The OVAL Repository5.62015-09-03T08:17:33.122-04:00SUSE-SU-2015:0805-1 -- Security update for cups-filters (moderate)SUSE Linux Enterprise Server 12SUSE Linux Enterprise Desktop 12cups-filterscups-filters was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-2265: Remote command execution in remove_bad_chars()
(bnc#921753).
This non-security issue was fixed:
- LSB compliance of foomatic-rip (bnc#915545).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2015:0979-1 -- Security update for dnsmasq (moderate)SUSE Linux Enterprise Server 12SUSE Linux Enterprise Desktop 12dnsmasqThe DNS server dnsmasq was updated to fix one security issue and one
non-security bug.
The following vulnerability was fixed:
* CVE-2015-3294: A remote unauthenticated attacker could have caused a
denial of service (DoS) or read heap memory, potentially disclosing
information such as performed DNS queries or encryption keys.
(bsc#928867)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2015:1077-1 -- Security update for openldap2 (moderate)SUSE Linux Enterprise Server 12SUSE Linux Enterprise Desktop 12openldap2openldap2 was updated to fix two security issues and one non-security bug.
The following vulnerabilities were fixed:
* A remote attacker could cause a denial of service through a NULL pointer
dereference and crash via an empty attribute list in a deref control in
a search request. (bnc#916897 CVE-2015-1545)
* A remote attacker could cause a denial of service (crash) via a crafted
search query with a matched values control. (bnc#916914 CVE-2015-1546)
The following non-security issue was fixed:
* Prevent connection-0 (internal connection) from showing up in the
monitor backend (bnc#905959)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2015:0515-1 -- Security update for gnome-settings-daemon (moderate)SUSE Linux Enterprise Server 12SUSE Linux Enterprise Desktop 12gnome-settings-daemongnome-settings-daemon was updated to fix a bug and a security issue:
Security issue fixed:
- CVE-2014-7300: The lockscreen can be bypassed with the Print Screen
button.
Bug fixed:
- Do not hide the cursor while there was no mutter running (bsc#905158).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2015:0990-1 -- Security update for curl (moderate)SUSE Linux Enterprise Server 12SUSE Linux Enterprise Desktop 12curlcurl was updated to fix five security issues.
The following vulnerabilities were fixed:
* CVE-2015-3143: curl could re-use NTML authenticateds connections
* CVE-2015-3144: curl could access memory out of bounds with zero length
host names
* CVE-2015-3145: curl cookie parser could access memory out of boundary
* CVE-2015-3148: curl could treat Negotiate as not connection-oriented
* CVE-2015-3153: curl could have sent sensitive HTTP headers also to
proxiesSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2015:1020-1 -- Security update for autofs (moderate)SUSE Linux Enterprise Server 12SUSE Linux Enterprise Desktop 12autofsautofs was updated to fix one security issue.
This security issue was fixed:
- CVE-2014-8169: Prevent potential privilege escalation via interpreter
load path for program-based automount maps (bnc#917977).
These non-security issues were fixed:
- Dont pass sloppy option for other than nfs mounts (bnc#901448,
bnc#916203)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2015:1013-1 -- Security update for wpa_supplicant (moderate)SUSE Linux Enterprise Server 12SUSE Linux Enterprise Desktop 12wpa_supplicantwpa_supplicant was updated to fix three security issues:
- CVE-2015-0210: wpa_supplicant: broken certificate subject check this
adds the "domain_match" config option from upstream (additional to the
already existing domain_suffix_match)
- CVE-2014-3686: hostapd command execution
- CVE-2015-1863: P2P SSID processing vulnerabilitySergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2015:0953-2 -- Security update for perl-YAML-LibYAML (moderate)SUSE Linux Enterprise Server 12SUSE Linux Enterprise Desktop 12perl-YAML-LibYAMLerl-YAML-LibYAML was updated to fix three security issues.
These security issues were fixed:
- CVE-2013-6393: The yaml_parser_scan_tag_uri function in scanner.c in
LibYAML before 0.1.5 performed an incorrect cast, which allowed remote
attackers to cause a denial of service (application crash) and possibly
execute arbitrary code via crafted tags in a YAML document, which
triggered a heap-based buffer overflow (bnc#860617, bnc#911782).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2015:0803-1 -- Security update for gdm (low)SUSE Linux Enterprise Server 12SUSE Linux Enterprise Desktop 12gdmThe GNOME Display Manager was updated to fix several bugs:
Security issue fixed:
- Removed gdm-fingerprint and gdm-smartcard pamfiles that allowed
unlocking the screen without password or fingerprint if fingerprint
reader support was enabled. (boo#900836).
Bugs fixed:
- Fix support for DISPLAYMANAGER_STARTS_XSERVER from
/etc/sysconfig/displaymanager (bsc#919723).
- Ensure ShowLocalGreeter configuration key is properly handled
(bgo#743440).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2015:0866-1 -- Security update for gd (low)SUSE Linux Enterprise Server 12SUSE Linux Enterprise Desktop 12gdThe graphics drawing library gd was updated to fix one security issue.
The following vulnerability was fixed:
* possible buffer read overflow (CVE-2014-9709)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2015:1014-1 -- Security update for vorbis-tools (moderate)SUSE Linux Enterprise Server 12SUSE Linux Enterprise Desktop 12vorbis-toolsVorbis tools was updated to fix division by zero and integer overflows by
crafted WAV files (CVE-2014-9638, CVE-2014-9639, bnc#914439, bnc#914441),
that would allow attackers to crash the vorbis tools processes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2015:0974-1 -- Security update for apache2 (moderate)SUSE Linux Enterprise Server 12apache2Apache2 updated to fix four security issues and one non-security bug.
The following vulnerabilities have been fixed:
- mod_headers rules could be bypassed via chunked requests. Adds
"MergeTrailers" directive to restore legacy behavior. (bsc#871310,
CVE-2013-5704)
- An empty value in Content-Type could lead to a crash through a null
pointer dereference and a denial of service. (bsc#899836, CVE-2014-3581)
- Remote attackers could bypass intended access restrictions in mod_lua
LuaAuthzProvider when multiple Require directives with different
arguments are used. (bsc#909715, CVE-2014-8109)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1628-1 -- Security update for gnutls (moderate)SUSE Linux Enterprise Server 12SUSE Linux Enterprise Desktop 12gnutlsgnutls was updated to fix one security issue.
- Fixed parsing problem in elliptic curve blobs over TLS that could lead
to remote crashes (CVE-2014-8564).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1652-1 -- Security update for cpio (moderate)SUSE Linux Enterprise Server 12SUSE Linux Enterprise Desktop 12cpioThis cpio security update fixes the following buffer overflow issue and
two non security issues:
- fix an OOB write with cpio -i (bnc#907456) (CVE-2014-9112)
- prevent cpio from extracting over a symlink (bnc#658010)
- fix a truncation check in mtSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1555-1 -- Security update for file (moderate)SUSE Linux Enterprise Server 12SUSE Linux Enterprise Desktop 12filefile was updated to fix one security issue.
This security issue was fixed:
- Out-of-bounds read in elf note headers (CVE-2014-3710).
This non-security issues was fixed:
- Correctly identify GDBM files created by libgdbm4 (bnc#888308).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2015:0743-1 -- Security update for mariadb (important)SUSE Linux Enterprise Server 12SUSE Linux Enterprise Desktop 12mariadbmariadb was updated to version 10.0.16 to fix 40 security issues.
These security issues were fixed:
- CVE-2015-0411: Unspecified vulnerability in Oracle MySQL Server 5.5.40
and earlier, and 5.6.21 and earlier, allowed remote attackers to affect
confidentiality, integrity, and availability via unknown vectors related
to Server : Security : Encryption (bnc#915911).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1178-1 -- Update for update-test-security (moderate)SUSE Linux Enterprise Server 12SUSE Linux Enterprise Desktop 12update-test-securityThis is a security update to test the software update stack.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSUSE-SU-2015:0884-1 -- Security update for spice (important)SUSE Linux Enterprise Server 12SUSE Linux Enterprise Desktop 12spiceThe remote desktop software SPICE was updated to address one security
issue.
The following vulnerabilitiy was fixed:
* A stack-based buffer overflow in the password handling code allowed
remote attackers to cause a denial of service (crash) via a long
password in a SPICE ticket. (bsc#848279, CVE-2013-4282)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1524-1 -- Security update for openssl (moderate)SUSE Linux Enterprise Server 12SUSE Linux Enterprise Desktop 12opensslopenssl was updated to fix four security issues.
These security issues were fixed:
- SRTP Memory Leak (CVE-2014-3513).
- Session Ticket Memory Leak (CVE-2014-3567).
- Fixed incomplete no-ssl3 build option (CVE-2014-3568).
- Add support for TLS_FALLBACK_SCSV (CVE-2014-3566).
NOTE: This update alone DOESN'T FIX the POODLE SSL protocol vulnerability.
OpenSSL only adds downgrade detection support for client applications. See
https://www.suse.com/support/kb/doc.php?id=7015773 for mitigations.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2015:1143-1 -- Security update for openssl (important)SUSE Linux Enterprise Server 12SUSE Linux Enterprise Desktop 12opensslThis update of openssl fixes the following security issues:
- CVE-2015-4000 (bsc#931698)
* The Logjam Attack / weakdh.org
* reject connections with DH parameters shorter than 1024 bits
* generates 2048-bit DH parameters by default
- CVE-2015-1788 (bsc#934487)
* Malformed ECParameters causes infinite loop
- CVE-2015-1789 (bsc#934489)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1549-1 -- Security update for java-1_7_1-ibm (important)SUSE Linux Enterprise Server 12java-1_7_1-ibmjava-1_7_1-ibm was updated to version 1.7.1_sr1.2 to fix 21 security
issues.
These security issues were fixed:
- Unspecified vulnerability in Oracle Java (CVE-2014-3065).
- The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and
other products, uses nondeterministic CBC padding, which makes it easier
for man-in-the-middle attackers to obtain cleartext data via a
padding-oracle attack, aka the "POODLE" issue (CVE-2014-3566).
- Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and
Java SE Embedded 7u60, allows remote attackers to affect
confidentiality, integrity, and availability via vectors related to AWT
(CVE-2014-6513).
- Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors (CVE-2014-6456).
- Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows
remote attackers to affect confidentiality, integrity, and availability
via unknown vectors related to Deployment, a different vulnerability
than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532 (CVE-2014-6503).
- Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows
remote attackers to affect confidentiality, integrity, and availability
via unknown vectors related to Deployment, a different vulnerability
than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503 (CVE-2014-6532).
- Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows
remote attackers to affect confidentiality, integrity, and availability
via unknown vectors related to Deployment, a different vulnerability
than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-4288).
- Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows
remote attackers to affect confidentiality, integrity, and availability
via unknown vectors related to Deployment, a different vulnerability
than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-6493).
- Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when
running on Firefox, allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to Deployment
(CVE-2014-6492).
- Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows
local users to affect confidentiality, integrity, and availability via
unknown vectors related to Deployment (CVE-2014-6458).
- Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when
running on Internet Explorer, allows local users to affect
confidentiality, integrity, and availability via unknown vectors related
to Deployment (CVE-2014-6466).
- Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and
8u20, and Java SE Embedded 7u60, allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors related
to Libraries (CVE-2014-6506).
- Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote
attackers to affect integrity via unknown vectors related to Deployment,
a different vulnerability than CVE-2014-6527 (CVE-2014-6476).
- Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows
remote attackers to affect integrity via unknown vectors related to
Deployment (CVE-2014-6515).
- Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20
allows remote attackers to affect confidentiality via unknown vectors
related to 2D (CVE-2014-6511).
- Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and
8u20, and Java SE Embedded 7u60, allows remote attackers to affect
confidentiality via unknown vectors related to Libraries (CVE-2014-6531).
- Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and
8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows
remote attackers to affect integrity via unknown vectors related to
Libraries (CVE-2014-6512).
- Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and
8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows
remote attackers to affect confidentiality and integrity via vectors
related to JSSE (CVE-2014-6457).
- Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote
attackers to affect integrity via unknown vectors related to Deployment,
a different vulnerability than CVE-2014-6476 (CVE-2014-6527).
- Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and
8u20, and Java SE Embedded 7u60, allows remote attackers to affect
integrity via unknown vectors related to Libraries (CVE-2014-6502).
- Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and
8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3
allows remote attackers to affect integrity via unknown vectors related
to Security (CVE-2014-6558).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1259-1 -- bash (important)SUSE Linux Enterprise Server 12SUSE Linux Enterprise Desktop 12The command-line shell 'bash' evaluates environment variables, which
allows the injection of characters and might be used to access files on
the system in some circumstances (CVE-2014-7169).
Please note that this issue is different from a previously fixed
vulnerability tracked under CVE-2014-6271 and it is less serious due to
the special, non-default system configuration that is needed to create an
exploitable situation.
To remove further exploitation potential we now limit the
function-in-environment variable to variables prefixed with BASH_FUNC_ .
This hardening feature is work in progress and might be improved in later
updates.
Additionaly two more security issues were fixed in bash: CVE-2014-7186:
Nested HERE documents could lead to a crash of bash.
CVE-2014-7187: Nesting of for loops could lead to a crash of bash.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1260-1 -- bash (critical)SUSE Linux Enterprise Server 12SUSE Linux Enterprise Desktop 12Bash was updated to fix unexpected code execution with environment
variables (CVE-2014-6271).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE-SU-2014:1511-1 -- Security update for python, python-base, python-doc (moderate)SUSE Linux Enterprise Server 12SUSE Linux Enterprise Desktop 12pythonython, python-base, python-doc was updated to fix one security issue.
This security issue was fixed:
- Fixed potential buffer overflow in buffer() (CVE-2014-7185).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDSUSE Linux Enterprise Server 12 is installedSUSE Linux Enterprise Server 12SUSE Linux Enterprise Server 12 is installed.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDSUSE Linux Enterprise Desktop 12 is installedSUSE Linux Enterprise Desktop 12SUSE Linux Enterprise Desktop 12 is installed.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDcups-filters-foomatic-rip-debuginfocups-filterscups-filters-debuginfocups-filters-foomatic-ripcups-filters-cups-browsed-debuginfocups-filters-ghostscript-debuginfocups-filters-debugsourcecups-filters-cups-browsedcups-filters-ghostscriptdnsmasqdnsmasq-debuginfodnsmasq-debugsourceopenldap2-clientlibldap-2_4-2openldap2libldap-2_4-2-debuginfo-32bitopenldap2-back-metaopenldap2-client-debuginfolibldap-2_4-2-debuginfoopenldap2-client-debugsourceopenldap2-debugsourceopenldap2-debuginfoopenldap2-back-meta-debuginfolibldap-2_4-2-32bitgnome-settings-daemon-langgnome-settings-daemon-debuginfognome-settings-daemon-debugsourcegnome-settings-daemonlibcurl4-debuginfo-32bitcurl-debuginfolibcurl4-debuginfocurl-debugsourcelibcurl4curllibcurl4-32bitautofs-debuginfoautofsautofs-debugsourcewpa_supplicant-debugsourcewpa_supplicantwpa_supplicant-debuginfoperl-YAML-LibYAMLperl-YAML-LibYAML-debugsourceperl-YAML-LibYAML-debuginfolibgdm1typelib-1_0-Gdm-1_0gdm-branding-upstreamlibgdm1-debuginfogdm-debuginfogdmflexiservergdmgdm-debugsourcegdm-langgdgd-32bitgd-debugsourcegd-debuginfo-32bitgd-debuginfovorbis-tools-debugsourcevorbis-tools-debuginfovorbis-tools-langvorbis-toolsapache2-utilsapache2-debuginfoapache2-worker-debuginfoapache2-prefork-debuginfoapache2-docapache2-workerapache2-debugsourceapache2-preforkapache2-utils-debuginfoapache2apache2-example-pageslibgnutls28-debuginfo-32bitgnutls-debuginfolibgnutls28libgnutls28-32bitgnutls-debugsourcelibgnutls28-debuginfognutlscpio-debugsourcecpio-langcpio-debuginfocpiolibmagic1file-magiclibmagic1-debuginfo-32bitlibmagic1-32bitfile-debugsourcefile-debuginfofilelibmagic1-debuginfomariadb-toolslibmysqlclient18libmysqlclient18-debuginfo-32bitlibmysqlclient_r18mariadb-debuginfomariadb-client-debuginfolibmysqlclient_r18-32bitmariadblibmysqlclient18-debuginfomariadb-errormessagesmariadb-clientmariadb-debugsourcelibmysqlclient18-32bitmariadb-tools-debuginfoupdate-test-securitylibspice-server1-debuginfolibspice-server1spice-debugsourceopenssl-docopenssllibopenssl1_0_0-debuginfolibopenssl1_0_0-debuginfo-32bitlibopenssl1_0_0-hmaclibopenssl1_0_0openssl-debuginfolibopenssl1_0_0-32bitopenssl-debugsourcelibopenssl1_0_0-hmac-32bitjava-1_7_1-ibm-pluginjava-1_7_1-ibm-alsalibreadline6-debuginforeadline-doclibreadline6bash-docbash-langbashbash-debuginfobash-debugsourcesles-releasesled-releasepython-cursespython-base-debugsourcepython-base-debuginfopython-docpython-tkpython-debugsourcepython-debuginfopython-tk-debuginfolibpython2_7-1_0-debuginfopython-curses-debuginfopython-doc-pdfpython-xml-debuginfopythonpython-basepython-xmlpython-devellibpython2_7-1_00:1.0.58-5.10:2.71-4.10:2.4.39-16.10:3.10.2-20.10:7.37.0-15.10:5.0.9-8.10:2.2-8.10:0.38-10.10:3.10.0.1-16.10:2.1.0-5.10:1.4.0-23.10:2.4.10-12.10:3.2.15-4.10:2.11-29.10:5.19-5.20:10.0.16-15.10:0-11.20:0.12.4-6.10:1.0.1i-5.10:1.0.1i-25.10:1.7.1_sr2.0-4.10:6.2-81.10:4.2-81.10:6.2-77.10:4.2-77.1^(i586$)|(x86_64$)|(s390x$)|(ppc64le$)$(none)12^12(\.\d)*$0:2.7.7-5.10:2.7.7-5.2