CEEA-2017:1805 CentOS 7 kmod-redhat-qede Enhancement Update

The following information has been provided by the CENTOS announce mailing list.

CentOS Errata and Enhancement Advisory 2017:1805

Upstream details at : https://access.redhat.com/errata/RHEA-2017:1805

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
2744e18793a8faff431b6d7921023e348a26bee67163f3fcf30e2f30fc5b97d1  kmod-redhat-qede-8.10.10.21_dup7.3-1.el7_3.x86_64.rpm
c2abe7e9a94eee3327dde0ef4fdbf4c8fa5d981cc71cbc9e2b3195d44ab79c04  kmod-redhat-qede-devel-8.10.10.21_dup7.3-1.el7_3.x86_64.rpm

Source:
2aa79cd8745dbe3a3f669361453fc4755569bc04b8b34c4ca8e3ab7d887f7c5c  kmod-redhat-qede-8.10.10.21_dup7.3-1.el7_3.src.rpm

CEEA-2017:1805 CentOS 7 kmod-redhat-qed Enhancement Update

The following information has been provided by the CENTOS announce mailing list.

CentOS Errata and Enhancement Advisory 2017:1805

Upstream details at : https://access.redhat.com/errata/RHEA-2017:1805

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
9c006c0b393981b70c0614c000afa915d5c93c625e760dfadfe95f75a053657d  kmod-redhat-qed-8.10.10.21_dup7.3-2.el7_3.x86_64.rpm
0dfeb608ee3c79739743d12a3a1c7fa45d4158ad1780bb0768ac22333138bc05  kmod-redhat-qed-devel-8.10.10.21_dup7.3-2.el7_3.x86_64.rpm
1dc14cc4befdb6ce0986ff2b9cc490059453fdce294f42f88a600d9e8de15582  kmod-redhat-qed-firmware-8.15.3.0_dup7_3-2.el7_3.x86_64.rpm

Source:
b593624aee8832bf1a2cfaa204e2a1319c35eefff3e999859f6c2e2cfe08c7d8  kmod-redhat-qed-8.10.10.21_dup7.3-2.el7_3.src.rpm

CESA-2017:1809 Important CentOS 7 tomcat Security Update

The following information has been provided by the CENTOS announce mailing list.

CentOS Errata and Security Advisory 2017:1809 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2017:1809

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
43294259acd512850715ad15c50e7767bea30b2c123117f5f760eb4ad5d02e0b  tomcat-7.0.69-12.el7_3.noarch.rpm
e4605d5673e75ee3592faef8b59d1a2a8efa0da6e3cd8b04064380698586f9a3  tomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm
6330befc3bd1b7ab35b89ceca55174d94f7e0fe9cf2201166e18c399d48a1687  tomcat-docs-webapp-7.0.69-12.el7_3.noarch.rpm
d89786225c6c877fc6134d8e45a85b7fc77169de14ffc543b26ab58299a36f6a  tomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm
38a4c3e437b1b8d3e4baa175b70a2bdc2681c175c5f7c8d12867100fb9c45134  tomcat-javadoc-7.0.69-12.el7_3.noarch.rpm
2a27c95ad8005bb879140c28deac8f2fac5d85ba225a0abed4ad99956b3231a6  tomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm
dd585fca98f9ff44e927c5820e8731b8604bd23c4c282883ff89501da5476274  tomcat-jsvc-7.0.69-12.el7_3.noarch.rpm
37f28d949569ca81df0b5934ee32116069f912a640e5704d53a6ee521cca4d89  tomcat-lib-7.0.69-12.el7_3.noarch.rpm
726d723713f270e4fb0fed6a2a59c2b224da4e2cf0b2b458a90cf5fcc90331b4  tomcat-servlet-3.0-api-7.0.69-12.el7_3.noarch.rpm
84766cc7724a0399ed3e9830ac5803249395cd4ddd5cab2bdb8730e9cca0a2f0  tomcat-webapps-7.0.69-12.el7_3.noarch.rpm

Source:
209cc83cab3a92eaa48d20eb364e982722e639c29f1e3c984e2e03d45fcdbe73  tomcat-7.0.69-12.el7_3.src.rpm

MariaDB Galera Cluster 5.5.57 and Connector/C 3.0.2 now available

The following information has been provided by the mariadb announce mailing list.

The MariaDB project is pleased to announce the availability
of MariaDB Galera Cluster 5.5.57 and MariaDB Connector/C 3.0.2.
These are both stable (GA) releases. See the Release Notes and
Changelogs for details.

– – Links  – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

MariaDB Galera Cluster 5.5.57
– Release Notes: https://mariadb.com/kb/en/mgc-5557-rn/
– Changelog:     https://mariadb.com/kb/en/mgc-5557-cl/
– Downloads: https://downloads.mariadb.org/mariadb-galera/5.5.57

About MariaDB Galera Cluster:
https://mariadb.com/kb/en/what-is-mariadb-galera-cluster/

APT and YUM Repository Configuration Generator:
https://downloads.mariadb.org/mariadb/repositories/

MariaDB Connector/C 3.0.2
– Release Notes: https://mariadb.com/kb/en/mcc-302-rn/
– Changelog:     https://mariadb.com/kb/en/mcc-302-cl/
– Downloads:     https://downloads.mariadb.org/connector-c/3.0.2/

About MariaDB Connector/C:
https://mariadb.com/kb/en/about-mariadb-connector-c/

– – MariaDB Books  – – – – – – – – – – – – – – – – – – – – – – – – – –

There is an ever-growing library of MariaDB books available to help
you get the most out of MariaDB. See the MariaDB Books page for
details and links:

https://mariadb.com/kb/en/mariadb/books/

– – User Feedback plugin – – – – – – – – – – – – – – – – – – – – – – –

MariaDB includes a User Feedback plugin. This plugin is disabled by
default. If enabled, it submits basic, completely anonymous MariaDB
usage information. This information is used by the developers to
track trends in MariaDB usage to better guide development efforts.

If you would like to help make MariaDB better, please add
“feedback=ON” to your my.cnf or my.ini file!

See http://mariadb.com/kb/en/user-feedback-plugin for more
information.

– – Quality  – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

The project always strives for quality, but in reality, nothing is
perfect. Please take time to report any issues you encounter at:

http://jira.mariadb.org

– – Support MariaDB  – – – – – – – – – – – – – – – – – – – – – – – – –

If you would like to contribute to the MariaDB Foundation, please see
the “contributing” and “donations” pages. We also have merchandise
available in a cafepress store. All proceeds go to support the
MariaDB Foundation.

https://mariadb.com/kb/en/contributing

https://mariadb.org/donate/

We hope you enjoy MariaDB!

Check_MK stable release 1.2.8p25

The following information has been provided by the Check_MK announce mailing list.
Dear friends of Check_MK,
the new stable release 1.2.8p25 of Check_MK is ready for download.
This maintenance release ships with 26 changes affecing all editions of Check_MK,
1 Enterprise Edition specific change.
Changes in all Check_MK Editions:
Checks & Agents:
* 4823 FIX: netapp_api_cpu: Fixed crash if data for node is missing...
* 4874 FIX: cisco_power: Improved discovery of power supplies...
NOTE: Please refer to the migration notes!
* 4824 FIX: f5bigip_conns: Fixed crash if Parameters are at 'No Levels'...
* 4875 FIX: Fixed graph labeling and unit of active HTTP service
* 4826 FIX: juniper_cpu_util: No crash anymore if information is not provided
* 4876 FIX: mounts: Fixed wrong handling of NFS mounts on Linux which are detected as stale...
* 4827 FIX: domino_info: Fixed crash if some information is missing
* 4908 FIX: enterasys_powersupply: Fixed crash if empty output...
* 4909 FIX: arris_cmts_cpu: Fixed crash if thresholds are set
* 4879 FIX: akcp_sensor_humidity, akcp_exp_humidity: Fixed wrong order of level evaluation
* 4880 FIX: wut_webtherm, wut_webtherm.humidity: Fixed missing device type and enabled performance data for humidity
* 4881 FIX: multipath: Fixed service details: Number of paths were interpreted as expected paths
* 4883 FIX: juniper_trpz_aps_sessions: Fixed performance data handling if running on cluster
* 4884 FIX: oracle_logswitches: Fixed missing oracle.include
* 4914 FIX: statgrab_mem: Plugin is now prioritized over solaris_mem if both is available...
* 4915 FIX: solaris_mem: Unified graphs and Per-O-Meter with common memory checks...
* 4887 FIX: cisco_wlc: Fixed crashing check plugin caused by IndexError
* 4972 FIX: mk_inventory.aix: Use MK_VARDIR instead of MK_CONFDIR for the state file
* 4980 FIX: mssql_counters.file_sizes: Added readable titles of related metrics...
* 4981 FIX: fjdarye100_sum, fjdarye101_sum: Fixed precompiling error: No such file or directory: '/omd/sites/SITENAME/share/check_mk/checks/a'
* 4982 FIX: zypper: Made check more robust against different SLES 12 service packs
* 5029 FIX: Fix Windows agent crash with logwatch and '*' wildcard...
Multisite:
* 4902 SEC: Monitoring history views: Fixed possible XSS when displaying "plugin output"...
HW/SW-Inventory:
* 4878 FIX: lnx_distro: Fixed wrong detected distribution name, vendor and version...
Changes in the Check_MK Enterprise Edition:
You can download Check_MK from our download page:
* http://mathias-kettner.de/check_mk_download.html
Please mail bug reports and qualified feedback to feedback@check-mk.org.
We greatly thank you for using Check_MK and wish you a successful monitoring,
Your Check_MK Team

Neustar Introduces New Integrated Security Platform

Adds New Web Application Firewall Capabilities to World’s Largest DDoS Defense Network

STERLING, Va.–(BUSINESS WIRE)–Jul. 25, 2017– Neustar, Inc. (NYSE: NSR), a trusted, neutral provider of real-time information services, today introduced its new Integrated Security Platform, continuing to help organisations stay always on and ready to defend against security threats. Neustar helps enterprises not only defend their sites, but also monitor and accelerate them through the largest security cloud worldwide, and one of the most experienced teams, using proprietary threat intelligence. The new portal summarises critical information and provides a unified dashboard view of all Neustar Security Solutions, in a single pane, to expose threats and performance issues quickly. In addition, Neustar today announced it has added Web Application Firewall (WAF) capabilities to its security portfolio, building on its innovative SiteProtect DDoS defence solution.

“I joined Neustar because of its deep commitment to innovating and to stay ahead of the most dangerous DDoS and other cyber-related attacks,” said Barrett Lyon, Vice President, Research and Development for Neustar Security Solutions, and DDoS industry pioneer. “It’s our goal to ensure that our customers have the best protection, user experience, customer experience, configuration options and analytics at their disposal. With the addition of WAF technology, we will continue to build our capabilities to combat the most challenging problems, both today and in the future.”

The new Neustar Integrated Security Platform showcases critical security and network performance information – DDoS mitigation activity, authoritative DNS query traffic, blocked query data for recursive DNS, IP intelligence data, web performance load and response times – and delivers it in one place. The platform provides intuitive data visualisation that helps organisations easily monitor and manage critical services and understand their operational state in one glance, while allowing the administration of Neustar Security Solutions from one central point.

Additionally, Neustar continues to make significant investments in its Distributed Denial of Service (DDoS) defence offerings by:

  • Quadrupling its global DDoS defence capacity to 4 Tbps, on track to have 10 Tbps online in Q1 2018.
  • Expanding regional capacity in Europe and Asia, with new scrubbing centers in London, Frankfurt, Amsterdam, Tokyo and Singapore, to improve customer network performance during DDoS mitigations while also supporting regional data compliance requirements.
  • Delivering a new WAF service that provides robust additional protection against layer 7 web attacks with seamless integration and administration of the Neustar DDoS defence platform.
  • Advancing analytics and automation tools to give cloud control directly to customers.

“Neustar is committed to innovating and developing advanced capabilities to prepare for both today’s attacks, as well as what’s coming next,” said Nicolai Bezsonoff, General Manager, Neustar Security Solutions. “With Neustar Security Solutions, enterprises can maximise revenue gains and minimise the risk of revenue losses by delivering a fast, secure and reliable online experience for their end users.”

Geoff Hudson – Searle, Director of HS Business Management Limited and Neustar Client commented:
“The expansion and progress at Neustar reinforces its commitment to develop and be a leader in providing DDoS solutions to the global market, this includes the proud release of the Web Application Firewall (WAF) to its security offering.”

Over 2,500 leading enterprises and government organisations worldwide use Neustar Security Solutions to keep their organisations secure. Neustar delivers a comprehensive set of solutions for organisations looking to leverage real-time information to improve their security posture.

About Neustar
Every day, the world generates roughly 2.5 quadrillion bits of data. Neustar (NYSE: NSR) isolates certain elements and analyzes, simplifies and edits them to make precise and valuable decisions that drive results. As one of the few companies capable of knowing with certainty who is on the other end of every interaction, we’re trusted by the world’s great brands to make critical decisions some 20 billion times a day. We help marketers send timely and relevant messages to the right people. Because we can authoritatively tell a client exactly who is calling or connecting with them, we make critical realtime responses possible. And the same comprehensive information that enables our clients to direct and manage orders also stops attackers. We know when someone isn’t who they claim to be, which helps stop fraud and denial of service before they’re a problem. Because we’re also an experienced manager of some of the world’s most complex databases, we help clients control their online identity, registering and protecting their domain name, and routing traffic to the correct network address. By linking the most essential information with the people who depend on it, we provide more than 11,000 clients worldwide with decisions—not just data. More information is available at https://www.neustar.biz

Source: Neustar

OPNsense 17.1.11 released

The following information has been provided by the OPNsense announce mailing list.

Hi all,

An IPv6 problem has finally been fixed which could prevent reclaiming
address leases during an interface reload, especially when OpenVPN was
running.  Thanks to everyone involved in tracking this down!  Also,
the last bits for the new GUI major upgrade feature are now in place.
The 17.7 upgrade path will be unlocked on July 31, which will require
installing one tiny final update.

Here are the full patch notes:

o firmware: added major GUI upgrade code for upcoming 17.7 release
o firmware: added major GUI cron upgrade parameter “ALLOW_RISKY_MAJOR_UPGRADE”
o interfaces: dhcp6c can now properly reload without leaking its
listening socket to e.g. OpenVPN
o rc: allow to optionally prevent launch of configd via rc.conf variable
o openvpn: normalise line endings of used certificates
o openvpn: fix config handling in GUI pages for PHP 7.1
o plugins: os-quagga 1.3.2 (contributed by Fabian Franz and Michael Muenz)
o ports: perl 5.24.2[1]
o ports: strongswan 5.5.3[2]

Stay safe,
Your OPNsense team


[1] http://search.cpan.org/dist/perl-5.24.2/pod/perldelta.pod
[2] https://wiki.strongswan.org/versions/65
_______________________________________________
announce mailing list
announce@lists.opnsense.org
http://lists.opnsense.org/listinfo/announce

Check_MK stable release 1.4.0p9

The following information has been provided by the Check_MK announce mailing list.

Dear friends of Check_MK,

the new stable release 1.4.0p9 of Check_MK is ready for download.

This maintenance release ships with 33 changes affecing all editions of Check_MK,
7 Enterprise Edition specific changes and 2 Managed Service Edition specific changes.

Changes in all Check_MK Editions:

WATO:
* 4954 FIX: Host/Folder properties: fixed displaying of inherited checkbox tag group values
* 4953 FIX: Fixed possible exception during activation when files are modified while activating
* 4995 FIX: Fixed broken link from contact group list page to rulesets
* 4996 FIX: Backup targets: Fixed possible MemoryError exception when editing a target
* 4994 FIX: Analyze host rulesets: Fixed rendering of some values (e.g. Count, size and age of files)

User interface:
* 4950 FIX: Virtual host tree: Fixed navigating back to root of tree
* 4969 FIX: Service discovery view: Fixed sorting service descriptions
* 4988 FIX: LDAP: Improve error handling in case of authentication failures
* 4992 FIX: Fixed sending fake DOWN states for hosts when using Nagios core
* 5002 FIX: Fixed possible exception related to multisite_user_connectors on login failures
* 4949 FIX: Fixed grouping by host-/servicegroup in availability views
* 4952 FIX: Fixed broken alert statistics view (regression since 1.4.0p8)

Livestatus:
* 4852 FIX: Livestatus connections: fixed bug where data from previous connection got reused

Event console:
* 4993 FIX: Fixed visibility of events for users with limited access to events
* 5003 FIX: Fixed missing filtering by effective contact groups of events
* 4951 FIX: Added missing host custom variables to notifications created by the EC

Checks & agents:
* 4973 FIX: zpool: Fixed missing include statement which causes undefined ‘df_inventory’ error if using Nagios core
* 4976 FIX: wmi_cpuload: Fixed UNKNOWN service state due to werk #4742
* 4914 FIX: statgrab_mem: Plugin is now prioritized over solaris_mem if both is available
* 4915 FIX: solaris_mem: Unified graphs and Per-O-Meter with common memory checks
* 4884 FIX: oracle_logswitches: Fixed missing oracle.include
* 4980 FIX: mssql_counters.file_sizes: Added readable titles of related metrics
* 4972 FIX: mk_inventory.aix: Use MK_VARDIR instead of MK_CONFDIR for the state file
* 4978 FIX: ipmi: Ignore sensors with state ‘na’
* 4968 FIX: f5_bigip_cluster_status_v11_2: Now has its own check plugin file; This updates werk #4819
NOTE: Please refer to the migration notes!
* 4801 FIX: emc_datadomain_fs: Fix broken filesystem graph
* 4849 FIX: Windows mrpe scripts: strip leading whitespaces in mrpe command
* 4848 FIX: Windows Agent / fileinfo: fixed another issue, where meta information (size,age) was not accessible
* 4844 FIX: Windows Agent / Fileinfo: now able to read files meta information (size, age) even when file is locked
* 5021 FIX: Make sure that the output of the event console active check is valid
* 4850 FIX: Improved WATO service discovery performance
* 4846 FIX: ESX monitoring: fixed incomplete data, when the xml response from the esx server includes newlines

Changes in the Check_MK Enterprise Edition:

Reporting & availability:
* 5001 FIX: PDF exports: Default graph layout options were not applied
* 4957 FIX: Group headers of views are now displayed in PDF reports

Metrics system:
* 4997 FIX: Fixed visibility of metric toggle switch in graph designer
* 4563 FIX: Fix issue with @ in metric title

Livestatus:
* 5018 FIX: Handle vanished service groups correctly

Core & setup:
* 4956 FIX: Fixed possible exception in cmc.log when working with piggyback data

Agent bakery:
* 4991 FIX: Fixed the Installed-Size header of baked deb packages

Changes in the Check_MK Managed Service Edition:

WATO:
* 4959 FIX: Web-API: Fixed calls related to groups when using CME
* 4958 FIX: Group changes are added only to affected sites

You can download Check_MK from our download page:
* http://mathias-kettner.de/check_mk_download.html

Please mail bug reports and qualified feedback to feedback@check-mk.org.
We greatly thank you for using Check_MK and wish you a successful monitoring,

Your Check_MK Team

openSUSE-SU-2017:1948-1: important: Security update for rubygem-puppet I

The following information has been provided by the opensuse security announce mailing lIST

openSUSE Security Update: Security update for rubygem-puppet
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2017:1948-1
Rating:             important
References:         #1040151
Cross-References:   CVE-2017-2295
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for rubygem-puppet fixes the following issues:

– CVE-2017-2295: A remote attacker could have forced unsafe YAML
deserialization which could have led to code execution (bsc#1040151)

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-835=1

– openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-835=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.3 (i586 x86_64):

ruby2.1-rubygem-puppet-3.8.7-20.1
ruby2.1-rubygem-puppet-doc-3.8.7-20.1
ruby2.1-rubygem-puppet-testsuite-3.8.7-20.1
ruby2.2-rubygem-puppet-3.8.7-20.1
ruby2.2-rubygem-puppet-doc-3.8.7-20.1
ruby2.2-rubygem-puppet-testsuite-3.8.7-20.1
ruby2.3-rubygem-puppet-3.8.7-20.1
ruby2.3-rubygem-puppet-doc-3.8.7-20.1
ruby2.3-rubygem-puppet-testsuite-3.8.7-20.1
ruby2.4-rubygem-puppet-3.8.7-20.1
ruby2.4-rubygem-puppet-doc-3.8.7-20.1
ruby2.4-rubygem-puppet-testsuite-3.8.7-20.1
rubygem-puppet-3.8.7-20.1
rubygem-puppet-master-3.8.7-20.1

– openSUSE Leap 42.3 (noarch):

rubygem-puppet-emacs-3.8.7-20.1
rubygem-puppet-master-unicorn-3.8.7-20.1
rubygem-puppet-vim-3.8.7-20.1

– openSUSE Leap 42.2 (i586 x86_64):

ruby2.1-rubygem-puppet-3.8.7-17.3.1
ruby2.1-rubygem-puppet-doc-3.8.7-17.3.1
ruby2.1-rubygem-puppet-testsuite-3.8.7-17.3.1
rubygem-puppet-3.8.7-17.3.1
rubygem-puppet-master-3.8.7-17.3.1

– openSUSE Leap 42.2 (noarch):

rubygem-puppet-emacs-3.8.7-17.3.1
rubygem-puppet-master-unicorn-3.8.7-17.3.1
rubygem-puppet-vim-3.8.7-17.3.1

References:

https://www.suse.com/security/cve/CVE-2017-2295.html
https://bugzilla.suse.com/1040151

SUSE-SU-2017:1946-1: important: Security update for Linux Kernel Live Patch 10 for SLE 12 SP1

The following information has been provided by the opensuse security announce mailing lIST

SUSE Security Update: Security update for Linux Kernel Live Patch 10 for SLE 12 SP1
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:1946-1
Rating:             important
References:         #1013543 #1014271 #1021417 #1025013 #1025254
#1030575 #1031481 #1031660 #1039496
Cross-References:   CVE-2017-1000364
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server 12-SP1-LTSS
______________________________________________________________________________

An update that solves one vulnerability and has 8 fixes is
now available.

Description:

This update for the Linux Kernel 3.12.67-60_64_21 fixes several issues.

The following security bugs were fixed:

– CVE-2017-1000364: An issue was discovered in the size of the stack guard
page on Linux, specifically a 4k stack guard page is not sufficiently
large and can be “jumped” over (the stack guard page is bypassed)
(bsc#1039496).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server for SAP 12-SP1:

zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1212=1

– SUSE Linux Enterprise Server 12-SP1-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1212=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):

kgraft-patch-3_12_67-60_64_21-default-7-3.1
kgraft-patch-3_12_67-60_64_21-xen-7-3.1

– SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64):

kgraft-patch-3_12_67-60_64_21-default-7-3.1
kgraft-patch-3_12_67-60_64_21-xen-7-3.1

References:

https://www.suse.com/security/cve/CVE-2017-1000364.html
https://bugzilla.suse.com/1013543
https://bugzilla.suse.com/1014271
https://bugzilla.suse.com/1021417
https://bugzilla.suse.com/1025013
https://bugzilla.suse.com/1025254
https://bugzilla.suse.com/1030575
https://bugzilla.suse.com/1031481
https://bugzilla.suse.com/1031660
https://bugzilla.suse.com/1039496

SUSE-SU-2017:1945-1: important: Security update for Linux Kernel Live Patch 20 for SLE 12

The following information has been provided by the opensuse security announce mailing lIST

SUSE Security Update: Security update for Linux Kernel Live Patch 20 for SLE 12
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:1945-1
Rating:             important
References:         #1025013 #1031660 #1039496
Cross-References:   CVE-2017-1000364
Affected Products:
SUSE Linux Enterprise Server for SAP 12
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

An update that solves one vulnerability and has two fixes
is now available.

Description:

This update for the Linux Kernel 3.12.61-52_69 fixes several issues.

The following security bugs were fixed:

– CVE-2017-1000364: An issue was discovered in the size of the stack guard
page on Linux, specifically a 4k stack guard page is not sufficiently
large and can be “jumped” over (the stack guard page is bypassed)
(bsc#1039496).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server for SAP 12:

zypper in -t patch SUSE-SLE-SAP-12-2017-1205=1

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1205=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server for SAP 12 (x86_64):

kgraft-patch-3_12_61-52_69-default-3-3.1
kgraft-patch-3_12_61-52_69-xen-3-3.1

– SUSE Linux Enterprise Server 12-LTSS (x86_64):

kgraft-patch-3_12_61-52_69-default-3-3.1
kgraft-patch-3_12_61-52_69-xen-3-3.1

References:

https://www.suse.com/security/cve/CVE-2017-1000364.html
https://bugzilla.suse.com/1025013
https://bugzilla.suse.com/1031660
https://bugzilla.suse.com/1039496

SUSE-SU-2017:1944-1: important: Security update for Linux Kernel Live Patch 14 for SLE 12 SP1

The following information has been provided by the opensuse security announce mailing lIST

SUSE Security Update: Security update for Linux Kernel Live Patch 14 for SLE 12 SP1
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:1944-1
Rating:             important
References:         #1031481 #1031660 #1039496
Cross-References:   CVE-2017-1000364
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server 12-SP1-LTSS
______________________________________________________________________________

An update that solves one vulnerability and has two fixes
is now available.

Description:

This update for the Linux Kernel 3.12.69-60_64_35 fixes several issues.

The following security bugs were fixed:

– CVE-2017-1000364: An issue was discovered in the size of the stack guard
page on Linux, specifically a 4k stack guard page is not sufficiently
large and can be “jumped” over (the stack guard page is bypassed)
(bsc#1039496).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server for SAP 12-SP1:

zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1210=1

– SUSE Linux Enterprise Server 12-SP1-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1210=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):

kgraft-patch-3_12_69-60_64_35-default-3-3.1
kgraft-patch-3_12_69-60_64_35-xen-3-3.1

– SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64):

kgraft-patch-3_12_69-60_64_35-default-3-3.1
kgraft-patch-3_12_69-60_64_35-xen-3-3.1

References:

https://www.suse.com/security/cve/CVE-2017-1000364.html
https://bugzilla.suse.com/1031481
https://bugzilla.suse.com/1031660
https://bugzilla.suse.com/1039496

SUSE-SU-2017:1943-1: important: Security update for Linux Kernel Live Patch 15 for SLE 12 SP1

The following information has been provided by the opensuse security announce mailing lIST

SUSE Security Update: Security update for Linux Kernel Live Patch 15 for SLE 12 SP1
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:1943-1
Rating:             important
References:         #1039496
Cross-References:   CVE-2017-1000364
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server 12-SP1-LTSS
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for the Linux Kernel 3.12.74-60_64_40 fixes one issue.

The following security bugs were fixed:

– CVE-2017-1000364: An issue was discovered in the size of the stack guard
page on Linux, specifically a 4k stack guard page is not sufficiently
large and can be “jumped” over (the stack guard page is bypassed)
(bsc#1039496).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server for SAP 12-SP1:

zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1209=1

– SUSE Linux Enterprise Server 12-SP1-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1209=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):

kgraft-patch-3_12_74-60_64_40-default-2-3.1
kgraft-patch-3_12_74-60_64_40-xen-2-3.1

– SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64):

kgraft-patch-3_12_74-60_64_40-default-2-3.1
kgraft-patch-3_12_74-60_64_40-xen-2-3.1

References:

https://www.suse.com/security/cve/CVE-2017-1000364.html
https://bugzilla.suse.com/1039496