2459,
CVE-2013-2456, CVE-2013-2447, CVE-2013-2452, CVE-2013-2446,
CVE-2013-2450, CVE-2013-1500
Please see also
http://www.ibm.com/developerworks/java/jdk/alerts/
<http://www.ibm.com/developerworks/java/jdk/alerts/>
Also following bug has been fixed:
* mark files in jre/bin and bin/ as executable
(bnc#823034)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1315-1 -- Security update for PHP5SUSE Linux Enterprise Server 11PHP5Some security issues have been fixed in PHP5.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1095-2 -- Security update for xorg-x11-libXrenderSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libXrenderThis update of xorg-x11-libXrender fixes several integer
overflow issues.
Bug 815451/821669 CVE-2013-1987
Security Issues:
* CVE-2013-1987
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1987
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0547-1 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10timezoneThis update provides the latest timezone information for
your system. The changes in detail are:
* Haiti uses US daylight-saving rules this year
* Paraguay will end DST on March 24 this year
* Morocco does not observe DST during Ramadan.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1312-1 -- Recommended update for yelpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yelpThis update for Yelp fixes the search path of the F-Spot
documentation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1390-1 -- Security update for MySQLSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MySQLThis version upgrade of mysql to 5.5.32 fixes multiple
security issues:
CVE-2013-1861, CVE-2013-3783, CVE-2013-3793, CVE-2013-3794,
CVE-2013-3795, CVE-2013-3796, CVE-2013-3798,
CVE-2013-3801, CVE-2013-3802, CVE-2013-3804,
CVE-2013-3805, CVE-2013-3806, CVE-2013-3807, CVE-2013-3808,
CVE-2013-3809, CVE-2013-3810, CVE-2013-3811, CVE-2013-3812
Additionally, it contains numerous bug fixes and
improvements.:
* making mysqldump work with MySQL 5.0 (bnc#768832)
* fixed log rights (bnc#789263 and bnc#803040)
* binlog disabled in default configuration (bnc#791863)
* fixed dependencies for client package (bnc#780019)
* minor polishing of spec/installation
* avoiding file conflicts with mytop
* better fix for hardcoded libdir issue
* fix hardcoded plugin paths (bnc#834028)
* Use chown --no-dereference instead of chown to
improve security (bnc#834967)
* Adjust to spell !includedir correctly in /etc/my.cnf
(bnc#734436)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0379-1 -- Recommended update for pam_krb5SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pam_krb5This update for the PAM module for Kerberos Authentication
(pam_krb5) fixes a file descriptor leak.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1468-1 -- Security update for SambaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SambaThe Samba server suite received a security update to fix a
denial of service problem in integer wrap protection.
(CVE-2013-4124).
Additionally, the following stability fixes are included in
this update:
* Fix libreplace license ambiguity. (bnc#765270)
* Document idmap_ad rfc2307 attribute requirements.
(bnc#820531)
* The pam_winbind require_membership_of option allows
for a list of SID, but currently only provides buffer space
for ~20. (bnc#806501).
Security Issue reference:
* CVE-2013-4124
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1467-1 -- Security update for squidSUSE Linux Enterprise Server 11squidThis squid update fixes a buffer overflow issue when squid
attempts to resolve an overly long hostname. This can be
triggered with specially crafted http requests.
(bnc#829084, CVE-2013-4115)
This update also includes a correction to the last change
for logrotate. (bnc#677335)
Security Issue reference:
* CVE-2013-4115
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4115
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1472-1 -- Recommended update for suse-ami-toolsSUSE Linux Enterprise Server 11suse-ami-toolsThe following issues have been fixed:
* Wrong SLE 11 SP3 repo configuration in suse-ami-tools
(bnc#831366)
* The message of the day presented in EC2 images refers
to SP2 (bnc#828925)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1487-1 -- Recommended update for perl-BootloaderSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11perl-BootloaderThis update for perl-Bootloader provides the following
fixes and enhancements:
* Speed up device scanning code by avoiding external
program calls. (bnc #823601)
* Fix duplicate boot label handling. (bnc #828498)
* Propagate file close error. (bnc #820339)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0025-1 -- Security update for openssl-certsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11openssl-certsopenssl-certs was updated with the current certificate data
available from mozilla.org.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1102-1 -- Security update for xorg-x11-libXpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libXpThis update of xorg-x11-libXp fixes several integer
overflow issues (bnc#815451, bnc#821668, CVE-2013-2062).
Security Issue reference:
* CVE-2013-2062
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2062
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0805-1 -- Recommended update for yast2-tftp-serverSUSE Linux Enterprise Server 11yast2-tftp-serverThis update for yast2-tftp-server fixes support for opening
tftp ports in the Firewall.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0398-1 -- Recommended update for yast2-backupSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-backupThis update for YaST's Backup module replaces calls to Perl
functions that are only available in newer versions of the
language. This dependency was erroneously added by the
previous update.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1323-1 -- Recommended update for supportutilsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11supportutilsThis update fixes the following issues:
* disk full on /proc/timer_list (bnc#829927)
* failed uploads when using -Qu (bnc#825767)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0722-1 -- Recommended update for libpcapSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libpcapThis update for libpcap fixes an issue that caused high CPU
utilization when a network interface was restarted during
packet capture.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1257-1 -- Security update for java-1_7_0-ibmSUSE Linux Enterprise Server 11java-1_7_0-ibmIBM Java 1.7.0 has been updated to SR5 to fix bugs and
security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0762-1 -- Recommended update for kdebase4SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kdebase4This update for kdebase4 provides the following fixes:
* Konqueror is not starting through the slab menu.
(bnc#809957)
* "Undecodable sequence" errors when starting Konsole.
(bnc#710342)
* Identify konqueror as a KDE application that supports
KIO. (bnc#807314)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1242-2 -- Recommended update for PythonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PythonThe SSL module in Python has been adjusted to switch to
default SSL certificate handling when no CA path is passed
(bnc#827982). Additionally, the python-xml RPM now
explicitly obsoletes pyxml (bnc#824713).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1784-1 -- Security update for wiresharkSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11wiresharkWireshark has been updated to version 1.8.11 to fix bugs
and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1260-3 -- Security update for rubySUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11rubyRuby failed to check hostnames correctly when setting up a
SSL client connection. CVE-2013-4073 was assigned to this
issue.
Security Issue reference:
* CVE-2013-4073
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4073
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1466-1 -- Recommended update for udevSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11udevThis update fixes the following issues:
* System crashes with kernel oops while doing DLPAR
operations under stress (xmon) (bnc#818146)
* udevd: Allow children created immediately to exit
after timeout (bnc#809540)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0714-1 -- Security update for wiresharkSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10wiresharkwireshark has been updated to 1.8.6 which fixes bugs and
security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1316-1 -- Security update for PHP5SUSE Linux Enterprise Server 11PHP5The following security issues have been fixed:
* CVE-2013-4635 (bnc#828020): o Integer overflow in
SdnToJewish()
* CVE-2013-4113 (bnc#829207): o heap corruption due to
badly formed xml
Security Issues:
* CVE-2013-4113
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4113
>
* CVE-2013-4635
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4635
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0352-1 -- Recommended update for trousersSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11trousersThis collective update for the trousers library and daemon
fixes the following issues:
*
One minor security issue for cases where tcsd is
enabled for TCP: CVE-2012-0698: tcsd in TrouSerS allowed
remote attackers to cause a denial of service (daemon
crash) via a crafted type_offset value in a TCP packet to
port 30003.
*
An issue in the trousers library which prevents
disabling of TPM physical presence.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1101-1 -- Security update for xorg-x11-libXtSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libXtThis update of xorg-x11-libXt fixes several integer and
buffer overflow issues (bnc#815451, bnc#821670,
CVE-2013-2002, CVE-2013-2005).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0357-1 -- Recommended update for ethtoolSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11ethtoolThis update for ethtool improves reporting of port types
from BladeCenter backplanes (KX and KX4 PHY modes).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1385-1 -- Recommended update for suseRegisterSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11suseRegisterThis update for suseRegister adds a new command line
parameter to clientSetup4SMT.sh, allowing the user to
accept a CA certificate in a non-interactive way by
providing the fingerprint. (bnc#821853)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1088-1 -- Recommended update for yast2-networkSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-networkThis update for YaST's Network Configuration module
(yast2-network) provides the following fixes:
* Do not propose bridge devices when virtualization is
used on s390x. (bnc#817943)
* Fixed parsing of hostname in DNS module. (bnc#813232)
* Added loading tun/tap settings from netconfig.
(bnc#793367)
* Fixed biosdevname renaming in case of buggy SMBIOS.
(bnc#821427)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0558-1 -- Security update for Kerberos 5SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Kerberos 5This update for Kerberos 5 fixes one security issue:
The KDC plugin for PKINIT can dereference a null pointer
when processing malformed packets, leading to a crash of
the KDC process. (bnc#806715, CVE-2013-1415)
Additionally, it improves compatibility with processes that
handle large numbers of open files. (bnc#787272)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0712-1 -- Recommended update for yast2-wagonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-wagonThis update for YaST's Service Pack Migration Tool
(yast2-wagon) adds support for script hooks, fixes online
migration of WebYaST and adjusts the work flow to support
migration to SUSE Linux Enterprise 11 SP3.
Migration hooks allow to run custom external scripts during
the migration process. These scripts can be used to fix
problems which cannot be handled via usual RPM scripts, or
to execute extra steps during migration which are not
required during normal package update. More details about
this new feature can be found in Migration_Hooks.md, in
the package's documentation directory. (FATE#314132)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1922-1 -- Recommended update for vm-installSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11vm-installThis update for vm-install provides the following fixes:
* Fix user interface issue when changing a NIC's MAC on
Xen guests. (bnc#838791)
* Fix PXE boot max memory less that initial memory.
(bnc#825292)
* Work around libvirt internal client socket error.
(bnc#825292)
* Allow creation of VMs with up to 255 virtual CPUs.
(bnc#818222)
* Set default for NetWare disks to non-sparse for
performance reasons.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0916-1 -- Security update for xorg-x11-libxcbSUSE Linux Enterprise Server 11xorg-x11-libxcbThis is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of xorg-x11-libxcb which fixes a security issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1389-1 -- Recommended update for ethtoolSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11ethtoolThis update for ethtool improves reporting of KR PHY link modes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0044-1 -- Recommended update for yast2-storageSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-storageThis collective update for yast2-storage disables
unintended use of unsupported btrfs features.
Additionally, it provides the following fixes:
* Fix handling of default subvolumes for root fs when
formatting but not creating a partition.
* Fix add volumes to btrfs when format is true and
primary volume was not btrfs previously.
* Fix encrypted volumes on multiple disks via AutoYaST.
* Fix update with EVMS.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1783-1 -- Security update for openvpnSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11openvpnOpenVPN used a non-constant-time memcmp in HMAC comparison
in openvpn_decrypt that might have allowed remote
attackers to gain knowledge of plaintext data.
(CVE-2013-2061)
Security Issues:
* CVE-2013-2061
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2061
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1255-2 -- Security update for java-1_6_0-ibmSUSE Linux Enterprise Server 11java-1_6_0-ibmIBM Java 1.6.0 has been updated to SR14 to fix bugs and
security issues.
Please see also
http://www.ibm.com/developerworks/java/jdk/alerts/
<http://www.ibm.com/developerworks/java/jdk/alerts/>
Also the following bugs have been fixed:
* add Europe/Busingen to tzmappings (bnc#817062)
* mark files in jre/bin and bin/ as executable
(bnc#823034)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0760-1 -- Recommended update for kdebase4, kdelibs4, kdm-branding and kio_sysinfoSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kdebase4kdelibs4kdm-brandingkio_sysinfoThis update fixes KDM's default template to correctly show
the SUSE logo when the user's list is disabled.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0938-1 -- Security update for PHP 5.3SUSE Linux Enterprise Server 11PHP 5.3PHP 5.3 has been updated to fix several security problems.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1209-1 -- Recommended update for yast2-mailSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-mailThis update fixes the following issues:
* ag_postfix_mastercf process freezed the system, when
saving mail server settings with the YaST2 "Mail Server"
module (bnc#800788)
* AutoYaST configuration of mail services failed
(bnc#822285)
* automatic installation stopped with error during
Postfix configuration (bnc#821632)
* YaST2 mail server enhanced module was not able to
detect mail domains (bnc#818544)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1632-1 -- Security update for fastjarSUSE Linux Enterprise Server 11fastjarThis fastjar update fixes a directory traversal issue
(bnc#607043).
Security Issue reference:
* CVE-2010-0831
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0831
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0719-1 -- Recommended update for pure-ftpdSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pure-ftpdThis update for pure-ftpd improves SSL/TLS compatibility
with some FTP clients.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1345-1 -- Security update for OpenSSHSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11OpenSSHThis update for OpenSSH provides the following fixes:
* Implement remote denial of service hardening.
(bnc#802639, CVE-2010-5107)
* Use only FIPS 140-2 approved algorithms when FIPS
mode is detected. (bnc#755505, bnc#821039)
* Do not link OpenSSH binaries with LDAP libraries.
(bnc#826906)
Security Issue reference:
* CVE-2010-5107
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5107
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1212-1 -- Recommended update for postfixSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11postfixThis update fixes the following issues:
* bnc#821632 - automatic installation stops with error
during Postfix configuration
* bnc#768637 - chown: cannot access
postfix-doc/README_FILESSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1099-1 -- Security update for xorg-x11-libXextSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libXextThis update of xorg-x11-libXext fixes several integer
overflow issues (bnc#815451, bnc#821665, CVE-2013-1982)
Security Issue reference:
* CVE-2013-1982
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1982
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1094-2 -- Recommended update for SUSE Manager client toolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SUSE Manager client toolsThis update fixes the following issues:
rhnlib: - Make timeout of yum-rhn-plugin calls through
rhn-client-tools configurable - Make Proxy timeouts
configurable.
spacewalk-client-tools: - Create mgr* program symbolic
links - Correctly handle a deactivated account error
message - Require rhnlib with timeout option - Make
timeout configurable.
zypp-plugin-spacewalk: - Always disable gpgcheck for
repositories in spacewalk service - Use timeout also for
XMLRPC calls if possible - Read transfer_timeout from
zypp.conf and provide it via URL.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1875-1 -- Security update for krb5SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11krb5This update for krb5 fixes the following security issue:
* If a KDC serves multiple realms, certain requests
could cause setup_server_realm() to dereference a null
pointer, crashing the KDC. (CVE-2013-1418)
Security Issues:
* CVE-2013-1418
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1601-1 -- Recommended update for eliloSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11eliloThis update contains the following changes in elilo:
* SecureBoot: cope with separate '/boot' file-system.
(bnc#825932)
* SecureBoot: improve detection of file-system UUIDs.
(bnc#828835)
* Correctly handle installation to 'BOOT'.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1970-1 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11timezoneThis update provides the latest timezone information for
your system. The changes in detail are:
* Jordan switches back to standard time at 00:00 on
December 20 2013
* The compile-time flag NOSOLAR has been removed
* The files solar87, solar88, solar89 are no longer
distributed.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1490-1 -- Recommended update for multipath-toolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11multipath-toolsThis consolidated update for multipath-tools provides the
following fixes:
* Reset queue_if_no_path if flush failed. (bnc#828868)
* Fix setting of fast_io_fail_tmo. (bnc#824148)
* Create correct symbolic links for PATH_FAILED events.
(bnc#797799)
* Increase dev_loss_tmo prior to fast_io_fail.
(bnc#800353)
* alua: Do not add preferred path priority for
active/optimized. (bnc#802456)
* Document 'infinity' as possible value for
dev_loss_tmo. (bnc#802837, bnc#803262)
* Add 'Datacore Virtual Disk' to internal hardware
table. (bnc#802837)
* Add path when transitioned from 'blocked' state.
(bnc#789008)
* Handle blocked FC rports. (bnc#787438)
* Document rr_min_io_rq. (bnc#774610)
* Backport miscellaneous fixes from mainline: o Don't
set queue_if_no_path without multipathd o Open
stdout/stderr in read/write mode o Better argument type
checking o Use VECTOR_SIZE for vector_foreach_slot_after()
o Fix memory leak in add_map_without_path() o Shorten
timeout for alua prio callout o Handle offlined path o Set
ACT_RESIZE when the size has changed o Check header file
instead of installed lib o kpartx: verify GUID partition
entry size.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1812-1 -- Recommended update for yast2-ldap-clientSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-ldap-clientThis update fixes yast2-ldap-client do no longer modify the
nscd cache value when running on Open Enterprise Server.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1874-1 -- Recommended update for Mesa, libdrm and xorg-x11-driver-videoSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Mesalibdrmxorg-x11-driver-videoThis collective update for Mesa, xorg-x11-driver-video and
libdrm adds support for new Intel Haswell video chipsets.
Additionally, the following issues have been fixed:
* Fix intel_reg_dumper tool for Intel Gen2/3 platforms.
(bnc#808855)
* Do not change DPMS mode on unconnected outputs.
(bnc#817998)
* Remove GLU debug output on normal builds. (bnc#845820)
* Add missing initialization of return status in
i830CreateContext(). (bnc#847068)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0326-1 -- Security update for SambaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SambaThe Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 4.0.1 was affected by a cross-site request
forgery (CVE-2013-0214) and a click-jacking attack
(CVE-2013-0213). This has been fixed.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1867-1 -- Security update for XenSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11XenXen has been updated to fix a security issue and a bug:
* CVE-2013-4494: XSA-73: A lock order reversal between
page allocation and grant table locks could lead to host
crashes or even host code execution.
A non-security bug has also been fixed:
* It is possible to start a VM twice on the same node
(bnc#840997)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1570-1 -- Recommended update for postfixSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11postfixThis update fixes the following issues:
* Automatic installation stops with error during
Postfix configuration.
* SuSEconfig.postfix: don't mount /proc inside chroot.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1378-1 -- Recommended update for yast2-soundSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-soundThis update of YaST's Sound module resolves the following
issue:
* Do not restore mixer settings when displaying the
main dialog. (bnc#740333)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1075-1 -- Security update for XenSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11XenXEN has been updated to 4.1.5 c/s 23509 to fix various bugs
and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1923-1 -- Security update for XenSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11XenThe Xen hypervisor and tool-suite have been updated to fix
security issues and bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1866-1 -- Security update for strongswanSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11strongswanThis strongswan update fixes security issues and bugs:
* CVE-2013-5018: Specially crafted XAuth usernames and
EAP identities could cause a crash in strongswan.
* CVE-2013-6075: A crafted ID packet can be used by
remote attackers to crash the server or potentially gain
authentication privileges under certain circumstances.
Additionally, a bug in route recursion limits was fixed:
* Charon segfaults when left=%any / recursion limit.
(bnc#840826)
Security Issues:
* CVE-2013-5018
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5018
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1102-2 -- Security update for xorg-x11-libXpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libXpThis update of xorg-x11-libXp fixes several integer
overflow issues.
Bug 815451/821668 CVE-2013-2062
Security Issues:
* CVE-2013-2062
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2062
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1551-2 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11timezoneThis update provides the latest timezone information for
your system. The changes in detail are:
* Morocco now observes DST from the last Sunday in
March to the last Sunday in October, not April to September
respectively.
* Tocantins will very likely not observe DST starting
this spring
* Jordan will likely stay at UTC+3 indefinitely
* Palestine will fall back at 00:00, not 01:00
* This year Fiji will start DST on October 27, not
October 20
* Use WIB/WITA/WIT rather than WIT/CIT/EIT for
alphabetic Indonesian time zone abbreviations since 1932
* Use ART (UTC-3, standard time), rather than WARST
(also UTC-3, but daylight saving time) for San Luis,
Argentina since 2009.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1097-1 -- Security update for xorg-x11-libXfixesSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libXfixesThis update of xorg-x11-libXfixes fixes a integer overflow
issue (bnc#815451, bnc#821667, CVE-2013-1983).
Security Issue reference:
* CVE-2013-1983
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1983
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0272-1 -- Recommended update for gnome-sessionSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gnome-sessionThis update to gnome-session fixes a login failure when the
"Create Home Dir" option is not selected in the Windows
Domain membership for an Active Directory user.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1598-1 -- Recommended update for kdumpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kdumpThis update for kdump fixes the following issue:
* #833323: kernel dump output storing over SSH does not
workSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1972-1 -- Recommended update for xkeyboard-configSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xkeyboard-configThis update for xkeyboard-config provides the following
fixes:
* On the Netherlands keyboard layout, Alt-Gr + key-5
should send the "1/2" symbol instead of the "Euro" symbol.
(bnc#849906)
* On the Portuguese keyboard layout, Alt-Gr + key-<
should send the backslash ("") instead of the pipe ("|")
symbol. (bnc#821683)
* Add missing backslash/bar mapping to "us"
international variants. (bnc#773804)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1073-2 -- Recommended update for axisSUSE Linux Enterprise Server 11axisThis update for Axis adjusts the build procedure to use
OpenJDK7 instead of gcc-java. The change fixes a problem
that, in some circumstances, could cause exceptions when
connecting to web services using SOAP over HTTPS.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1273-1 -- Recommended update for open-iscsiSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11open-iscsiThe Open-iSCSI Software Initiator has been updated to
version 2.0.873, which brings improved IPv6 support and
fixes many issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0871-2 -- Security update for IBM JavaSUSE Linux Enterprise Server 11IBM JavaIBM Java 1.7.0 has been updated to SR4-FP2 which fixes bugs
and security issues.
http://www.ibm.com/developerworks/java/jdk/alerts/
<http://www.ibm.com/developerworks/java/jdk/alerts/>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1100-1 -- Security update for xorg-x11-libX11SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libX11This update of xorg-x11-libX11 fixes several security
issues (bnc#815451, bnc#821664).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0791-1 -- Recommended update for util-linuxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11util-linuxThis update for util-linux provides the several fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0689-1 -- Recommended update for yast2-networkSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-networkThis collective update for YaST's Network Configuration
module (yast2-network) provides some fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0644-1 -- Recommended update for glibcSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11glibcThis collective update for the GNU C library (glibc)
provides the following fixes and enhancements:
* Fix nearbyintf() to avoid inexact exceptions when
fractional arguments are used. (bnc#795129)
* Make sure /var/run/nscd exists before starting nscd.
(bnc#793146)
* Avoid stack overflow in getaddrinfo() when host has
many addresses. (bnc#785041)
* Disable nscd host caching by default. (fate#313420)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1866-2 -- Security update for strongswanSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11strongswanThis strongswan update fixes security issues and bugs:
* CVE-2013-5018: Specially crafted XAuth usernames and
EAP identities can cause a crash in strongswan.
* CVE-2013-6075: A crafted ID packet can be used by
remote attackers to crash the server or potentially gain
authentication privileges under certain circumstances.
Also a bug with route recursion limits was fixed:
* Charon SEGFAULT when left=%any / recursion limit.
(bnc#840826)
Security Issues:
* CVE-2013-5018
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5018
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1525-1 -- Recommended update for kernel-firmwareSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kernel-firmwareThis update for kernel-firmware provides the following
enhancement:
* Update rtl_nic/rtl8168e-3.fw to the latest version
and add rtl8168f-{1,2}.fw. (bnc#805371)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1828-1 -- Security update for rubySUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11rubyThe following security issue has been fixed:
* CVE-2013-4164: heap overflow in float point parsingSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1189-1 -- Recommended update for perfSUSE Linux Enterprise Server 11perfThis update for perf fixes the following issue:
* Perf top prints "Can't find guest" messages when kvm
guest is running.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1275-1 -- Recommended update for GStreamer plug-insSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11GStreamer plug-insThis update for the GStreamer plug-ins enhances detection
of double-byte character sets in the meta-data of music
files (bnc#458213).
Additionally an issue has been fixed which avoids artifacts
caused by the edge effect (bnc#749974).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1100-2 -- Security update for xorg-x11-libX11SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libX11This update of xorg-x11-libX11 fixes several security
issues.
Bug 815451/821664
CVE-2013-1981 CVE-2013-1997 CVE-2013-2004
Security Issues:
* CVE-2013-1981
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1981
>
* CVE-2013-1997
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1997
>
* CVE-2013-2004
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2004
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1488-1 -- Recommended update for timezoneSUSE Linux Enterprise Server 11timezoneThis update provides the latest timezone information for
your system. The changes in detail are:
* Morocco's midsummer transitions this year are July 7
and August 10
* Israel now falls back on the last Sunday of October
* Palestine observed DST starting March 29, 2013
* From 2013 on, Gaza and Hebron both observe DST.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1384-1 -- Recommended update for suseRegisterSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11suseRegisterThis update for suseRegister adds a new command line
parameter to clientSetup4SMT.sh, allowing the user to
accept a CA certificate in a non-interactive way by
providing the fingerprint. (bnc#821853)
Additionally, the following issues have been fixed:
* Escape special chars from proxy user and password.
(bnc#812475)
* Pass correct proxy authentication flags to libcurl.
(bnc#812475)
* Fix syntax errors in clientSetup4SMT.sh. (bnc#834801)
* Specify a timeouts while getting the certificate.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1572-1 -- Recommended update for python-rtslibSUSE Linux Enterprise Server 11python-rtslibThis update fixes the following issue:
* typo in python-rtslib prevented LIO target setup for
the qla2xxx driver (bnc#837519)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1325-1 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Mozilla FirefoxThis update to Firefox 17.0.8esr (bnc#833389) addresses:
* MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 (bmo#855331,
bmo#844088, bmo#858060, bmo#870200, bmo#874974, bmo#861530,
bmo#854157, bmo#893684, bmo#878703, bmo#862185, bmo#879139,
bmo#888107, bmo#880734)
Miscellaneous memory safety hazards have been fixed
(rv:23.0 / rv:17.0.8):
* MFSA 2013-66/CVE-2013-1706/CVE-2013-1707 (bmo#888314,
bmo#888361) Buffer overflow in Mozilla Maintenance Service
and Mozilla Updater
* MFSA 2013-68/CVE-2013-1709 (bmo#848253) Document URI
misrepresentation and masquerading
* MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests
allow for code execution and XSS attacks
* MFSA 2013-71/CVE-2013-1712 (bmo#859072) Further
Privilege escalation through Mozilla Updater
* MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong
principal used for validating URI for some Javascript
components
* MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin
bypass with web workers and XMLHttpRequest
* MFSA 2013-75/CVE-2013-1717 (bmo#406541) Local Java
applets may read contents of local file systemSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1524-1 -- Recommended update for kernel-firmwareSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kernel-firmwareThis update for kernel-firmware provides the following
enhancements:
* Add the new Intel Wilkins Peak BT firmwares (version
2e)
* Update rtl_nic/rtl8168e-3.fw to its current version
and add rtl8168f-{1, 2}.fw
* Add firmware for Realtek RTL8188EE
* Remove duplicated sb16/* and yamaha/* firmware files
that conflict with alsa-firmware package
* Add firmware files for Wilkins Peak 1/2 WiFi
(FATE#313607)
* Update ar3k firmwares to v20130729 to fix loading
errors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1231-1 -- Recommended update for kdumpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kdumpThis update for Kdump fixes an issue that prevented
mkdumprd from re-generating the kdump ramdisk after a
configuration file modification.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1073-1 -- Recommended update for axisSUSE Linux Enterprise Server 11axisThis update for Axis adjusts the build procedure to use
OpenJDK7 instead of gcc-java. The change fixes a problem
that, in some circumstances, could cause exceptions when
connecting to web services using SOAP over HTTPS.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1970-2 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10timezoneThis update provides the latest timezone information for
your system. The changes in detail are:
* Jordan switches back to standard time at 00:00 on
December 20 2013
* The compile-time flag NOSOLAR has been removed
* The files solar87, solar88, solar89 are no longer
distributed.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1060-1 -- Security update for GnuTLSSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10GnuTLSThis update of GnuTLS fixes a regression introduced by the
previous update that could have resulted in a Denial of
Service (application crash).
Security Issue reference:
* CVE-2013-2116
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1255-3 -- Security update for IBM Java 1.6.0SUSE Linux Enterprise Server 11IBM Java 1.6.0IBM Java 1.6.0 was updated to SR14 to fix bugs and security
issues.
Please see also
http://www.ibm.com/developerworks/java/jdk/alerts/
<http://www.ibm.com/developerworks/java/jdk/alerts/>
Also the following bugs have been fixed:
* add Europe/Busingen to tzmappings (bnc#817062)
* mark files in jre/bin and bin/ as executable
(bnc#823034)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1474-1 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 Service Pack 2 kernel has been
updated to version 3.0.93 and includes various bug and
security fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1242-1 -- Recommended update for PythonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PythonThe SSL module in Python has been adjusted to switch to
default SSL certificate handling when no CA path is
passed. Additionally, python-xml now explicitly obsoletes
pyxml.
* #827982: Python: Enable SSL default certificate
validation.
* #824713: python-xml should provide/obsolete pyxml.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0251-1 -- Recommended update for autofsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11autofsThis update for AutoFS enables support to auto-mounting NFS
volumes on IPv6 networks. Additionally, it includes the
following fixes and improvements:
* Fix isspace() wild card substitution
* Fix mountd version retry
* Mount using address for DNS round robin host names
* Fix sanity checks for brackets in server name
* Fix simple bind without SASL support
* Fix nfs4 contacts portmap
* Miscellaneous code analysis fixesSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1565-1 -- Recommended update for createrepoSUSE Linux Enterprise Server 11createrepoThis update for createrepo fixes the unique names option
and adds it also to modifyrepo.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0023-1 -- Security update for pixmanSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pixmanThis update fixes the following security issue with pixman:
* Integer underflow when handling trapezoids.
(bnc#853824, CVE-2013-6425)
Security Issues:
* CVE-2013-6425
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6425
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1095-1 -- Security update for xorg-x11-libXrenderSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libXrenderThis update of xorg-x11-libXrender fixes several integer
overflow issues (bnc#815451, bnc#821669, CVE-2013-1987).
Security Issue reference:
* CVE-2013-1987
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1987
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0043-1 -- Recommended update for libHBAAPI2SUSE Linux Enterprise Server 11libHBAAPI2This update for libHBAAPI2 fixes the library linkage
against libdl, allowing it to dynamically load other
libraries.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1807-1 -- Security update for mozilla-nspr, mozilla-nssSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11mozilla-nsprmozilla-nssMozilla NSPR and NSS were updated to fix various security
bugs that could be used to crash the browser or
potentially execute code.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0105-1 -- Recommended update for crashSUSE Linux Enterprise Server 11crashThis collective update for crash provides the following
fixes:
* Fix a bug that could cause removal of the booted
kernel's vmlinux image. (bnc#828260)
* Display tasks on a priority array of a CPU's RT
runqueue. (bnc#826507)
* Display the RT runqueue when using CFS scheduler.
(bnc#826507)
* Fix RT not support group sched bug. (bnc#826507)
* Fix segmentation fault when trying to analyze vmcore
of hypervisor panic. (bnc#835850)
* Add many improvements and fixes for handling Xen
vmcores. (bnc#835850)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1909-1 -- Recommended update for virt-managerSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11virt-managerThis update for virt-manager provides the following fixes:
* Don't write 'ram' XML attribute for video devices
other than QXL. (bnc#829284)
* Allow allocation of hdb for emulated IDE disks.
(bnc#824720)
* Don't reset DomU's 'Autostart' option after hardware
configuration changes. (bnc#822531)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1642-1 -- Security update for libvirtSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libvirtlibvirt has been updated to the 1.0.5.6 stable release that
fixes bugs and security issues:
* CVE-2013-4296: Fix crash in
remoteDispatchDomainMemoryStats
* CVE-2013-5651: virBitmapParse out-of-bounds read
access Libvirt on SLES 11 SP3 is not affected:
* CVE-2013-4311: Add support for using 3-arg pkcheck
syntax for process ()
* CVE-2013-4291: security: provide supplemental groups
even when parsing label ()
Changes in this version:
* virsh: fix change-media bug on disk block type
* Include process start time when doing polkit checks
* qemuDomainChangeGraphics: Check listen address change
by listen type
* python: return dictionary without value in case of no
blockjob
* virbitmap: Refactor virBitmapParse to avoid access
beyond bounds of array
Also the following bug has been fixed:
* Fix retrieval of SRIOV VF info, which prevented using
some SRIOV virtual functions in guest domains with ""
(bnc#837329)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1220-1 -- Recommended update for BraseroSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11BraseroThis update for Brasero fixes creation of mp3 audio
projects.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1771-1 -- Recommended update for grubSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11grubThis update for grub provides fixes for the following
issues:
* grub post-install might freeze in chroot
* grub tries to access incomplete disk tracks.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0966-1 -- Recommended update for pmtoolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pmtoolsThis update for pmtools includes dmidecode 2.12, which brings many fixes and enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1395-1 -- Recommended update for ipmitoolSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11ipmitoolThis update changes the default cipher suite used on IPMIv2
lanplus connections to RAKP-HMAC-SHA1 (authentication),
HMAC-SHA1-96 (integrity) and AES-CBC-128 (encryption).
These are the same algorithms used by ipmitool on SUSE
Linux Enterprise 11 SP2.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0063-1 -- Security update for PHP5SUSE Linux Enterprise Server 11PHP5This update fixes the following issues:
* memory corruption in openssl_parse_x509
(CVE-2013-6420)
* Heap buffer over-read in DateInterval (CVE-2013-6712)
* man-in-the-middle attacks by specially crafting
certificates (CVE-2013-4248)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1429-1 -- Recommended update for release-notes-sles and release-notes-SLES-for-VMwareSUSE Linux Enterprise Server 11release-notes-slesrelease-notes-SLES-for-VMwareThis update provides the latest version of the Release
Notes for SUSE Linux Enterprise Server 11 SP3.
* New entries: o Upgrade Bind to version 9.9
(bnc#831891) o Multipath Configuration Change (bnc#828888).
* Changed entries: o Packages and Features to Be
Removed in the Future: dhcp-client will stay, dhcpv6 will
be discontinued (bnc#829664) o Updated qla2xxx to version
8.04.00.13.11.3-k (bnc#832630).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1629-1 -- Recommended update for glib2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11glib2This update for glib2 fixes GFileMonitor when /etc/mtab is
a symbolic link to /proc/mounts.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1430-1 -- Recommended update for release-notes-sles and release-notes-SLES-for-VMwareSUSE Linux Enterprise Server 11release-notes-slesrelease-notes-SLES-for-VMwareThis update provides the latest version of the Release
Notes for SUSE Linux Enterprise Server 11 SP2 with the
following changes:
* New entries: Hyper-V: Time Synchronization
* Updated entries: Packages and Features to Be Removed
in the Future: dhcpv6
* Updated entries: Bind update to version 9.9.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1424-1 -- Recommended update for hyper-vSUSE Linux Enterprise Server 11hyper-vThis update fixes the following issues:
* a send/recv buffer allocation bug (bnc#828714)
* wrong IPv6 subnet enumeration (bnc#828714)
* Latest version of hyper-v-3-0.5.1 causes more CPU
usage and issues warnings (bnc#770763)Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1383-1 -- Recommended update for nagios-plugins-rsyncSUSE Linux Enterprise Server 11nagios-plugins-rsyncThis update for nagios-plugins-rsync adjusts the script to
allow monitoring of hidden rsync modules.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0083-1 -- Recommended update for openldap2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11openldap2This update for openldap2 fixes an issue in the package's
pre-installation script that could cause an install error
when building images with Kiwi.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1214-1 -- Security update for KVMSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11KVMThis update fixes a file permission issue with qga (the
QEMU Guest Agent) from the qemu/kvm package and includes
several bug-fixes.
(bnc#818182) (CVE-2013-2007) (bnc#786813) (bnc#725008)
(bnc#712137) (bnc#824340)
Security Issues:
* CVE-2013-2007
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2007
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0104-1 -- Recommended update for release-notes-sles and release-notes-SLES-for-VMwareSUSE Linux Enterprise Server 11release-notes-slesrelease-notes-SLES-for-VMwareThis update provides the following changes to the Release
Notes for SUSE Linux Enterprise Server 11 SP3:
* New entries: o Systems with HP Smart Array Controller
fail to boot after the update (bnc#847621 via fate#313833)
o Providing TLS 1.2 support for Apache2 via mod_nss
(bnc#847006 via fate#316419).
* Obsolete and now removed entries: o YaST Repair Tool
Limitation (bnc#852291) o update other info (bnc#833778).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0179-1 -- Security update for bindSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11bindThis update fixes a DoS vulnerability in bind when handling
malformed NSEC3-signed zones. CVE-2014-0591 has been
assigned to this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0064-1 -- Security update for PHP5SUSE Linux Enterprise Server 11PHP5This update fixes the following issues:
* memory corruption in openssl_parse_x509
(CVE-2013-6420)
* Heap buffer over-read in DateInterval (CVE-2013-6712)
* man-in-the-middle attacks by specially crafting
certificates (CVE-2013-4248)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1060-2 -- Security update for GnuTLSSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11GnuTLSThis update of GnuTLS fixes a regression introduced by the
previous update that could have resulted in a Denial of
Service (application crash).
Security Issue reference:
* CVE-2013-2116
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0155-1 -- Security update for puppetSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11puppetThis update for puppet fixes a remote code execution
vulnerability in the "resource_type" service.
(CVE-2013-4761)
Additionally, the update prevents puppet from executing
initialization scripts that could trigger a system reboot
when handling "puppet resource service" calls.
Security Issue reference:
* CVE-2013-4761
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1325-2 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10Mozilla FirefoxThis update to Firefox 17.0.8esr (bnc#833389) addresses the
following issues:
* MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 (bmo#855331,
bmo#844088, bmo#858060, bmo#870200, bmo#874974, bmo#861530,
bmo#854157, bmo#893684, bmo#878703, bmo#862185, bmo#879139,
bmo#888107, bmo#880734) Miscellaneous memory safety hazards
(rv:23.0 / rv:17.0.8)
* MFSA 2013-66/CVE-2013-1706/CVE-2013-1707 (bmo#888314,
bmo#888361) Buffer overflow in Mozilla Maintenance Service
and Mozilla Updater
* MFSA 2013-68/CVE-2013-1709 (bmo#848253) Document URI
misrepresentation and masquerading
* MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests
allow for code execution and XSS attacks
* MFSA 2013-71/CVE-2013-1712 (bmo#859072) Further
Privilege escalation through Mozilla Updater
* MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong
principal used for validating URI for some Javascript
components
* MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin
bypass with web workers and XMLHttpRequest
* MFSA 2013-75/CVE-2013-1717 (bmo#406541) Local Java
applets may read contents of local file systemSergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0265-1 -- Security update for libQtSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libQtThe Qt library was updated to fix a XML entity expansion
attack (XXE). (CVE-2013-4549)
Security Issue reference:
* CVE-2013-4549
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4549
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0845-1 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 SP2 Realtime kernel has been
updated to fix a critical security issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0242-1 -- Recommended update for lio-utilsSUSE Linux Enterprise Server 11lio-utilsThis update for lio-utils provides the following fixes:
* Fix error in post-installation script. (bnc#818296)
* Fix typo in tcm_node. (bnc#840099)
* Add services file for SuSEfirewall. (bnc#850076)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1594-1 -- Security update for sudoSUSE Linux Enterprise Server 11sudoThis LTSS rollup update fixes the following security issues
which allowed to bypass the sudo authentication.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0004-1 -- Security update for curlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11curlThis update fixes the following security issues with curl:
* bnc#849596: ssl cert checks with unclear behaviour
(CVE-2013-4545)
Security Issue reference:
* CVE-2013-4545
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4545
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0133-1 -- Recommended update for sysstatSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11sysstatThis update for sysstat provides the following fixes:
* Fix 'iostat -n' crashing on nfs volumes. (bnc#799920)
* Handle overflow of the {rd,wr}_ticks counters.
(bnc#839091)
* Inform user if sar is called without parameters and
data collecting isn't enabled. (bnc#816833)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0121-1 -- Recommended update for perl-Bootloader and yast2-bootloaderSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11perl-Bootloaderyast2-bootloaderThis combined update for perl-Bootloader and
yast2-bootloader speeds up device scanning, significantly
reducing the time needed to setup the boot loader on
systems with many disks and LUNs (bnc#823601, bnc#826632).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1629-2 -- Recommended update for glib2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11glib2This update for glib2 fixes GFileMonitor when /etc/mtab is
a symbolic link to /proc/mounts.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0460-1 -- Recommended update for mokutilSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mokutilThis update fixes an issue with logouts or reboots on UEFI
systems. The cause was that mokutil used the wrong the
UEFI Globally unique identifier (GUID), which is needed to
access the UEFI db variable for checking the enrolled
certificates.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0402-1 -- Recommended update for augeasSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11augeasThis update for augeas fixes a memory corruption issue in
libaugeas that could be triggered by rubygem-ruby-augeas
and puppet.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0323-1 -- Security update for gnutlsSUSE Linux Enterprise Server 11gnutlsThe GnuTLS library received a critical security fix and
other updates:
* CVE-2014-0092: The X.509 certificate verification had
incorrect error handling, which could lead to broken
certificates marked as being valid.
* CVE-2009-5138: A verification problem in handling V1
certificates could also lead to V1 certificates incorrectly
being handled.
Additionally, a memory leak in PSK authentication was
fixed. bnc#835760
Security Issues:
* CVE-2014-0092
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0461-1 -- Security update for PostgreSQL 9.1SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PostgreSQL 9.1The PostgreSQL database server was updated to version
9.1.12 to fix various security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0156-1 -- Security update for nagiosSUSE Linux Enterprise Server 11nagiosThis update fixes a DoS vulnerability in process_cgivars()
of the nagios package. CVE-2013-7108 has been assigned to
this issue.
Security Issue reference:
* CVE-2013-7108
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7108
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0041-1 -- Recommended update for aideSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11aideThe filesystem intrusion detection tool "aide" was not able
to load gzip compressed databases anymore on SUSE Linux
Enterprise Server 11 SP3 as the zlib API was changed
slightly. This update fixes this problem and gzip
compressed databases can be opened again.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1473-1 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been
updated to version 3.0.93 and to fix various bugs and
security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0249-1 -- Recommended update for ipmitoolSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11ipmitoolThis collective update for ipmitool provides the following
fixes:
* Fix reading of FRU data from servers where FRU/SDR
device #0, LUN 0 is absent (bnc#789624)
* Fix a string handling problem in ipmi_sel.c that
could cause a segmentation fault (bnc#788393)
* Fix reading of sensors from some specific servers
over lanplus (bnc#794160)
* Handle "BCDplus" fields in FRU descriptors correctly.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-YU-2014:0378-1 -- YOU update for libzypp, yast2-pkg-bindings, zypperSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libzyppyast2-pkg-bindingszypperThis update for the Software Update Stack provides the
following fixes and enhancements:
libzypp:
* Remove license text from test data. (bnc#862471)
* Fix missing priority in RepoInfo::dumpAsXML.
(bnc#855845)
yast2-pkg-bindings:
* Fix package disk usage computation. (bnc#852943)
zypper:
* Remove license text from test data. (bnc#862471)
* Zypper must refresh CD/DVD if no raw metadata is
present. (bnc#859160)
* Don't read metadata from CD/DVD repo if --no-check
was used. (bnc#859160)
* Fix missing priority in RepoInfo::dumpAsXML.
(bnc#855845)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1455-1 -- Recommended update for multipath-toolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11multipath-toolsThis update for multipath-tools provides the following
fixes:
* Specify checker_timeout in seconds. (bnc#824913)
* Fix setting of fast_io_fail_tmo. (bnc#824148)
* Reset queue_if_no_path if flush failed. (bnc#828868)
* Document 'wwids_file' and 'reservation_key'.
(bnc#820899)
* Correctly display 'timeout' checker status.
* Fix typo in retain_attached_hw_handler.
* Do not print 'path is up' for removed paths.
(bnc#789239)
* Proactively remove path. (bnc#789239)
* Do not call tur in sync mode if pthread_cancel fails.
(bnc#832796)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1772-1 -- Recommended update for apparmorSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11apparmorThis update for Apparmor fixes an issue that prevented
Tomcat 6 from starting in a confined environment.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1097-2 -- Security update for xorg-x11-libXfixesSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libXfixesThis update of xorg-x11-libXfixes fixed a integer overflow
issue.
Bug 815451/821667 CVE-2013-1983
Security Issues:
* CVE-2013-1983
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1983
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1641-1 -- Security update for libvirtSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libvirtThis libvirt update fixes a security issue.
* bnc#838638: CVE-2013-4296: EMBARGOED: libvirt: Fix
crash in remoteDispatchDomainMemoryStats
* bnc#817008: Regression: vm-install fails to display
on SLES 11 SP2 UV2000
Security Issue reference:
* CVE-2013-4296
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4296
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1434-2 -- Recommended update for kvmSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kvmThis update from kvm 1.4.1 to 1.4.2 provides the following
additional fixes and enhancements:
* Backport TLS support for VNC Websockets from QEMU
v1.5.0 (bnc#821819, fate#315032)
* Fixes for s390x dictzip support (bnc#824340).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1469-1 -- Security update for SambaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SambaThe Samba server suite received a security update to fix a
denial of service problem in integer wrap protection.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0389-1 -- Security update for ApacheSUSE Linux Enterprise Server 11ApacheThis update fixes the following issues:
* CVE-2012-4557: Denial of Service via special requests
in mod_proxy_ajp
* CVE-2012-0883: improper LD_LIBRARY_PATH handling
* CVE-2012-2687: filename escaping problemSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0489-1 -- Recommended update for Release NotesSUSE Linux Enterprise Server 11Release NotesThis update provides the latest version of the Release
Notes for SUSE Linux Enterprise Server 11 SP3.
* Updated entries: btrfs (bnc#864277); WebYaST
(bnc#865814).
* New entries: Installation via USB (bnc#803794 via
fate#312662).
* Use suse2013 style sheets (bnc#866875).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1551-3 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10timezoneThis update provides the latest timezone information for
your system. The changes in detail are:
* Morocco now observes DST from the last Sunday in
March to the last Sunday in October, not April to September
respectively.
* Tocantins will very likely not observe DST starting
this spring
* Jordan will likely stay at UTC+3 indefinitely
* Palestine will fall back at 00:00, not 01:00
* This year Fiji will start DST on October 27, not
October 20
* Use WIB/WITA/WIT rather than WIT/CIT/EIT for
alphabetic Indonesian time zone abbreviations since 1932
* Use ART (UTC-3, standard time), rather than WARST
(also UTC-3, but daylight saving time) for San Luis,
Argentina since 2009.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0765-1 -- Recommended update for release-notesSUSE Linux Enterprise Server 11release-notesThis update provides the latest version of the Release
Notes for SUSE Linux Enterprise Server 11 SP2.
The changes in detail are:
* Updated entry: File Systems table. (bnc#807470)
* New entry: Virtual Machine Driver Pack 2.0 (VMPD2.0).
(bnc#808417)
* New entry: Add video4linux GStreamer plug-ins.
(bnc#797818)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0819-1 -- Security update for the Linux Kernel (x86)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11the Linux Kernel (x86)This update to the SUSE Linux Enterprise 11 SP2 kernel
fixes the following critical security issue:
* A bounds checking problem in the perf systemcall
could be used by local attackers to crash the kernel or
execute code in kernel context. (CVE-2013-2094
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2094
> )Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0711-1 -- Recommended update for auditSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11auditThis update changes audit to use the new kernel interface
to adjust the OOM-Killer score, avoiding warnings at boot
time.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0132-1 -- Recommended update for sysstatSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11sysstatThis update for sysstat provides the following fixes:
* Handle overflow of the {rd,wr}_ticks counters.
(bnc#839091)
* Inform user if sar is called without parameters and
data collecting isn't enabled. (bnc#816833)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0217-1 -- Recommended update for libdrmSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libdrmThis update for libdrm adds support for VEBOX on Haswell
Media Server.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1381-1 -- Security update for Apache2SUSE Linux Enterprise Server 11Apache2This collective update for Apache provides the following
fixes:
*
Make sure that input that has already arrived on the
socket is not discarded during a non-blocking read (read(2)
returns 0 and errno is set to -EAGAIN). (bnc#815621)
*
Close the connection just before an attempted
re-negotiation if data has been read with pipelining. This
is done by resetting the keepalive status. (bnc#815621)
*
Reset the renegotiation status of a client<->server
connection to RENEG_INIT to prevent falsely assumed status.
(bnc#791794)
*
"OPTIONS *" internal requests are intercepted by a
dummy filter that kicks in for the OPTIONS method. Apple
iPrint uses "OPTIONS *" to upgrade the connection to
TLS/1.0 following RFC 2817. For compatibility, check if an
Upgrade request header is present and skip the filter if
yes. (bnc#791794)
*
Sending a MERGE request against a URI handled by
mod_dav_svn with the source href (sent as part of the
request body as XML) pointing to a URI that is not
configured for DAV will trigger a segfault. (bnc#829056,
CVE-2013-1896)
*
Client data written to the RewriteLog must have
terminal escape sequences escaped. (bnc#829057,
CVE-2013-1862)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1115-1 -- Recommended update for kshSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10kshThis update for Korn Shell provides fixes for the following
issues:
* #808449: set -k does not work properly with
ksh-93t-13.17 and higher
* #814135: crash in bestreclaim() after traversing a
memory block with a very large size
* #824187: set -k breaks aliases with ksh-93u.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0051-2 -- Security update for xorg-x11-serverSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-serverThis update fixes the following security issue with
xorg-x11-server:
* bnc#853846: integer underflow when handling
trapezoids (CVE-2013-6424)
Security Issue reference:
* CVE-2013-6424
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6424
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0432-1 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11timezoneThis update provides the latest timezone information for
your system. The changes in detail are:
* Turkey begins DST on 2014-03-31, not 2014-03-30
* Misc changes affecting past time stamps
* An uninitialized-storage bug in 'localtime' has been
fixed.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1903-1 -- Recommended update for udevSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11udevThis collective update for udev provides the following
fixes:
* Add MSFT compatibility rules. (bnc#805059)
* Drop memory/cpu hotplug rules for ppc/ppc64 arch.
(bnc#818146)
* Use device_new_from_id_filename. (bnc#819331)
* Implement virtual function interface renaming.
(bnc#812050)
* Be more informative when renaming interfaces.
(bnc#812050)
* scsi_id: Export ID_SCSI_VPD and decode MD5
identifiers. (bnc#820574)
* path_id: Handle ATA/S-ATA devices if we are using
libata. (bnc#815263)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0322-1 -- Security update for gnutlsSUSE Linux Enterprise Server 11gnutlsThe GnuTLS library received a critical security fix and
other updates:
* CVE-2014-0092: The X.509 certificate verification had
incorrect error handling, which could lead to broken
certificates marked as being valid.
* CVE-2009-5138: A verification problem in handling V1
certificates could also lead to V1 certificates incorrectly
being handled.
* CVE-2013-2116: The _gnutls_ciphertext2compressed
function in lib/gnutls_cipher.c in GnuTLS allowed remote
attackers to cause a denial of service (buffer over-read
and crash) via a crafted padding length.
* CVE-2013-1619: Timing attacks against hashing of
padding was fixed which might have allowed disclosure of
keys. (Lucky13 attack).
Also the following non-security bugs have been fixed:
* gnutls doesn't like root CAs without Basic
Constraints. Permit V1 Certificate Authorities properly
(bnc#760265)
* memory leak in PSK authentication (bnc#835760)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1215-1 -- Recommended update for SLES-for-VMware-SP3-migration and SLES-for-VMware-releaseSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SLES-for-VMware-SP3-migrationSLES-for-VMware-releaseThis update prepares the system for a System Upgrade to
SUSE Linux Enterprise Server for VMware 11 SP3.
Please follow the technical instruction document for the
information on how to upgrade your system to SUSE Linux
Enterprise Server for VMware 11 SP3:
http://www.suse.com/support/documentLink.do?externalID=70123
68
<http://www.suse.com/support/documentLink.do?externalID=7012
368>
Please have a look for more Information and Resources about
SUSE Linux Enterprise Server 11 SP3 here:
http://www.suse.com/promo/sle11sp3.html
<http://www.suse.com/promo/sle11sp3.html>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0466-1 -- Security update for xinetdSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xinetdThe multiplexing system xinetd was updated to fix security
issues and a bug.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1631-2 -- Security update for vinoSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11vinovino has been updated to fix a remote denial of service
problem where remote attackers could have caused a
infinite loop in vino (CPU consumption). (CVE-2013-5745)
Security Issue reference:
* CVE-2013-5745
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5745
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0920-1 -- Security update for glibcSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11glibcglibc has been updated to fix one security issue that could have resulted in free-after-use situations.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0417-1 -- Recommended update for checkmediaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11checkmediaThis update fixes checkmedia on big endian platforms such
as IBM Power and s390x.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0747-1 -- Recommended update for autofsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11autofsThis collective update for AutoFS provides fixes for the
following issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0459-1 -- Security update for Linux KernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux KernelThe SUSE Linux Enterprise 11 Service Pack 3 kernel was
updated to fix various bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0688-1 -- Recommended update for yast2-slp-serverSUSE Linux Enterprise Server 11yast2-slp-serverThis update for yast2-slp-server provides the following fixes:
* Fix configuration of the SLP service in SUSE Firewall. (bnc#825505)
* Parse configuration file as case sensitive. (bnc#291301, bnc#868231)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0531-1 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been
updated to fix various bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0642-1 -- Recommended update for microcode_ctlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11microcode_ctlThis update provides Intel's CPU microcode version 20140430.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1326-1 -- Recommended update for mkinitrdSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mkinitrdThis update for mkinitrd provides the following fixes:
* Add a udev rule to fix HyperV VM migration from
Windows 2008/2012 to Windows 2012R2 hosts
* Fix network configuration when using iBFT
* Do not add duplicate static IPs
* Recognize default network interface if more than one
is present
* Support /dev/md/ subdir in setup-storage.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0400-1 -- Recommended update for tcshSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11tcshThis update for tcsh includes enhancements to speed up
loading and saving the history file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1854-1 -- Security update for glibcSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11glibcThis update for glibc contains the following fixes:
* Fix integer overflows in malloc (CVE-2013-4332,
bnc#839870)
* Fix buffer overflow in glob (bnc#691365)
* Fix buffer overflow in strcoll (CVE-2012-4412,
bnc#779320)
* Update mount flags in <sys/mount.h> (bnc#791928)
* Fix buffer overrun in regexp matcher (CVE-2013-0242,
bnc#801246)
* Fix memory leaks in dlopen (bnc#811979)
* Fix stack overflow in getaddrinfo with many results
(CVE-2013-1914, bnc#813121)
* Fix check for XEN build in glibc_post_upgrade that
causes missing init re-exec (bnc#818628)
* Don't raise UNDERFLOW in tan/tanf for small but
normal argument (bnc#819347)
* Properly cross page boundary in SSE4.2 implementation
of strcmp (bnc#822210)
* Fix robust mutex handling after fork (bnc#827811)
* Fix missing character in IBM-943 charset (bnc#828235)
* Fix use of alloca in gaih_inet (bnc#828637)
* Initialize pointer guard also in static executables
(CVE-2013-4788, bnc#830268)
* Fix readdir_r with long file names (CVE-2013-4237,
bnc#834594).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0503-1 -- Recommended update for ipsec-toolsSUSE Linux Enterprise Server 11ipsec-toolsThis update for ipsec-tools fixes the Dead Peer Detection
algorithm that previously failed to properly clean up
Security Associations in the kernel.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0687-1 -- Recommended update for release-notes-slesSUSE Linux Enterprise Server 11release-notes-slesThis update provides the latest version of the Release Notes for SUSE
Linux Enterprise Server 11 SP3.
* Fix profiling for the PDF of the SLES for VMware product (bnc#872172)
* Updated entries: XFS Stack Overflow (bnc#815356); VMware link
(bnc#867969)
* Updated entries: Insecurity with XEN on some AMD Processors
(bnc#872172)
* New entry: WebSphere removed (FATE#314973)
* Remove entry from the future (SLES 12) (bnc#868654)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0170-1 -- Recommended update for apache2SUSE Linux Enterprise Server 11apache2This update for apache2 provides the following fixes:
*
Make sure that the tty from which Apache starts has
echo mode set to on; otherwise, subsequently checking if
echo mode was off results in the false detection that
Apache is still waiting for a certificate pass-phrase to be
entered, leading to a failure with Xen virtual guests that
may have the terminal set to -echo. (bnc#852401)
*
Partially revert the fix for bnc#815621 (PR50481);
this upstream change has unwanted side effects with large
request headers, where the LimitRequestFieldsize option is
ignored. (bnc#844212)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0580-1 -- Security update for python-pywbemSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11python-pywbemThis update fixes a TOCTOU vulnerability during certificate
validation. CVE-2013-6418 has been assigned to this issue.
This update also introduces a new dependency on
python-m2crypto.
Security Issue reference:
* CVE-2013-6418
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6418
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0573-1 -- Recommended update for rpcbindSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11rpcbindThis update for rpcbind fixes the following issues:
* Make is_loopback check more permissive. (bnc#821054)
* Set SO_REUSEADDR on NC_TPI_COTS listening sockets.
(bnc#823079)
* In the %post section, check if portmap binary exists
before using checkproc to verify whether it's running.
(bnc#823079)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0665-1 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11Mozilla FirefoxThis Mozilla Firefox and Mozilla NSS update fixes several security and
non-security issues.
Mozilla Firefox has been updated to 24.5.0esr which fixes the following
issues:
* MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards
* MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG
images
* MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object
as XBL
* MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web
Notification API
* MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history
navigations
* MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while
resizing images
* MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver
Mozilla NSS has been updated to 3.16
* required for Firefox 29
* CVE-2014-1492_ In a wildcard certificate, the wildcard character
should not be embedded within the U-label of an internationalized
domain name. See the last bullet point in RFC 6125, Section 7.2.
* Update of root certificates.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0548-1 -- Security update for jakarta-commons-fileuploadSUSE Linux Enterprise Server 11jakarta-commons-fileuploadThis update fixes a security issue with
jakarta-commons-fileupload:
* bnc#862781: denial of service due to too-small buffer
size used (CVE-2014-0050)
Security Issue reference:
* CVE-2014-0050
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1423-1 -- Recommended update for sblim-sfcbSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11sblim-sfcbThis update for sblim-sfcb provides the following fixes:
* Improve robustness of sblim-sfcb request header
parsing, fixing errors when the XML header of posted
request is too big.
* Fix a resource leak leading to failure to operate
when using the 'SfcbLocal' client interface together with
Openwsman.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-OU-2013:1785-1 -- Optional update for apache2-mod_nssSUSE Linux Enterprise Server 11apache2-mod_nssThis feature update provides a new Apache2 module "mod_nss"
which implements an https provider as a replacement of
mod_ssl. (FATE#316419)
mod_nss uses the Mozilla NSS libraries to provide SSL
support and so is able to supply TLS 1.1 and TLS 1.2 for
your Apache web server.
The package includes a README-SUSE.txt with detailed setup
instructions.
Also some glue documentation can be found in
/etc/apache2/conf.d/mod_nss.conf and covers:
* Simultaneous usage of mod_ssl and mod_nss
* SNI concurrency
* SUSE framework for Apache configuration, Listen
directive
* Module initialization.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1434-1 -- Recommended update for KVMSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11KVMThis update from kvm 1.4.1 to 1.4.2 provides the following
fixes and enhancements:
* Backport TLS support for VNC Websockets from QEMU
v1.5.0 (bnc#821819, fate#315032)
* Fixes for s390x dictzip support (bnc#824340).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0578-1 -- Recommended update for python-m2cryptoSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11python-m2cryptoThis update to python-m2crypto 0.21.1 provides many fixes
and enhancements, including:
* Allow SSL peer certificate to have subjectAltName
without DNSName and use commonName for hostname check.
* Allow more blocking OpenSSL functions to run without
GIL.
* Fixed httpslib to send only the path+query+fragment
part of the URL when using CONNECT proxy.
* Added support for RSASSA-PSS signing and verifying.
* Added support for disabling padding when using RSA
encryption.
* ASN1_INTEGERs can now be larger than fits in an int,
for example to support X509 certificates with large serial
numbers.
* Deprecated M2Crypto.PGP subpackage.
* Add support for OpenSSL 1.0.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0850-1 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11Mozilla FirefoxMozilla Firefox has been updated to the17.0.6ESR security
version upgrade as a LTSS roll up release.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1352-1 -- Security update for libgcryptSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libgcryptThis update of libgcrypt mitigates the Yarom/Falkner
flush+reload side-channel attack on RSA secret keys
(CVE-2013-4242).
Security Issue reference:
* CVE-2013-4242
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0830-1 -- Security update for ApacheSUSE Linux Enterprise Server 11ApacheApache2 has been updated to fix multiple security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0298-1 -- Recommended update for kvmSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kvmThis update for KVM provides support for the Ceph
components of SUSE Cloud by implementing compatibility
with a dynamically loaded rbd plug-in. Currently, this
plug-in is not delivered with SUSE Linux Enterprise
Server. (FATE#316580, bnc#858858)
Additionally, the following issues have been fixed:
* Provide dummy color map for VNC viewers which may
request a color map. (bnc#842088)
* Allow cross migration from SP2's qemu-kvm 0.15 to
qemu 1.4. (bnc#812836, bnc#841080)
* Fix potential rtl8139/pcnet network stalls.
* Update to new s390-ccw.img firmware from v1.6.0.
(bnc#812983)
* Add fix for virtio-ccw reset. (bnc#812983)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0300-1 -- Recommended update for glib2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11glib2This update for glib2 adds a workaround to ignore multiple
calls to g_thread_init(), preventing issues with some
upstream Java implementations.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0743-1 -- Recommended update for supportutilsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11supportutilsThis update for supportutils contains the following fixes and enhancements:
* novell-nss.txt should capture VolumeInfo.xml file. (bnc#871536)
* Added novell-ncs-resource*.txt files.
* Included NCS parsed log information. (bnc#870451)
* Fixed duplicate snapshot listings. (bnc#870473)
* Scanning base_reachable_time excluded. (bnc#863234)
* Removed schealth. It's superseded by the SCA Appliance.
* Excluded ldauditor logs from security-audit.txt. (bnc#860003)
* Limited mcelog to VAR_OPTION_LINE_COUNT.
* Fixed HAE cib location for SLE 11-SP3. (bnc#855230)
* Fixed Apparmor error messages during basic health check. (bnc#850741)
* Added /etc/xinetd.d/ to chkconfig.txt. (bnc#850568)
* Fixed find /boot errors. (bnc#850566)
* Added gfx hardware information to x.txt. (bnc#816468)
* Option -k now excludes all known loaded modules. (bnc#846676)
* Option -y now sets ADD_OPTION_MAXYAST. (bnc#846512)
* Removed ADD_OPTION_MINYAST.
* Excluded invalid /proc files. (bnc#846679)
* Supportconfig gets symlinks in /etc/pam.d. (bnc#846491)
* Supports xz compressed ramdisks. (bnc#839664)
* Fixed long NIC name processing. (bnc#840841)
* RPM package requires tar. (bnc#839098)
* Included dmidecode in hardware.txt. (fate#315500)
* Changed parted output units to sectors. (fate#314621)
* Added findmnt to fs-diskio.txt. (fate#314619)
* Added lsblk to fs-diskio.txt. (fate#314620)
* Added lsscsi -H to fs-diskio.txt. (fate#314618)
For a comprehensive list of changes, please read the package's change log.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0510-1 -- Security update for puppetSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11puppetThe deployment framework puppet received an update for a
security issue in January.
The backport of this security issue was however incomplete
and broke existing setups. As the scope of the problem is
limited to local scenarios where an attacker likely has
access already, and backporting is not trivial, this
update reverts the fix for now.
We are evaluating the possibility of an update to puppet
2.7 in the future.
Security Issue reference:
* CVE-2013-4761
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0178-1 -- Security update for openswanSUSE Linux Enterprise Server 11openswanThis update fixes a Denial of Service (DoS) vulnerability
via IKEv2 I1 notifications in openswan. CVE-2013-7294 has
been assigned to this issue.
Security Issues:
* CVE-2013-7294
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7294
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1631-1 -- Security update for vinoSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11vinovino has been updated to fix a remote denial of service
problem where remote attackers could have caused a
infinite loop in vino (CPU consumption). (CVE-2013-5745)
Security Issue reference:
* CVE-2013-5745
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5745
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0247-1 -- Recommended update for python-sip, python-kde4 and python-qt4SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11python-sippython-kde4python-qt4This update for python-sip fixes code generation for
classes that have an alternate mapped type implementation.
This problem affected the QSettings class of python-qt4,
more specifically the functions that serialize objects and
save them to persistent storage.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1551-1 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11timezoneThis update provides the latest timezone information for
your system. The changes in detail are:
* Morocco now observes DST from the last Sunday in
March to the last Sunday in October, not April to September
respectively.
* Tocantins will very likely not observe DST starting
this spring
* Jordan will likely stay at UTC+3 indefinitely
* Palestine will fall back at 00:00, not 01:00
* This year Fiji will start DST on October 27, not
October 20
* Use WIB/WITA/WIT rather than WIT/CIT/EIT for
alphabetic Indonesian time zone abbreviations since 1932
* Use ART (UTC-3, standard time), rather than WARST
(also UTC-3, but daylight saving time) for San Luis,
Argentina since 2009.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-YU-2014:0091-1 -- YOU update for Software Update StackSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Software Update StackThis update for the Software Update Stack provides the
following fixes and enhancements:
libzypp:
* Fix disk usage computation for single packages.
(bnc#852943)
* Filter control chars illegal in XML 1.0. (bnc#850907)
* Always properly initialize pool storage. (bnc#846565)
zypper:
* Fix groff .TP commands in manpage. (bnc#854784)
* Fix callback handling if media download error is
ignored.
* Fix detection of multiversion packages in transaction
summary. (bnc#844373)
* Improve prompt with more options hidden behind '?'.
(bnc#844373)
* Fix message typo. (bnc#845619)
* Avoid duplicated product entries. (bnc#841473)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0744-1 -- Security update for xorg-x11-serverSUSE Linux Enterprise Server 11xorg-x11-serverThis is a SLES 11 SP1 LTSS rollup update for the X.Org Server package.
The following security issues have been fixed:
* CVE-2013-6424: Integer underflow in the xTrapezoidValid macro in
render/picture.h in X.Org allowed context-dependent attackers to
cause a denial of service (crash) via a negative bottom value.
* CVE-2013-4396: Use-after-free vulnerability in the doImageText
function in dix/dixfonts.c in the xorg-server module before 1.14.4
in X.Org X11 allowed remote authenticated users to cause a denial of
service (daemon crash) or possibly execute arbitrary code via a
crafted ImageText request that triggers memory-allocation failure.
* CVE-2013-1940: X.Org X server did not properly restrict access to
input events when adding a new hot-plug device, which might have
allowed physically proximate attackers to obtain sensitive
information, as demonstrated by reading passwords from a tty.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1357-1 -- Recommended update for libcpusetSUSE Linux Enterprise Server 11libcpusetThis update enhances libcpuset to dynamically detect where
the cpuset file system is mounted (bnc#625079).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1150-1 -- Security update for openswanSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 10openswanThis openswan update fixes a remote buffer overflow issue
(bnc#824316 / CVE-2013-2053).
Security Issue reference:
* CVE-2013-2053
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2053
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0248-2 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11Mozilla FirefoxMozilla Firefox was updated to the 24.3.0ESR security
release.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0431-1 -- Security update for wiresharkSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11wiresharkThis update fixes a security problem in the BSSGP network
protocol dissector that could crash wireshark.
Security Issue reference:
* CVE-2013-7113
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7113
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1830-1 -- Recommended update for halSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11halThis update for hal includes the following fix:
* Removable media sporadically not automatically
mounted (bnc#808143)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0162-1 -- Security update for libvirtSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libvirtThis update fixes a crash in LXC's memtune code.
CVE-2013-6436 has been assigned to this issue.
Security Issue reference:
* CVE-2013-6436
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6436
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1926-1 -- Security update for apache2-mod_nssSUSE Linux Enterprise Server 11apache2-mod_nssThis update fixes the following security issues with
apache2-mod_nss:
* bnc#853039: client certificate verification
problematic (CVE-2013-4566)
Security Issue reference:
* CVE-2013-4566
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4566
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1182-2 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been
updated to 3.0.82 and to fix various bugs and security
issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0524-1 -- Security update for net-snmpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11net-snmpThe net-snmp remote service received security and bugfixes:
*
A remote denial of service flaw in Linux
implementation of ICMP-MIB has been fixed (CVE-2014-2284)
*
snmptrapd could have crashed when using a trap with
empty community string. This has been fixed. (CVE-2014-2285)
*
The AgentX subagent of net-snmp could have been
stalled when a manager sent a multi-object request with a
different number of subids. (CVE-2014-2310)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0672-1 -- Recommended update for man-pagesSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11man-pagesThis update for man-pages provides the following fixes:
* fseek.3: Complete EINVAL return code description.
* core.5: PID in core file name.
* proc.5: Extend descriptions of /proc/[pid]/smaps fields.
* pthread_attr_setaffinity_np.3: Fix function prototypes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0124-1 -- Recommended update for autofsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11autofsThis update for AutoFS provides fixes for the following
issues:
* A segmentation fault caused by thread-unsafe
initialization and clean-up of libldap. (bnc#820585,
bnc#853469)
* A segmentation fault caused by thread-unsafe usage of
glibc's netconfig() functions. (bnc#842622, bnc#833733)
* A race condition that could make automount quit after
receiving a SIGHUP. (bnc#855883)
* A deadlock when trying to lock a mutex that's already
owned by the same thread. (bnc#859969)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0475-1 -- Security update for sudoSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11sudoThis collective update for sudo provides fixes for the
following issues:
* Security policy bypass when env_reset is disabled.
(CVE-2014-0106, bnc#866503)
* Regression in the previous update that causes a
segmentation fault when running "sudo -s". (bnc#868444)
* Command "who -m" prints no output when using
log_input/log_output sudo options. (bnc#863025)
Security Issues references:
* CVE-2014-0106
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0106
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1966-1 -- Recommended update for python-lxmlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11python-lxmlThis update fixes the following issue with python-lxml:
* bnc#657698: python-lxml must not require pyxmlSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1099-2 -- Security update for xorg-x11-libXextSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libXextThis update of xorg-x11-libXext fixes several integer
overflow issues.
Bug 815451/821665 CVE-2013-1982
Security Issues:
* CVE-2013-1982
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1982
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0103-1 -- Recommended update for mailxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mailxThis update for mailx enables IPv6 support and includes the
following fixes:
* Crop off the brackets of an ipv6 address if found.
(bnc#853246)
* Enable mailx to parse IPv6 addresses including a port
([ipv6]:port). (bnc#853246)
* Do not pseudo detect Latin nor UTF-8 in binary
attachments. (bnc#827010)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1618-1 -- Security update for PythonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PythonThis python update fixes a certificate hostname issue.
* bnc#834601: CVE-2013-4238: python: SSL module does
not handle certificates that contain hostnames with NULL
bytes
Security Issue reference:
* CVE-2013-4238
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0723-1 -- Recommended update for gzipSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gzipThis update for GNU Zip (gzip) provides one fix:
* When reading files from Hierarchical Storage
Management systems in non-blocking mode, read() might fail
with EAGAIN. In cases like this, gzip will now switch to
blocking mode and try again.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1626-1 -- Security update for guestfsSUSE Linux Enterprise Server 11guestfsA predictable socketname in the guestfish commandline tool
could be used by a local attacker to gain access to
guestfish sessions of other users on the same system.
(CVE-2013-4419)
Security Issue reference:
* CVE-2013-4419
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4419
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0150-1 -- Security update for libxml2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libxml2This update fixes a DoS vulnerability in libxml2.
CVE-2013-2877 has been assigned to this issue.
Security Issue reference:
* CVE-2013-2877
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-YU-2013:1408-1 -- Security update for libzyppSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libzypplibzypp did not handle multiple gpg pubkeys in the
repomd.xml.key and content.key consistently and secure.
Attackers could have exploited this to add their own keys
and pretend it's from SUSE.
Security Issue reference:
* CVE-2013-3704
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3704
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0337-1 -- Security update for pythonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pythonThis update for Python fixes the following security issues:
* bnc#834601: SSL module does not handle certificates
that contain hostnames with NULL bytes. (CVE-2013-4238)
* bnc#856836: Various stdlib read flaws. (CVE-2013-1752)
Additionally, the following non-security issues have been
fixed:
* bnc#859068: Turn off OpenSSL's aggressive
optimizations that conflict with Python's GC.
* bnc#847135: Setting fips=1 at boot time causes
problems with Python due to MD5 usage.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1554-1 -- Recommended update for oracleasmSUSE Linux Enterprise Server 11oracleasmThe oracleasm KMP has been rebuilt for version 3.0.82 of
the Linux Kernel. There are no code changes in this update.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1920-1 -- Security update for libfreebl3SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libfreebl3Mozilla NSS has been updated to the 3.15.3.1 security
release.
The update blacklists an intermediate CA that was abused to
create man in the middle certificates.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1640-1 -- Recommended update for net-snmpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11net-snmpThis collective update for net-snmp provides the following
fixes:
* Fix a race condition in hrSWRunTable when processes
exit in the middle of processing. (bnc#822368)
* Fix hrSWRunPath of swapped-out processes. (bnc#822368)
* Fix MIB representation of timeout values. (bnc#833153)
* Fix infinite loop when SIGTERM arrives in the middle
of internal query processing. (bnc#833191)
* Merge some upstream fixes for memory leaks.
(bnc#833191)
* If the daemon is still running 10 seconds after
SIGTERM, force the stop with SIGKILL. (bnc#828081)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0728-3 -- Security update for IBM Java 6SUSE Linux Enterprise Server 11IBM Java 6BM Java 6 was updated to version 6 SR16 to fix several security issues and
various other bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0230-1 -- Recommended update for cpupowerSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11cpupowerThis update for cpupower introduces the new "idle-set"
sub-command, which allows the user to enable or disable
the sleep states of a CPU. For more details, refer to the
cpupower-idle-set(1) man page.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0331-1 -- Security update for openssl-certsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11openssl-certsThe openssl-certs package was updated to match the
certificates contained in the Mozilla NSS 3.15.4 release.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0911-1 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues.elected taints for tracepoint modules.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0579-1 -- Recommended update for autoyast2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11autoyast2This collective update for AutoYaST 2 provides the
following fixes:
* Fix usage of "totaldisk" and "xserver" rules in
rules.xml. (bnc#836366)
* Fix cloning of software section with invisible
patterns. (bnc#864421)
* Fix an issue where autoyast created primary partition
when logical ones were requested. (bnc#852617)
* Fix an issue handling LVM VGs on existing partitions.
(bnc#830253)
* Fix scripts with chrooted=true via NFS. (bnc#829265)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0824-3 -- Security update for MozillaFirefoxSUSE Linux Enterprise Server 11MozillaFirefoxMozillaFirefox was updated to version 24.6.0 to fix six security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0696-1 -- Security update for Linux kernelSUSE Linux Enterprise Server 11Linux kernelThe SUSE Linux Enterprise Server 11 SP2 LTSS kernel received a roll-up
update to fix security and non-security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0795-1 -- Recommended update for SLE ManualsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SLE ManualsThis update provides the latest version of the SUSE Linux Enterprise 11-SP3 manuals, which brings fixes and enhancements in the following areas.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0189-1 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 Service Pack 3 kernel was
updated to 3.0.101 and also includes various other bug and
security fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0623-1 -- Security update for kvmSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kvmThe QEMU embedded within KVM received various security
fixes.
Various issues in the block layer have been fixed:
* A virtio security issue in config io space handling
(CVE-2013-2016).
* A SCSI report LUNs buffer overflow (CVE-2013-4344).
* A buffer overflow in the QEMU USB stack
(CVE-2013-4541).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1615-1 -- Recommended update for microcode_ctlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11microcode_ctlThis update provides Intel's CPU microcode version 20130906.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1557-1 -- Recommended update for oracleasmSUSE Linux Enterprise Server 11oracleasmThis update for oracleasm provides the following fixes:
* When devices report their physical block size,
oracleasm reports the wrong block size to ASM which leads
to an unsuccessful mount attempt. (bnc #807812)
* Ensure all pages were mapped in IO request. (bnc
#786189)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1515-1 -- Recommended update for xml-commonsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xml-commonsThis update relaxes dependencies between xml-commons and
its sub-packages to fix an issue in online migration.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0175-2 -- Security update for curlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11curlThis update fixes the re-use of wrong HTTP NTLM connections
in libcurl. (CVE-2014-0015)
Security Issue reference:
* CVE-2014-0015
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0291-1 -- Recommended update for mdadmSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mdadmThis update for mdadm provides many fixes and enhancements:
* Don't wait so long when creating arrays. (bnc#816382)
* Allow array to be stopped using the kernel name.
(bnc#821861)
* If mpath is in use, disable mdadm auto-assembly
except on dm devices. (bnc#838528)
* Fix size handling for RAID0 arrays during reshape.
(bnc#821934)
* Fix problem with calculation of space available for
reshape. (bnc#821934)
* Clarify connection between action=re-add and bitmaps
in mdadm.conf.5. (bnc#773010)
* Print correct size for large external metadata
arrays. (bnc#797116)
* Retry failed removes in mdadm. (bnc#808647)
* Don't assemble the same array with two different
names. (bnc#828436)
* Attempt to remove from an array any device which
disappear. (bnc#819331)
* Fix problems with RAID10 re-sync and recovery not
completing properly. (bnc#834041)
* Allow mdadm to create arrays with more than 1000
devices. (bnc#819930)
* Remove partitions from device when included in an
'external' array. (bnc#817841)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0809-1 -- Recommended update for release-notes-slesSUSE Linux Enterprise Server 11release-notes-slesThis update for the Release Notes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0373-1 -- Security update for XenSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11XenThe SUSE Linux Enterprise Server 11 Service Pack 3 Xen
hypervisor and toolset has been updated to 4.2.4 to fix
various bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0661-1 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11timezoneThis update provides the latest timezone information for your system. The
changes in detail are:
* Egypt observes DST starting 2014-05-15 at 24:00
* Crimea switched to Moscow time on 2014-03-30 at 02:00 local time
* New entry for Troll Station, Antarctica.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0336-1 -- Recommended update for sg3_utilsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11sg3_utilsThis update for sg3_utils provides the following fixes and
enhancements:
* Update to rescan-scsi-bus.sh to improve scanning of
DMMP devices. (bnc#846660)
* Update sg_xcopy to version 0.39 for invoking XCOPY on
NetApp FAS LUs. (bnc#852420)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0575-1 -- Recommended update for mono-coreSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mono-coreThis update adds handling of SHA256 hashes to parts of the
X509 Certificate classes in the C# implementation of Mono
(bnc#871362) and improves handling of non-existing
certificate revocation lists (bnc#810747, bnc#606002).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1240-1 -- Recommended update for AutoYaST2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11AutoYaST2This update fixes the following issues:
* #820499: AutoYaST module creates a bad ask-list
* #822009: AutoYaST module crashes while saving the
profile
* #799725: Problem reusing large number of partitions
* #794403: Unattended upgrade dependency errors when
update repos are present in 'autoupg.xml'
* #788593: Problem handling script notifications in UI
* #752318: Fix cloning of raidsSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0728-2 -- Security update for IBM Java 6SUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10IBM Java 6IBM Java 6 was updated to version 6 SR16 to fix several security issues
and various other bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0219-1 -- Security update for xorg-x11SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11This update fixes a stack buffer overflow in xorg-x11 in
the bdfReadCharacters() function. CVE-2013-6462 has been
assigned to this issue.
Security Issue reference:
* CVE-2013-6462
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1512-1 -- Recommended update for puppetSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11puppetThis update for puppet fixes a regression introduced by the
fix for CVE-2013-3567.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0769-1 -- Security update for MySQLSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MySQLMySQL was updated to version 5.5.37 to address various security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0175-1 -- Security update for curlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11curlThis update fixes the re-use of wrong HTTP NTLM connections
in libcurl. (CVE-2014-0015)
Security Issue reference:
* CVE-2014-0015
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0124-2 -- Recommended update for autofsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11autofsThis update for AutoFS provides fixes for the following
issues:
* A segmentation fault caused by thread-unsafe
initialization and clean-up of libldap. (bnc#820585,
bnc#853469)
* A segmentation fault caused by thread-unsafe usage of
glibc's netconfig() functions. (bnc#842622, bnc#833733)
* A race condition that could make automount quit after
receiving a SIGHUP. (bnc#855883)
* A deadlock when trying to lock a mutex that's already
owned by the same thread. (bnc#859969)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0569-1 -- Security update for squid3SUSE Linux Enterprise Server 11squid3A remote DoS attack in the Squid web proxy has been fixed.
Due to incorrect state management, Squid was vulnerable to
a denial of service attack when processing certain HTTPS
requests (CVE-2014-0128).
For more information see
http://www.squid-cache.org/Advisories/SQUID-2014_1.txt
<http://www.squid-cache.org/Advisories/SQUID-2014_1.txt> .
Additionally, a bug in the logrotate configuration file has
been fixed. The 'su' statement was moved into the
'logfile' section (bnc#677335).
Security Issue reference:
* CVE-2014-0128
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0128
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0356-1 -- Recommended update for microcode_ctlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11microcode_ctlThis update provides Intel's CPU microcode version 20140122.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0731-1 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11timezoneThe latest update to timezone 2014c introduced changes in the binary format
of timezone files generated by zic(1) to improve handling of low-valued
timestamps. This change caused problems for some applications that rely
on the stability of the binary format, so this update reverts it.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0266-2 -- Security update for IBM Java 6SUSE Linux Enterprise Server 11IBM Java 6IBM Java 6 was updated to version SR15-FP1 which received
security and bug fixes.
More information at:
http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_Ja
nuary_14_2014_CPU
<http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_J
anuary_14_2014_CPU>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1451-1 -- Recommended update for SUSE Manager Client ToolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SUSE Manager Client ToolsThis collective update provides the following fixes and
enhancements:
rhnlib:
* Fix some issues with the new timeout option.
spacewalk-client-tools:
* Print prompt on tty instead of stdout
* Add Unicode support for Remote Command scripts.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0582-1 -- Recommended update for linux-kernel-headersSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11linux-kernel-headersThis update for linux-kernel-headers includes the following
fixes:
* The <linux/vt.h> header has been fixed not to used
the C++ reserved keyword "new".
* Headers <scsi/scsi_bsg_fc.h>,
<scsi/scsi_netlink.h> and <scsi/scsi_netlink_fc.h> have
been included.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0188-1 -- Security update for hplipSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11hpliphplip was updated to fix three security issues:
*
CVE-2013-0200: Some local file overwrite problems via
predictable /tmp filenames were fixed.
*
CVE-2013-4325: hplip used an insecure polkit DBUS API
(polkit-process subject race condition) which could lead to
local privilege escalation.
*
CVE-2013-6402: hplip uses arbitrary file
creation/overwrite (via hardcoded file name
/tmp/hp-pkservice.log)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0549-3 -- Security update for OpenSSLSUSE Linux Enterprise Server 11OpenSSLOpenSSL has been updated to fix several security issues:
* CVE-2012-4929: Avoid the openssl CRIME attack by
disabling SSL compression by default. Setting the
environment variable "OPENSSL_NO_DEFAULT_ZLIB" to "no"
enables compression again.
* CVE-2013-0169: Timing attacks against TLS could be
used by physically local attackers to gain access to
transmitted plain text or private keymaterial. This issue
is also known as the "Lucky-13" issue.
* CVE-2013-0166: A OCSP invalid key denial of service
issue was fixed.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1912-1 -- Recommended update for SUSE Manager Client ToolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SUSE Manager Client ToolsThis collective update provides the following fixes and
enhancements:
spacewalk-client-tools:
* Uptime report: respect xmlrpc's integer limits.
zypp-plugin-spacewalk:
* Avoid crashes when a channel's metadata contains
UTF-8 data. (bnc#850105)
* Call zypper with --auto-agree-with-licenses, as
interactive agreement is not possible from remote.
(bnc#847254)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1656-1 -- Security update for libxsltSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11libxsltlibxslt received a security update to fix a security issue:
* CVE-2013-4520: The XSL implementation in libxslt
allowed remote attackers to cause a denial of service
(crash) via an invalid DTD. (addendum due to incomplete fix
for CVE-2012-2825)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1919-1 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Mozilla FirefoxMozillaFirefox has been updated to the 24.2.0 ESR security
release.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0901-1 -- Security update for SambaSUSE Linux Enterprise Server 11SambaSamba was updated to fix three security issues and several non-security issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0051-1 -- Security update for xorg-x11-serverSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-serverThis update fixes the following security issue with
xorg-x11-server:
* bnc#853846: integer underflow when handling
trapezoids (CVE-2013-6424)
Security Issue reference:
* CVE-2013-6424
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6424
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0171-1 -- Security update for curlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11curlThis update fixes the re-use of wrong HTTP NTLM connections
in libcurl. (CVE-2014-0015)
Security Issue reference:
* CVE-2014-0015
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0662-2 -- Recommended update for python-dmidecodeSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11python-dmidecodeThis update for python-dmidecode fixes an "Illegal instruction" exception
that could occur on systems under heavy memory load.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1094-1 -- Recommended update for SUSE Manager client toolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SUSE Manager client toolsThis update fixes the following issues:
rhnlib:
* Make timeout of yum-rhn-plugin calls through
rhn-client-tools configurable
* Make Proxy timeouts configurable.
spacewalk-client-tools:
* Create mgr* program symbolic links
* Correctly handle a deactivated account error message
* Require rhnlib with timeout option
* Make timeout configurable.
zypp-plugin-spacewalk:
* Always disable gpgcheck for repositories in spacewalk
service
* Use timeout also for XMLRPC calls if possible
* Read transfer_timeout from zypp.conf and provide it
via URL.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0682-1 -- Security update for nagios-nrpe, nagios-nrpe-debuginfo, nagios-nrpe-debugsource, nagios-nrpe-doc, nagios-plugins-nrpeSUSE Linux Enterprise Server 11nagios-nrpenagios-nrpe-debuginfonagios-nrpe-debugsourcenagios-nrpe-docnagios-plugins-nrpenagios-nrpe has been updated to prevent possible remote command execution
when command arguments are enabled. This issue affects versions 2.15 and
older.
Further information is available at
http://seclists.org/fulldisclosure/2014/Apr/240
<http://seclists.org/fulldisclosure/2014/Apr/240>
These security issues have been fixed:
* Remote command execution (CVE-2014-2913)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1655-1 -- Security update for CUPSSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11CUPSThe following security issue has been fixed in the CUPS
print daemon CVE-2012-5519:
The patch adds better default protection against misuse of
privileges by normal users who have been specifically
allowed by root to do cupsd configuration changes
The new ConfigurationChangeRestriction cupsd.conf directive
specifies the level of restriction for cupsd.conf changes
that happen via HTTP/IPP requests to the running cupsd
(e.g. via CUPS web interface or via the cupsctl command).
By default certain cupsd.conf directives that deal with
filenames, paths, and users can no longer be changed via
requests to the running cupsd but only by manual editing
the cupsd.conf file and its default file permissions
permit only root to write the cupsd.conf file.
Those directives are: ConfigurationChangeRestriction,
AccessLog, BrowseLDAPCACertFile, CacheDir, ConfigFilePerm,
DataDir, DocumentRoot, ErrorLog, FileDevice, FontPath,
Group, LogFilePerm, PageLog, Printcap, PrintcapFormat,
PrintcapGUI, RemoteRoot, RequestRoot, ServerBin,
ServerCertificate, ServerKey, ServerRoot, StateDir,
SystemGroup, SystemGroupAuthKey, TempDir, User.
The default group of users who are allowed to do cupsd
configuration changes via requests to the running cupsd
(i.e. the SystemGroup directive in cupsd.conf) is set to
'root' only.
Additionally the following bug has been fixed:
* strip trailing "@REALM" from username for Kerberos
authentication (CUPS STR#3972 bnc#827109)
Security Issue reference:
* CVE-2012-5519
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5519
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1409-1 -- Recommended update for xorg-x11-driver-inputSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-driver-inputThis update for X.Org input drivers adds an option to the
evdev driver for better supporting Advanced Silicon
CoolTouch device.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1829-1 -- Recommended update for nfs-clientSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11nfs-clientThis update for nfs-utils provides the following fixes:
* Fix decoding of octal encoded fields in idmapd.
(bnc#802823)
* Improve support for GSS security negotiation with old
servers. (bnc#844015)
* Correctly handle sub-directory exports from file
systems with 64-bit inode numbers. (bnc#841971)
* Ensure ldconfig cache is updated when libraries exist
on NFS mounted file system. (bnc#834164)
* Make it easy to enable NFSv4.1 support on server.
(bnc#832264)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1513-1 -- Recommended update for facterSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11facterThis update for facter removes the relationship between the
domain fact and LDAP/NIS domains. The domain fact now
relates exclusively to the DNS domain.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0750-1 -- Security update for gpg2SUSE Linux Enterprise Server 11gpg2This is a SLES 11 SP1 LTSS rollup update for gpg2.
The following security issues have been fixed:
* CVE-2013-4402: The compressed packet parser in GnuPG allowed remote
attackers to cause a denial of service (infinite recursion) via a
crafted OpenPGP message.
* CVE-2013-4351: GnuPG treated a key flags subpacket with all bits
cleared (no usage permitted) as if it has all bits set (all usage
permitted), which might have allowed remote attackers to bypass
intended cryptographic protection mechanisms by leveraging the
subkey.
* CVE-2012-6085: The read_block function in g10/import.c in GnuPG,
when importing a key, allowed remote attackers to corrupt the public
keyring database or cause a denial of service (application crash)
via a crafted length field of an OpenPGP packet.
Also the following non-security bugs have been fixed:
* set the umask before opening a file for writing (bnc#780943)
* select proper ciphers when running in FIPS mode (bnc#808958)
* add missing options to opts table (bnc#778723)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-OU-2014:0371-1 -- Optional update for java-1_6_0-ibm-devel, java-1_7_0-ibm-devel, mozilla-nss-develSUSE Linux Enterprise Server 11java-1_6_0-ibm-develjava-1_7_0-ibm-develmozilla-nss-develThis update provides the following development packages to
satisfy dependencies of updates released for SLES 11-SP2
LTSS on systems that have the Software Development Kit
(SDK) add-on installed: mozilla-nss-devel,
java-1_6_0-ibm-devel and java-1_7_0-ibm-devel.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1373-1 -- Security update for libpixmanSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libpixmanA stack based buffer overflow in the pixman library has
been fixed. (CVE-2013-1591)
Security Issue reference:
* CVE-2013-1591
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1591
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0704-1 -- Security update for libgcryptSUSE Linux Enterprise Server 11libgcryptlibgcrypt has been updated to fix a cryptographic weakness.
* CVE-2013-4242: libgcrypt was affected by the Yarom/Falkner
flush+reload side-channel attach on RSA secret keys, that could have
potentially leaked the key data to attackers on the same machine.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1559-1 -- Security update for kdelibs4SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11kdelibs4This kdelibs4 update fixes several security issues related
to khtml/konqueror.
* Fix security issues and null pointer references in
khtml/konqueror (bnc#787520) (CVE-2012-4512, CVE-2012-4513,
CVE-2012-4515)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0246-1 -- Security update for IBM JavaSUSE Linux Enterprise Server 11IBM JavaThis update contains the Oracle January 14 2014 CPU for
java-1_7_0-ibm.
Find more information at:
http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_Ja
nuary_14_2014_CPU
<http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_J
anuary_14_2014_CPU>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0912-1 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0115-1 -- Security update for wiresharkSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11wiresharkwireshark was updated to security update version 1.8.12,
fixing bugs and security issues.
* The SIP dissector could go into an infinite loop.
wnpa-sec-2013-66 CVE-2013-7112
* The NTLMSSP v2 dissector could crash. Discovered by
Garming Sam. wnpa-sec-2013-68 CVE-2013-7114
Further bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.8.12.htm
l
<https://www.wireshark.org/docs/relnotes/wireshark-1.8.12.ht
ml>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0546-1 -- Recommended update for zshSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11zshThis update for zsh fixes tilde expansion of user names
that contain a dot.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1426-1 -- Recommended update for halSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11halThis update for hal adds support for the "Mute Microphone"
key found on HP Elitebook Folio 9470m.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0614-1 -- Recommended update for gcc47SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gcc47This update fixes an issue in libstdc++ where it wrongly
identified exceptions in construction as being uncaught.
This problem could affect some newer C++ applications.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0758-1 -- Security update for gnutlsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gnutlsGnuTLS has been patched to ensure proper parsing of session ids during the
TLS/SSL handshake. Additionally, three issues inherited from libtasn1 have
been fixed.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0733-2 -- Security update for IBM Java 7SUSE Linux Enterprise Server 11IBM Java 7IBM Java 7 was updated to version SR7, which received security and bug fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1827-1 -- Recommended update for gtk-vncSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gtk-vncThis update for gtk-vnc allows applications to configure
the key sequence to grab and release the console.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0410-1 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Mozilla FirefoxMozillaFirefox has been updated to the 17.0.3ESR release.
Important: due to compatibility issues, the Beagle plug-in
for MozillaFirefox is temporarily disabled by this update.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0570-1 -- Security update for nagiosSUSE Linux Enterprise Server 11nagiosThe monitoring service Nagios has been updated to fix
potential buffer overflows in its CGI scripts.
(CVE-2014-1878)
Security Issue reference:
* CVE-2014-1878
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1878
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0774-1 -- Security update for xorg-x11-libsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libsxorg-x11-libs was patched to fix the following security issues:
* Integer overflow of allocations in font metadata file parsing.
(CVE-2014-0209)
* libxfont not validating length fields when parsing xfs protocol
replies. (CVE-2014-0210)
* Integer overflows causing miscalculating memory needs for xfs
replies. (CVE-2014-0211)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0372-1 -- Security update for XenSUSE Linux Enterprise Server 11XenThe SUSE Linux Enterprise Server 11 Service Pack 2 LTSS Xen
hypervisor and toolset has been updated to fix various
security issues and several bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1824-1 -- Security update for Apache2SUSE Linux Enterprise Server 11Apache2Apache2 received an LTSS rollup update which fixes various
security issues and bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-OU-2014:0571-1 -- Optional OpenSSL 1.0 versions of cyrus-sasl, libcurl4 and libldapSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11compat-libldap-2_3-0libldap-2_4-2openldap2openldap2-back-metaopenldap2-clientlibldap-2_4-2-32bitThis update includes variants of existing libraries built
against OpenSSL 1.0.
As OpenSSL 0.8.9j and OpenSSL 1.0.1 are not binary
compatible, but have the same function names, care must be
taken that they are not loaded by the same program.
As some system libraries also link against libssl.so or
libcrypto.so, these need to be available in variants
linked against OpenSSL 1.0. These libraries are installed
below the /opt/suse/ directory hierarchy.
The version and the APIs of these "shadow" libraries are
exactly the same as the versions in the system, and so are
interchangeable.
For building your OpenSSL 1.0 enabled program, link using
the linkflags
-L/opt/suse/lib64 -Wl, -rpath, /opt/suse/lib64 (on 32bit
systems, use lib instead of lib64).
This update provides variants for the OpenLDAP2 client,
libcurl4 and cyrus-sasl libraries.
Additionally, two bugs have been fixed in openldap2
regarding IPv6 support:
* tls_checkpeer does not work with IPv6 address as
Subject Alternative Name. (bnc#862623)
* getaddrinfo does not return if ldap is used for host
lookups on IPv6 environments. (bnc#843697)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0622-2 -- Recommended update for suse-build-keySUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10suse-build-keyThe SUSE GPG signing keys that are used for repository
integrity checking have been extended to March 17th, 2018.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0713-1 -- Recommended update for smt-clientSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11smt-clientThis update for smt-client fixes the enforcement of http timeouts during
SSL handshakes. (bnc#876609)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0456-4 -- Security update for JavaSUSE Linux Enterprise Server 11JavaIBM Java 6 has been updated to SR13 which fixes various
critical security issues and bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0759-1 -- Security update for OpenSSLSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11OpenSSLOpenSSL was updated to fix several vulnerabilities:
* SSL/TLS MITM vulnerability. (CVE-2014-0224)
* DTLS recursion flaw. (CVE-2014-0221)
* Anonymous ECDH denial of service. (CVE-2014-3470)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1576-1 -- Security update for gpg2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gpg2This GnuPG update fixes two security issues:
* CVE-2013-4351: GnuPG treated no-usage-permitted keys
as all-usages-permitted.
* CVE-2013-4402: An infinite recursion in the
compressed packet parser was fixed.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0541-1 -- Security update for OpenSSLSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11OpenSSLOpenSSL has been updated to fix an attack on ECDSA Nonces.
Using the FLUSH+RELOAD Cache Side-channel Attack the Nonces
could have been recovered.
This update also ensures that the stack is marked
non-executable on x86 32bit (bnc#870192). On other
processor platforms it was already marked as
non-executable before.
Security Issue reference:
* CVE-2014-0076
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0581-1 -- Security update for a2psSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11a2psThe text to postscript converter a2ps received a security
update.
The fixps script did not call ghostscript with the -DSAFER
option, allowing command execution by attacker supplied
postscript files.
Security Issue reference:
* CVE-2014-0466
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0466
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0631-1 -- Security update for pamSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11pamThis update changes the broken default behavior of
pam_pwhistory to not enforce checks when the root user
requests password changes. In order to enforce pwhistory
checks on the root user, the "enforce_for_root" parameter
needs to be set for the pam_pwhistory.so module.
This pam update fixes the following security and
non-security issues:
* bnc#870433: Fixed pam_timestamp path injection
problem (CVE-2014-2583)
* bnc#848417: Fixed pam_pwhistory root password
enforcement when resetting non-root user's passwordSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0140-1 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 Service Pack 2 kernel was
updated to 3.0.101 and also includes various other bug and
security fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0755-1 -- Recommended update for udevSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11udevThis collective update for udev provides the following fixes:
* udev: Increase result size for stdout. (bnc#867840).
* rules: Add cciss by-id links when using hpsa module. (bnc#858663)
* rules: Rewrite CPU/memory hotplug rules to make it more robust.
(bnc#849840)
* udevd: Add support for max_childs to cmdline. (bnc#837804)
* udevd: Limit the number of workers count to 16. (bnc#837804)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0784-1 -- Recommended update for sblim-cmpi-fsvolSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11sblim-cmpi-fsvolThis update for sblim-cmpi-fsvol fixes enumeration of file
systems mounted by unique ID (UUID=) or volume label
(LABEL=) in fstab(5). Previously, these mount points were
shown as disabled.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0164-1 -- Recommended update for mdadmSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mdadmThis update for mdadm provides many fixes and enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1363-1 -- Recommended update for libfprint and pam_fpSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libfprintpam_fpThis update for libfprint and pam_fp adds support for the
new Validity fingerprint reader VFS495.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0643-1 -- Security update for lxcSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11lxcThe container framework LXC has been updated to fix various bugs and a
security issue:
* CVE-2013-6441: The sshd template allowed privilege escalation on the
host.
* SLES container time not aligned with host time (bnc#839653)
* SLES container boot takes ages (bnc#839663)
* lxc mounts /dev/pts with wrong options (bnc#869663)
Security Issues:
* CVE-2013-6441
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6441>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0331-2 -- Security update for openssl-certsSUSE Linux Enterprise Server 11openssl-certsThe openssl-certs package was updated to match the
certificates contained in the Mozilla NSS 3.15.4 release.
The following changes were done to the list of root CAs:
* Added: ACCVRAIZ1.pem (Spain) (all trusts)
* Added: SG_TRUST_SERVICES_RACINE.pem (Singapore)
(email signing only)
* Added: TWCA_Global_Root_CA.pem (Taiwanese) (all
trusts)
* Removed: Wells_Fargo_Root_CA.pemSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0529-1 -- Security update for strongswanSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11strongswanThe following security issue is fixed by this update:
* bnc#870572: strongswan has been updated to fix an
authentication problem where attackers could have bypassed
the IKEv2 authentication. (CVE-2014-2338)
Security Issue reference:
* CVE-2014-2338
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2338
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0663-1 -- Recommended update for yast2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2This update for YaST2 improves the check for a running chef-client to
avoid false positives.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1003-1 -- Recommended update for lxcSUSE Linux Enterprise Server 11lxcThis update for Linux Containers (lxc) includes the
following improvements and fixes:
* Pin container's root file system to prevent read-only
remount (bnc#808219)
* Ensure configuration with no lxc.network.ipv4 line
(but lxc.network.type line) is detected as DHCP config
(bnc#776169)
* Use relative paths for container mount points
(bnc#789387)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0576-1 -- Security update for PythonSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PythonPython was updated to fix a security issue in the
socket.recvfrom_into function, where data could be written
over the end of the buffer. (CVE-2014-1912)
Security Issue reference:
* CVE-2014-1912
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1912
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0374-1 -- Recommended update for ctagsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11ctagsThis update for ctags fixes an issue that could result in
the creation of corrupted TAGS files when running etags(1)
on large source repositories.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0760-1 -- Security update for glibcSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11glibcThis update for the GNU Lib C fixes security issues, some bugs and
introduces one new feature.
The following security issues have been fixed:
* CVE-2013-4357: Various potential stack overflows in getaddrinfo() and
others were fixed. (bnc#844309)
* CVE-2013-4458: A stack (frame) overflow in getaddrinfo() when called
with AF_INET6.
The following new feature has been implemented:
* On PowerLinux, a vDSO entry for getcpu() was added for possible
performance enhancements. (FATE#316816, bnc#854445)
The following issues have been fixed:
* Performance problems with threads in __lll_lock_wait_private and
__lll_unlock_wake_private. (bnc#836746)
* IPv6: Memory leak in getaddrinfo() when many RRs are returned.
(bnc#863499)
* Using profiling C library (-lc_p) can trigger a segmentation fault.
(bnc#872832)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1329-1 -- Security update for automakeSUSE Linux Enterprise Server 11automakeThis update of automake fixes a race condition in
"distcheck". (CVE-2012-3386)
Also a bug where world writeable tarballs were generated
during "make dist" has been fixed (CVE-2009-4029).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0289-1 -- Recommended update for halSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11halThis update for hal provides the following fixes and
enhancements:
* Do not install a signal handler on the forked hal
daemon before being able to properly handle it.
* Allow disabling storage device probing by setting
HALD_IGNORE_STORAGE to "yes" in /etc/sysconfig/hal.
* Do not kill the child when it takes too long to probe
devices, as it will only shutdown hald after the probe is
complete.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1789-1 -- Recommended update for timezoneSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11timezoneThis update provides the latest timezone information for
your system. The changes in detail are:
* Update to version 2013h (bnc#850462): o Lybia has
switched back to UTC+2 o Western Sahara uses Morocco's DST
rules o Acre switches from UTC-4 to UTC-5 on Nov. 10th
* Define TM_GMTOFF and TM_ZONE like glibc did
(bnc#807624)
* Correct path expansion for local time link
(bnc#845530).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0266-3 -- Security update for IBM Java 6SUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10IBM Java 6IBM Java 6 was updated to version SR15-FP1 which received
security and bug fixes.
More information at:
http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_Ja
nuary_14_2014_CPU
<http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_J
anuary_14_2014_CPU>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0076-1 -- Recommended update for ipmitoolSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11ipmitoolThis update for ipmitool provides the following fixes:
* Add an explicit requirement on insserv, fixing
installation problems on minimal environments. (bnc#852176)
* Implement the "status" operation in the ipmievd init
script. (bnc#854886)
* Fix pid file reference in ipmievd init script.
(bnc#854886)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1638-1 -- Security update for libtiffSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11libtiffThis tiff update fixes several security issues.
* bnc#834477: CVE-2013-4232 CVE-2013-4231: tiff: buffer
overflows/use after free problem
* bnc#834779: CVE-2013-4243: libtiff (gif2tiff):
heap-based buffer overflow in readgifimage()
* bnc#834788: CVE-2013-4244: libtiff (gif2tiff): OOB
Write in LZW decompressorSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0319-1 -- Security update for gnutlsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gnutlsThe GnuTLS library received a critical security fix and
other updates:
* CVE-2014-0092: The X.509 certificate verification had
incorrect error handling, which could lead to broken
certificates marked as being valid.
* CVE-2009-5138: A verification problem in handling V1
certificates could also lead to V1 certificates incorrectly
being handled.
Additionally a memory leak in PSK authentication has been
fixed (bnc#835760).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0701-2 -- Security update for java-1_6_0-ibmSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 10java-1_6_0-ibmIBM Java 6 was updated to SR13 FP1, fixing bugs and
security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0757-1 -- Recommended update for yast2-samba-clientSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-samba-clientThis update for yast2-samba-client provides the following fixes:
* Remove CTDB crm resource hierarchy assumption. (bnc#813462)
* Fix standalone Active Directory join from a HA cluster. (bnc#865445)
* Fix handling of CTDB primitives containing hyphens.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0667-1 -- Security update for Linux KernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux KernelThe SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix the
following severe security issues:
*
CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c
in the Linux kernel through 3.14.3 does not properly handle error
conditions during processing of an FDRAWCMD ioctl call, which allows local
users to trigger kfree operations and gain privileges by leveraging write
access to a /dev/fd device. (bnc#875798)
*
CVE-2014-1738: The raw_cmd_copyout function in
drivers/block/floppy.c in the Linux kernel through 3.14.3 does not
properly restrict access to certain pointers during processing of an
FDRAWCMD ioctl call, which allows local users to obtain sensitive
information from kernel heap memory by leveraging write access to a
/dev/fd device. (bnc#875798)
*
CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in
the Linux kernel through 3.14.3 does not properly manage tty driver access
in the "LECHO & !OPOST" case, which allows local users to cause a denial
of service (memory corruption and system crash) or gain privileges by
triggering a race condition involving read and write operations with long
strings. (bnc#875690)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1058-2 -- Security update for gpg2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gpg2This update for gpg2 provides the following fixes:
* #780943: Set proper file permissions when
en/de-crypting files.
* #798465: Fix an issue that could cause corruption of
the public keys database. (CVE-2012-6085)
* #808958: Select proper ciphers when running in FIPS
mode.
Security Issue reference:
* CVE-2012-6085
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6085
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0375-1 -- Recommended update for multipath-toolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11multipath-toolsThis collective update for multipath-tools provides the
following fixes and enhancements:
* Blacklist HP Virtual devices. (bnc#862250)
* Save 'root_mpath' variable in mkinitrd. (bnc#854243)
* Remove trailing spaces from sysfs attributes.
(bnc#839593)
* Allow whitespaces in CLI commands. (bnc#846575)
* Set priority to '0' for PATH_BLOCKED or PATH_DOWN.
(bnc#831608)
* Update multipathd man page. (bnc#834871)
* Do not issue a table reload on every check.
(bnc#854244)
* Use RTPG data in RDAC checker. (bnc#854244)
* Reset timezone information on reconfigure.
(bnc#830511)
* Double uevent stacksize yet again. (bnc#855379)
* Do not fail discovery on individual devices.
(bnc#860850)
* Filter for missing property in get_refwwid.
(bnc#862250)
* Do not flush multipath tables on shutdown.
(bnc#854025)
* Prefer deprecated 'getuid' callout. (bnc#861534)
* Skip paths with empty wwid. (bnc#861534)
* Correctly terminate string in strlcpy(). (bnc#861534)
* Include defaults for HP P6300. (bnc#845987)
* Update NetApp defaults. (bnc#846662)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0638-2 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11Mozilla FirefoxThis MozillaFirefox and mozilla-nss update fixes several security and
non-security issues.
MozillaFirefox has been updated to version 24.5.0esr which fixes the
following issues:
* MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards
* MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG
images
* MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object
as XBL
* MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web
Notification API
* MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history
navigations
* MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while
resizing images
* MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver
Mozilla NSS has been updated to version 3.16
* required for Firefox 29
* CVE-2014-1492_ In a wildcard certificate, the wildcard character
should not be embedded within the U-label of an internationalized
domain name. See the last bullet point in RFC 6125, Section 7.2.
* Update of root certificates.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1265-1 -- Security update for wiresharkSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11wiresharkThis wireshark version update to 1.8.8 includes several
security and general bug fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0238-1 -- Recommended update for fontconfigSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11fontconfigThis update for fontconfig fixes a segmentation fault when
handling empty strings in BDF font properties
(SETWIDTH_NAME or SPACING).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1831-1 -- Recommended update for blktraceSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11blktraceThis update for blktrace provides a fix for the following
issue:
If two instances of blktrace are executed on the same
device, one would fail to initialize and then tear down
the devices it was configured to use, even when they
weren't set up by that instance.
This could result in tearing down running traces, which
would end up leaving the debugfs files around without a
way to clean them up. Further instances of blktrace on
that device would fail.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0312-1 -- Recommended update for sudoSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11sudoThis update for sudo provides the following fixes:
* Escape "sudo -i" and "sudo -s" command arguments to
prevent command line corruption. (bnc#823796)
* Adjust the sudoers(5) manual page to reflect
SUSE-specific changes. (bnc#823292)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1327-1 -- Recommended update for mkinitrdSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mkinitrdThis update for mkinitrd provides the following fixes:
* Add a udev rule to fix HyperV VM migration from
Windows 2008/2012 to Windows 2012R2 hosts
* Fix network configuration when using iBFT
* Do not add duplicate static IPs
* Recognize default network interface if more than one
is present.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0330-1 -- Recommended update for libopensslSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libopensslThis update brings various enhancements for OpenSSL:
*
IPv6 support was added to the openssl s_client and
s_server command line tool. (bnc#859228)
*
The openssl command line tool now checks certificates
by default against /etc/ssl/certs (this can be changed via
the -CApath option). (bnc#860332)
*
The Elliptic Curve Diffie-Hellman key exchange
selector was enabled and can be selected by kECDHE, kECDH,
ECDH tags in the SSL cipher string. (bnc#859924)
*
If an optional "openssl1" command line tool is
installed in parallel, c_rehash uses it to generate
certificate hashes in both OpenSSL 0 and OpenSSL 1 style.
This allows parallel usage of OpenSSL 0.9.8j and OpenSSL
1.x client libraries with a shared certificate store.
(bnc#862181)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0557-1 -- Recommended update for nfs-clientSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10nfs-clientThis update for the NFS support utilities (nfs-client,
nfs-kernel-server) enhances gssd to work with more than
1024 connections, respecting the 'nofile' resource limit.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0638-1 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Mozilla FirefoxThis Mozilla Firefox and Mozilla NSS update to 24.5.0esr fixes the
following several security and non-security issues:
* MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards
* MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG
images
* MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object
as XBL
* MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web
Notification API
* MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history
navigations
* MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while
resizing images
* MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver
Mozilla NSS has been updated to 3.16:
* required for Firefox 29
* CVE-2014-1492: In a wildcard certificate, the wildcard character
should not be embedded within the U-label of an internationalized domain
name. See the last bullet point in RFC 6125, Section 7.2.
* Update of root certificates.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0472-1 -- Recommended update for logrotateSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11logrotateThis update for logrotate fixes calling of
prerotate/postrotate scripts in nosharedscripts mode.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0705-1 -- Security update for python-imagingSUSE Linux Enterprise Server 11python-imagingThis python-imaging update fixes the following two security issues:
* bnc#863541: Fixed insecure temporary file creation and handling
(CVE-2014-1932, CVE-2014-1933)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0733-1 -- Security update for IBM Java 7SUSE Linux Enterprise Server 11IBM Java 7IBM Java 7 was updated to version SR7, which received security and bug
fixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0525-1 -- Security update for freeradiusSUSE Linux Enterprise Server 11freeradiusThis update fixes a denial of service (crash) security
issue rlm_pap hash processing in FreeRadius, which could
have been caused by special passwords fed into the RLM-PAP
password checking method via LDAP by remote attackers.
Security Issue reference:
* CVE-2014-2015
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2015
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0670-1 -- Security update for fileSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11fileThe command line tool file(1) and its library libmagic have been updated
to fix the following issues:
* file(1) crashed when parsing some PE executables. (CVE-2014-2270,
bnc#866750)
* file(1) did not set return code on non-existing files. (bnc#863450)
Security Issue reference:
* CVE-2014-2270
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0703-1 -- Recommended update for snapperSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11snapperThis update for snapper provides fixes for the following issues:
* A potential segmentation fault when snapper interacts with DBus.
(bnc#860119)
* File mode (setuid bit) was not restored after "undochange".
(bnc#862964)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0497-1 -- Security update for SambaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SambaThe Samba fileserver suite was updated to fix bugs and
security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0724-1 -- Security update for libpngSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libpngThis libpng update fixes the following two overflow security issues.
* bnc#873123: Fixed integer overflow that could have lead to a
heap-based buffer overflow in png_set_sPLT() and png_set_text_2()
(CVE-2013-7354).
* bnc#873124: Fixed integer overflow that could have lead to a
heap-based buffer overflow in png_set_unknown_chunks()
(CVE-2013-7353).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0714-1 -- Recommended update for open-iscsiSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11open-iscsiThis collective update for open-iscsi provides the following fixes:
* Init script now handles LVM stacked use of partitions. (bnc#867934)
* Fix init script module load logic, removing bogus "FATAL ..."
message when starting service. (bnc#867657)
* Removed problematic check_for_node_onboot() in mkinitrd setup
script. (bnc#834256)
* Update mkinitrd open-iscsi setup script to handle both root and
non-root iSCSI volumes, including iBFT. (bnc#834256, bnc#630434)
* Correctly regenerate initrd after update. (bnc#831934)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0024-1 -- Security update for SambaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SambaThis update fixes the following security issues with Samba:
* bnc#844720: DCERPC frag_len not checked
(CVE-2013-4408)
* bnc#853347: winbind pam security problem
(CVE-2012-6150)
* bnc#848101: No access check verification on stream
files (CVE-2013-4475)
And fixes the following non-security issues:
* bnc#853021: libsmbclient0 package description
contains comments
* bnc#817880: rpcclient adddriver and setdrive do not
set all needed registry entries
* bnc#838472: Client trying to delete print job fails:
Samba returns: WERR_INVALID_PRINTER_NAME
* bnc#854520 and bnc#849226: various upstream fixesSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-OU-2013:1125-2 -- Optional update for suse-ami-toolsSUSE Linux Enterprise Server 11suse-ami-toolsThis update provides the necessary tools for running SUSE
Linux Enterprise Server on Amazon Elastic Cloud Computing
Services.
For more information, please visit
http://aws.amazon.com/suse/ <http://aws.amazon.com/suse/> .Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1775-1 -- Recommended update for sg3_utilsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11sg3_utilsThis update for sg3_utils provides the following fixes:
* Add -f option to rescan-scsi-bus.sh to flush failed
multipath devices
* Add --export option to sg_inq for 61-msft.rules
* Fixup T10 Vendor designator display
* In rescan-scsi-bus.sh, check if the HBA driver
exports issue_lip in sysfs before using it.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0596-1 -- Security update for popplerSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11popplerThis update of poppler fixes the following vulnerabilities:
* CVE-2013-1788: Various invalid memory issues could be
used by attackers supplying PDFs to crash the PDF viewer or
potentially execute code.
* CVE-2013-1789: A crash in poppler could be used by
attackers providing PDFs to crash the PDF viewer.
* CVE-2013-1790: An uninitialized memory read could be
used by attackers providing PDFs to crash the PDF viewer.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0260-1 -- Recommended update for release-notes-SLES-for-VMware and release-notes-slesSUSE Linux Enterprise Server 11release-notes-SLES-for-VMwarerelease-notes-slesThis update for the Release Notes contains the following:
* Updated entry: o ext4: Runtime Switch for Write
Support (bnc#860610 via fate#314864).
* New entries: o SHA-256 Hash algorithm in IBM Crypto
Accelerator (bnc#847004 via fate#316176); o LIO Based FC
Targets (fate#316922); o Samba: recursiveness for smbcacls
(bnc#847009 via fate#316474).
* Removed 3 dead links (bnc#863742).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0562-1 -- Recommended update for libapr1SUSE Linux Enterprise Server 11libapr1This update of libapr1 allows usage of POSIX semaphores,
which were previously not configured correctly.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1852-1 -- Security update for glibcSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11glibcThis update for glibc contains the following fixes:
* Fix integer overflows in malloc (CVE-2013-4332,
bnc#839870)
* Fix buffer overflow in glob (bnc#691365)
* Fix buffer overflow in strcoll (CVE-2012-4412,
bnc#779320)
* Update mount flags in <sys/mount.h> (bnc#791928)
* Fix buffer overrun in regexp matcher (CVE-2013-0242,
bnc#801246)
* Fix memory leaks in dlopen (bnc#811979)
* Fix stack overflow in getaddrinfo with many results
(CVE-2013-1914, bnc#813121)
* Don't raise UNDERFLOW in tan/tanf for small but
normal argument (bnc#819347)
* Properly cross page boundary in SSE4.2 implementation
of strcmp (bnc#822210)
* Fix robust mutex handling after fork (bnc#827811)
* Fix missing character in IBM-943 charset (bnc#828235)
* Fix use of alloca in gaih_inet (bnc#828637)
* Initialize pointer guard also in static executables
(CVE-2013-4788, bnc#830268)
* Fix readdir_r with long file names (CVE-2013-4237,
bnc#834594).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0446-1 -- Security update for XenSUSE Linux Enterprise Server 11XenThe SUSE Linux Enterprise Server 11 Service Pack 1 LTSS Xen
hypervisor and toolset have been updated to fix various
security issues and some bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0047-1 -- Recommended update for lsscsiSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11lsscsiThis update for lsscsi provides the following fixes and
enhancements:
* Merge FC layout fixes.
* Print additional SAS information.
* Print additional FC information. (bnc#844851)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1151-1 -- Security update for Linux kernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 Service Pack 2 kernel was
respun with the 3.0.80 update to fix a severe
compatibility problem with kernel module packages (KMPs)
like e.g. drbd.
An incompatible ABI change could lead to those modules not
correctly working or crashing on loading and is fixed by
this update.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0188-2 -- Security update for hplipSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11hpliphplip was updated to fix three security issues:
*
CVE-2013-0200: Some local file overwrite problems via
predictable /tmp filenames were fixed.
*
CVE-2013-4325: hplip used an insecure polkit DBUS API
(polkit-process subject race condition) which could lead to
local privilege escalation.
*
CVE-2013-6402: hplip uses arbitrary file
creation/overwrite (via hardcoded file name
/tmp/hp-pkservice.log).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0487-1 -- Security update for wiresharkSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11wiresharkWireshark was updated to version 1.8.13 to fix security and
stability issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:0768-1 -- Recommended update for mkinitrdSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mkinitrdThis collective update for mkinitrd provides the following
fixes and enhancements:
* Skip static interfaces when configuring DHCP
interfaces. (bnc#755642)
* Handle moving ibft interface between interfaces and
subnets. (bnc#755642)
* Fix boot from mdraid on top of multipath devices.
(bnc#784613)
* Do not tell the user to refresh the bootloader when
generating the kdump initrd. (bnc#801984)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:0835-1 -- Security update for IBM JavaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10IBM JavaIBM Java 1.6.0 has been updated to SR13-FP2 fixing bugs and
security issues.
[http://www.ibm.com/developerworks/java/jdk/alerts/)(http://
www.ibm.com/developerworks/java/jdk/alerts/)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1497-1 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Mozilla FirefoxThis update to Firefox 17.0.9esr (bnc#840485) addresses:
* MFSA 2013-91 User-defined properties on DOM proxies
get the wrong "this" object o (CVE-2013-1737)
* MFSA 2013-90 Memory corruption involving scrolling o
use-after-free in mozilla::layout::ScrollbarActivity
(CVE-2013-1735) o Memory corruption in
nsGfxScrollFrameInner::IsLTR() (CVE-2013-1736)
* MFSA 2013-89 Buffer overflow with multi-column,
lists, and floats o buffer overflow at
nsFloatManager::GetFlowArea() with multicol, list, floats
(CVE-2013-1732)
* MFSA 2013-88 compartment mismatch re-attaching
XBL-backed nodes o compartment mismatch in
nsXBLBinding::DoInitJSClass (CVE-2013-1730)
* MFSA 2013-83 Mozilla Updater does not lock MAR file
after signature verification o MAR signature bypass in
Updater could lead to downgrade (CVE-2013-1726)
* MFSA 2013-82 Calling scope for new Javascript objects
can lead to memory corruption o ABORT: bad scope for new
JSObjects: ReparentWrapper / document.open (CVE-2013-1725)
* MFSA 2013-79 Use-after-free in Animation Manager
during stylesheet cloning o Heap-use-after-free in
nsAnimationManager::BuildAnimations (CVE-2013-1722)
* MFSA 2013-76 Miscellaneous memory safety hazards
(rv:24.0 / rv:17.0.9) o Memory safety bugs fixed in Firefox
17.0.9 and Firefox 24.0 (CVE-2013-1718)
* MFSA 2013-65 Buffer underflow when generating CRMF
requests o ASAN heap-buffer-overflow (read 1) in
cryptojs_interpret_key_gen_type (CVE-2013-1705)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0062-1 -- Security update for PHP5SUSE Linux Enterprise Server 11PHP5This update fixes the following issues:
* memory corruption in openssl_parse_x509
(CVE-2013-6420)
* man-in-the-middle attacks by specially crafting
certificates (CVE-2013-4248)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0488-1 -- Recommended update for multipath-toolsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11multipath-toolsThis update for multipath-tools fixes a potential
segmentation fault when reading multipath's configuration
file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0113-1 -- Recommended update for release-notes-sles and release-notes-SLES-for-VMwareSUSE Linux Enterprise Server 11release-notes-slesrelease-notes-SLES-for-VMwareThis update provides three additions to the Release Notes
for SUSE Linux Enterprise Server 11 SP2:
* Enabling NFS 4.1 for nfsd (bnc#832264)
* Systems with HP Smart Array Controller fail to boot
after the update (bnc#847621 via fate#313833)
* Providing TLS 1.2 support for Apache2 via mod_nss
(bnc#847006 via fate#316419).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1310-1 -- Security update for bindSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11bindA specially crafted query with malicious rdata could have
caused a crash (DoS) in named.
Security Issue reference:
* CVE-2013-4854
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4854
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0588-1 -- Recommended update for trousersSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11trousersTrousers would terminate with a segmentation fault when
trying to wrap a key longer than 2048 bits.
As this is not possible due to TPM size limitation, the key
length is now restricted to 2048 bits or less.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1058-1 -- Security update for gpg2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11gpg2This update for gpg2 provides the following fixes:
* Set proper file permissions when en/de-crypting files
(bnc#780943)
* Fix an issue that could cause corruption of the
public keys database. (CVE-2012-6085, #798465)
* Select proper ciphers when running in FIPS mode
(bnc#808958)
Security Issue reference
* CVE-2012-6085
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6085
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0299-1 -- Recommended update for mkinitrdSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mkinitrdThis update for mkinitrd provides the following fixes:
* Fix waiting for multipath when using md on top of
multipath. (bnc#848293)
* Add support for two network interfaces in the iBFT.
(bnc#830968)
* Really include mmc_block driver. (bnc#480808)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0220-1 -- Recommended update for openCryptokiSUSE Linux Enterprise Server 11openCryptokiThis update provides openCryptoki 2.4.3.1 which brings
fixes and enhancements:
* The IBM Cryptographic Architecture (ICA) token now
supports RSA with SHA-2 hashes with the new mechanisms
CKM_SHA256_RSA_PKCS, CKM_SHA384_RSA_PKCS, and
CKM_SHA512_RSA_PKCS. (FATE#316176, bnc#847645)
* Allow import of RSA public and private keys into CCA
token.
* Allow imported RSA private keys in CCA to also
decrypt.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1925-1 -- Recommended update for python-configshellSUSE Linux Enterprise Server 11python-configshellThis update for python-configshell removes the runtime
dependency on epydoc.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1949-1 -- Recommended update for WALinuxAgentSUSE Linux Enterprise Server 11WALinuxAgentWALinuxAgent has been updated to version 2.0.1, which
brings many fixes and enhancements:
* Add support for CustomData
* Add exception handling for external consumer scripts
* Save/Restore SELinux state during provision
* Support for wire protocol
* Fixed DVD detection for non-en locales
* Fixed unhandled socket exception
(Util.HttpPost/Util._HttpGet).
* Fixed missing newline in the init script (bnc#827744)
For a comprehensive list of fixes, refer to the package's
change log.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0414-1 -- Security update for clamavSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11clamavThe antivirus scanner ClamAV has been updated to version
0.98.1, which includes the following fixes:
* Code quality fixes in libclamav, clamd, sigtool,
clamav-milter, clamconf, and clamdtop.
* Code quality fixes in libclamav, libclamunrar and
freshclam.
* bb #8385: a PDF ASCII85Decode zero-length fix.
* bb #7436: elf64 header early exit.
* libclamav: SCAN_ALL mode fixes.
* iso9660: iso_scan_file rewrite.
Version 0.98.1 also implements support for new file types,
and quality improvements, including Extraction,
decompression, and scanning of files within the Extensible
Archive (XAR)/Apple Disk Image (DMG) format, support for
decompression and scanning of files in the "Xz" compression
format.
Additionally, improvements and fixes were done to
extraction and scanning of OLE formats. An option to force
all scanned data to disk was added. Various improvements
to ClamAV configuration, support of third party libraries,
and unit tests were done.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0002-1 -- Security update for curlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11curlThis update fixes the following security issues with curl:
* bnc#849596: ssl cert checks with unclear behaviour
(CVE-2013-4545)
* bnc#810760: wrap tftp sequence number, fixes large
files transfer
Security Issue reference:
* CVE-2013-4545
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4545
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0775-1 -- Security update for Linux KernelSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux KernelThe SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix a
critical privilege escalation security issue:
* CVE-2014-3153: The futex acquisition code in kernel/futex.c can be
used to gain ring0 access via the futex syscall. This could be used
for privilege escalation by non-root users. (bnc#880892)
Security Issue reference:
* CVE-2014-3153
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1574-1 -- Recommended update for iproute2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11iproute2This update for iproute2 provides fixes for the following
issues:
* VF spoofchk flag support missing in iproute2 although
supported by driver. (bnc#838349)
* VF information not shown by "ip link". (bnc#750550,
bnc#836972)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1153-1 -- Security update for Mozilla FirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 10Mozilla FirefoxMozilla Firefox has been updated to the 17.0.7 ESR version,
which fixes bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE Linux Enterprise Desktop 10 is installedSUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Desktop 10 is installed.Thomas R. JonesDRAFTJonathan BakerINTERIMACCEPTEDNicholas HansenINTERIMACCEPTEDChandan SINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0318-1 -- Security update for libvirtSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11libvirtThis update fixes the following one non-security and two
security issues with libvirt:
* bnc#817407: Fixing device assignment problem with
Broadcom 57810 NIC to Guest OS.
* bnc#857492: qemu job usage issue in several API
leading to libvirtd crash (CVE-2013-6458)
* bnc#858817: denial of service with keepalive
(CVE-2014-1447)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0211-1 -- Recommended update for WALinuxAgentSUSE Linux Enterprise Server 11WALinuxAgentWALinuxAgent was updated to version 2.0.2, which brings
many fixes and enhancements:
* Remove obsolete patch waAgent_sysvfixes.diff
(integrated upstream)
* Fix UpdateAndPublishHostName() to use correct
interface name
* Specialize file mode of /etc/shadow when clearing the
root password
* Fix publishHostname() to use self.hostname_file_path
* Remove reference to VM shutdown on "stopped" state
* Revert to logging non-verbose by default
* Revert to no swap setup by default.
For a comprehensive list of fixes, refer to the package's
change log.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0005-1 -- Recommended update for ethtoolSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11ethtoolThis update for ethtool includes the following fixes and
enhancements:
* Recognize 20Gbps and 40Gbps link speed modes.
(bnc#838396)
* Fix dumping of registers on certain ixgbe network
cards. (bnc#848811)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0305-1 -- Recommended update for yast2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2This collective update for YaST2 provides the following
fixes:
* Fix /sbin/yast2 to start correctly in non UTF-8
environment. (bnc#827031)
* Fix misinterpretation of IPv6 prefixes when
converting to netmask. (bnc#837517)
* Warn the user if Chef could overwrite changes.
(bnc#803358)
* Check for Chef outside in the yast2 shell script to
catch modules not using CommandLine. (bnc#803358)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0689-1 -- Security update for RubySUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11RubyThis Ruby update fixes the following security issue:
* bnc#808137: Fixed entity expansion DoS vulnerability in REXML
(CVE-2013-1821).
Security Issue reference:
* CVE-2013-1821
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1821>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0401-1 -- Recommended update for starSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11starThis update fixes detection of gzip failures in star(1).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1774-1 -- Security update for XenSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11XenXEN has been updated to version 4.2.3 c/s 26170, fixing
various bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1313-1 -- Recommended update for GNOME Power ManagerSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11GNOME Power ManagerThis update for GNOME Power Manager provides the following
fixes:
* Implements synchronization with GNOME Screen Saver's
unlock dialog so that it can be serialized to pm-utils
hooks.
* The battery charge percentage printed in the "Device
Information" dialog and in the panel icon's tool tip is not
up to date.
* Turn off the monitor backlight on the lid-close event
to avoid a screen flicker in some machines.
* Fix the idle status in after waking up from S3/S4
when the screen lock is disabled explicitly.
* Fix the missing back light control for NVidia
graphics drivers.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1575-1 -- Recommended update for mcelogSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11mcelogThis update for mcelog provides the following fixes and
enhancements:
* Support AMD family 15 CPUs and only bail out on AMD
processors of families above 15. (bnc#807336)
* Fix mcelog in virtual environments that virtualize
CPUs of type SandyBridge or newer, but do not support MSR
calls for extended (IMC) error messages. (bnc#827616)
* Add latest Haswell CPU models. (bnc#824707)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1261-1 -- Recommended update for NetworkManager-openvpnSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11NetworkManager-openvpnThe following issue has been fixed:
* #831378: NetworkManager applet missing SHA512 in VPN
HMAC authtification GUISergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1387-1 -- Recommended update for PulseAudioSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11PulseAudioThis update for PulseAudio provides the following fixes:
* Silence noise when moving streams among sinks/sources
* Fix wrong extension check in parecord
* Fix poll event and mmap checks in ALSA backend
* Make bluetooth A2DP audio more robust under poor
radio conditions
* Fix corrupted sound on channel panning.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1405-1 -- Recommended update for ibutilsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10ibutilsThis update for InfiniBand Diagnostic Tools (ibutils) fixes
a syntax error that affected the ibdiagnet, ibdiagpath and
ibdiagui utilities.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE Linux Enterprise Server 10 is installedSUSE Linux Enterprise Server 10SUSE Linux Enterprise Server 10 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDNicholas HansenINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10:serverSUSE-SU-2014:0691-1 -- Security update for curlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11curlThis curl update fixes the following security issues:
* bnc#868627: wrong re-use of connections (CVE-2014-0138).
* bnc#868629: IP address wildcard certificate validation
(CVE-2014-0139).
* bnc#870444: --insecure option inappropriately enforcing security
safeguard.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0622-1 -- Recommended update for suse-build-keySUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11suse-build-keyThe SUSE GPG signing keys that are used for repository
integrity checking have been extended to March 17th, 2018.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0331-3 -- Security update for openssl-certsSUSE Linux Enterprise Server 11openssl-certsThe openssl-certs package was updated to match the
certificates contained in the Mozilla NSS 3.15.4 release.
The following changes were done to the list of root CAs:
* Added: ACCVRAIZ1.pem (Spain) (all trusts)
* Added: SG_TRUST_SERVICES_RACINE.pem (Singapore)
(email signing only)
* Added: TWCA_Global_Root_CA.pem (Taiwanese) (all
trusts)
* Removed: Wells_Fargo_Root_CA.pem.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0302-1 -- Recommended update for btrfsprogsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11btrfsprogsThis update for btrfsprogs fixes udev's detection rule in
systems with LVM. This issue could prevent some file
systems from being mounted at boot time.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0172-1 -- Recommended update for apache2SUSE Linux Enterprise Server 11apache2This update for apache2 provides the following fixes:
*
Make sure that the tty from which Apache starts has
echo mode set to on; otherwise, subsequently checking if
echo mode was off results in the false detection that
Apache is still waiting for a certificate pass-phrase to be
entered, leading to a failure with Xen virtual guests that
may have the terminal set to -echo. (bnc#852401)
*
Partially revert the fix for bnc#815621 (PR50481);
this upstream change has unwanted side effects with large
request headers, where the LimitRequestFieldsize option is
ignored. (bnc#844212)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0418-1 -- Security update for MozillaFirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MozillaFirefoxMozilla Firefox was updated to 24.4.0ESR release, fixing
various security issues and bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0229-1 -- kernel update for SLE11 SP2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11SLE11 SP2The SUSE Linux Enterprise 11 Service Pack 2 kernel was
updated to fix a regression introduced by the last update.
Regression fix:
- scsi_dh_alua: Incorrect reference counting in the SCSI
ALUA initialization code lead to system crashes on boot
(bnc#858831).
As the update introducing the regression was marked
security, this is also marked security even though this bug
is not security relevant.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2013:1406-1 -- Security update for apache2-mod_security2SUSE Linux Enterprise Server 11apache2-mod_security2This update of mod_security2 fixed a NULL pointer
dereference crash (CVE-2013-2765) and a memory issue
(double free()) (bnc#822664).
Security Issue reference:
* CVE-2013-2765
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2765
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1553-1 -- Recommended update for binutilsSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11binutilsThis update for binutils provides the following:
* Add .gnu.warning.* sections also to shared libraries.
(bnc#830516)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0726-1 -- Recommended update for wgetSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11wgetThis update for wget implements checking of Subject Alternative Names in
SSL x509 certificates.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2013:1425-1 -- Recommended update for hyper-vSUSE Linux Enterprise Server 11hyper-vThis update for Hyper-V fixes the following issues:
* Fix a bug in version negotiation code for util
(bnc#828714)
* Cache FQDN in kvp_daemon to avoid timeouts
(bnc#828714)
* Fix send/recv buffer allocation (bnc#828714)
* Set BOOTPROTO=static if any IPADDR/IP6ADDR was passed
to hv_set_ifconfig and dhcp is disabled
* Merge fixes from upstream hv_kvp_daemon (up to
3.11-rc1)
* Fix a bug in IPV6 subnet enumeration (bnc#828714)
* Skip restart_on_update with old hyper-v.rpms while
old kernel is running (bnc#770763)Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0723-1 -- Security update for SambaSUSE Linux Enterprise Server 11SambaThis is a LTSS roll-up update for the Samba Server suite fixing multiple
security issues and bugs.
Security issues fixed:
* CVE-2013-4496: Password lockout was not enforced for SAMR password
changes, leading to brute force possibility.
* CVE-2013-4408: DCE-RPC fragment length field is incorrectly checked.
* CVE-2013-4124: Samba was affected by a denial of service attack on
authenticated or guest connections.
* CVE-2013-0214: The SWAT webadministration was affected by a cross
site scripting attack (XSS).
* CVE-2013-0213: The SWAT webadministration could possibly be used in
clickjacking attacks.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0046-1 -- Recommended update for grub2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11grub2This update for Grub2 provides the following fixes and
enhancements:
* UEFI/PXE fails with error "couldn't send network
packet". (bnc#841466)
* Disable kernel module loading in grub.efi if secure
boot is enabled. (bnc#852070)
* Misaligned stack could crash grub2 randomly.
(bnc#852055, bnc#841426)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0248-1 -- Security update for MozillaFirefoxSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11MozillaFirefoxThis updates the Mozilla Firefox browser to the 24.3.0ESR
security release. The Mozilla NSS libraries are now on
version 3.15.4.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0082-1 -- Recommended update for dnsmasqSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11dnsmasqThis update for dnsmasq provides new utilities
dhcp_lease_time and dhcp_release.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0761-1 -- Security update for OpenSSLSUSE Linux Enterprise Server 11OpenSSLOpenSSL was updated to fix several vulnerabilities:
* SSL/TLS MITM vulnerability. (CVE-2014-0224)
* DTLS recursion flaw. (CVE-2014-0221)
* Anonymous ECDH denial of service. (CVE-2014-3470)
* Using the FLUSH+RELOAD Cache Side-channel Attack the nonces could
have been recovered. (CVE-2014-0076)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0287-1 -- Security update for Linux kernelSUSE Linux Enterprise Server 11Linux kernelThis is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up
update to fix a lot of security issues and non-security
bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0106-1 -- Recommended update for crashSUSE Linux Enterprise Server 11crashThis collective update for crash provides the following
fixes:
* Fix a bug that could cause removal of the booted
kernel's vmlinux image. (bnc#828260)
* Display tasks on a priority array of a CPU's RT
runqueue. (bnc#826507)
* Display the RT runqueue when using CFS scheduler.
(bnc#826507)
* Fix rt not support group sched bug. (bnc#826507)
* Fix segmentation fault when trying to analyze vmcore
of hypervisor panic. (bnc#835850)
* Add many improvements and fixes for handling Xen
vmcores. (bnc#835850)
* Avoid negative RSS values when RSS counting is split.
(bnc#819052)
* Add fix for "crash when invoked without arguments
fails to analyze the live system". (bnc#777516)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0359-1 -- Security update for ImageMagickSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11ImageMagickThe image converter program and library set of ImageMagick
received an update that fixes a buffer overflow when
handling PSD images.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0206-1 -- Recommended update for createrepo, yum-commonSUSE Linux Enterprise Server 11createrepoyum-commonThis update provides packages createrepo and yum-common
rebuilt with higher release numbers to fix online
migration issues on SUSE Cloud. There are no code changes
in this update.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:0471-1 -- Security update for muttSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11muttThe mailreader mutt was updated to fix a security issue in
displaying mail headers, where a crafted e-mail could
cause a heap overflow, which in turn might be used by
attackers to crash mutt or potentially even execute code.
Security Issues references:
* CVE-2014-0467
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0467
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0699-1 -- Recommended update for hwinfoSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11hwinfoThis collective update for hwinfo provides fixes for the following issues:
* Incorrect dbus usage that could have resulted in a segmentation
fault. (bnc #870660)
* Incorrect memory size reported on Xen guests. (bnc #867915)
* Incomplete information about Intel 82599 network adapters. (bnc
#813172)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-RU-2014:0690-1 -- Recommended update for crashSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11crashThis collective update for the Kdump stack provides the following fixes
and enhancements:
crash:
* Fix display of the CPU number in back traces on systems with more
than 255 cores. (bnc#847353)
* Add support for kernel dumps from systems with 46-bit addressing
enabled. (bnc#841145, FATE#316838)
* Fix NMI backtrace for kernels patched to handle nested NMIs.
(bnc#874179)
kdump:
* Unmount all filesystems prior to reboot. (bnc#849621)
* Provide per-filesystem mount points in kdump environment.
(bnc#839999)
* Add disable_cpu_apicid for BSP to the crash kernel commandline.
(bnc#861981)
* Add NOSPLIT flag to disable makedumpfile split mode. (bnc#854600)
* Add '-X' to makedumpfile when dumping a Xen host. (bnc#864910)
makedumpfile:
* Add support for kernel dumps on systems with 46-bit addressing
enabled. (bnc#841145, FATE#316838)
* Allow --dump-dmesg for Xen vmcores. (bnc#864910, bnc#829646)
* Fix creation of kernel dumps on Xen systems. (bnc#864910, bnc#829646)
* Calculate cyclic buffer size according to info->num_dumpfile.
(bnc#854600)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE Linux Enterprise Desktop 11.x is installedSUSE Linux Enterprise Desktop 11SUSE Linux Enterprise Desktop 11.x is installed.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDSUSE Linux Enterprise Server 11.x is installedSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 11.x is installed.Maria KedovskayaDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDlibicu-32biticulibicu-doclibicugnu-efishimwpa_supplicantwpa_supplicant-guievolution-data-server-32bitevolution-data-server-langevolution-data-serverlibFLAC8-32bitlibFLAC++6libFLAC8nagios-plugins-extrasnagios-pluginsperl-Test-Simpleperl-Module-Buildlibwsman1openwsman-serveropenwsman-clientlibopenssl-develgcc-gij-32bitgcc-localelibstdc++-devel-32bitgcc-c++libstdc++-develgcc-32bitcppgccgcc-infogcc-c++-32bitgcc-gijpsmisclibevent-1_4-2yast2-instserverpesign-obs-integrationatyast2-countryyast2-country-datalibgphoto2-langlibgphoto2-32bitlibgphoto2grub2-x86_64-xenapache2-mod_jknss_ldap-32bitrsyslog-module-gssapirsyslog-module-gtlsrsyslog-module-relprsyslog-module-snmprsyslog-docrsyslog-module-mysqlrsyslogrsyslog-module-udpspoofrsyslog-diag-toolsrsyslog-module-pgsqlgpgmelibgpgme11grub2-x86_64-xennet-snmpbash-docavahi-monolibavahi-common3-32bitlibavahi-glib1libavahi-client3libdns_sdlibavahi-ui0avahi-utilsavahilibavahi-glib1-32bitlibavahi-core5libdns_sd-32bitlibavahi-gobject0avahi-langlibavahi-common3libavahi-client3-32bitprocmailopenssl-ibmcanss_ldap-32bitnss_ldapaaa_base-11libtcnative-1-0zipreadline-develreadline-devel-32bitlibreadline5-32bitreadline-docreadline-32bitlibreadline5bashreadlinebash-docyast2-corepesign-obs-integrationrng-toolslibpulse-mainloop-glib0-32bitperl-Sys-Virtppplibpulse-mainloop-glib0-32bitrpm-pythonlibtcnative-1-0openssl-devel-32bitopenssl-32bitopenssl-develdbus-1dbus-1-32bitdbus-1-x11lvm2cpupoweropenssl-ibmcaperlperl-docperl-32bitperl-basedhcpxinetdkernel-bigsmp-basekernel-bigsmp-develoracleasm-kmp-bigsmpofed-kmp-bigsmpkernel-bigsmpiscsitarget-kmp-bigsmpgnome-packagekitgnome-packagekit-langmdadmyast2-country-datayast2-countrylibqt4-sql-postgresql-32bitlibqt4-sqlqt4-x11-toolslibqt4-sql-mysqllibqt4-x11libqt4-sql-unixODBC-32bitlibQtWebKit4-32bitlibqt4-sql-unixODBClibqt4-qt3support-32bitlibqt4-sql-sqlitelibqt4libqt4-sql-mysql-32bitlibqt4-qt3supportlibQtWebKit4libqt4-32bitlibqt4-x11-32bitlibqt4-sql-sqlite-32bitlibqt4-sql-32bitlibqt4-sql-postgresqlvirt-utilsntpntp-docxalan-j2biosdevnamesquidspacewalk-client-setupspacewalk-client-toolsspacewalk-checksuseRegisterInforhnlibfreeradius-server-dialupadminfreeradius-server-utilsfreeradius-serverfreeradius-server-docfreeradius-server-libsnmapdhcplibtasn1-3-32bitlibtasn1-3libtasn1metacitymetacity-langrelease-notes-slessystemtap-serversystemtapopenssh-askpass-gnomenfs-clientnfs-kernel-servernfs-docmicrocode_ctltimezone-javatimezonepostgresql-serverpostgresql-contribpostgresqlpostgresql-docsnfs-clientModemManagerlibgphoto2libgphoto2-langlibgphoto2-32bitaaa_baselibv4lconvert0-32bitlibv4l1-0-32bitlibv4l1-0libv4l2-0-32bitgstreamer-0_10-plugins-v4llibv4llibv4l2-0libv4lconvert0audit-libs-pythonaudit-audispd-pluginspython-ethtoolsquid3sendmailkdirstatlibgio-2_0-0libgthread-2_0-0-32bitlibgio-famlibgthread-2_0-0libgmodule-2_0-0-32bitlibgio-2_0-0-32bitglib2-langlibglib-2_0-0-32bitlibgobject-2_0-0libgobject-2_0-0-32bitlibgmodule-2_0-0libglib-2_0-0libkde4-32bitkdelibs4-doclibkde4libkdecore4libkdecore4-32bitkdelibs4kdelibs4-coresysconfigjakarta-commons-httpclient3cxgb3-firmwareofed-kmp-paeofed-kmp-defaultofed-kmp-traceofed-docofedcertification-sles-eal4supportutilslibfreebl3-32bitmozilla-nspr-32bitMozillaFirefoxMozillaFirefox-translationslibfreebl3mozilla-nss-toolsmozilla-nss-32bitsapconflibcurl4libcurl4-32bitjava-1_6_0-ibm-pluginjava-1_6_0-ibm-jdbcjava-1_6_0-ibm-fontsjava-1_6_0-ibmjava-1_6_0-ibm-alsalibtiff-32bitlibtiff3-32bittifflibtiff-devel-32bitlibtiff3NetworkManagerNetworkManager-glibnagiosnagios-wwwkdumpmultipath-toolsibutils-devel-32bitibutils-32bitstunneljava-1_4_2-ibm-develjava-1_4_2-ibm-jdbcjava-1_4_2-ibmjava-1_4_2-ibm-pluginyast2-dns-serverlzoliblzo2-2liblzo2-2-32bitlzo-devel-32bitlzo-devellzo-32bitMesa-32bitMesatardeltarpmlibcurl4-32bitcompat-curl2-32bitlibcurl4compat-curl2libzypplibMagickWand1libMagick++1libMagickCore1libMagickCore1-32bitWALinuxAgentxorg-x11-libs-32bitNetworkManager-pptpNetworkManager-pptp-gnomepidentddhcp-serverdhcp-relaydhcp-clientdhcpquagga-develnautilusnautilus-32bitnautilus-langxrdpyast2bindmysql-toolslibmysqlclient_r15mysql-clientlibmysqlclient_r15-32bitlibmysqlclient15-32bitlibmysqlclient15mysql-Maxpuppet-serverpuppetlibvirt-client-32bitlibvirt-docjava-1_4_2-ibm-jdbcjava-1_4_2-ibm-develjava-1_4_2-ibmjava-1_4_2-ibm-pluginrelease-notes-slesyum-commonrelease-notes-sleskernel-trace-extrakernel-default-basekernel-ec2kernel-ec2-develkernel-symskernel-trace-develkernel-xen-extrakernel-pae-develkernel-pae-extrakernel-ec2-basekernel-trace-basekernel-xen-basexen-kmp-tracekernel-default-extrakernel-tracekernel-defaultkernel-default-develkernel-pae-basexen-kmp-defaultkernel-paezypperlibzyppzypper-logatftptftppostgresql91-contribpostgresql91libpq5-32bitlibpq5libecpg6postgresql91-docspostgresql91-serverlibxml2-devellibxml2-devel-32bitrsh-serverrshtimezone-javatimezonenagios-plugins-nrpenagios-nrpe-docnagios-nrpepam_apparmortomcat_apparmorperl-apparmorlibapparmor1-32bitlibapparmor1pam_apparmor-32bitjava-1_6_0-ibm-alsa-32bitjava-1_6_0-ibm-plugin-32bitjava-1_6_0-ibm-devel-32bitjava-1_6_0-ibm-develjava-1_6_0-ibm-32bitirqbalanceopenCryptokiopenCryptoki-32bitopenCryptoki-64bitpuppet-serverpuppetxorg-x11-libXvxorg-x11-libXv-32bitxorg-x11-libXv-develgdm-langgdm-branding-upstreamgdmjava-1_7_0-ibm-alsajava-1_7_0-ibm-pluginjava-1_7_0-ibmjava-1_7_0-ibm-jdbclibgnutls26libgnutls26-32bitlibgnutls-extra26satsolver-toolszypper-logzypp-plugin-spacewalkzypperlibzyppperl-satsolverpython-satsolverxorg-x11-server-extraxorg-x11-Xvncstrongswanstrongswan-docxen-doc-pdfxen-toolsxen-kmp-paexen-tools-domUxen-kmp-defaultxen-doc-htmlxen-libs-32bitWALinuxAgentcoreutils-langcoreutilslibudev0libudev0-32bitlibgudev-1_0-0libgudev-1_0-0-32bitjava-1_4_2-ibm-develjava-1_4_2-ibm-pluginjava-1_4_2-ibmjava-1_4_2-ibm-jdbcyast2-networkphp53-xslphp53-sysvmsgphp53-sysvshmphp53-gmpphp53-ctypephp53-zipphp53-xmlwriterphp53-calendarphp53-iconvphp53-bz2php53-domphp53-mcryptphp53-curlphp53-opensslphp53-wddxphp53-shmopphp53-sysvsemphp53-zlibphp53-gettextphp53-tokenizerphp53-fastcgiphp53-suhosinphp53-pcntlphp53-ftpphp53-xmlreaderapache2-mod_php53php53-exifphp53-fileinfophp53-pearphp53-jsonxorg-x11-libXvxorg-x11-libXv-32bitorca-langorcalibvirt-client-32bitlibvirt-doclibfuse2fuseyast2-ldap-servergvfs-backendsgvfs-langgvfslibgvfscommon0gvfs-fusegstreamer-0_10-plugins-good-docgstreamer-0_10-plugins-good-langgstreamer-0_10-plugins-v4lgstreamer-0_10-plugins-goodlibgudev-1_0-0-32bitlibgudev-1_0-0libudev0-32bitlibudev0timezonetimezone-javaxorg-x11-libs-32bitlibxslt-devel-32bitlibxslt-32bitkdmkdebase4-workspacekde4-kgreeter-pluginskdebase4-workspace-ksysguarddkdebase4-wallpaperskwinkrb5-develkrb5-devel-32bitkrb5-apps-serverskrb5-clientkrb5-32bitkrb5-apps-clientslibvirt-client-32bitlibvirt-docapache2-utilsapache2-develtomcat6-webappstomcat6-servlet-2_5-apitomcat6-admin-webappstomcat6-javadoctomcat6-jsp-2_1-apitomcat6-docs-webapptomcat6-libtomcat6libxml2-32bitlibxml2-docxorg-x11-libXt-32bitxorg-x11-libXtcronjava-1_7_0-ibm-pluginjava-1_7_0-ibm-alsajava-1_7_0-ibmjava-1_7_0-ibm-jdbcyast2-kdumpgnome-system-monitor-langlibgtop-2_0-7libgtop-docgnome-system-monitorlibgtoplibgtop-langrpmpoptrpm-32bitpopt-32bitpython-dmidecodejava-1_7_0-ibm-pluginjava-1_7_0-ibm-alsajava-1_7_0-ibmjava-1_7_0-ibm-jdbcpcsc-cyberjackgnome-session-langctapi-cyberjack-32bitctapi-cyberjackpcsc-cyberjackxorg-x11-libxcb-devellibnetcontrol0-32bitlibnetcontrol0quaggajava-1_4_2-ibm-jdbcjava-1_4_2-ibmjava-1_4_2-ibm-develjava-1_4_2-ibm-pluginphp5-zlibphp5-bz2php5-ctypephp5-curlphp5-mcryptphp5-gettextphp5-pcntlphp5php5-dbasephp5-ftpphp5-opensslphp5-domphp5-sysvshmphp5-bcmathphp5-mbstringphp5-shmopphp5-snmpphp5-xmlreaderphp5-xmlrpcphp5-sysvmsgphp5-ldapphp5-tokenizerphp5-soapphp5-odbcphp5-jsonphp5-pspellphp5-xslphp5-exifphp5-sysvsemphp5-wddxphp5-iconvphp5-pdophp5-xmlwriterphp5-dbaphp5-fastcgiphp5-hashphp5-pearphp5-calendarphp5-mysqlphp5-suhosinphp5-gdphp5-gmpphp5-zipphp5-pgsqlxorg-x11-libXrenderxorg-x11-libXrender-32bittimezonetimezone-javayelpyelp-langlibmysqlclient15-32bitlibmysql55client_r18libmysql55client18-32bitmysql-toolslibmysqlclient_r15-32bitlibmysql55client_r18-32bitlibmysqlclient_r15libmysqlclient15mysql-clientlibmysql55client18pam_krb5pam_krb5-32bitsquidsuse-ami-toolsperl-Bootloaderopenssl-certsxorg-x11-libXp-32bitxorg-x11-libXp-develxorg-x11-libXpyast2-tftp-serveryast2-backupsupportutilslibpcap0libpcap0-32bitjava-1_7_0-ibm-alsajava-1_7_0-ibm-pluginjava-1_7_0-ibm-jdbcjava-1_7_0-ibmkinfocenterkfindkwritekeditbookmarksdolphinkdialoglibkonq5kdepasswdkdebase4-libkonqkdebase4-nspluginkonsolekdebase4konquerorruby-tkruby-doc-htmllibgudev-1_0-0libudev0-32bitlibudev0libgudev-1_0-0-32bitwireshark-develphp53-shmopphp53-tokenizerphp53-bz2php53-sysvshmphp53-sysvsemphp53-domphp53-calendarphp53-fileinfophp53-mcryptphp53-xmlwriterphp53-pearphp53-xslphp53-exifphp53-pcntlphp53-gettextphp53-fastcgiphp53-ctypephp53-jsonphp53-wddxphp53-suhosinphp53-zlibphp53-zipapache2-mod_php53php53-sysvmsgphp53-iconvphp53-curlphp53-opensslphp53-ftpphp53-xmlreaderphp53-gmplibtspi1libtspi1-32bittrousersxorg-x11-libXt-develxorg-x11-libXt-32bitxorg-x11-libXtyast2-networkkrb5-apps-serverskrb5-32bitkrb5-plugin-kdb-ldapkrb5-plugin-preauth-pkinitkrb5-apps-clientskrb5-clientyast2-wagonvm-installxorg-x11-libxcbxorg-x11-libxcb-32bityast2-storageyast2-storage-libopenvpnopenvpn-auth-pam-pluginkdm-branding-SLEDkio_sysinfokdebase4-runtime-branding-SLEDkdebase4-SLED-langkdelibs4-branding-SLEDkio_sysinfo-branding-SLEDkdebase4-workspace-branding-SLEDkdebase4-SLEDyast2-mailyast2-mail-pluginsfastjarpure-ftpdopenssh-askpassopensshpostfixpostfix-mysqlpostfix-docxorg-x11-libXext-develxorg-x11-libXextxorg-x11-libXext-32bitkrb5-plugin-preauth-pkinitkrb5-apps-serverskrb5krb5-32bitkrb5-plugin-kdb-ldapkrb5-dockrb5-clientkrb5-apps-clientskrb5-servereliloyast2-ldap-clientlibdrmlibdrm-32bitMesa-32bitxorg-x11-driver-videoMesalibtalloc1libsmbclient0-32bitlibsmbclient0libtalloc2-32bitlibwbclient0-32bitsamba-krb-printinglibtalloc1-32bitlibtdb1libwbclient0libtdb1-32bitlibtevent0samba-32bitldapsmblibtalloc2samba-client-32bitsambalibldb1-32bitlibtevent0-32bitlibldb1samba-winbind-32bitxen-kmp-tracepostfix-docpostfixpostfix-mysqlyast2-soundxen-kmp-paexen-libs-32bitxen-tools-domUxen-toolsxen-doc-htmlxen-doc-pdfxorg-x11-libXp-32bitxorg-x11-libXpxorg-x11-libXfixesxorg-x11-libXfixes-32bitxorg-x11-libXfixes-develgnome-session-langgnome-sessionkdumpxkeyboard-configopen-iscsijava-1_7_0-ibm-jdbcjava-1_7_0-ibm-pluginjava-1_7_0-ibmjava-1_7_0-ibm-alsaxorg-x11-libX11-develxorg-x11-libX11xorg-x11-libX11-32bitlibuuid-devellibblkid1-32bitutil-linuxlibblkid1libuuid1util-linux-langlibuuid1-32bituuid-runtimeyast2-networkstrongswan-docstrongswanruby-doc-htmlruby-tkperfgstreamer-0_10-plugins-good-docgstreamer-0_10-plugins-v4lgstreamer-0_10-plugins-goodgstreamer-0_10-plugins-good-langxorg-x11-libX11xorg-x11-libX11-32bitsuseRegisterpython-rtslibkernel-firmwarekdumpaxisgnutls-32bitgnutls-devel-32bitgnutls-develjava-1_6_0-ibm-jdbcjava-1_6_0-ibm-pluginjava-1_6_0-ibmjava-1_6_0-ibm-alsajava-1_6_0-ibm-fontsxen-kmp-tracekernel-trace-extrapython-baselibpython2_6-1_0python-demopython-base-32bitlibpython2_6-1_0-32bitpython-cursespython-tkpython-xmlpython-idlepython-gdbmpython-32bitlibpixman-1-0-devellibpixman-1-0-32bitlibpixman-1-0xorg-x11-libXrenderxorg-x11-libXrender-develxorg-x11-libXrender-32bitlibHBAAPI2mozilla-nspr-32bitvirt-managerbraserolibbrasero-burn0brasero-langlibbrasero-media0grubpmtoolsrelease-notes-slesnagios-plugins-rsyncopenldap2-back-metaopenldap2libldap-2_4-2-32bitcompat-libldap-2_3-0libldap-2_4-2openldap2-clientbindphp53-gdphp53-pspellphp53-ldapphp53-odbcphp53-fastcgiphp53-iconvphp53-pcntlphp53-zipphp53-xmlrpcphp53php53-soapphp53-gmpphp53-mcryptphp53-sysvmsgphp53-xmlwriterphp53-xslphp53-bcmathphp53-fileinfophp53-pgsqlphp53-sysvshmphp53-pdophp53-xmlreaderphp53-curlphp53-exifphp53-bz2php53-ctypephp53-zlibphp53-calendarphp53-mbstringphp53-pearphp53-snmpphp53-wddxphp53-jsonapache2-mod_php53php53-shmopphp53-dbaphp53-suhosinphp53-ftpphp53-tokenizerphp53-opensslphp53-intlphp53-domphp53-sysvsemphp53-mysqlphp53-gettextlibgnutls26libgnutls-extra26libgnutls26-32bitpuppetpuppet-servermozilla-nss-32bitmozilla-nspr-32bitmozilla-nss-toolslibqt4-sql-postgresql-32bitlibqt4-sql-postgresqllibqt4-32bitlibqt4-sqlqt4-x11-toolslibqt4-sql-mysqllibqt4-x11libqt4-sql-unixODBC-32bitlibQtWebKit4-32bitlibqt4-sql-sqlitelibqt4-qt3supportlibqt4-sql-mysql-32bitlibqt4-qt3support-32bitlibqt4-sql-32bitlibqt4-sql-unixODBClibQtWebKit4libqt4-sql-sqlite-32bitlibqt4-x11-32bitlibqt4lio-mibslio-utilsperl-Bootloaderyast2-bootloaderlibgthread-2_0-0glib2-langlibgmodule-2_0-0libglib-2_0-0libglib-2_0-0-32bitlibgio-famlibgobject-2_0-0libgthread-2_0-0-32bitlibgio-2_0-0-32bitlibgio-2_0-0libgmodule-2_0-0-32bitlibgobject-2_0-0-32bitmokutilaugeas-lenseslibaugeas0augeaslibpq5-32bitlibpq5postgresql91-serverpostgresql91postgresql91-contribpostgresql91-docslibecpg6nagios-wwwnagiosaidekernel-default-extrakernel-trace-develkernel-xen-extrakernel-defaultkernel-paexen-kmp-paekernel-symskernel-pae-develxen-kmp-defaultkernel-trace-basekernel-xen-basekernel-default-basekernel-ec2-develkernel-tracekernel-pae-basekernel-default-develkernel-ec2-basekernel-pae-extrakernel-ec2yast2-pkg-bindingslibzyppzypper-logzyppermultipath-toolsperl-libapparmorapparmor-parserapache2-mod_apparmorlibapparmor1apparmor-utilstomcat_apparmorapparmor-docspam_apparmorperl-apparmorlibapparmor1-32bitpam_apparmor-32bitxorg-x11-libXfixesxorg-x11-libXfixes-32bitlibvirt-client-32bitlibvirt-doclibtalloc2libtevent0-32bitlibwbclient0libldb1libsmbclient0libtalloc2-32bitlibtalloc1-32bitsamba-client-32bitsamba-32bitlibtdb1-32bitlibldb1-32bitsamba-krb-printinglibwbclient0-32bitsambalibtdb1samba-winbind-32bitldapsmblibsmbclient0-32bitlibtevent0libtalloc1apache2-utilsrelease-notes-slesrelease-notes-sleskernel-pae-basekernel-xen-extrakernel-ec2kernel-tracekernel-trace-extrakernel-default-extrakernel-pae-develkernel-symskernel-trace-basekernel-pae-extrakernel-ec2-develkernel-default-basekernel-ec2-basexen-kmp-tracekernel-defaultxen-kmp-defaultkernel-default-develkernel-xen-basekernel-paekernel-trace-develaudit-libsaudit-libs-32bitauditsysstat-isagsysstatlibdrm-32bitlibdrmapache2-utilskshksh-develtimezone-javatimezonelibgudev-1_0-0-32bitlibgudev-1_0-0libudev0libudev0-32bitSUSE_SLED-SP3-migrationSUSE_SLES-SP3-migrationxinetdcheckmediayast2-slp-serverkernel-tracekernel-xen-extrakernel-ec2kernel-trace-basekernel-ec2-develkernel-defaultkernel-xen-basekernel-pae-extrakernel-pae-develkernel-default-extrakernel-ec2-basekernel-paekernel-default-basekernel-symskernel-default-develkernel-pae-basekernel-trace-develmicrocode_ctltcshipsec-toolspython-pywbemrpcbindjakarta-commons-fileuploadjakarta-commons-fileupload-javadocsblim-sfcbpython-m2cryptoMozillaFirefoxlibfreebl3-32bitmozilla-nss-32bitMozillaFirefox-translationslibfreebl3mozilla-nspr-32bitmozilla-nss-toolslibgcrypt11libgcrypt11-32bitapache2-utilslibglib-2_0-0libgio-2_0-0glib2-langglib2-doclibgthread-2_0-0libgthread-2_0-0-32bitlibgmodule-2_0-0-32bitlibgmodule-2_0-0libglib-2_0-0-32bitglib2libgio-2_0-0-32bitlibgobject-2_0-0glib2-devellibgio-famlibgobject-2_0-0-32bitsupportutilspuppetpuppet-servervinovino-langpython-qt4python-siptimezone-javatimezonezypper-loglibzyppzypperxorg-x11-server-extraxorg-x11-Xvnclibcpuset1openswan-docopenswanfirefox-libgcc_s1mozilla-nspr-32bitfirefox-libstdc++6libvirt-client-32bitlibvirt-docapache2-mod_nssperl-SNMPlibsnmp15libsnmp15-32bitsnmp-mibsnet-snmpman-pagespython-lxmlxorg-x11-libXext-32bitxorg-x11-libXextmailxpython-cursespython-gdbmpython-32bitpython-tklibpython2_6-1_0python-basepython-idlepython-base-32bitpython-demolibpython2_6-1_0-32bitpython-xmlgziplibguestfs0guestfs-toolsguestfsdguestfs-datalibxml2-pythonlibxml2-32bitlibxml2-doclibxml2libzyppperl-SNMPsnmp-mibslibsnmp15-32bitlibsnmp15net-snmpcpupowersles-tuning_en-pdfsles-installquick_en-pdfsles-security_en-pdfsles-storage_en-pdfsles-xen_en-pdfsles-autoyast_en-pdfsles-lxcquick_en-pdfsles-admin_en-pdfsles-kvm_en-pdfsles-deployment_en-pdfsle-audit-quick_en-pdfsles-manuals_ensle-apparmor-quick_en-pdfsles-hardening_en-pdfkvmmicrocode_ctloracleasmoracleasm-kmp-paeoracleasm-kmp-traceoracleasm-kmp-defaultoracleasm-kmp-xenxml-commonsxml-commons-apisrelease-notes-slessg3_utilsmono-data-sybasemono-data-postgresqlmono-locale-extrasmono-data-oraclemono-data-firebirdmono-webmonodoc-coremono-wcfibm-data-db2mono-corebytefx-data-mysqlmono-winformsmono-develmono-jscriptmono-nunitmono-data-sqlitemono-extrasmono-dataautoyast2-installationautoyast2java-1_6_0-ibm-jdbcjava-1_6_0-ibm-develjava-1_6_0-ibm-pluginjava-1_6_0-ibmjava-1_6_0-ibm-fontsjava-1_6_0-ibm-alsa-32bitjava-1_6_0-ibm-plugin-32bitjava-1_6_0-ibm-devel-32bitjava-1_6_0-ibm-32bitjava-1_6_0-ibm-alsaxorg-x11-libs-32bitxorg-x11-develpuppet-serverpuppetlibmysqlclient_r15libmysql55client_r18-32bitmysqllibmysqlclient_r15-32bitlibmysql55client18-32bitmysql-clientlibmysqlclient15-32bitlibmysql55client18mysql-toolslibmysqlclient15libmysql55client_r18autofssquid3microcode_ctltimezone-javatimezonespacewalk-checkrhnlibspacewalk-client-toolsspacewalk-client-setuplinux-kernel-headerslibopenssl0_9_8-hmac-32bitlibopenssl0_9_8libopenssl0_9_8-hmaclibopenssl0_9_8-32bitopenssl-doczypp-plugin-spacewalkspacewalk-checkspacewalk-client-toolsspacewalk-client-setuplibxslt-devel-32bitlibxslt-devellibxslt-32bitlibxsltMozillaFirefox-translationslibfreebl3MozillaFirefoxlibsoftokn3mozilla-nss-32bitlibsoftokn3-32bitmozilla-nss-toolslibfreebl3-32bitsambaxorg-x11-serverxorg-x11-server-extraxorg-x11-Xvnclibcurl4libcurl4-32bitpython-dmidecodespacewalk-checkspacewalk-client-setupzypp-plugin-spacewalkspacewalk-client-toolsrhnlibnagios-nrpe-docnagios-nrpenagios-plugins-nrpecups-libs-32bitcups-clientcups-libscupsxorg-x11-driver-inputnfs-docnfs-kernel-servernfs-clientfactergpg2-langjava-1_7_0-ibm-develjava-1_6_0-ibm-devellibpixman-1-0-32bitlibpixman-1-0libgcrypt11libgcrypt11-32bitlibkdecore4kdelibs4-corelibkde4-32bitkdelibs4-doclibkdecore4-32bitkdelibs4libkde4java-1_7_0-ibm-pluginjava-1_7_0-ibmjava-1_7_0-ibm-alsajava-1_7_0-ibm-jdbczshlibstdc++6-32bitlibgcc_s1-32bitlibgomp1libstdc++6libgcc_s1libgomp1-32bitlibgnutls26-32bitlibgnutls-extra26libgnutls26libgtk-vnc-1_0-0python-gtk-vncbeagle-guilibfreebl3libfreebl3-32bitMozillaFirefoxbeaglemozilla-nspr-32bitmozilla-nss-toolsmhtml-firefoxbeagle-langbeagle-firefoxmozilla-nss-32bitbeagle-evolutionMozillaFirefox-translationsnagiosnagios-wwwxorg-x11-libsxorg-x11-libs-32bitxen-develxen-libs-32bitapache2-utilsopenldap2-clientlibldap-2_4-2-32bitcompat-libldap-2_3-0openldap2libldap-2_4-2openldap2-back-metasmt-clientgpg2-langa2pspampam-docpam-32bitlibudev0udevlibudev0-32bitlibgudev-1_0-0libgudev-1_0-0-32bitsblim-cmpi-fsvolmdadmpam_fppam_fp-32bitlibfprint0libfprint0-32bitlxcstrongswanstrongswan-docyast2lxcpythonpython-develpython-xmlpython-gdbmpython-doc-pdfpython-base-32bitpython-32bitpython-demolibpython2_6-1_0libpython2_6-1_0-32bitpython-idlepython-cursespython-tkpython-docpython-basectagsautomakehal-32bithalhal-doctimezonetimezone-javajava-1_6_0-ibm-plugin-32bitjava-1_5_0-ibm-pluginjava-1_5_0-ibmjava-1_5_0-ibm-alsajava-1_6_0-ibm-32bitjava-1_5_0-ibm-alsa-32bitjava-1_5_0-ibm-32bitjava-1_6_0-ibm-alsa-32bitjava-1_5_0-ibm-jdbcjava-1_6_0-ibm-devel-32bitjava-1_6_0-ibm-alsajava-1_6_0-ibm-develjava-1_6_0-ibmjava-1_6_0-ibm-fontsjava-1_5_0-ibm-fontsjava-1_6_0-ibm-pluginjava-1_6_0-ibm-jdbcjava-1_5_0-ibm-develjava-1_5_0-ibm-devel-32bitipmitooltifflibtiff-32bitlibtifflibtiff3libtiff3-32bitlibtiff-devel-32bitlibtiff-devellibgnutls26libgnutls26-32bitlibgnutls-extra26gnutlsjava-1_5_0-ibm-alsa-32bitjava-1_5_0-ibm-fontsjava-1_5_0-ibmjava-1_5_0-ibm-demojava-1_6_0-ibm-alsajava-1_5_0-ibm-jdbcjava-1_5_0-ibm-pluginjava-1_6_0-ibm-devel-32bitjava-1_6_0-ibm-pluginjava-1_5_0-ibm-alsajava-1_5_0-ibm-srcjava-1_6_0-ibm-plugin-32bitjava-1_5_0-ibm-develjava-1_5_0-ibm-32bitjava-1_5_0-ibm-devel-32bitjava-1_6_0-ibm-32bitjava-1_6_0-ibm-jdbcjava-1_6_0-ibmjava-1_6_0-ibm-fontsjava-1_6_0-ibm-alsa-32bitjava-1_6_0-ibm-develyast2-samba-clientmozilla-nss-develmozilla-nspr-develfontconfigfontconfig-32bitblktracesudomkinitrdlibopenssl0_9_8libopenssl0_9_8-hmac-32bitopenssl-doclibopenssl0_9_8-hmaclibopenssl0_9_8-32bitnfs-kernel-servernfs-docnfs-utilsnfs-clientmozilla-nss-32bitlibsoftokn3-32bitMozillaFirefoxmozilla-nss-toolsmozilla-nspr-32bitMozillaFirefox-translationslibfreebl3-32bitlibsoftokn3libfreebl3logrotatepython-imagingjava-1_7_0-ibm-develjava-1_7_0-ibm-jdbcjava-1_7_0-ibmjava-1_7_0-ibm-pluginjava-1_7_0-ibm-alsafreeradius-server-dialupadminfreeradius-server-docfreeradius-serverfreeradius-server-utilsfreeradius-server-libsfilefile-32bitsnapper-zypp-pluginsnapperlibsnapper2libtevent0-32bitsamba-client-32bitlibldb1-32bitlibwbclient0libldb1libsmbclient0-32bitsambalibsmbclient0libtdb1-32bitlibtevent0samba-krb-printinglibwbclient0-32bitldapsmbsamba-32bitlibtdb1samba-winbind-32bitlibtalloc2libtalloc2-32bitlibpng12-0libpng12-0-32bitopen-iscsisamba-krb-printinglibtdb1libtalloc1-32bitsamba-32bitldapsmblibtalloc1libtevent0-32bitsambalibsmbclient0-32bitlibtalloc2libldb1samba-winbind-32bitlibtevent0libwbclient0libldb1-32bitlibwbclient0-32bitlibtalloc2-32bitlibsmbclient0libtdb1-32bitsamba-client-32bitsuse-ami-toolssg3_utilslibpoppler-qt4-3libpoppler5poppler-toolslibpoppler-glib4libapr1glibc-locale-32bitglibc-32bitglibcglibc-infoglibc-profileglibc-i18ndatanscdglibc-develglibc-htmlglibc-profile-32bitglibc-devel-32bitglibc-localexen-toolsxen-kmp-paexen-kmp-defaultxen-tools-domUxen-doc-htmlxen-doc-pdfxen-kmp-tracelsscsikernel-pae-basekernel-xen-basekernel-trace-basekernel-default-extrakernel-pae-develkernel-ec2-basekernel-tracekernel-trace-extraxen-kmp-defaultkernel-xen-extrakernel-default-develkernel-default-basekernel-defaultkernel-paekernel-symskernel-ec2kernel-pae-extraxen-kmp-tracekernel-trace-develkernel-ec2-develhplip-hpijshplipwiresharkmkinitrdjava-1_6_0-ibm-jdbcjava-1_6_0-ibm-alsajava-1_6_0-ibmjava-1_6_0-ibm-devel-32bitjava-1_6_0-ibm-plugin-32bitjava-1_6_0-ibm-develjava-1_6_0-ibm-32bitjava-1_6_0-ibm-alsa-32bitjava-1_6_0-ibm-pluginjava-1_6_0-ibm-fontsMozillaFirefox-translationsMozillaFirefoxphp5-snmpphp5-sysvmsgphp5-zlibphp5-ctypephp5-sysvshmphp5-hashphp5-gettextphp5-gdphp5-dbasephp5-bz2php5-pearphp5-tokenizerphp5-pgsqlphp5-pcntlphp5-mysqlphp5-soapphp5-xmlwriterphp5-curlphp5-mbstringphp5-mcryptphp5-gmpphp5-fastcgiphp5-zipphp5-dbaphp5-xmlrpcphp5-pspellphp5-ldapphp5-opensslphp5-xmlreaderphp5-sysvsemphp5-odbcphp5-jsonphp5-exifphp5-domphp5-wddxphp5-calendarphp5-pdophp5-bcmathphp5-iconvapache2-mod_php5php5-ftpphp5-suhosinphp5-xslphp5-shmopphp5multipath-toolskpartxrelease-notes-slesbind-libs-32bitbind-utilsbind-libsbind-docbind-chrootenvbindlibtspi1libtspi1-32bittrousersgpg2-langgpg2mkinitrdopenCryptoki-32bitopenCryptokiopenCryptoki-64bitpython-configshellpython-configshell-docWALinuxAgentclamavlibcurl4-32bitlibcurl4kernel-default-develxen-kmp-defaultkernel-ec2-develxen-kmp-paekernel-ec2-basekernel-defaultkernel-default-basekernel-pae-extrakernel-trace-develkernel-xen-basekernel-paekernel-pae-basekernel-tracekernel-default-extrakernel-symskernel-ec2kernel-pae-develkernel-trace-basekernel-xen-extraiproute2MozillaFirefoxMozillaFirefox-translationslibvirt-lock-sanlocklibvirt-client-32bitlibvirt-clientlibvirtlibvirt-doclibvirt-pythonWALinuxAgentethtoolyast2ruby-doc-htmlruby-tkrubystarxen-toolsxen-libs-32bitxen-doc-pdfxen-doc-htmlxenxen-kmp-paexen-libsxen-kmp-defaultxen-tools-domUgnome-power-manager-langgnome-power-managergnome-applets-brightnessgnome-applets-inhibit-powersavemcelogNetworkManager-openvpnNetworkManager-openvpn-gnomepulseaudiopulseaudio-module-bluetoothpulseaudio-module-x11pulseaudio-module-zeroconfpulseaudio-module-jackpulseaudio-gdm-hookspulseaudio-module-lirclibpulse0-32bitlibpulse-browse0pulseaudio-langpulseaudio-esound-compatpulseaudio-module-gconflibpulse0pulseaudio-utilslibpulse-mainloop-glib0ibutils-develibutilsibutils-devel-32bitibutils-32bitlibcurl4-32bitlibcurl4curlsuse-build-keyopenssl-certsbtrfsprogslibbtrfs0apache2apache2-docapache2-workerapache2-preforkapache2-example-pagesapache2-utilsmozilla-nspr-32bitMozillaFirefoxmozilla-nsprMozillaFirefox-translationsxen-kmp-paekernel-trace-extraxen-kmp-tracekernel-default-extraxen-kmp-defaultkernel-pae-extrakernel-xen-extraapache2-mod_security2binutilswgethyper-vldapsmblibtdb1libsmbclient0-32bitsamba-client-32bitlibtalloc1-32bitsamba-winbind-32bitsamba-docsamba-32bitlibsmbclient0libwbclient0-32bitsamba-winbindsamba-krb-printinglibtalloc1libwbclient0cifs-mountsambalibtdb1-32bitsamba-clientgrub2-x86_64-efiMozillaFirefox-branding-SLEDlibsoftokn3-32bitlibsoftokn3MozillaFirefoxmozilla-nss-32bitMozillaFirefox-translationslibfreebl3mozilla-nsslibfreebl3-32bitmozilla-nss-toolsdnsmasqlibopenssl0_9_8-hmaclibopenssl0_9_8-32bitlibopenssl0_9_8-hmac-32bitlibopenssl0_9_8openssl-docopensslkernel-ec2-basekernel-default-basekernel-paekernel-xen-basekernel-pae-basehyper-v-kmp-defaultext4dev-kmp-xenext4dev-kmp-paeext4dev-kmp-defaultext4dev-kmp-tracekernel-trace-basekernel-ec2btrfs-kmp-paekernel-xen-develkernel-pae-develkernel-defaultbtrfs-kmp-xenkernel-xenkernel-default-develkernel-trace-develhyper-v-kmp-tracebtrfs-kmp-defaulthyper-v-kmp-paekernel-symskernel-ec2-develkernel-sourcekernel-tracecrash-siallibMagickCore1libMagick++1libMagickWand1libMagickCore1-32bitImageMagickyum-commoncreaterepomutthwinfosled-releasesles-releasemakedumpfilecrashcrash-sialkdump0:4.0-7.28.10:0.98.5-0.7.10:1.0.22-3.25.10:1.4.2-0.22.31.10:3.0u-0.7.20:0.7.318.81ee561d-0.9.20:0.7.1-6.15.10:2.28.2-0.32.10:1.2.1-68.17.10:4.24-43.27.10:6.4.3.6-7.30.10:1.11.4-1.19.10:1.4.16-0.13.10:2.6-8.33.10:2.6.9-0.33.10:0.98.5-0.5.10:1.6.0_sr16.2-0.3.10:1.7.0_sr8.0-0.5.10:31.0-0.8.10:31.2.0esr-0.14.20:31.2.0esr-0.9.10:31.0-0.3.10:0.72-0.70.10:0.2808.01-0.70.10:5.10.0-64.70.10:5.3.17-0.31.10:2.2.3-0.8.10:1.10.11-0.2.10:0.9.8j-0.66.10:31.2.0esr-0.16.10:31.0-0.10.10:3.17.2-0.8.10:4.2.4_04_3.0.101_0.40-0.7.30:4.2.4_04_3.0.101_0.40-0.9.10:4.2.4_04-0.9.10:2.7.6-0.31.10:31.3.0esr-0.8.10:31.3.0esr-0.3.10:31.3.0esr-0.5.10:1.6.3-133.49.64.10:2.0.9-143.44.10:1.5.4.1_3.0.101_0.40-0.13.890:1.4.20_3.0.101_0.40-0.38.830:2.0.5_3.0.101_0.40-7.39.890:3.0.101-0.40.10:31.0-0.5.5.10:4.10.7-0.3.30:3.17.2-0.3.10:31.2.0esr-0.11.11.10:4.3-62.200.20:22.7-7.3.10:1.4.5-24.24.10:1.4.2-0.17.10:2.17.23-0.5.10:2.17.7-0.2.10:1.10.10-0.2.10:3.16.5-0.7.10:1.6.3-133.49.60.10:10.0-0.22.10:7.4-13.52.10:3.1.8-921.25.3.10:3.1.8-1069.22.22.10:3.1.8-921.31.10:2.11.3-17.68.10:2.24.0-24.96.30:1.6.0_sr16.1-0.3.10:2.17.55-0.7.10:2.4.3-3.27.10:0.17.8-0.5.10:1.6.315-0.7.150:0.44.5-0.5.1480:9.37.8-0.7.100:2.00-0.45.10:1.2.40-0.2.10:1.6.3-133.49.62.10:0.4.89.61-0.7.10:5.3.17-0.29.10:262-11.32.39.10:1.2.10-3.31.10:3.1.12-8.16.20.10:0.9.0-3.15.10:5.10.1-0.11.10:1.7.0_sr7.1-0.5.10:2.4.2-0.92.20:1.1.6-25.32.10:1.20-0.111.20:20110923-0.52.30:2.00-0.45.10:9.0.3-0.27.20:20110923-0.52.30:5.4.2.1-8.12.22.10:147-0.94.10:9.0.3-0.27.20:1.6.3-133.49.60.10:4.1.6_06_3.0.101_0.7.23-0.5.300:3.0.101-0.7.23.10:3.1-24.32.10:3.2-147.14.20.10:3.2-147.20.10:5.2-147.20.10:5.2-147.14.20.10:5.1-24.32.10:2.11.3-17.68.10:2.11.3-17.72.140:0.6.23-13.32.10:0.6.23-11.32.10:0.9.8j-0.62.10:5.5.39-0.7.10:5.0.96-0.6.130:3.22-240.8.10:1.35-0.15.10:1.0.0-141.15.10:1.7.0_sr7.1-0.5.10:262-11.32.39.10:3.16.4-0.8.10:24.8.0esr-0.8.10:3.0-4.9.10:6.94.1-00:1.3.3-12.2.10:6.0.41-0.43.10:3.0-4.9.10:3.1-24.34.10:5.2-147.22.10:5.2-147.14.22.10:3.2-147.14.22.10:5.1-24.34.10:3.2-147.22.10:2.17.46-0.5.10:2.11.1-0.58.10:10.0-0.22.10:1.3.9-8.46.52.20:9.37.8-0.7.100:0.44.5-0.5.1480:1.6.315-0.7.150:0.17.8-0.5.10:4-0.11.10:0.9.23-0.17.10:2.6.32.59-0.15.20:4.0.3_21548_16_2.6.32.59_0.15-0.5.260:1.6.18-0.3.10:2.7.26-0.3.70:1.0.5-0.7.20:0.6.29-0.7.20:0.9.4-0.23.10:1.0.5.9-0.11.20:0.9.8j-0.62.10:1.6.0_sr16.1-0.3.10:1.17-102.74.10:1.5.0-0.17.10:0.9.23-0.15.10:2.17.30-0.7.10:2014g-0.5.10:2014g-0.3.10:2.4.5.git-2.29.10:11-6.94.10:2.2.12-1.48.10:11.3.34-0.7.10:2.71-0.11.10:0.9.23-0.17.10:1.35-0.15.10:1.0.8-0.4.9.10:2.2.12-1.46.10:4.4.2.3-37.58.10:1.7-37.58.10:5.0.96-0.6.130:5.5.39-0.7.10:1.3.9-8.46.52.20:1.3.3-12.2.10:6.0.41-0.43.10:3.16.5-0.4.2.10:3.16.5-0.5.10:4.3.5-0.14.10:2.6-8.31.10:2.6.9-0.31.10:1.34b-12.54.20:3.6.3-0.54.20:5.3.17-0.23.50:5.3.8-0.45.10:2.0.9-25.33.39.10:1.34b-11.28.54.10:3.4.3-1.54.10:0.12.3-1.10.10:0.9.8j-0.62.30:0.9.8a-18.84.50:0.9.8a-18.45.79.30:1.2.10-3.29.10:2.02.98-0.29.10:1.0.5.9-0.9.10:15.48-0.6.6.10:11.2.0.51-0.5.10:2.6.39-2.12.18.10:3.16.4-0.3.10:24.8.0esr-0.3.10:4.10.7-0.3.10:2.24.0-24.89.10:1.0.0-141.15.10:5.10.0-64.61.61.10:1.4.2_sr13.15-0.6.10:1.4.2_sr13.15-0.3.10:4.2.4.P2-0.9.10:2014e-0.8.10:2014e-0.6.10:2.3.14-14.12.10:2.3.14-130.133.10:2.0.5-0.5.10:0.9.23-0.15.10:0.97-162.172.10:2.0.5_3.0.101_0.35-7.39.710:1.5.4.1_3.0.101_0.35-0.13.690:1.4.20_3.0.101_0.35-0.38.630:0.3.14-2.86.100:2.6.18-0.16.10:3.2.2-0.39.10:2.5.69.4-0.7.60:4.1.3_06_3.0.58_0.6.2-0.7.160:3.0.58-0.6.2.10:1.97-0.3.10:2.17.55-0.7.10:4.6.3-5.20.23.10:1.1.8-0.14.10:1.8.5-0.2.10:1.6.13-0.5.10:4.2.4p8-1.24.10:4.1-194.209.10:2.7.0-217.26.10:0.4.1-0.11.10:2.5.STABLE12-18.13.982.4.10:2.7.STABLE5-2.12.12.10:2.3.6-0.13.10:0.98.3-0.11.10:1.3.2-0.5.10:1.7.14.14-0.5.10:1.7.3-0.5.30:2.5.51.3-0.7.100:2.1.1-7.16.10:4.75-1.30.10:7.4-1.18.160:17.0.4esr-0.5.10:4.2.4.P2-0.20.10:7.4-5.11.11.70:7.4-1.19.80:1.5-1.28.10:24-0.7.480:3.16.1-0.8.10:24.6.0esr-0.8.10:4.10.6-0.5.10:24.6.0esr-0.5.20:3.16.1-0.5.10:24-0.12.10:7-0.6.7.1030:10.0.12-0.4.30:4.9.4-0.3.10:3.14.1-0.3.10:2.28.1-0.16.10:11.2.0.44-0.5.10:2.4.1-24.39.53.10:1.5-0.9.10:2.7.1-0.2.18.10:6.2p2-0.13.10:1.2.3-18.27.20:1.17-102.55.10:2013a-0.4.10:2013a-0.6.10:8.3.23-0.4.10:9.1.8-0.5.10:7.4-1.18.70:1.0.2013.01.18-0.19.10:4.1.4_02_3.0.74_0.6.6-0.5.220:1.34b-12.52.50:3.6.3-0.52.50:1.2.3-18.31.10:0.4-3.14.10:1.3.9-8.46.46.10:2.4.3-3.27.10:11-6.77.77.10:0.10.30-0.10.40:0.6.4-0.5.10:1.8-0.28.10:0.7-0.15.15.10:4.1.6_06_3.0.101_0.7.21-0.5.160:3.0.101-0.7.21.10:3.1.12-8.12.10:8.14.3-50.24.10:2.4.4-255.28.10:7.4-1.16.80:2.22.5-0.8.8.10:4.3.5-0.10.10:4.4.0-6.25.10:0.71.48-0.7.10:3.0.1-253.36.10:2.6-8.31.10:2.6.9-0.31.10:4.1-194.209.10:1.5.2_3.0.58_0.6.6-0.28.28.10:1.5.2-0.28.28.10:11.2-0.9.10:1.8.7.p357-0.9.15.60:24.7.0esr-0.3.10:24.7.0esr-0.8.20:3.16.2-0.5.10:3.16.2-0.3.10:24.7.0esr-0.5.10:3.16.2-0.8.10:1.20-0.28.73.10:1.20-0.73.10:7-0.10.110:17.0.5esr-0.4.10:7-0.6.9.170:17.0.5esr-0.8.10:4.9.6-0.3.10:4.9.6-0.5.10:3.14.3-0.4.3.10:3.14.3-0.5.10:3.1-0.6.10:7.11.2-0.9.10:0_2.6.32.59_0.13-7.9.1300:2.6.32.59-0.13.10:0_2.6.32.59_0.13-0.18.390:0_2.6.32.59_0.13-0.3.1630:7.19.7-1.20.25.10:1.6.0_sr13.2-0.3.10:3.8.2-141.152.10:3.8.2-5.34.10:0.7.1_git20090811-3.28.20:2.6-13.26.10:3.0.6-1.25.28.10:0.7.8-1.33.46.10:0.4.9-0.85.30:7.4-27.97.10:2.19.1-6.33.47.10:1.5.4-0.7.7.10:1.5.4-0.13.10:1.5.7-0.9.10:4.36-0.12.10:1.4.2_sr13.17-0.2.10:1.4.2_sr13.17-0.5.10:2.17.22-0.6.2.10:0.7-6.22.10:2.03-12.3.10:2.02-12.10.10:9.0.3-0.19.10:1.26-1.2.6.10:3.5.git-4.9.30:7.19.7-1.20.27.10:7.19.7-1.28.10:7.11.0-20.11.10:9.36.4-0.7.10:6.4.3.6-7.26.10:1.3-0.11.10:7.4-8.26.36.10:0.7.1-3.5.10:3.1a25-313.24.3.10:4.2.4.P2-0.11.13.10:0.97.8-0.5.10:0.97.8-0.2.10:0.99.9-14.17.120:0.99.15-0.14.110:0.9.0-3.15.10:2.28.4-1.16.16.40:7.4-8.26.42.40:0.4.1-28.21.21.10:2.17.130-0.7.10:9.9.2P2-0.11.10:5.0.96-0.6.10:2.6.18-0.4.20:0.9.6-0.25.10:93u-0.18.10:2.17.199-0.7.20:1.4.2_sr13.15-0.6.10:1.4.2_sr13.15-0.3.10:11.2.0.46-0.14.10:0.9.9-0.25.10:3.2.29-0.12.10:11.3.24-0.10.30:4.1.3_06_3.0.58_0.6.6-0.7.220:3.0.58-0.6.6.10:9.36.3-0.7.10:1.6.308-0.9.160:0.7.0-135.16.16.10:0.48-101.26.26.10:9.1.9-0.3.10:2.11.3-17.45.53.10:2.6.23-15.37.10:0.17-706.20.10:4.6.3-5.32.10:7-0.12.10:17.0.7esr-0.8.10:2.6.8-0.21.10:2013b-0.4.70:2013d-0.3.10:2013d-0.5.10:2.12-24.4.8.10:2.5.1.r1445-55.62.30:20110923-0.19.21.100:1.6.0_sr14.0-0.11.10:1.0.4-0.11.10:2.4-0.13.10:2.6.18-0.6.10:1.6.3-133.49.62.10:0.97.7-0.3.10:0.97.7-0.5.10:2.24.0-24.96.30:1.7.0_sr4.0-0.6.10:1.2.10-13.32.10:2.4.1-24.39.45.10:0.17.7-0.6.2.10:0.9.1-0.7.10:1.6.170-0.5.20:9.12.11-0.5.90:0.44.5-0.5.680:20071116-44.20.4.10:7.4-27.70.72.10:1.0.8-0.6.2.10:4.4.0-6.17.20:4.4.0-6.17.50:4.2.2_06_3.0.82_0.7-0.7.10:4.2.2_06-0.7.10:1.3.2-0.5.280:8.12-6.25.27.10:147-0.88.10:1.4.2_sr13.16-0.5.10:1.4.2_sr13.16-0.2.10:4.3.5-0.12.12.10:2.11.1-0.50.10:2.17.182.8-0.5.30:5.3.8-0.41.10:1.7.6p2-0.2.12.10:1.6.9p23-0.18.10:2.28.3-0.3.10:0.9.6-0.27.10:2.7.2-61.25.10:2.17.44-0.5.10:3.0.74-0.6.6.20:1.4.3-0.17.19.10:5.2.14-0.7.30.54.10:0.10.30-0.12.10:0.10.30-5.12.10:147-0.69.69.10:2013d-0.3.10:7.4-8.26.38.10:1.1.15-15.20.10:1.1.24-19.21.10:4.3.5-0.11.18.10:4.3.5-0.12.18.10:7.7-5.12.380:1.4.3-19.49.53.10:1.6.3-133.49.56.10:1.0.5.4-0.9.20:2.2.3-16.48.10:2.2.12-1.38.20:6.0.18-20.35.42.10:2.7.6-0.23.10:7.4-1.19.20:4.1-194.207.10:1.7.0_sr4.1-0.5.10:2.17.22-0.4.3.10:1.4.2-0.15.20:2.28.0-1.9.9.10:2.28.0-1.4.10:4.4.2.3-37.56.10:1.7-37.56.10:1.17-102.57.60.10:1.17-102.66.10:3.10.11-0.10.10:1.7.0_sr4.2-0.6.10:3.3.0-3.27.3.10:2.28.0-3.11.90:3.3.0-3.27.3.50:7.4-1.22.5.10:0.2.8-0.5.10:0.99.15-0.14.10:1.4.2_sr13.18-0.4.10:1.4.2_sr13.18-0.7.10:5.2.14-0.7.30.48.10:2013b-0.5.10:2013b-0.4.10:2.28.1-1.12.1100:2.28.1-1.12.1110:5.0.96-0.6.90:5.5.32-0.9.10:2.3.1-47.12.10:1.34b-12.42.10:3.6.3-0.42.10:2.7.STABLE5-2.12.16.10:1.0.10-0.6.2.10:1.0.10-0.7.10:0.4.89.56-0.7.10:1.95-0.4.10:2.17.2-0.2.3.10:2.17.14-0.5.10:1.20-0.28.76.10:1.20-0.75.10:0.9.8-50.10.10:1.7.0_sr5.0-0.5.10:4.3.5-0.3.5.10:1.8.11-0.2.10:1.8.7.p357-0.9.11.10:147-0.90.80:1.8.6-0.2.10:1.6.14-0.5.10:5.3.17-0.15.10:0.3.7-3.9.10:7.4-1.19.10:6.2.6.39-0.13.10:1.4-1.33.10:2.17.182.12-0.5.110:1.6.3-133.49.54.10:2.17.32.4-0.5.10:0.6.24-0.7.10:7.4-1.22.5.150:6.2.6.39-0.18.10:2.17.145-0.7.30:2.0.9-143.33.3.10:2.0.9-143.40.50:11-25.22.22.10:5.3.17-0.27.10:2.17.6-0.13.10:0.95-1.24.10:1.0.22-3.19.10:5.1p1-41.57.10:2.5.13-0.21.10:7.4-1.18.10:0.9.2-0.5.50:1.7.14.16-0.5.20:1.6.3-133.49.58.10:3.14-0.32.10:0.4.9-0.70.72.10:2.17.38-0.7.20:2.4.41-0.10.80:7.4.0.1-0.85.50:9.0.3-0.25.10:3.4.3-1.42.110:1.34b-12.30.10:3.6.3-0.30.10:4.1.6_04_3.0.101_0.5-0.5.10:4.1.6_04-0.5.10:2.9.4-0.15.10:2.17.21-0.5.1510:2.17.21-0.5.1490:4.1.5_02-0.5.10:4.1.5_02_3.0.74_0.6.10-0.5.10:4.2.3_08_3.0.101_0.8-0.7.10:4.2.3_08-0.7.10:7.4-1.18.10:2013g-0.6.10:2.28.0-3.9.10:0.8.4-0.37.10:1.5-4.44.10:1.4-236.38.90:1.4-236.43.50:2.0.873-0.6.3.10:1.7.0_sr4.2-0.6.10:7.4-5.11.11.10:2.19.1-6.54.10:2.17.182.7-0.5.10:2.11.3-17.45.45.10:4.4.0-6.21.10:20110923-0.19.23.10:1.8.7.p357-0.9.13.10:3.0.76-2.11.10:0.10.30-0.12.140:0.10.30-5.12.150:7.4-5.11.11.10:2013d-0.3.100:2013d-0.3.60:1.4-1.26.5.10:2.1.fb27-0.9.10:17.0.8esr-0.7.20:20110923-0.48.10:0.8.4-0.31.10:1.4-236.38.70:1.4-236.43.10:2013i-0.6.10:2013i-0.5.10:1.2.10-13.36.10:1.6.0_sr14.0-0.3.10:4.1.5_02_3.0.93_0.5-0.5.390:3.0.93-0.5.10:2.6.8-0.19.10:5.0.6-3.4.10:0.9.9-0.27.27.10:0.24.4-0.15.10:0.16.0-1.4.10:7.4-1.16.10:2.2.7-0.9.10:3.15.3-0.5.10:4.10.2-0.5.10:3.15.3-0.3.10:4.10.2-0.3.10:3.15.3-0.8.10:6.0.7-0.12.10:0.9.4-0.21.10:1.0.5.6-0.7.10:2.28.3-0.5.5.10:0.97-162.170.10:20071116-44.33.10:1.8.12-0.17.10:5.3.17-0.17.10:11.3.25-0.7.10:11.2.0.48-0.15.10:4-0.13.20:1.02-2.23.10:2.3.37-2.26.10:2.4.26-0.26.10:0.15.1-0.27.10:11.3.28-0.8.10:9.9.4P2-0.6.10:5.3.8-0.43.10:2.4.1-24.39.47.10:2.6.18-0.12.10:7-0.10.340:4.9.6-0.5.70:3.14.3-0.5.70:17.0.8esr-0.4.2.10:17.0.8esr-0.5.30:4.6.3-5.29.20:3.0.74-0.6.10.10:4.1.4_02_3.0.74_0.6.10-0.5.320:4.0-0.16.10:1.7.6p2-0.2.12.50:7.19.7-1.30.10:8.1.5-7.38.40.10:0.4.89.57-0.7.50:2.17.97-0.7.280:2.22.5-0.8.10.20:0.1.0-0.21.10:0.9.0-3.11.10:9.1.12-0.3.10:3.0.6-1.25.34.10:0.13.1-40.16.10:4.2.2_06_3.0.93_0.8-0.7.170:3.0.93-0.8.20:1.8.11-0.20.20.20:2.17.59.1-0.7.10:9.37.6-0.7.10:1.6.314-0.7.20:0.4.9-0.91.10:2.3-51.16.40:2.5.1.r1445-55.61.61.10:2.5.1.r1445-55.64.10:7.4-1.16.20:0.9.6-0.29.10:1.4.2-0.7.150:1.34b-12.33.35.10:3.6.3-0.33.35.10:3.4.3-1.46.20:2.2.12-1.36.10:11.3.31-0.7.20:2013g-0.5.10:11.2.0.45-0.9.10:4.1.4_02_3.0.74_0.6.8-0.5.260:3.0.74-0.6.8.10:1.8-0.30.10:8.1.5-7.47.10:2.4.41-0.12.30:2.2.12-1.40.10:93u-0.22.10:93u-0.27.50:7.4-27.70.76.10:2014a-0.5.10:2014a-0.7.10:147-0.69.71.10:11.2-1.270:11.2-1.5380:11.2-1.5400:11.2-1.240:2.3.14-130.133.10:2.11.3-17.66.10:3.0-0.9.10:5.0.6-3.8.10:4.2.4_02_3.0.101_0.18-0.7.50:3.0.101-0.18.10:2.17.6-0.3.10:4.2.4_02_3.0.101_0.21-0.7.120:3.0.101-0.21.10:1.17-102.72.10:2.4.2-0.57.61.10:6.15.00-93.37.10:2.11.3-17.45.49.10:0.7.3-1.4.10:11.3.32-0.7.30:0.7-6.20.10:0.1.6+git20080930-6.20.10:1.1.1-1.37.10:1.3.11-0.23.20:1.0.8-0.4.5.10:1.4.2-0.7.10:0.21.1-2.4.10:7-0.6.9.200:17.0.6esr-0.4.10:4.9.6-0.3.10:3.14.3-0.4.3.10:1.5.0-0.15.20:2.2.12-1.38.20:1.4.2-0.9.10:2.22.5-0.8.12.10:1.20-0.102.10:2.6.18-0.14.10:2.6.16-1.40.10:2.28.1-2.5.10:4.6.2-0.4.20:4.9.3-1.3.20:2013g-0.4.10:2013g-0.4.4.10:9.37.4-0.7.20:1.6.311-0.7.30:9.16.4-0.5.20:1.6.178-0.5.30:7.4-27.40.70.10:1.0-8.7.10:2.4.4-18.21.10:2.6.16-1.38.10:4.10.2-0.3.20:3.15.4-0.4.2.10:4.7.2_20130108-0.16.10:24-0.4.10.40:24.3.0esr-0.4.2.20:1.8.12-0.4.10:0.5.12-23.72.10:1.0.5.8-0.7.10:1.0.8-0.4.7.10:4.2.2_04_3.0.82_0.7-0.9.30:3.0.82-0.7.90:5.4.2.1-8.12.20.10:3.15-2.27.10:1.7.6p2-0.21.10:2.3.6-0.11.10:7.4-1.18.20:12.5-1.5.10:2.6.8-0.23.10:1.3.12-69.23.10:1.20.4-0.18.10:2.7.6-0.25.10:9.37.1-0.7.10:9.16.1-0.5.10:2.6-8.25.10:2.6.9-0.25.10:2.0.5-7.39.10:2.0.5_3.0.82_0.7-7.39.10:3.15.3.1-0.4.2.10:5.4.2.1-8.12.18.10:2.6.39-2.21.10:2.17.73-0.7.10:4.10.6-0.3.10:24-0.4.10.240:3.16.1-0.3.10:24.6.0esr-0.3.10:3.0.101-0.7.19.10:11.3-0.25.20:4.2.3_08_3.0.101_0.15-0.7.220:3.0.101-0.15.10:1.4.2-0.11.10:1.17-102.68.10:1.17-102.57.62.10:2.0.5-7.28.28.10:2.0.5_3.0.80_0.7-7.28.28.10:1.3.02-227.31.30:7.19.7-1.32.10:3.2.6-0.23.10:11.3.33-0.7.10:4.2.4_02_3.0.101_0.15-0.7.10:4.2.4_02-0.7.10:2014c-0.3.10:1.35-0.13.10:2.6.7-0.11.20:2.17.57.3-0.5.10:1.6.0_sr16.0-0.3.10:1.6.0_sr16.0-0.5.10:1.6.0_sr16.0-0.8.10:7.4-8.26.40.10:2.6.18-0.8.10:5.0.96-0.6.110:5.5.37-0.7.10:5.0.6-3.10.16.10:3.1.12-8.16.18.10:1.17-102.70.10:2014c-0.5.10:2014c-0.7.10:2.5.51.5-0.5.10:1.7.14.17-0.5.10:2.6.32-1.15.10:0.9.8j-0.50.10:0.9.5-0.5.50:1.7.14.18-0.5.20:1.1.15-15.22.10:1.1.24-19.23.10:24.2.0esr-0.7.10:24-0.7.40:3.15.3.1-0.7.10:1.34b-12.33.41.20:3.4.3-1.54.40:3.6.3-0.33.41.20:7.4-27.85.10:7.19.7-1.20.31.10:3.10.11-0.12.10:0.9.2-0.5.10:1.7.14.16-0.5.10:2.5.51.4-0.5.10:2.12-24.4.10.10:1.3.9-8.46.48.10:7.4-13.46.170:1.2.3-18.33.10:1.5.2-1.22.3.10:2.0.9-25.33.37.60:1.7.0_sr6.1-0.8.10:3.15.4-0.4.2.10:1.6.0_sr15.1-0.6.10:0.24.4-0.13.10:1.4.1-6.10.10:4.3.5-0.12.10:1.7.0_sr6.1-0.8.10:4.2.4_02_3.0.101_0.35-0.7.450:3.0.101-0.35.10:1.8.12-0.2.10:4.3.6-67.9.10:0.5.12-23.70.410:4.7.2_20130108-0.17.20:2.4.1-24.39.51.10:0.3.9-1.3.10:0.5-1.47.51.50:4.9.5-0.3.20:7-0.6.9.50:3.14.2-0.4.3.20:0.3.8-56.51.10:17.0.3esr-0.4.4.10:3.0.6-1.25.36.10:7.4-8.26.42.10:4.1.6_06_3.0.101_0.7.17-0.5.10:4.1.6_06-0.5.10:2.2.12-1.40.70:2.3.37-2.28.50:2.4.26-0.28.50:1.0-907.36.36.10:1.0-907.39.3.10:1.0-685.20.10:0.3.0-0.5.10:1.6.0_sr13.0-0.8.10:2.0.9-25.33.37.10:0.9.8j-0.54.10:4.13-1326.37.10:1.1.5-0.12.10:4.1.6_04_3.0.101_0.7.15-0.5.120:3.0.101-0.7.15.10:147-0.92.10:1.5.0-1.4.10:3.2.2-0.47.10:0.1-12.34.290:0.0.6-18.22.280:0.8.0-0.21.60:4.1.10-0.20.10:4.4.0-6.17.10:4.4.0-6.23.10:2.17.135-0.7.60:0.7.5-1.29.40:2.6-8.27.10:2.6.9-0.27.10:2013.10.2-0.3.10:2.11.3-17.62.10:1.10.1-4.131.9.10:0.5.12-23.74.10:2013h-0.7.10:1.6.0_sr15.1-0.6.10:1.6.0_sr15.1-0.15.10:1.5.0_sr16.5-0.6.10:1.8.12-0.21.10:1.8.11-0.20.30.10:3.8.2-141.154.10:3.8.2-5.36.10:2.4.1-24.39.49.10:1.5.0_sr16.1-0.5.10:1.6.0_sr13.1-0.9.10:1.6.0_sr13.1-0.14.10:2.17.29-0.7.10:4.2.4_02_3.0.101_0.29-0.7.240:3.0.101-0.29.10:2.0.9-25.33.33.50:0.4.9-0.95.10:3.16-0.3.10:24-0.4.10.140:24.5.0esr-0.3.10:1.8.8-0.2.10:2.6.0-10.17.10:1.0.3-0.7.10:1.7.6p2-0.19.10:2.4.2-0.84.10:0.9.8j-0.52.10:1.0.7-36.50.10:1.2.3-18.29.10:4.10.4-0.3.10:24-0.7.360:24.5.0esr-0.8.10:3.16-0.8.10:3.7.7-10.28.10:1.1.6-168.34.10:1.7.0_sr7.0-0.5.10:2.1.1-7.18.10:4.24-43.25.10:0.1.2-0.17.10:1.34b-12.50.10:3.6.3-0.50.10:1.2.31-5.33.10:2.0.873-0.23.10:1.34b-12.46.10:1.34b-12.33.39.10:3.4.3-1.50.10:3.6.3-0.33.39.10:3.6.3-0.46.10:3.0.76-0.11.10:1.0.8-0.7.10:1.31-1.19.10:0.12.3-1.8.10:11.3.30-0.7.10:1.3.3-11.18.19.80:2.11.3-17.56.20:4.0.3_21548_16-0.5.10:4.0.3_21548_16_2.6.32.59_0.9-0.5.10:0.23-0.12.10:4.1.5_02_3.0.80_0.7-0.5.180:3.0.80-0.7.10:3.11.10-0.6.11.10:1.8.13-0.5.10:2.4.2-0.57.57.10:1.6.0_sr13.2-0.8.10:1.6.0_sr13.2-0.3.10:17.0.9esr-0.7.10:17.0.9esr-0.3.10:5.2.14-0.7.30.50.10:0.4.9-0.97.10:11.2.0.50-0.6.10:9.9.3P2-0.5.10:0.3.10-0.11.10:2.0.9-25.33.33.10:2.4.2-0.88.10:2.4.3.1-0.7.10:1.1-0.9.10:2.0.1-0.7.10:0.98.1-0.10.10:7.19.7-1.20.29.10:4.2.4_02_3.0.101_0.31-0.7.330:3.0.101-0.31.10:2.6.29.1-6.35.10:7-0.6.9.310:17.0.7esr-0.3.10:17.0.7esr-0.6.10:7-0.10.280:1.0.5.9-0.7.10:2.0.2-0.5.10:6.2.6.39-0.20.10:6.2.6.39-0.15.15.10:2.17.134-0.7.10:1.8.7.p357-0.9.15.10:1.5final-28.23.25.10:4.2.3_02_3.0.93_0.8-0.7.10:4.2.3_02-0.7.10:2.24.1-17.67.10:1.0.2013.01.18-0.15.10:0.7.1-3.7.10:0.9.23-0.13.1^(i586$)|(x86_64$)$(none)100:1.5.7-0.11.10:1.5.4-0.15.10:1.5.4-0.7.9.10:7.19.7-1.38.10:1.0-907.44.10:1.96-0.4.10:0.20-0.39.10:2.2.12-1.42.10:24-0.7.230:4.10.4-0.3.10:24.4.0esr-0.8.10:4.1.6_04_3.0.101_0.7.17-0.5.160:3.0.101-0.7.17.10:2.7.1-0.2.14.10:2.23.1-0.19.20:1.11.4-1.17.10:5-0.11.10:1.34b-11.28.52.30:3.4.3-1.52.30:2.00-0.41.10:24-0.7.140:24.3.0esr-0.8.10:3.15.4-0.7.10:2.45-12.25.10:0.9.8j-0.58.10:0_2.6.32.59_0.9-7.9.1180:0_2.6.32.59_0.9-0.3.1510:0_2.6.32.59_0.9-0.18.370:2.6.32.59-0.9.10:6.0.7-0.7.11.10:6.4.3.6-7.28.10:3.2.29-0.15.13.10:0.9.9-0.28.28.10:1.5.17-42.37.10:15.53-0.13.1^11(\.\d)*$^11(\.\d)*$0:1.5.1-0.15.10:6.0.7-0.16.10:0.8.4-0.39.2