openSUSE-SU-2017:2393-1: important: Security update for gdk-pixbuf

openSUSE Security Update: Security update for gdk-pixbuf
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2393-1
Rating: important
References: #1027024 #1027025 #1027026 #1048289 #1048544
#1049877
Cross-References: CVE-2017-2862 CVE-2017-2870 CVE-2017-6312
CVE-2017-6313 CVE-2017-6314
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________

An update that solves 5 vulnerabilities and has one errata
is now available.

Description:

This update for gdk-pixbuf fixes the following issues:

– CVE-2017-2862: JPEG gdk_pixbuf__jpeg_image_load_increment Code Execution
Vulnerability (bsc#1048289)
– CVE-2017-2870: tiff_image_parse Code Execution Vulnerability
(bsc#1048544)
– CVE-2017-6313: A dangerous integer underflow in io-icns.c (bsc#1027024)
– CVE-2017-6314: Infinite loop in io-tiff.c (bsc#1027025)
– CVE-2017-6312: Out-of-bounds read on io-ico.c (bsc#1027026)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-1024=1

– openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-1024=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.3 (i586 x86_64):

gdk-pixbuf-debugsource-2.34.0-10.1
gdk-pixbuf-devel-2.34.0-10.1
gdk-pixbuf-devel-debuginfo-2.34.0-10.1
gdk-pixbuf-query-loaders-2.34.0-10.1
gdk-pixbuf-query-loaders-debuginfo-2.34.0-10.1
libgdk_pixbuf-2_0-0-2.34.0-10.1
libgdk_pixbuf-2_0-0-debuginfo-2.34.0-10.1
typelib-1_0-GdkPixbuf-2_0-2.34.0-10.1

– openSUSE Leap 42.3 (noarch):

gdk-pixbuf-lang-2.34.0-10.1

– openSUSE Leap 42.3 (x86_64):

gdk-pixbuf-devel-32bit-2.34.0-10.1
gdk-pixbuf-devel-debuginfo-32bit-2.34.0-10.1
gdk-pixbuf-query-loaders-32bit-2.34.0-10.1
gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-10.1
libgdk_pixbuf-2_0-0-32bit-2.34.0-10.1
libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-10.1

– openSUSE Leap 42.2 (i586 x86_64):

gdk-pixbuf-debugsource-2.34.0-7.3.1
gdk-pixbuf-devel-2.34.0-7.3.1
gdk-pixbuf-devel-debuginfo-2.34.0-7.3.1
gdk-pixbuf-query-loaders-2.34.0-7.3.1
gdk-pixbuf-query-loaders-debuginfo-2.34.0-7.3.1
libgdk_pixbuf-2_0-0-2.34.0-7.3.1
libgdk_pixbuf-2_0-0-debuginfo-2.34.0-7.3.1
typelib-1_0-GdkPixbuf-2_0-2.34.0-7.3.1

– openSUSE Leap 42.2 (noarch):

gdk-pixbuf-lang-2.34.0-7.3.1

– openSUSE Leap 42.2 (x86_64):

gdk-pixbuf-devel-32bit-2.34.0-7.3.1
gdk-pixbuf-devel-debuginfo-32bit-2.34.0-7.3.1
gdk-pixbuf-query-loaders-32bit-2.34.0-7.3.1
gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-7.3.1
libgdk_pixbuf-2_0-0-32bit-2.34.0-7.3.1
libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-7.3.1

References:

https://www.suse.com/security/cve/CVE-2017-2862.html
https://www.suse.com/security/cve/CVE-2017-2870.html
https://www.suse.com/security/cve/CVE-2017-6312.html
https://www.suse.com/security/cve/CVE-2017-6313.html
https://www.suse.com/security/cve/CVE-2017-6314.html
https://bugzilla.suse.com/1027024
https://bugzilla.suse.com/1027025
https://bugzilla.suse.com/1027026
https://bugzilla.suse.com/1048289
https://bugzilla.suse.com/1048544
https://bugzilla.suse.com/1049877


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE-SU-2017:2398-1: important: Security update for xen

openSUSE Security Update: Security update for xen
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2398-1
Rating: important
References: #1002573 #1026236 #1035231 #1037840 #1046637
#1049578 #1051787 #1051788 #1051789 #1052686
#1055695
Cross-References: CVE-2016-9603 CVE-2017-10664 CVE-2017-11434
CVE-2017-12135 CVE-2017-12136 CVE-2017-12137
CVE-2017-12855
Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________

An update that solves 7 vulnerabilities and has four fixes
is now available.

Description:

This update for xen to version 4.7.3 fixes several issues.

These security issues were fixed:

– CVE-2017-12135: Unbounded recursion in grant table code allowed a
malicious guest to crash the host or potentially escalate
privileges/leak information (XSA-226, bsc#1051787).
– CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for
privilege escalation (XSA-227, bsc#1051788).
– CVE-2017-12136: Race conditions with maptrack free list handling allows
a malicious guest administrator to crash the host or escalate their
privilege to that of the host (XSA-228, bsc#1051789).
– CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local
guest OS users to cause a denial of service (out-of-bounds read) via a
crafted DHCP
options string (bsc#1049578).
– CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote
attackers to cause a denial of service (daemon crash) by disconnecting
during a server-to-client reply attempt (bsc#1046637).
– CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to
potentially leaking sensitive information (XSA-230 CVE-2017-12855).

These non-security issues were fixed:

– bsc#1055695: XEN: 11SP4 and 12SP3 HVM guests can not be restored after
the save using xl stack
– bsc#1035231: Migration of HVM domU did not use superpages on destination
dom0
– bsc#1002573: Optimized LVM functions in block-dmmd block-dmmd
– bsc#1037840: Xen-detect always showed HVM for PV guests

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-1022=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.2 (i586 x86_64):

xen-debugsource-4.7.3_03-11.12.1
xen-devel-4.7.3_03-11.12.1
xen-libs-4.7.3_03-11.12.1
xen-libs-debuginfo-4.7.3_03-11.12.1
xen-tools-domU-4.7.3_03-11.12.1
xen-tools-domU-debuginfo-4.7.3_03-11.12.1

– openSUSE Leap 42.2 (x86_64):

xen-4.7.3_03-11.12.1
xen-doc-html-4.7.3_03-11.12.1
xen-libs-32bit-4.7.3_03-11.12.1
xen-libs-debuginfo-32bit-4.7.3_03-11.12.1
xen-tools-4.7.3_03-11.12.1
xen-tools-debuginfo-4.7.3_03-11.12.1

References:

https://www.suse.com/security/cve/CVE-2016-9603.html
https://www.suse.com/security/cve/CVE-2017-10664.html
https://www.suse.com/security/cve/CVE-2017-11434.html
https://www.suse.com/security/cve/CVE-2017-12135.html
https://www.suse.com/security/cve/CVE-2017-12136.html
https://www.suse.com/security/cve/CVE-2017-12137.html
https://www.suse.com/security/cve/CVE-2017-12855.html
https://bugzilla.suse.com/1002573
https://bugzilla.suse.com/1026236
https://bugzilla.suse.com/1035231
https://bugzilla.suse.com/1037840
https://bugzilla.suse.com/1046637
https://bugzilla.suse.com/1049578
https://bugzilla.suse.com/1051787
https://bugzilla.suse.com/1051788
https://bugzilla.suse.com/1051789
https://bugzilla.suse.com/1052686
https://bugzilla.suse.com/1055695


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE-SU-2017:2394-1: important: Security update for xen

openSUSE Security Update: Security update for xen
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2394-1
Rating: important
References: #1002573 #1026236 #1027519 #1035231 #1046637
#1049578 #1051787 #1051788 #1051789 #1052686
#1055695
Cross-References: CVE-2017-10664 CVE-2017-11434 CVE-2017-12135
CVE-2017-12136 CVE-2017-12137 CVE-2017-12855

Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves 6 vulnerabilities and has 5 fixes is
now available.

Description:

This update for xen fixes several issues.

These security issues were fixed:

– CVE-2017-12135: Unbounded recursion in grant table code allowed a
malicious guest to crash the host or potentially escalate
privileges/leak information (XSA-226, bsc#1051787).
– CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for
privilege escalation (XSA-227, bsc#1051788).
– CVE-2017-12136: Race conditions with maptrack free list handling allows
a malicious guest administrator to crash the host or escalate their
privilege to that of the host (XSA-228, bsc#1051789).
– CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local
guest OS users to cause a denial of service (out-of-bounds read) via a
crafted DHCP
options string (bsc#1049578).
– CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote
attackers to cause a denial of service (daemon crash) by disconnecting
during a server-to-client reply attempt (bsc#1046637).
– CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to
potentially leaking sensitive information (XSA-230 bsc#1052686.

These non-security issues were fixed:

– bsc#1055695: XEN: 11SP4 and 12SP3 HVM guests can not be restored after
the save using xl stack
– bsc#1035231: Migration of HVM domU did not use superpages on destination
dom0
– bsc#1002573: Optimized LVM functions in block-dmmd block-dmmd

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-1023=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.3 (x86_64):

xen-4.9.0_11-4.1
xen-debugsource-4.9.0_11-4.1
xen-devel-4.9.0_11-4.1
xen-doc-html-4.9.0_11-4.1
xen-libs-4.9.0_11-4.1
xen-libs-debuginfo-4.9.0_11-4.1
xen-tools-4.9.0_11-4.1
xen-tools-debuginfo-4.9.0_11-4.1
xen-tools-domU-4.9.0_11-4.1
xen-tools-domU-debuginfo-4.9.0_11-4.1

References:

https://www.suse.com/security/cve/CVE-2017-10664.html
https://www.suse.com/security/cve/CVE-2017-11434.html
https://www.suse.com/security/cve/CVE-2017-12135.html
https://www.suse.com/security/cve/CVE-2017-12136.html
https://www.suse.com/security/cve/CVE-2017-12137.html
https://www.suse.com/security/cve/CVE-2017-12855.html
https://bugzilla.suse.com/1002573
https://bugzilla.suse.com/1026236
https://bugzilla.suse.com/1027519
https://bugzilla.suse.com/1035231
https://bugzilla.suse.com/1046637
https://bugzilla.suse.com/1049578
https://bugzilla.suse.com/1051787
https://bugzilla.suse.com/1051788
https://bugzilla.suse.com/1051789
https://bugzilla.suse.com/1052686
https://bugzilla.suse.com/1055695


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE-SU-2017:2391-1: important: Security update for postgresql96

openSUSE Security Update: Security update for postgresql96
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2391-1
Rating: important
References: #1051684 #1051685 #1053259
Cross-References: CVE-2017-7546 CVE-2017-7547 CVE-2017-7548

Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for postgresql96 fixes the following issues:

* CVE-2017-7547: Further restrict visibility of
pg_user_mappings.umoptions, to protect passwords stored as user mapping
options. (bsc#1051685)
* CVE-2017-7546: Disallow empty passwords in all password-based
authentication methods. (bsc#1051684)
* CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259)

The changelog for this release is here:
https://www.postgresql.org/docs/9.6/static/release-9-6-4.html

This update was imported from the SUSE:SLE-12:Update update project.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-1021=1

– openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-1021=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.3 (i586 x86_64):

libecpg6-9.6.4-6.1
libecpg6-debuginfo-9.6.4-6.1
libpq5-9.6.4-6.1
libpq5-debuginfo-9.6.4-6.1
postgresql96-9.6.4-6.1
postgresql96-contrib-9.6.4-6.1
postgresql96-contrib-debuginfo-9.6.4-6.1
postgresql96-debuginfo-9.6.4-6.1
postgresql96-debugsource-9.6.4-6.1
postgresql96-devel-9.6.4-6.1
postgresql96-devel-debuginfo-9.6.4-6.1
postgresql96-libs-debugsource-9.6.4-6.1
postgresql96-plperl-9.6.4-6.1
postgresql96-plperl-debuginfo-9.6.4-6.1
postgresql96-plpython-9.6.4-6.1
postgresql96-plpython-debuginfo-9.6.4-6.1
postgresql96-pltcl-9.6.4-6.1
postgresql96-pltcl-debuginfo-9.6.4-6.1
postgresql96-server-9.6.4-6.1
postgresql96-server-debuginfo-9.6.4-6.1
postgresql96-test-9.6.4-6.1

– openSUSE Leap 42.3 (noarch):

postgresql96-docs-9.6.4-6.1

– openSUSE Leap 42.3 (x86_64):

libecpg6-32bit-9.6.4-6.1
libecpg6-debuginfo-32bit-9.6.4-6.1
libpq5-32bit-9.6.4-6.1
libpq5-debuginfo-32bit-9.6.4-6.1

– openSUSE Leap 42.2 (i586 x86_64):

libecpg6-9.6.4-5.1
libecpg6-debuginfo-9.6.4-5.1
libpq5-9.6.4-5.1
libpq5-debuginfo-9.6.4-5.1
postgresql96-9.6.4-5.1
postgresql96-contrib-9.6.4-5.1
postgresql96-contrib-debuginfo-9.6.4-5.1
postgresql96-debuginfo-9.6.4-5.1
postgresql96-debugsource-9.6.4-5.1
postgresql96-devel-9.6.4-5.1
postgresql96-devel-debuginfo-9.6.4-5.1
postgresql96-libs-debugsource-9.6.4-5.1
postgresql96-plperl-9.6.4-5.1
postgresql96-plperl-debuginfo-9.6.4-5.1
postgresql96-plpython-9.6.4-5.1
postgresql96-plpython-debuginfo-9.6.4-5.1
postgresql96-pltcl-9.6.4-5.1
postgresql96-pltcl-debuginfo-9.6.4-5.1
postgresql96-server-9.6.4-5.1
postgresql96-server-debuginfo-9.6.4-5.1
postgresql96-test-9.6.4-5.1

– openSUSE Leap 42.2 (x86_64):

libecpg6-32bit-9.6.4-5.1
libecpg6-debuginfo-32bit-9.6.4-5.1
libpq5-32bit-9.6.4-5.1
libpq5-debuginfo-32bit-9.6.4-5.1

– openSUSE Leap 42.2 (noarch):

postgresql96-docs-9.6.4-5.1

References:

https://www.suse.com/security/cve/CVE-2017-7546.html
https://www.suse.com/security/cve/CVE-2017-7547.html
https://www.suse.com/security/cve/CVE-2017-7548.html
https://bugzilla.suse.com/1051684
https://bugzilla.suse.com/1051685
https://bugzilla.suse.com/1053259


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2390-1: important: Security update for evince

SUSE Security Update: Security update for evince
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2390-1
Rating: important
References: #1046856
Cross-References: CVE-2017-1000083
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP3
SUSE Linux Enterprise Workstation Extension 12-SP2
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for evince fixes the following issue:

– CVE-2017-1000083: Remote attackers could have used the comicbook mode of
evince to inject shell code (bsc#1046856).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Workstation Extension 12-SP3:

zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1479=1

– SUSE Linux Enterprise Workstation Extension 12-SP2:

zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1479=1

– SUSE Linux Enterprise Software Development Kit 12-SP3:

zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1479=1

– SUSE Linux Enterprise Software Development Kit 12-SP2:

zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1479=1

– SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:

zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1479=1

– SUSE Linux Enterprise Server 12-SP3:

zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1479=1

– SUSE Linux Enterprise Server 12-SP2:

zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1479=1

– SUSE Linux Enterprise Desktop 12-SP3:

zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1479=1

– SUSE Linux Enterprise Desktop 12-SP2:

zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1479=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64):

evince-debuginfo-3.20.1-6.16.1
evince-debugsource-3.20.1-6.16.1
typelib-1_0-EvinceDocument-3_0-3.20.1-6.16.1
typelib-1_0-EvinceView-3_0-3.20.1-6.16.1

– SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64):

evince-debuginfo-3.20.1-6.16.1
evince-debugsource-3.20.1-6.16.1
typelib-1_0-EvinceDocument-3_0-3.20.1-6.16.1
typelib-1_0-EvinceView-3_0-3.20.1-6.16.1

– SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):

evince-debuginfo-3.20.1-6.16.1
evince-debugsource-3.20.1-6.16.1
evince-devel-3.20.1-6.16.1
typelib-1_0-EvinceDocument-3_0-3.20.1-6.16.1
typelib-1_0-EvinceView-3_0-3.20.1-6.16.1

– SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):

evince-debuginfo-3.20.1-6.16.1
evince-debugsource-3.20.1-6.16.1
evince-devel-3.20.1-6.16.1
typelib-1_0-EvinceDocument-3_0-3.20.1-6.16.1
typelib-1_0-EvinceView-3_0-3.20.1-6.16.1

– SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):

evince-3.20.1-6.16.1
evince-browser-plugin-3.20.1-6.16.1
evince-browser-plugin-debuginfo-3.20.1-6.16.1
evince-debuginfo-3.20.1-6.16.1
evince-debugsource-3.20.1-6.16.1
evince-plugin-djvudocument-3.20.1-6.16.1
evince-plugin-djvudocument-debuginfo-3.20.1-6.16.1
evince-plugin-dvidocument-3.20.1-6.16.1
evince-plugin-dvidocument-debuginfo-3.20.1-6.16.1
evince-plugin-pdfdocument-3.20.1-6.16.1
evince-plugin-pdfdocument-debuginfo-3.20.1-6.16.1
evince-plugin-psdocument-3.20.1-6.16.1
evince-plugin-psdocument-debuginfo-3.20.1-6.16.1
evince-plugin-tiffdocument-3.20.1-6.16.1
evince-plugin-tiffdocument-debuginfo-3.20.1-6.16.1
evince-plugin-xpsdocument-3.20.1-6.16.1
evince-plugin-xpsdocument-debuginfo-3.20.1-6.16.1
libevdocument3-4-3.20.1-6.16.1
libevdocument3-4-debuginfo-3.20.1-6.16.1
libevview3-3-3.20.1-6.16.1
libevview3-3-debuginfo-3.20.1-6.16.1
nautilus-evince-3.20.1-6.16.1
nautilus-evince-debuginfo-3.20.1-6.16.1

– SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch):

evince-lang-3.20.1-6.16.1

– SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

evince-3.20.1-6.16.1
evince-browser-plugin-3.20.1-6.16.1
evince-browser-plugin-debuginfo-3.20.1-6.16.1
evince-debuginfo-3.20.1-6.16.1
evince-debugsource-3.20.1-6.16.1
evince-plugin-djvudocument-3.20.1-6.16.1
evince-plugin-djvudocument-debuginfo-3.20.1-6.16.1
evince-plugin-dvidocument-3.20.1-6.16.1
evince-plugin-dvidocument-debuginfo-3.20.1-6.16.1
evince-plugin-pdfdocument-3.20.1-6.16.1
evince-plugin-pdfdocument-debuginfo-3.20.1-6.16.1
evince-plugin-psdocument-3.20.1-6.16.1
evince-plugin-psdocument-debuginfo-3.20.1-6.16.1
evince-plugin-tiffdocument-3.20.1-6.16.1
evince-plugin-tiffdocument-debuginfo-3.20.1-6.16.1
evince-plugin-xpsdocument-3.20.1-6.16.1
evince-plugin-xpsdocument-debuginfo-3.20.1-6.16.1
libevdocument3-4-3.20.1-6.16.1
libevdocument3-4-debuginfo-3.20.1-6.16.1
libevview3-3-3.20.1-6.16.1
libevview3-3-debuginfo-3.20.1-6.16.1
nautilus-evince-3.20.1-6.16.1
nautilus-evince-debuginfo-3.20.1-6.16.1

– SUSE Linux Enterprise Server 12-SP3 (noarch):

evince-lang-3.20.1-6.16.1

– SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):

evince-3.20.1-6.16.1
evince-browser-plugin-3.20.1-6.16.1
evince-browser-plugin-debuginfo-3.20.1-6.16.1
evince-debuginfo-3.20.1-6.16.1
evince-debugsource-3.20.1-6.16.1
evince-plugin-djvudocument-3.20.1-6.16.1
evince-plugin-djvudocument-debuginfo-3.20.1-6.16.1
evince-plugin-dvidocument-3.20.1-6.16.1
evince-plugin-dvidocument-debuginfo-3.20.1-6.16.1
evince-plugin-pdfdocument-3.20.1-6.16.1
evince-plugin-pdfdocument-debuginfo-3.20.1-6.16.1
evince-plugin-psdocument-3.20.1-6.16.1
evince-plugin-psdocument-debuginfo-3.20.1-6.16.1
evince-plugin-tiffdocument-3.20.1-6.16.1
evince-plugin-tiffdocument-debuginfo-3.20.1-6.16.1
evince-plugin-xpsdocument-3.20.1-6.16.1
evince-plugin-xpsdocument-debuginfo-3.20.1-6.16.1
libevdocument3-4-3.20.1-6.16.1
libevdocument3-4-debuginfo-3.20.1-6.16.1
libevview3-3-3.20.1-6.16.1
libevview3-3-debuginfo-3.20.1-6.16.1
nautilus-evince-3.20.1-6.16.1
nautilus-evince-debuginfo-3.20.1-6.16.1

– SUSE Linux Enterprise Server 12-SP2 (noarch):

evince-lang-3.20.1-6.16.1

– SUSE Linux Enterprise Desktop 12-SP3 (noarch):

evince-lang-3.20.1-6.16.1

– SUSE Linux Enterprise Desktop 12-SP3 (x86_64):

evince-3.20.1-6.16.1
evince-browser-plugin-3.20.1-6.16.1
evince-browser-plugin-debuginfo-3.20.1-6.16.1
evince-debuginfo-3.20.1-6.16.1
evince-debugsource-3.20.1-6.16.1
evince-plugin-djvudocument-3.20.1-6.16.1
evince-plugin-djvudocument-debuginfo-3.20.1-6.16.1
evince-plugin-dvidocument-3.20.1-6.16.1
evince-plugin-dvidocument-debuginfo-3.20.1-6.16.1
evince-plugin-pdfdocument-3.20.1-6.16.1
evince-plugin-pdfdocument-debuginfo-3.20.1-6.16.1
evince-plugin-psdocument-3.20.1-6.16.1
evince-plugin-psdocument-debuginfo-3.20.1-6.16.1
evince-plugin-tiffdocument-3.20.1-6.16.1
evince-plugin-tiffdocument-debuginfo-3.20.1-6.16.1
evince-plugin-xpsdocument-3.20.1-6.16.1
evince-plugin-xpsdocument-debuginfo-3.20.1-6.16.1
libevdocument3-4-3.20.1-6.16.1
libevdocument3-4-debuginfo-3.20.1-6.16.1
libevview3-3-3.20.1-6.16.1
libevview3-3-debuginfo-3.20.1-6.16.1
nautilus-evince-3.20.1-6.16.1
nautilus-evince-debuginfo-3.20.1-6.16.1
typelib-1_0-EvinceDocument-3_0-3.20.1-6.16.1
typelib-1_0-EvinceView-3_0-3.20.1-6.16.1

– SUSE Linux Enterprise Desktop 12-SP2 (x86_64):

evince-3.20.1-6.16.1
evince-browser-plugin-3.20.1-6.16.1
evince-browser-plugin-debuginfo-3.20.1-6.16.1
evince-debuginfo-3.20.1-6.16.1
evince-debugsource-3.20.1-6.16.1
evince-plugin-djvudocument-3.20.1-6.16.1
evince-plugin-djvudocument-debuginfo-3.20.1-6.16.1
evince-plugin-dvidocument-3.20.1-6.16.1
evince-plugin-dvidocument-debuginfo-3.20.1-6.16.1
evince-plugin-pdfdocument-3.20.1-6.16.1
evince-plugin-pdfdocument-debuginfo-3.20.1-6.16.1
evince-plugin-psdocument-3.20.1-6.16.1
evince-plugin-psdocument-debuginfo-3.20.1-6.16.1
evince-plugin-tiffdocument-3.20.1-6.16.1
evince-plugin-tiffdocument-debuginfo-3.20.1-6.16.1
evince-plugin-xpsdocument-3.20.1-6.16.1
evince-plugin-xpsdocument-debuginfo-3.20.1-6.16.1
libevdocument3-4-3.20.1-6.16.1
libevdocument3-4-debuginfo-3.20.1-6.16.1
libevview3-3-3.20.1-6.16.1
libevview3-3-debuginfo-3.20.1-6.16.1
nautilus-evince-3.20.1-6.16.1
nautilus-evince-debuginfo-3.20.1-6.16.1
typelib-1_0-EvinceDocument-3_0-3.20.1-6.16.1
typelib-1_0-EvinceView-3_0-3.20.1-6.16.1

– SUSE Linux Enterprise Desktop 12-SP2 (noarch):

evince-lang-3.20.1-6.16.1

References:

https://www.suse.com/security/cve/CVE-2017-1000083.html
https://bugzilla.suse.com/1046856


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE-SU-2017:2392-1: important: Security update for postgresql94

openSUSE Security Update: Security update for postgresql94
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2392-1
Rating: important
References: #1051684 #1051685 #1053259
Cross-References: CVE-2017-7546 CVE-2017-7547 CVE-2017-7548

Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for postgresql94 fixes the following issues:

* CVE-2017-7547: Further restrict visibility of
pg_user_mappings.umoptions, to protect passwords stored as user mapping
options. (bsc#1051685)
* CVE-2017-7546: Disallow empty passwords in all password-based
authentication methods. (bsc#1051684)
* CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259)

This update was imported from the SUSE:SLE-12:Update update project.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-1020=1

– openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-1020=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.3 (i586 x86_64):

postgresql94-9.4.13-12.1
postgresql94-contrib-9.4.13-12.1
postgresql94-contrib-debuginfo-9.4.13-12.1
postgresql94-debuginfo-9.4.13-12.1
postgresql94-debugsource-9.4.13-12.1
postgresql94-devel-9.4.13-12.1
postgresql94-devel-debuginfo-9.4.13-12.1
postgresql94-libs-debugsource-9.4.13-12.1
postgresql94-plperl-9.4.13-12.1
postgresql94-plperl-debuginfo-9.4.13-12.1
postgresql94-plpython-9.4.13-12.1
postgresql94-plpython-debuginfo-9.4.13-12.1
postgresql94-pltcl-9.4.13-12.1
postgresql94-pltcl-debuginfo-9.4.13-12.1
postgresql94-server-9.4.13-12.1
postgresql94-server-debuginfo-9.4.13-12.1
postgresql94-test-9.4.13-12.1

– openSUSE Leap 42.3 (noarch):

postgresql94-docs-9.4.13-12.1

– openSUSE Leap 42.2 (i586 x86_64):

postgresql94-9.4.13-9.9.1
postgresql94-contrib-9.4.13-9.9.1
postgresql94-contrib-debuginfo-9.4.13-9.9.1
postgresql94-debuginfo-9.4.13-9.9.1
postgresql94-debugsource-9.4.13-9.9.1
postgresql94-devel-9.4.13-9.9.1
postgresql94-devel-debuginfo-9.4.13-9.9.1
postgresql94-libs-debugsource-9.4.13-9.9.1
postgresql94-plperl-9.4.13-9.9.1
postgresql94-plperl-debuginfo-9.4.13-9.9.1
postgresql94-plpython-9.4.13-9.9.1
postgresql94-plpython-debuginfo-9.4.13-9.9.1
postgresql94-pltcl-9.4.13-9.9.1
postgresql94-pltcl-debuginfo-9.4.13-9.9.1
postgresql94-server-9.4.13-9.9.1
postgresql94-server-debuginfo-9.4.13-9.9.1
postgresql94-test-9.4.13-9.9.1

– openSUSE Leap 42.2 (noarch):

postgresql94-docs-9.4.13-9.9.1

References:

https://www.suse.com/security/cve/CVE-2017-7546.html
https://www.suse.com/security/cve/CVE-2017-7547.html
https://www.suse.com/security/cve/CVE-2017-7548.html
https://bugzilla.suse.com/1051684
https://bugzilla.suse.com/1051685
https://bugzilla.suse.com/1053259


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2389-1: important: Security update for the Linux Kernel

SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2389-1
Rating: important
References: #1000365 #1000380 #1012422 #1013018 #1015452
#1023051 #1029140 #1029850 #1030552 #1030593
#1030814 #1032340 #1032471 #1034026 #1034670
#1035576 #1035721 #1035777 #1035920 #1036056
#1036288 #1036629 #1037191 #1037193 #1037227
#1037232 #1037233 #1037356 #1037358 #1037359
#1037441 #1038544 #1038879 #1038981 #1038982
#1039258 #1039354 #1039456 #1039594 #1039882
#1039883 #1039885 #1040069 #1040351 #1041160
#1041431 #1041762 #1041975 #1042045 #1042615
#1042633 #1042687 #1042832 #1042863 #1043014
#1043234 #1043935 #1044015 #1044125 #1044216
#1044230 #1044854 #1044882 #1044913 #1045154
#1045356 #1045416 #1045479 #1045487 #1045525
#1045538 #1045547 #1045615 #1046107 #1046192
#1046715 #1047027 #1047053 #1047343 #1047354
#1047487 #1047523 #1047653 #1048185 #1048221
#1048232 #1048275 #1049128 #1049483 #1049603
#1049688 #1049882 #1050154 #1050431 #1051478
#1051515 #1051770 #1055680 #784815 #792863
#799133 #909618 #919382 #928138 #938352 #943786
#948562 #962257 #971975 #972891 #986924 #990682
#995542
Cross-References: CVE-2014-9922 CVE-2016-10277 CVE-2017-1000363
CVE-2017-1000365 CVE-2017-1000380 CVE-2017-11176
CVE-2017-11473 CVE-2017-2647 CVE-2017-6951
CVE-2017-7482 CVE-2017-7487 CVE-2017-7533
CVE-2017-7542 CVE-2017-8890 CVE-2017-8924
CVE-2017-8925 CVE-2017-9074 CVE-2017-9075
CVE-2017-9076 CVE-2017-9077 CVE-2017-9242

Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-EXTRA
SUSE Linux Enterprise Real Time Extension 11-SP4
SUSE Linux Enterprise High Availability Extension 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

An update that solves 21 vulnerabilities and has 92 fixes
is now available.

Description:

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

– CVE-2017-7482: Several missing length checks ticket decode allowing for
information leak or potentially code execution (bsc#1046107).
– CVE-2016-10277: Potential privilege escalation due to a missing bounds
check in the lp driver. A kernel command-line adversary can overflow the
parport_nr array to execute code (bsc#1039456).
– CVE-2017-7542: The ip6_find_1stfragopt function in
net/ipv6/output_core.c in the Linux kernel allowed local users to cause
a denial of service (integer overflow and infinite loop) by leveraging
the ability to open a raw socket (bsc#1049882).
– CVE-2017-7533: Bug in inotify code allowing privilege escalation
(bsc#1049483).
– CVE-2017-11176: The mq_notify function in the Linux kernel did not set
the sock pointer to NULL upon entry into the retry logic. During a
user-space close of a Netlink socket, it allowed attackers to cause a
denial of service (use-after-free) or possibly have unspecified other
impact (bsc#1048275).
– CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function
in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users
to gain privileges via a crafted ACPI table (bnc#1049603).
– CVE-2017-1000365: The Linux Kernel imposed a size restriction on the
arguments and environmental strings passed through
RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the
argument and environment pointers into account, which allowed attackers
to bypass this limitation. (bnc#1039354)
– CVE-2014-9922: The eCryptfs subsystem in the Linux kernel allowed local
users to gain privileges via a large filesystem stack that includes an
overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c
(bnc#1032340)
– CVE-2017-8924: The edge_bulk_in_callback function in
drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to
obtain sensitive information (in the dmesg ringbuffer and syslog) from
uninitialized kernel memory by using a crafted USB device (posing as an
io_ti USB serial device) to trigger an integer underflow (bnc#1038982).
– CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c
in the Linux kernel allowed local users to cause a denial of service
(tty exhaustion) by leveraging reference count mishandling (bnc#1038981).
– CVE-2017-1000380: sound/core/timer.c was vulnerable to a data race in
the ALSA /dev/snd/timer driver resulting in local users being able to
read information belonging to other users, i.e., uninitialized memory
contents could have bene disclosed when a read and an ioctl happen at
the same time (bnc#1044125)
– CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c
was too late in checking whether an overwrite of an skb data structure
may occur, which allowed local users to cause a denial of service
(system crash) via crafted system calls (bnc#1041431)
– CVE-2017-1000363: A buffer overflow in kernel commandline handling of
the “lp” parameter could be used by local console attackers to bypass
certain secure boot settings. (bnc#1039456)
– CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c
in the Linux kernel mishandled inheritance, which allowed local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885)
– CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c
in the Linux kernel mishandled inheritance, which allowed local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069)
– CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c
in the Linux kernel mishandled inheritance, which allowed local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883)
– CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel
did not consider that the nexthdr field may be associated with an
invalid option, which allowed local users to cause a denial of service
(out-of-bounds read and BUG) or possibly have unspecified other impact
via crafted socket and send system calls (bnc#1039882)
– CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the
Linux kernel mishandled reference counts, which allowed local users to
cause a denial of service (use-after-free) or possibly have unspecified
other impact via a failed SIOCGIFADDR ioctl call for an IPX interface
(bnc#1038879)
– CVE-2017-8890: The inet_csk_clone_lock function in
net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to
cause a denial of service (double free) or possibly have unspecified
other impact by leveraging use of the accept system call (bnc#1038544)
– CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local
users to gain privileges or cause a denial of service (NULL pointer
dereference and system crash) via vectors involving a NULL value for a
certain match field, related to the keyring_search_iterator function in
keyring.c (bnc#1030593)
– CVE-2017-6951: The keyring_search_aux function in
security/keys/keyring.c in the Linux kernel allowed local users to cause
a denial of service (NULL pointer dereference and OOPS) via a
request_key system call for the “dead” type (bnc#1029850)

The following non-security bugs were fixed:

– 8250: use callbacks to access UART_DLL/UART_DLM.
– ALSA: ctxfi: Fallback DMA mask to 32bit (bsc#1045538).
– ALSA: hda – Fix regression of HD-audio controller fallback modes
(bsc#1045538).
– ALSA: hda – using uninitialized data (bsc#1045538).
– ALSA: hda/realtek – Correction of fixup codes for PB V7900 laptop
(bsc#1045538).
– ALSA: hda/realtek – Fix COEF widget NID for ALC260 replacer fixup
(bsc#1045538).
– ALSA: off by one bug in snd_riptide_joystick_probe() (bsc#1045538).
– ALSA: seq: Fix snd_seq_call_port_info_ioctl in compat mode (bsc#1045538).
– Add CVE tag to references
– CIFS: backport prepath matching fix (bsc#799133).
– Drop CONFIG_PPC_CELL from bigmem (bsc#1049128).
– EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr().
– Fix scripts/bigmem-generate-ifdef-guard to work on all branches
– Fix soft lockup in svc_rdma_send (bsc#1044854).
– IB/mlx4: Demote mcg message from warning to debug (bsc#919382).
– IB/mlx4: Fix ib device initialization error flow (bsc#919382).
– IB/mlx4: Fix port query for 56Gb Ethernet links (bsc#919382).
– IB/mlx4: Handle well-known-gid in mad_demux processing (bsc#919382).
– IB/mlx4: Reduce SRIOV multicast cleanup warning message to debug level
(bsc#919382).
– IB/mlx4: Set traffic class in AH (bsc#919382).
– Implement an ioctl to support the USMTMC-USB488 READ_STATUS_BYTE
operation (bsc#1036288).
– Input: cm109 – validate number of endpoints before using them
(bsc#1037193).
– Input: hanwang – validate number of endpoints before using them
(bsc#1037232).
– Input: yealink – validate number of endpoints before using them
(bsc#1037227).
– KEYS: Disallow keyrings beginning with ‘.’ to be joined as session
keyrings (bnc#1035576).
– NFS: Avoid getting confused by confused server (bsc#1045416).
– NFS: Fix another OPEN_DOWNGRADE bug (git-next).
– NFS: Fix size of NFSACL SETACL operations (git-fixes).
– NFS: Make nfs_readdir revalidate less often (bsc#1048232).
– NFS: tidy up nfs_show_mountd_netid (git-fixes).
– NFSD: Do not use state id of 0 – it is reserved (bsc#1049688
bsc#1051770).
– NFSv4: Do not call put_rpccred() under the rcu_read_lock() (git-fixes).
– NFSv4: Fix another bug in the close/open_downgrade code (git-fixes).
– NFSv4: Fix problems with close in the presence of a delegation
(git-fixes).
– NFSv4: Fix the underestimation of delegation XDR space reservation
(git-fixes).
– NFSv4: fix getacl head length estimation (git-fixes).
– PCI: Fix devfn for VPD access through function 0 (bnc#943786 git-fixes).
– Remove superfluous make flags (bsc#1012422)
– Return short read or 0 at end of a raw device, not EIO (bsc#1039594).
– Revert “math64: New div64_u64_rem helper” (bnc#938352).
– SUNRPC: Fix a memory leak in the backchannel code (git-fixes).
– Staging: vt6655-6: potential NULL dereference in
hostap_disable_hostapd() (bsc#1045479).
– USB: class: usbtmc.c: Cleaning up uninitialized variables (bsc#1036288).
– USB: class: usbtmc: do not print error when allocating urb fails
(bsc#1036288).
– USB: class: usbtmc: do not print on ENOMEM (bsc#1036288).
– USB: iowarrior: fix NULL-deref in write (bsc#1037359).
– USB: iowarrior: fix info ioctl on big-endian hosts (bsc#1037441).
– USB: r8a66597-hcd: select a different endpoint on timeout (bsc#1047053).
– USB: serial: ark3116: fix register-accessor error handling (git-fixes).
– USB: serial: ch341: fix open error handling (bsc#1037441).
– USB: serial: cp210x: fix tiocmget error handling (bsc#1037441).
– USB: serial: ftdi_sio: fix line-status over-reporting (bsc#1037441).
– USB: serial: io_edgeport: fix epic-descriptor handling (bsc#1037441).
– USB: serial: io_ti: fix information leak in completion handler
(git-fixes).
– USB: serial: mos7840: fix another NULL-deref at open (bsc#1034026).
– USB: serial: oti6858: fix NULL-deref at open (bsc#1037441).
– USB: serial: sierra: fix bogus alternate-setting assumption
(bsc#1037441).
– USB: serial: spcp8x5: fix NULL-deref at open (bsc#1037441).
– USB: usbip: fix nonconforming hub descriptor (bsc#1047487).
– USB: usbtmc: Add flag rigol_quirk to usbtmc_device_data (bsc#1036288).
– USB: usbtmc: Change magic number to constant (bsc#1036288).
– USB: usbtmc: Set rigol_quirk if device is listed (bsc#1036288).
– USB: usbtmc: TMC request code segregated from usbtmc_read (bsc#1036288).
– USB: usbtmc: add device quirk for Rigol DS6104 (bsc#1036288).
– USB: usbtmc: add missing endpoint sanity check (bsc#1036288).
– USB: usbtmc: fix DMA on stack (bsc#1036288).
– USB: usbtmc: fix big-endian probe of Rigol devices (bsc#1036288).
– USB: usbtmc: fix probe error path (bsc#1036288).
– USB: usbtmc: usbtmc_read sends multiple TMC header based on rigol_quirk
(bsc#1036288).
– USB: wusbcore: fix NULL-deref at probe (bsc#1045487).
– Update patches.fixes/nfs-svc-rdma.fix (bsc#1044854).
– Use make –output-sync feature when available (bsc#1012422).
– Xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924).
– __bitmap_parselist: fix bug in empty string handling (bnc#1042633).
– acpi: Disable APEI error injection if securelevel is set (bsc#972891,
bsc#1023051).
– af_key: Add lock to key dump (bsc#1047653).
– af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).
– ath9k: fix buffer overrun for ar9287 (bsc#1045538).
– blacklist b50a6c584bb4 powerpc/perf: Clear MMCR2 when enabling PMU
(bsc#1035721).
– blacklist.conf: Add a few inapplicable items (bsc#1045538).
– blacklist.conf: Blacklist 847fa1a6d3d0 (‘ftrace/x86_32: Set ftrace_stub
to weak to prevent gcc from using short jumps to it’) The released
kernels are not build with a gas new enough to optimize the jmps so that
this patch would be required. (bsc#1051478)
– blkback/blktap: do not leak stack data via response ring (bsc#1042863
XSA-216).
– block: do not allow updates through sysfs until registration completes
(bsc#1047027).
– block: fix ext_dev_lock lockdep report (bsc#1050154).
– btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).
– cifs: Timeout on SMBNegotiate request (bsc#1044913).
– cifs: do not compare uniqueids in cifs_prime_dcache unless server inode
numbers are in use (bsc#1041975). backporting upstream commit
2f2591a34db6c9361faa316c91a6e320cb4e6aee
– cifs: small underflow in cnvrtDosUnixTm() (bsc#1043935).
– cputime: Avoid multiplication overflow on utime scaling (bnc#938352).
– crypto: nx – off by one bug in nx_of_update_msc() (bnc#792863).
– decompress_bunzip2: off by one in get_next_block() (git-fixes).
– dentry name snapshots (bsc#1049483).
– devres: fix a for loop bounds check (git-fixes).
– dm: fix ioctl retry termination with signal (bsc#1050154).
– drm/mgag200: Add support for G200eH3 (bnc#1044216)
– drm/mgag200: Fix to always set HiPri for G200e4 (bsc#1015452,
bsc#995542).
– ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).
– ext3: Do not clear SGID when inheriting ACLs (bsc#1030552).
– ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).
– ext4: fix fdatasync(2) after extent manipulation operations
(bsc#1013018).
– ext4: keep existing extra fields when inode expands (bsc#1013018).
– fbdev/efifb: Fix 16 color palette entry calculation (bsc#1041762).
– firmware: fix directory creation rule matching with make 3.80
(bsc#1012422).
– firmware: fix directory creation rule matching with make 3.82
(bsc#1012422).
– fixed invalid assignment of 64bit mask to host dma_boundary for scatter
gather segment boundary limit (bsc#1042045).
– fnic: Return ‘DID_IMM_RETRY’ if rport is not ready (bsc#1035920).
– fnic: Using rport->dd_data to check rport online instead of rport_lookup
(bsc#1035920).
– fs/block_dev: always invalidate cleancache in invalidate_bdev()
(git-fixes).
– fs/xattr.c: zero out memory copied to userspace in getxattr
(bsc#1013018).
– fs: fix data invalidation in the cleancache during direct IO (git-fixes).
– fuse: add missing FR_FORCE (bsc#1013018).
– genirq: Prevent proc race against freeing of irq descriptors
(bnc#1044230).
– hrtimer: Allow concurrent hrtimer_start() for self restarting timers
(bnc#1013018).
– initial cr0 bits (bnc#1036056, LTC#153612).
– ipmr, ip6mr: fix scheduling while atomic and a deadlock with
ipmr_get_route (git-fixes).
– irq: Fix race condition (bsc#1042615).
– isdn/gigaset: fix NULL-deref at probe (bsc#1037356).
– isofs: Do not return EACCES for unknown filesystems (bsc#1013018).
– jsm: add support for additional Neo cards (bsc#1045615).
– kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422)
– libata: fix sff host state machine locking while polling (bsc#1045525).
– libceph: NULL deref on crush_decode() error path (bsc#1044015).
– libceph: potential NULL dereference in ceph_msg_data_create()
(bsc#1051515).
– libfc: fixup locking in fc_disc_stop() (bsc#1029140).
– libfc: move ‘pending’ and ‘requested’ setting (bsc#1029140).
– libfc: only restart discovery after timeout if not already running
(bsc#1029140).
– locking/rtmutex: Prevent dequeue vs. unlock race (bnc#1013018).
– math64: New div64_u64_rem helper (bnc#938352).
– md/raid0: apply base queue limits *before* disk_stack_limits (git-fixes).
– md/raid1: extend spinlock to protect raid1_end_read_request against
inconsistencies (git-fixes).
– md/raid1: fix test for ‘was read error from last working device’
(git-fixes).
– md/raid5: Fix CPU hotplug callback registration (git-fixes).
– md/raid5: do not record new size if resize_stripes fails (git-fixes).
– md: ensure md devices are freed before module is unloaded (git-fixes).
– md: fix a null dereference (bsc#1040351).
– md: flush ->event_work before stopping array (git-fixes).
– md: make sure GET_ARRAY_INFO ioctl reports correct “clean” status
(git-fixes).
– md: use separate bio_pool for metadata writes (bsc#1040351).
– megaraid_sas: add missing curly braces in ioctl handler (bsc#1050154).
– mlx4: reduce OOM risk on arches with large pages (bsc#919382).
– mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (VM
Functionality, bsc#1042832).
– mm/memory-failure.c: use compound_head() flags for huge pages
(bnc#971975 VM — git fixes).
– mm: hugetlb: call huge_pte_alloc() only if ptep is null (VM
Functionality, bsc#1042832).
– mmc: core: add missing pm event in mmc_pm_notify to fix hib restore
(bsc#1045547).
– mmc: ushc: fix NULL-deref at probe (bsc#1037191).
– module: fix memory leak on early load_module() failures (bsc#1043014).
– mwifiex: printk() overflow with 32-byte SSIDs (bsc#1048185).
– net/mlx4: Fix the check in attaching steering rules (bsc#919382).
– net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode
to device managed flow steering (bsc#919382).
– net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV
(bsc#919382).
– net/mlx4_core: Enhance the MAD_IFC wrapper to convert VF port to
physical (bsc#919382).
– net/mlx4_core: Fix VF overwrite of module param which disables DMFS on
new probed PFs (bsc#919382).
– net/mlx4_core: Fix when to save some qp context flags for dynamic VST to
VGT transitions (bsc#919382).
– net/mlx4_core: Get num_tc using netdev_get_num_tc (bsc#919382).
– net/mlx4_core: Prevent VF from changing port configuration (bsc#919382).
– net/mlx4_core: Use cq quota in SRIOV when creating completion EQs
(bsc#919382).
– net/mlx4_core: Use-after-free causes a resource leak in flow-steering
detach (bsc#919382).
– net/mlx4_en: Avoid adding steering rules with invalid ring (bsc#919382).
– net/mlx4_en: Change the error print to debug print (bsc#919382).
– net/mlx4_en: Fix type mismatch for 32-bit systems (bsc#919382).
– net/mlx4_en: Resolve dividing by zero in 32-bit system (bsc#919382).
– net/mlx4_en: Wake TX queues only when there’s enough room (bsc#1039258).
– net/mlx4_en: fix overflow in mlx4_en_init_timestamp() (bsc#919382).
– net: avoid reference counter overflows on fib_rules in multicast
forwarding (git-fixes).
– net: ip6mr: fix static mfc/dev leaks on table destruction (git-fixes).
– net: ipmr: fix static mfc/dev leaks on table destruction (git-fixes).
– net: wimax/i2400m: fix NULL-deref at probe (bsc#1037358).
– netxen_nic: set rcode to the return status from the call to
netxen_issue_cmd (bnc#784815).
– nfs: fix nfs_size_to_loff_t (git-fixes).
– nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670).
– nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670).
– nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670).
– ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552).
– ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with
ocfs2_unblock_lock (bsc#962257).
– perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1013018).
– perf/core: Fix event inheritance on fork() (bnc#1013018).
– powerpc/ibmebus: Fix device reference leaks in sysfs interface
(bsc#1035777 [2017-04-24] Pending Base Kernel Fixes).
– powerpc/ibmebus: Fix further device reference leaks (bsc#1035777
[2017-04-24] Pending Base Kernel Fixes).
– powerpc/mm/hash: Check for non-kernel address in get_kernel_vsid()
(bsc#1032471).
– powerpc/mm/hash: Convert mask to unsigned long (bsc#1032471).
– powerpc/mm/hash: Increase VA range to 128TB (bsc#1032471).
– powerpc/mm/hash: Properly mask the ESID bits when building proto VSID
(bsc#1032471).
– powerpc/mm/hash: Support 68 bit VA (bsc#1032471).
– powerpc/mm/hash: Use context ids 1-4 for the kernel (bsc#1032471).
– powerpc/mm/slice: Convert slice_mask high slice to a bitmap
(bsc#1032471).
– powerpc/mm/slice: Fix off-by-1 error when computing slice mask
(bsc#1032471).
– powerpc/mm/slice: Move slice_mask struct definition to slice.c
(bsc#1032471).
– powerpc/mm/slice: Update slice mask printing to use bitmap printing
(bsc#1032471).
– powerpc/mm/slice: Update the function prototype (bsc#1032471).
– powerpc/mm: Do not alias user region to other regions below PAGE_OFFSET
(bsc#928138).
– powerpc/mm: Remove checks that TASK_SIZE_USER64 is too small
(bsc#1032471).
– powerpc/mm: use macro PGTABLE_EADDR_SIZE instead of digital
(bsc#1032471).
– powerpc/pci/rpadlpar: Fix device reference leaks (bsc#1035777
[2017-04-24] Pending Base Kernel Fixes).
– powerpc/pseries: Release DRC when configure_connector fails
(bsc#1035777, Pending Base Kernel Fixes).
– powerpc: Drop support for pre-POWER4 cpus (bsc#1032471).
– powerpc: Remove STAB code (bsc#1032471).
– random32: fix off-by-one in seeding requirement (git-fixes).
– reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552).
– reiserfs: do not preallocate blocks for extended attributes (bsc#990682).
– rfkill: fix rfkill_fop_read wait_event usage (bsc#1046192).
– s390/qdio: clear DSCI prior to scanning multiple input queues
(bnc#1046715, LTC#156234).
– s390/qeth: no ETH header for outbound AF_IUCV (bnc#1046715, LTC#156276).
– s390/qeth: size calculation outbound buffers (bnc#1046715, LTC#156276).
– sched/core: Remove false-positive warning from wake_up_process()
(bnc#1044882).
– sched/cputime: Do not scale when utime == 0 (bnc#938352).
– sched/debug: Print the scheduler topology group mask (bnc#1013018).
– sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1013018).
– sched/fair: Fix min_vruntime tracking (bnc#1013018).
– sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1013018). Prep
for b60205c7c558 sched/fair: Fix min_vruntime tracking
– sched/topology: Fix building of overlapping sched-groups (bnc#1013018).
– sched/topology: Fix overlapping sched_group_capacity (bnc#1013018).
– sched/topology: Fix overlapping sched_group_mask (bnc#1013018).
– sched/topology: Move comment about asymmetric node setups (bnc#1013018).
– sched/topology: Optimize build_group_mask() (bnc#1013018).
– sched/topology: Refactor function build_overlap_sched_groups()
(bnc#1013018).
– sched/topology: Remove FORCE_SD_OVERLAP (bnc#1013018).
– sched/topology: Simplify build_overlap_sched_groups() (bnc#1013018).
– sched/topology: Verify the first group matches the child domain
(bnc#1013018).
– sched: Always initialize cpu-power (bnc#1013018).
– sched: Avoid cputime scaling overflow (bnc#938352).
– sched: Avoid prev->stime underflow (bnc#938352).
– sched: Do not account bogus utime (bnc#938352).
– sched: Fix SD_OVERLAP (bnc#1013018).
– sched: Fix domain iteration (bnc#1013018).
– sched: Lower chances of cputime scaling overflow (bnc#938352).
– sched: Move nr_cpus_allowed out of ‘struct sched_rt_entity’
(bnc#1013018). Prep for b60205c7c558 sched/fair: Fix min_vruntime
tracking
– sched: Rename a misleading variable in build_overlap_sched_groups()
(bnc#1013018).
– sched: Use swap() macro in scale_stime() (bnc#938352).
– scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221).
– scsi: fix race between simultaneous decrements of ->host_failed
(bsc#1050154).
– scsi: fnic: Correcting rport check location in fnic_queuecommand_lck
(bsc#1035920).
– scsi: mvsas: fix command_active typo (bsc#1050154).
– scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init
(bsc#1050154).
– sfc: do not device_attach if a reset is pending (bsc#909618).
– smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).
– splice: Stub splice_write_to_file (bsc#1043234).
– svcrdma: Fix send_reply() scatter/gather set-up (git-fixes).
– target/iscsi: Fix double free in lio_target_tiqn_addtpg() (bsc#1050154).
– tracing/kprobes: Enforce kprobes teardown after testing (bnc#1013018).
– tracing: Fix syscall_*regfunc() vs copy_process() race (bnc#1042687).
– udf: Fix deadlock between writeback and udf_setsize() (bsc#1013018).
– udf: Fix races with i_size changes during readpage (bsc#1013018).
– usbtmc: remove redundant braces (bsc#1036288).
– usbtmc: remove trailing spaces (bsc#1036288).
– usbvision: fix NULL-deref at probe (bsc#1050431).
– uwb: hwa-rc: fix NULL-deref at probe (bsc#1037233).
– uwb: i1480-dfu: fix NULL-deref at probe (bsc#1036629).
– vb2: Fix an off by one error in ‘vb2_plane_vaddr’ (bsc#1050431).
– vmxnet3: avoid calling pskb_may_pull with interrupts disabled
(bsc#1045356).
– vmxnet3: fix checks for dma mapping errors (bsc#1045356).
– vmxnet3: fix lock imbalance in vmxnet3_tq_xmit() (bsc#1045356).
– x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates
(bsc#948562).
– x86/pci-calgary: Fix iommu_free() comparison of unsigned expression
greater than 0 (bsc#1051478).
– xen: avoid deadlock in xenbus (bnc#1047523).
– xfrm: NULL dereference on allocation failure (bsc#1047343).
– xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653).
– xfrm: dst_entries_init() per-net dst_ops (bsc#1030814).
– xfs: Synchronize xfs_buf disposal routines (bsc#1041160).
– xfs: use ->b_state to fix buffer I/O accounting release race
(bsc#1041160).
– xprtrdma: Free the pd if ib_query_qp() fails (git-fixes).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Software Development Kit 11-SP4:

zypper in -t patch sdksp4-kernel-13274=1

– SUSE Linux Enterprise Server 11-SP4:

zypper in -t patch slessp4-kernel-13274=1

– SUSE Linux Enterprise Server 11-EXTRA:

zypper in -t patch slexsp3-kernel-13274=1

– SUSE Linux Enterprise Real Time Extension 11-SP4:

zypper in -t patch slertesp4-kernel-13274=1

– SUSE Linux Enterprise High Availability Extension 11-SP4:

zypper in -t patch slehasp4-kernel-13274=1

– SUSE Linux Enterprise Debuginfo 11-SP4:

zypper in -t patch dbgsp4-kernel-13274=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch):

kernel-docs-3.0.101-108.7.2

– SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

kernel-default-3.0.101-108.7.1
kernel-default-base-3.0.101-108.7.1
kernel-default-devel-3.0.101-108.7.1
kernel-source-3.0.101-108.7.1
kernel-syms-3.0.101-108.7.1
kernel-trace-3.0.101-108.7.1
kernel-trace-base-3.0.101-108.7.1
kernel-trace-devel-3.0.101-108.7.1

– SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):

kernel-ec2-3.0.101-108.7.1
kernel-ec2-base-3.0.101-108.7.1
kernel-ec2-devel-3.0.101-108.7.1
kernel-xen-3.0.101-108.7.1
kernel-xen-base-3.0.101-108.7.1
kernel-xen-devel-3.0.101-108.7.1

– SUSE Linux Enterprise Server 11-SP4 (s390x):

kernel-default-man-3.0.101-108.7.1

– SUSE Linux Enterprise Server 11-SP4 (ppc64):

kernel-bigmem-3.0.101-108.7.1
kernel-bigmem-base-3.0.101-108.7.1
kernel-bigmem-devel-3.0.101-108.7.1
kernel-ppc64-3.0.101-108.7.1
kernel-ppc64-base-3.0.101-108.7.1
kernel-ppc64-devel-3.0.101-108.7.1

– SUSE Linux Enterprise Server 11-SP4 (i586):

kernel-pae-3.0.101-108.7.1
kernel-pae-base-3.0.101-108.7.1
kernel-pae-devel-3.0.101-108.7.1

– SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):

kernel-default-extra-3.0.101-108.7.1

– SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

kernel-xen-extra-3.0.101-108.7.1

– SUSE Linux Enterprise Server 11-EXTRA (x86_64):

kernel-trace-extra-3.0.101-108.7.1

– SUSE Linux Enterprise Server 11-EXTRA (ppc64):

kernel-ppc64-extra-3.0.101-108.7.1

– SUSE Linux Enterprise Server 11-EXTRA (i586):

kernel-pae-extra-3.0.101-108.7.1

– SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64):

cluster-network-kmp-rt-1.4_3.0.101_rt130_68-2.32.2.14
cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_68-2.32.2.14
drbd-kmp-rt-8.4.4_3.0.101_rt130_68-0.27.2.13
drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_68-0.27.2.13
gfs2-kmp-rt-2_3.0.101_rt130_68-0.24.2.14
gfs2-kmp-rt_trace-2_3.0.101_rt130_68-0.24.2.14
ocfs2-kmp-rt-1.6_3.0.101_rt130_68-0.28.3.4
ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_68-0.28.3.4

– SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64):

cluster-network-kmp-default-1.4_3.0.101_108.7-2.32.2.14
cluster-network-kmp-trace-1.4_3.0.101_108.7-2.32.2.14
drbd-8.4.4-0.27.2.1
drbd-bash-completion-8.4.4-0.27.2.1
drbd-heartbeat-8.4.4-0.27.2.1
drbd-kmp-default-8.4.4_3.0.101_108.7-0.27.2.13
drbd-kmp-trace-8.4.4_3.0.101_108.7-0.27.2.13
drbd-pacemaker-8.4.4-0.27.2.1
drbd-udev-8.4.4-0.27.2.1
drbd-utils-8.4.4-0.27.2.1
gfs2-kmp-default-2_3.0.101_108.7-0.24.2.14
gfs2-kmp-trace-2_3.0.101_108.7-0.24.2.14
ocfs2-kmp-default-1.6_3.0.101_108.7-0.28.3.4
ocfs2-kmp-trace-1.6_3.0.101_108.7-0.28.3.4

– SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 x86_64):

cluster-network-kmp-xen-1.4_3.0.101_108.7-2.32.2.14
drbd-kmp-xen-8.4.4_3.0.101_108.7-0.27.2.13
gfs2-kmp-xen-2_3.0.101_108.7-0.24.2.14
ocfs2-kmp-xen-1.6_3.0.101_108.7-0.28.3.4

– SUSE Linux Enterprise High Availability Extension 11-SP4 (x86_64):

drbd-xen-8.4.4-0.27.2.1

– SUSE Linux Enterprise High Availability Extension 11-SP4 (ppc64):

cluster-network-kmp-bigmem-1.4_3.0.101_108.7-2.32.2.14
cluster-network-kmp-ppc64-1.4_3.0.101_108.7-2.32.2.14
drbd-kmp-bigmem-8.4.4_3.0.101_108.7-0.27.2.13
drbd-kmp-ppc64-8.4.4_3.0.101_108.7-0.27.2.13
gfs2-kmp-bigmem-2_3.0.101_108.7-0.24.2.14
gfs2-kmp-ppc64-2_3.0.101_108.7-0.24.2.14
ocfs2-kmp-bigmem-1.6_3.0.101_108.7-0.28.3.4
ocfs2-kmp-ppc64-1.6_3.0.101_108.7-0.28.3.4

– SUSE Linux Enterprise High Availability Extension 11-SP4 (i586):

cluster-network-kmp-pae-1.4_3.0.101_108.7-2.32.2.14
drbd-kmp-pae-8.4.4_3.0.101_108.7-0.27.2.13
gfs2-kmp-pae-2_3.0.101_108.7-0.24.2.14
ocfs2-kmp-pae-1.6_3.0.101_108.7-0.28.3.4

– SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

drbd-debuginfo-8.4.4-0.27.2.1
drbd-debugsource-8.4.4-0.27.2.1
kernel-default-debuginfo-3.0.101-108.7.1
kernel-default-debugsource-3.0.101-108.7.1
kernel-trace-debuginfo-3.0.101-108.7.1
kernel-trace-debugsource-3.0.101-108.7.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64):

kernel-default-devel-debuginfo-3.0.101-108.7.1
kernel-trace-devel-debuginfo-3.0.101-108.7.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):

kernel-ec2-debuginfo-3.0.101-108.7.1
kernel-ec2-debugsource-3.0.101-108.7.1
kernel-xen-debuginfo-3.0.101-108.7.1
kernel-xen-debugsource-3.0.101-108.7.1
kernel-xen-devel-debuginfo-3.0.101-108.7.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):

kernel-bigmem-debuginfo-3.0.101-108.7.1
kernel-bigmem-debugsource-3.0.101-108.7.1
kernel-ppc64-debuginfo-3.0.101-108.7.1
kernel-ppc64-debugsource-3.0.101-108.7.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (i586):

kernel-pae-debuginfo-3.0.101-108.7.1
kernel-pae-debugsource-3.0.101-108.7.1
kernel-pae-devel-debuginfo-3.0.101-108.7.1

References:

https://www.suse.com/security/cve/CVE-2014-9922.html
https://www.suse.com/security/cve/CVE-2016-10277.html
https://www.suse.com/security/cve/CVE-2017-1000363.html
https://www.suse.com/security/cve/CVE-2017-1000365.html
https://www.suse.com/security/cve/CVE-2017-1000380.html
https://www.suse.com/security/cve/CVE-2017-11176.html
https://www.suse.com/security/cve/CVE-2017-11473.html
https://www.suse.com/security/cve/CVE-2017-2647.html
https://www.suse.com/security/cve/CVE-2017-6951.html
https://www.suse.com/security/cve/CVE-2017-7482.html
https://www.suse.com/security/cve/CVE-2017-7487.html
https://www.suse.com/security/cve/CVE-2017-7533.html
https://www.suse.com/security/cve/CVE-2017-7542.html
https://www.suse.com/security/cve/CVE-2017-8890.html
https://www.suse.com/security/cve/CVE-2017-8924.html
https://www.suse.com/security/cve/CVE-2017-8925.html
https://www.suse.com/security/cve/CVE-2017-9074.html
https://www.suse.com/security/cve/CVE-2017-9075.html
https://www.suse.com/security/cve/CVE-2017-9076.html
https://www.suse.com/security/cve/CVE-2017-9077.html
https://www.suse.com/security/cve/CVE-2017-9242.html
https://bugzilla.suse.com/1000365
https://bugzilla.suse.com/1000380
https://bugzilla.suse.com/1012422
https://bugzilla.suse.com/1013018
https://bugzilla.suse.com/1015452
https://bugzilla.suse.com/1023051
https://bugzilla.suse.com/1029140
https://bugzilla.suse.com/1029850
https://bugzilla.suse.com/1030552
https://bugzilla.suse.com/1030593
https://bugzilla.suse.com/1030814
https://bugzilla.suse.com/1032340
https://bugzilla.suse.com/1032471
https://bugzilla.suse.com/1034026
https://bugzilla.suse.com/1034670
https://bugzilla.suse.com/1035576
https://bugzilla.suse.com/1035721
https://bugzilla.suse.com/1035777
https://bugzilla.suse.com/1035920
https://bugzilla.suse.com/1036056
https://bugzilla.suse.com/1036288
https://bugzilla.suse.com/1036629
https://bugzilla.suse.com/1037191
https://bugzilla.suse.com/1037193
https://bugzilla.suse.com/1037227
https://bugzilla.suse.com/1037232
https://bugzilla.suse.com/1037233
https://bugzilla.suse.com/1037356
https://bugzilla.suse.com/1037358
https://bugzilla.suse.com/1037359
https://bugzilla.suse.com/1037441
https://bugzilla.suse.com/1038544
https://bugzilla.suse.com/1038879
https://bugzilla.suse.com/1038981
https://bugzilla.suse.com/1038982
https://bugzilla.suse.com/1039258
https://bugzilla.suse.com/1039354
https://bugzilla.suse.com/1039456
https://bugzilla.suse.com/1039594
https://bugzilla.suse.com/1039882
https://bugzilla.suse.com/1039883
https://bugzilla.suse.com/1039885
https://bugzilla.suse.com/1040069
https://bugzilla.suse.com/1040351
https://bugzilla.suse.com/1041160
https://bugzilla.suse.com/1041431
https://bugzilla.suse.com/1041762
https://bugzilla.suse.com/1041975
https://bugzilla.suse.com/1042045
https://bugzilla.suse.com/1042615
https://bugzilla.suse.com/1042633
https://bugzilla.suse.com/1042687
https://bugzilla.suse.com/1042832
https://bugzilla.suse.com/1042863
https://bugzilla.suse.com/1043014
https://bugzilla.suse.com/1043234
https://bugzilla.suse.com/1043935
https://bugzilla.suse.com/1044015
https://bugzilla.suse.com/1044125
https://bugzilla.suse.com/1044216
https://bugzilla.suse.com/1044230
https://bugzilla.suse.com/1044854
https://bugzilla.suse.com/1044882
https://bugzilla.suse.com/1044913
https://bugzilla.suse.com/1045154
https://bugzilla.suse.com/1045356
https://bugzilla.suse.com/1045416
https://bugzilla.suse.com/1045479
https://bugzilla.suse.com/1045487
https://bugzilla.suse.com/1045525
https://bugzilla.suse.com/1045538
https://bugzilla.suse.com/1045547
https://bugzilla.suse.com/1045615
https://bugzilla.suse.com/1046107
https://bugzilla.suse.com/1046192
https://bugzilla.suse.com/1046715
https://bugzilla.suse.com/1047027
https://bugzilla.suse.com/1047053
https://bugzilla.suse.com/1047343
https://bugzilla.suse.com/1047354
https://bugzilla.suse.com/1047487
https://bugzilla.suse.com/1047523
https://bugzilla.suse.com/1047653
https://bugzilla.suse.com/1048185
https://bugzilla.suse.com/1048221
https://bugzilla.suse.com/1048232
https://bugzilla.suse.com/1048275
https://bugzilla.suse.com/1049128
https://bugzilla.suse.com/1049483
https://bugzilla.suse.com/1049603
https://bugzilla.suse.com/1049688
https://bugzilla.suse.com/1049882
https://bugzilla.suse.com/1050154
https://bugzilla.suse.com/1050431
https://bugzilla.suse.com/1051478
https://bugzilla.suse.com/1051515
https://bugzilla.suse.com/1051770
https://bugzilla.suse.com/1055680
https://bugzilla.suse.com/784815
https://bugzilla.suse.com/792863
https://bugzilla.suse.com/799133
https://bugzilla.suse.com/909618
https://bugzilla.suse.com/919382
https://bugzilla.suse.com/928138
https://bugzilla.suse.com/938352
https://bugzilla.suse.com/943786
https://bugzilla.suse.com/948562
https://bugzilla.suse.com/962257
https://bugzilla.suse.com/971975
https://bugzilla.suse.com/972891
https://bugzilla.suse.com/986924
https://bugzilla.suse.com/990682
https://bugzilla.suse.com/995542


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE-SU-2017:2384-1: important: Security update for the Linux Kernel

openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2384-1
Rating: important
References: #1005776 #1015342 #1020645 #1020657 #1030850
#1031717 #1031784 #1034048 #1037838 #1040813
#1042847 #1047487 #1047989 #1048155 #1048228
#1048325 #1048327 #1048356 #1048501 #1048912
#1048934 #1049226 #1049272 #1049291 #1049336
#1050211 #1050742 #1051790 #1052093 #1052094
#1052095 #1052384 #1052580 #1052888 #1053117
#1053309 #1053472 #1053627 #1053629 #1053633
#1053681 #1053685 #1053802 #1053915 #1053919
#1054082 #1054084 #1055013 #1055096 #1055272
#1055290 #1055359 #1055709 #1055896 #1055935
#1055963 #1056185 #1056588 #1056827 #969756

Cross-References: CVE-2017-12134 CVE-2017-14051
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves two vulnerabilities and has 58 fixes
is now available.

Description:

The openSUSE Leap 42.3 kernel was updated to 4.4.85 to receive various
security and bugfixes.

The following security bugs were fixed:

– CVE-2017-14051: An integer overflow in the
qla2x00_sysfs_write_optrom_ctl function in
drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users
to cause a denial of service (memory corruption and system crash) by
leveraging root access (bnc#1056588).
– CVE-2017-12134: The xen_biovec_phys_mergeable function in
drivers/xen/biomerge.c in Xen might allow local OS guest users to
corrupt block device data streams and consequently obtain sensitive
memory information, cause a denial of service, or gain host OS
privileges by leveraging incorrect block IO merge-ability calculation
(bnc#1051790 bnc#1053919).

The following non-security bugs were fixed:

– acpi: apd: Add clock frequency for Hisilicon Hip07/08 I2C controller
(bsc#1049291).
– acpi: apd: Fix HID for Hisilicon Hip07/08 (bsc#1049291).
– acpi: APEI: Enable APEI multiple GHES source to share a single external
IRQ (bsc#1053627).
– acpi: irq: Fix return code of acpi_gsi_to_irq() (bsc#1053627).
– acpi: pci: fix GIC irq model default PCI IRQ polarity (bsc#1053629).
– acpi: scan: Prefer devices without _HID for _ADR matching (git-fixes).
– Add “shutdown” to “struct class” (bsc#1053117).
– alsa: hda – Add stereo mic quirk for Lenovo G50-70 (17aa:3978)
(bsc#1020657).
– alsa: hda – Implement mic-mute LED mode enum (bsc#1055013).
– alsa: hda – Workaround for i915 KBL breakage
(bsc#1048356,bsc#1047989,bsc#1055272).
– alsa: ice1712: Add support for STAudio ADCIII (bsc#1048934).
– alsa: usb-audio: Apply sample rate quirk to Sennheiser headset
(bsc#1052580).
– arm64: do not trace atomic operations (bsc#1055290).
– block: add kblock_mod_delayed_work_on() (bsc#1050211).
– block: Make blk_mq_delay_kick_requeue_list() rerun the queue at a quiet
time (bsc#1050211).
– block: provide bio_uninit() free freeing integrity/task associations
(bsc#1050211).
– block: return on congested block device (FATE#321994).
– bluetooth: bnep: fix possible might sleep error in bnep_session
(bsc#1031784).
– bluetooth: cmtp: fix possible might sleep error in cmtp_session
(bsc#1031784).
– bnxt_en: Add a callback to inform RDMA driver during PCI shutdown
(bsc#1053309).
– bnxt_en: Add additional chip ID definitions (bsc#1053309).
– bnxt_en: Add bnxt_get_num_stats() to centrally get the number of ethtool
stats (bsc#1053309).
– bnxt_en: Add missing logic to handle TPA end error conditions
(bsc#1053309).
– bnxt_en: Add PCI IDs for BCM57454 VF devices (bsc#1053309).
– bnxt_en: Allow the user to set ethtool stats-block-usecs to 0
(bsc#1053309).
– bnxt_en: Call bnxt_dcb_init() after getting firmware DCBX configuration
(bsc#1053309).
– bnxt_en: Check status of firmware DCBX agent before setting
DCB_CAP_DCBX_HOST (bsc#1053309).
– bnxt_en: Fix bug in ethtool -L (bsc#1053309).
– bnxt_en: Fix netpoll handling (bsc#1053309).
– bnxt_en: Fix race conditions in .ndo_get_stats64() (bsc#1053309).
– bnxt_en: Fix SRIOV on big-endian architecture (bsc#1053309).
– bnxt_en: Fix xmit_more with BQL (bsc#1053309).
– bnxt_en: Implement ndo_bridge_{get|set}link methods (bsc#1053309).
– bnxt_en: Implement xmit_more (bsc#1053309).
– bnxt_en: Optimize doorbell write operations for newer chips
(bsc#1053309).
– bnxt_en: Pass in sh parameter to bnxt_set_dflt_rings() (bsc#1053309).
– bnxt_en: Report firmware DCBX agent (bsc#1053309).
– bnxt_en: Retrieve the hardware bridge mode from the firmware
(bsc#1053309).
– bnxt_en: Set ETS min_bw parameter for older firmware (bsc#1053309).
– bnxt_en: Support for Short Firmware Message (bsc#1053309).
– bnxt_en: Update firmware interface spec to 1.8.0 (bsc#1053309).
– bnxt: fix unsigned comparsion with 0 (bsc#1053309).
– bnxt: fix unused variable warnings (bsc#1053309).
– btrfs: fix early ENOSPC due to delalloc (bsc#1049226).
– btrfs: nowait aio: Correct assignment of pos (FATE#321994).
– btrfs: nowait aio support (FATE#321994).
– ceph: avoid accessing freeing inode in ceph_check_delayed_caps()
(bsc#1048228).
– ceph: avoid invalid memory dereference in the middle of umount
(bsc#1048228).
– ceph: cleanup writepage_nounlock() (bsc#1048228).
– ceph: do not re-send interrupted flock request (bsc#1048228).
– ceph: getattr before read on ceph.* xattrs (bsc#1048228).
– ceph: handle epoch barriers in cap messages (bsc#1048228).
– ceph: new mount option that specifies fscache uniquifier (bsc#1048228).
– ceph: redirty page when writepage_nounlock() skips unwritable page
(bsc#1048228).
– ceph: remove special ack vs commit behavior (bsc#1048228).
– ceph: remove useless page->mapping check in writepage_nounlock()
(bsc#1048228).
– ceph: re-request max size after importing caps (bsc#1048228).
– ceph: update ceph_dentry_info::lease_session when necessary
(bsc#1048228).
– ceph: update the ‘approaching max_size’ code (bsc#1048228).
– ceph: when seeing write errors on an inode, switch to sync writes
(bsc#1048228).
– cifs: Fix maximum SMB2 header size (bsc#1056185).
– clocksource/drivers/arm_arch_timer: Fix mem frame loop initialization
(bsc#1055709).
– crush: assume weight_set != null imples weight_set_size > 0
(bsc#1048228).
– crush: crush_init_workspace starts with struct crush_work (bsc#1048228).
– crush: implement weight and id overrides for straw2 (bsc#1048228).
– crush: remove an obsolete comment (bsc#1048228).
– crypto: chcr – Add ctr mode and process large sg entries for cipher
(bsc#1048325).
– crypto: chcr – Avoid changing request structure (bsc#1048325).
– crypto: chcr – Ensure Destination sg entry size less than 2k
(bsc#1048325).
– crypto: chcr – Fix fallback key setting (bsc#1048325).
– crypto: chcr – Pass lcb bit setting to firmware (bsc#1048325).
– crypto: chcr – Return correct error code (bsc#1048325).
– cxgb4: update latest firmware version supported (bsc#1048327).
– cxgbit: add missing __kfree_skb() (bsc#1052095).
– cxgbit: fix sg_nents calculation (bsc#1052095).
– Disable patch 0017-nvmet_fc-Simplify-sg-list-handling.patch (bsc#1052384)
– dm: make flush bios explicitly sync (bsc#1050211).
– dm mpath: do not lock up a CPU with requeuing activity (bsc#1048912).
– drivers: net: xgene: Fix wrong logical operation (bsc#1056827).
– drm/vmwgfx: Limit max desktop dimensions to 8Kx8K (bsc#1048155).
– ext4: nowait aio support (FATE#321994).
– fs: Introduce filemap_range_has_page() (FATE#321994).
– fs: Introduce RWF_NOWAIT and FMODE_AIO_NOWAIT (FATE#321994).
– fs: pass on flags in compat_writev (bsc#1050211).
– fs: return if direct I/O will trigger writeback (FATE#321994).
– fs: Separate out kiocb flags setup based on RWF_* flags (FATE#321994).
– fs: Use RWF_* flags for AIO operations (FATE#321994).
– fuse: initialize the flock flag in fuse_file on allocation (git-fixes).
– i2c: designware: Add ACPI HID for Hisilicon Hip07/08 I2C controller
(bsc#1049291).
– i2c: designware: Convert to use unified device property API
(bsc#1049291).
– i2c: xgene: Set ACPI_COMPANION_I2C (bsc#1053633).
– i2c: xgene-slimpro: Add ACPI support by using PCC mailbox (bsc#1053633).
– i2c: xgene-slimpro: include linux/io.h for memremap (bsc#1053633).
– i2c: xgene-slimpro: Use a single function to send command message
(bsc#1053633).
– i40e/i40evf: fix out-of-bounds read of cpumask (bsc#1053685).
– ib/iser: Fix connection teardown race condition (bsc#1050211).
– iscsi-target: fix invalid flags in text response (bsc#1052095).
– iwlwifi: missing error code in iwl_trans_pcie_alloc() (bsc#1031717).
– kabi: arm64: compatibility workaround for lse atomics (bsc#1055290).
– kABI: protect enum pid_type (kabi).
– kABI: protect struct iscsi_np (kabi).
– kABI: protect struct se_lun (kabi).
– kabi/severities: add fs/ceph to kabi severities (bsc#1048228).
– kabi/severities: Ignore drivers/scsi/cxgbi (bsc#1052094)
– kabi/severities: Ignore kABI changes due to last patchset (bnc#1053472)
– kABI: uninline task_tgid_nr_nr (kabi).
– kvm: arm64: Restore host physical timer access on hyp_panic()
(bsc#1054082).
– kvm: arm/arm64: Fix bug in advertising KVM_CAP_MSI_DEVID capability
(bsc#1054082).
– kvm, pkeys: do not use PKRU value in vcpu->arch.guest_fpu.state
(bsc#1055935).
– kvm: x86: block guest protection keys unless the host has them enabled
(bsc#1055935).
– kvm: x86: kABI workaround for PKRU fixes (bsc#1055935).
– kvm: x86: simplify handling of PKRU (bsc#1055935).
– libceph: abort already submitted but abortable requests when map or pool
goes full (bsc#1048228).
– libceph: add an epoch_barrier field to struct ceph_osd_client
(bsc#1048228).
– libceph: advertise support for NEW_OSDOP_ENCODING and SERVER_LUMINOUS
(bsc#1048228).
– libceph: advertise support for OSD_POOLRESEND (bsc#1048228).
– libceph: allow requests to return immediately on full conditions if
caller wishes (bsc#1048228).
– libceph: always populate t->target_{oid,oloc} in calc_target()
(bsc#1048228).
– libceph: always signal completion when done (bsc#1048228).
– libceph: apply_upmap() (bsc#1048228).
– libceph: avoid unnecessary pi lookups in calc_target() (bsc#1048228).
– libceph: ceph_connection_operations::reencode_message() method
(bsc#1048228).
– libceph: ceph_decode_skip_* helpers (bsc#1048228).
– libceph: compute actual pgid in ceph_pg_to_up_acting_osds()
(bsc#1048228).
– libceph, crush: per-pool crush_choose_arg_map for crush_do_rule()
(bsc#1048228).
– libceph: delete from need_resend_linger before check_linger_pool_dne()
(bsc#1048228).
– libceph: do not call encode_request_finish() on MOSDBackoff messages
(bsc#1048228).
– libceph: do not call ->reencode_message() more than once per message
(bsc#1048228).
– libceph: do not pass pgid by value (bsc#1048228).
– libceph: drop need_resend from calc_target() (bsc#1048228).
– libceph: encode_{pgid,oloc}() helpers (bsc#1048228).
– libceph: fallback for when there isn’t a pool-specific choose_arg
(bsc#1048228).
– libceph: fix old style declaration warnings (bsc#1048228).
– libceph: foldreq->last_force_resend into ceph_osd_request_target
(bsc#1048228).
– libceph: get rid of ack vs commit (bsc#1048228).
– libceph: handle non-empty dest in ceph_{oloc,oid}_copy() (bsc#1048228).
– libceph: initialize last_linger_id with a large integer (bsc#1048228).
– libceph: introduce and switch to decode_pg_mapping() (bsc#1048228).
– libceph: introduce ceph_spg, ceph_pg_to_primary_shard() (bsc#1048228).
– libceph: kill __{insert,lookup,remove}_pg_mapping() (bsc#1048228).
– libceph: make DEFINE_RB_* helpers more general (bsc#1048228).
– libceph: make encode_request_*() work with r_mempool requests
(bsc#1048228).
– libceph: make RECOVERY_DELETES feature create a new interval
(bsc#1048228).
– libceph: make sure need_resend targets reflect latest map (bsc#1048228).
– libceph: MOSDOp v8 encoding (actual spgid + full hash) (bsc#1048228).
– libceph: new features macros (bsc#1048228).
– libceph: new pi->last_force_request_resend (bsc#1048228).
– libceph: NULL deref on osdmap_apply_incremental() error path
(bsc#1048228).
– libceph: osd_request_timeout option (bsc#1048228).
– libceph: osd_state is 32 bits wide in luminous (bsc#1048228).
– libceph: pg_upmap[_items] infrastructure (bsc#1048228).
– libceph: pool deletion detection (bsc#1048228).
– libceph: potential NULL dereference in ceph_msg_data_create()
(bsc#1048228).
– libceph: remove ceph_sanitize_features() workaround (bsc#1048228).
– libceph: remove now unused finish_request() wrapper (bsc#1048228).
– libceph: remove req->r_replay_version (bsc#1048228).
– libceph: resend on PG splits if OSD has RESEND_ON_SPLIT (bsc#1048228).
– libceph: respect RADOS_BACKOFF backoffs (bsc#1048228).
– libceph: set -EINVAL in one place in crush_decode() (bsc#1048228).
– libceph: support SERVER_JEWEL feature bits (bsc#1048228).
– libceph: take osdc->lock in osdmap_show() and dump flags in hex
(bsc#1048228).
– libceph: upmap semantic changes (bsc#1048228).
– libceph: use alloc_pg_mapping() in __decode_pg_upmap_items()
(bsc#1048228).
– libceph: use target pi for calc_target() calculations (bsc#1048228).
– lib: test_rhashtable: fix for large entry counts (bsc#1055359).
– lib: test_rhashtable: Fix KASAN warning (bsc#1055359).
– locking/rwsem: Fix down_write_killable() for
CONFIG_RWSEM_GENERIC_SPINLOCK=y (bsc#969756).
– locking/rwsem-spinlock: Fix EINTR branch in __down_write_common()
(bsc#969756).
– lpfc: Add Buffer to Buffer credit recovery support (bsc#1052384).
– lpfc: convert info messages to standard messages (bsc#1052384).
– lpfc: Correct issues with FAWWN and FDISCs (bsc#1052384).
– lpfc: Correct return error codes to align with nvme_fc transport
(bsc#1052384).
– lpfc: Fix bad sgl reposting after 2nd adapter reset (bsc#1052384).
– lpfc: Fix crash in lpfc nvmet when fc port is reset (bsc#1052384).
– lpfc: Fix duplicate NVME rport entries and namespaces (bsc#1052384).
– lpfc: Fix handling of FCP and NVME FC4 types in Pt2Pt topology
(bsc#1052384).
– lpfc: fix “integer constant too large” error on 32bit archs
(bsc#1052384).
– lpfc: Fix loop mode target discovery (bsc#1052384).
– lpfc: Fix MRQ > 1 context list handling (bsc#1052384).
– lpfc: Fix NVME PRLI handling during RSCN (bsc#1052384).
– lpfc: Fix nvme target failure after 2nd adapter reset (bsc#1052384).
– lpfc: Fix oops when NVME Target is discovered in a nonNVME environment
(bsc#1052384).
– lpfc: Fix plogi collision that causes illegal state transition
(bsc#1052384).
– lpfc: Fix rediscovery on switch blade pull (bsc#1052384).
– lpfc: Fix relative offset error on large nvmet target ios (bsc#1052384).
– lpfc: fixup crash during storage failover operations (bsc#1042847).
– lpfc: Limit amount of work processed in IRQ (bsc#1052384).
– lpfc: lpfc version bump 11.4.0.3 (bsc#1052384).
– lpfc: remove console log clutter (bsc#1052384).
– lpfc: support nvmet_fc defer_rcv callback (bsc#1052384).
– megaraid_sas: Fix probing cards without io port (bsc#1053681).
– mmc: mmc: correct the logic for setting HS400ES signal voltage
(bsc#1054082).
– mm, madvise: ensure poisoned pages are removed from per-cpu lists (VM hw
poison — git fixes).
– mptsas: Fixup device hotplug for VMWare ESXi (bsc#1030850).
– net: ethernet: hip04: Call SET_NETDEV_DEV() (bsc#1049336).
– netfilter: fix IS_ERR_VALUE usage (bsc#1052888).
– netfilter: x_tables: pack percpu counter allocations (bsc#1052888).
– netfilter: x_tables: pass xt_counters struct instead of packet counter
(bsc#1052888).
– netfilter: x_tables: pass xt_counters struct to counter allocator
(bsc#1052888).
– net: hns: add acpi function of xge led control (bsc#1049336).
– net: hns: Fix a skb used after free bug (bsc#1049336).
– net/mlx5: Cancel delayed recovery work when unloading the driver
(bsc#1015342).
– net/mlx5: Clean SRIOV eswitch resources upon VF creation failure
(bsc#1015342).
– net/mlx5: Consider tx_enabled in all modes on remap (bsc#1015342).
– net/mlx5e: Add field select to MTPPS register (bsc#1015342).
– net/mlx5e: Add missing support for PTP_CLK_REQ_PPS request (bsc#1015342).
– net/mlx5e: Change 1PPS out scheme (bsc#1015342).
– net/mlx5e: Fix broken disable 1PPS flow (bsc#1015342).
– net/mlx5e: Fix outer_header_zero() check size (bsc#1015342).
– net/mlx5e: Fix TX carrier errors report in get stats ndo (bsc#1015342).
– net/mlx5e: Initialize CEE’s getpermhwaddr address buffer to 0xff
(bsc#1015342).
– net/mlx5e: Rename physical symbol errors counter (bsc#1015342).
– net/mlx5: Fix mlx5_add_flow_rules call with correct num of dests
(bsc#1015342).
– net/mlx5: Fix mlx5_ifc_mtpps_reg_bits structure size (bsc#1015342).
– net/mlx5: Fix offset of hca cap reserved field (bsc#1015342).
– net: phy: Fix lack of reference count on PHY driver (bsc#1049336).
– net: phy: Fix PHY module checks and NULL deref in phy_attach_direct()
(bsc#1049336).
– nvme-fc: address target disconnect race conditions in fcp io submit
(bsc#1052384).
– nvme-fc: do not override opts->nr_io_queues (bsc#1052384).
– nvme-fc: kABI fix for defer_rcv() callback (bsc#1052384).
– nvme_fc/nvmet_fc: revise Create Association descriptor length
(bsc#1052384).
– nvme_fc: Reattach to localports on re-registration (bsc#1052384).
– nvme-fc: revise TRADDR parsing (bsc#1052384).
– nvme-fc: update tagset nr_hw_queues after queues reinit (bsc#1052384).
– nvme-fc: use blk_mq_delay_run_hw_queue instead of open-coding it
(bsc#1052384).
– nvme: fix hostid parsing (bsc#1049272).
– nvme-loop: update tagset nr_hw_queues after reconnecting/resetting
(bsc#1052384).
– nvme-pci: fix CMB sysfs file removal in reset path (bsc#1050211).
– nvme-rdma: update tagset nr_hw_queues after reconnecting/resetting
(bsc#1052384).
– nvmet: avoid unneeded assignment of submit_bio return value
(bsc#1052384).
– nvmet_fc: Accept variable pad lengths on Create Association LS
(bsc#1052384).
– nvmet_fc: add defer_req callback for deferment of cmd buffer return
(bsc#1052384).
– nvmet-fc: correct use after free on list teardown (bsc#1052384).
– nvmet-fc: eliminate incorrect static markers on local variables
(bsc#1052384).
– nvmet-fc: fix byte swapping in nvmet_fc_ls_create_association
(bsc#1052384).
– nvmet_fc: Simplify sg list handling (bsc#1052384).
– nvmet: prefix version configfs file with attr (bsc#1052384).
– of: fix “/cpus” reference leak in of_numa_parse_cpu_nodes()
(bsc#1056827).
– ovl: fix dentry leak for default_permissions (bsc#1054084).
– pci/msi: fix the pci_alloc_irq_vectors_affinity stub (bsc#1050211).
– pci/MSI: Ignore affinity if pre/post vector count is more than min_vecs
(1050211).
– percpu_ref: allow operation mode switching operations to be called
concurrently (bsc#1055096).
– percpu_ref: remove unnecessary RCU grace period for staggered atomic
switching confirmation (bsc#1055096).
– percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate
percpu_ref_switch_to_atomic() (bsc#1055096).
– percpu_ref: restructure operation mode switching (bsc#1055096).
– percpu_ref: unify staggered atomic switching wait behavior (bsc#1055096).
– phy: Do not increment MDIO bus refcount unless it’s a different owner
(bsc#1049336).
– phy: fix error case of phy_led_triggers_(un)register (bsc#1049336).
– qeth: add network device features for VLAN devices (bnc#1053472,
LTC#157385).
– r8169: Add support for restarting auto-negotiation (bsc#1050742).
– r8169:Correct the way of setting RTL8168DP ephy (bsc#1050742).
– r8169:fix system hange problem (bsc#1050742).
– r8169:Fix typo in setting RTL8168H PHY parameter (bsc#1050742).
– r8169:Fix typo in setting RTL8168H PHY PFM mode (bsc#1050742).
– r8169:Remove unnecessary phy reset for pcie nic when setting link spped
(bsc#1050742).
– r8169:Update the way of reading RTL8168H PHY register “rg_saw_cnt”
(bsc#1050742).
– rdma/mlx5: Fix existence check for extended address vector (bsc#1015342).
– Remove patch
0407-nvme_fc-change-failure-code-on-remoteport-connectivi.patch
(bsc#1037838)
– Revert “ceph: SetPageError() for writeback pages if writepages fails”
(bsc#1048228).
– s390/diag: add diag26c support (bnc#1053472, LTC#156729).
– s390: export symbols for crash-kmp (bsc#1053915).
– s390: Include uapi/linux/if_ether.h instead of linux/if_ether.h
(bsc#1053472).
– s390/pci: do not cleanup in arch_setup_msi_irqs (bnc#1053472,
LTC#157731).
– s390/pci: fix handling of PEC 306 (bnc#1053472, LTC#157731).
– s390/pci: improve error handling during fmb (de)registration
(bnc#1053472, LTC#157731).
– s390/pci: improve error handling during interrupt deregistration
(bnc#1053472, LTC#157731).
– s390/pci: improve pci hotplug (bnc#1053472, LTC#157731).
– s390/pci: improve unreg_ioat error handling (bnc#1053472, LTC#157731).
– s390/pci: introduce clp_get_state (bnc#1053472, LTC#157731).
– s390/pci: provide more debug information (bnc#1053472, LTC#157731).
– s390/pci: recognize name clashes with uids (bnc#1053472, LTC#157731).
– s390/qeth: no ETH header for outbound AF_IUCV (bnc#1053472, LTC#156276).
– s390/qeth: size calculation outbound buffers (bnc#1053472, LTC#156276).
– s390/qeth: use diag26c to get MAC address on L2 (bnc#1053472,
LTC#156729).
– scsi: csiostor: add check for supported fw version (bsc#1005776).
– scsi: csiostor: add support for Chelsio T6 adapters (bsc#1005776).
– scsi: csiostor: fix use after free in csio_hw_use_fwconfig()
(bsc#1005776).
– scsi: csiostor: switch to pci_alloc_irq_vectors (bsc#1005776).
– scsi: csiostor: update module version (bsc#1052093).
– scsi: cxgb4i: assign rxqs in round robin mode (bsc#1052094).
– scsi: qedf: Fix a potential NULL pointer dereference (bsc#1048912).
– scsi: qedf: Limit number of CQs (bsc#1040813).
– supported.conf: clear mistaken external support flag for cifs.ko
(bsc#1053802).
– tpm: fix: return rc when devm_add_action() fails (bsc#1020645,
fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes
8e0ee3c9faed).
– tpm: Issue a TPM2_Shutdown for TPM2 devices (bsc#1053117).
– tpm: KABI fix (bsc#1053117).
– tpm: read burstcount from TPM_STS in one 32-bit transaction
(bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048,
git-fixes 27084efee0c3).
– tpm_tis_core: Choose appropriate timeout for reading burstcount
(bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048,
git-fixes aec04cbdf723).
– tpm_tis_core: convert max timeouts from msec to jiffies (bsc#1020645,
fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes
aec04cbdf723).
– tty: pl011: fix initialization order of QDF2400 E44 (bsc#1054082).
– tty: serial: msm: Support more bauds (git-fixes).
– Update
patches.drivers/tpm-141-fix-RC-value-check-in-tpm2_seal_trusted.patch
(bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048,
git-fixes 5ca4c20cfd37).
– usb: core: fix device node leak (bsc#1047487).
– x86/mm: Fix use-after-free of ldt_struct (bsc#1055963).
– xfs/dmapi: fix incorrect file->f_path.dentry->d_inode usage
(bsc#1055896).
– xfs: nowait aio support (FATE#321994).
– xgene: Always get clk source, but ignore if it’s missing for SGMII ports
(bsc#1048501).
– xgene: Do not fail probe, if there is no clk resource for SGMII
interfaces (bsc#1048501).

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-1017=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.3 (noarch):

kernel-devel-4.4.85-22.1
kernel-docs-4.4.85-22.3
kernel-docs-html-4.4.85-22.3
kernel-docs-pdf-4.4.85-22.3
kernel-macros-4.4.85-22.1
kernel-source-4.4.85-22.1
kernel-source-vanilla-4.4.85-22.1

– openSUSE Leap 42.3 (x86_64):

kernel-debug-4.4.85-22.1
kernel-debug-base-4.4.85-22.1
kernel-debug-base-debuginfo-4.4.85-22.1
kernel-debug-debuginfo-4.4.85-22.1
kernel-debug-debugsource-4.4.85-22.1
kernel-debug-devel-4.4.85-22.1
kernel-debug-devel-debuginfo-4.4.85-22.1
kernel-default-4.4.85-22.1
kernel-default-base-4.4.85-22.1
kernel-default-base-debuginfo-4.4.85-22.1
kernel-default-debuginfo-4.4.85-22.1
kernel-default-debugsource-4.4.85-22.1
kernel-default-devel-4.4.85-22.1
kernel-obs-build-4.4.85-22.1
kernel-obs-build-debugsource-4.4.85-22.1
kernel-obs-qa-4.4.85-22.1
kernel-syms-4.4.85-22.1
kernel-vanilla-4.4.85-22.1
kernel-vanilla-base-4.4.85-22.1
kernel-vanilla-base-debuginfo-4.4.85-22.1
kernel-vanilla-debuginfo-4.4.85-22.1
kernel-vanilla-debugsource-4.4.85-22.1
kernel-vanilla-devel-4.4.85-22.1

References:

https://www.suse.com/security/cve/CVE-2017-12134.html
https://www.suse.com/security/cve/CVE-2017-14051.html
https://bugzilla.suse.com/1005776
https://bugzilla.suse.com/1015342
https://bugzilla.suse.com/1020645
https://bugzilla.suse.com/1020657
https://bugzilla.suse.com/1030850
https://bugzilla.suse.com/1031717
https://bugzilla.suse.com/1031784
https://bugzilla.suse.com/1034048
https://bugzilla.suse.com/1037838
https://bugzilla.suse.com/1040813
https://bugzilla.suse.com/1042847
https://bugzilla.suse.com/1047487
https://bugzilla.suse.com/1047989
https://bugzilla.suse.com/1048155
https://bugzilla.suse.com/1048228
https://bugzilla.suse.com/1048325
https://bugzilla.suse.com/1048327
https://bugzilla.suse.com/1048356
https://bugzilla.suse.com/1048501
https://bugzilla.suse.com/1048912
https://bugzilla.suse.com/1048934
https://bugzilla.suse.com/1049226
https://bugzilla.suse.com/1049272
https://bugzilla.suse.com/1049291
https://bugzilla.suse.com/1049336
https://bugzilla.suse.com/1050211
https://bugzilla.suse.com/1050742
https://bugzilla.suse.com/1051790
https://bugzilla.suse.com/1052093
https://bugzilla.suse.com/1052094
https://bugzilla.suse.com/1052095
https://bugzilla.suse.com/1052384
https://bugzilla.suse.com/1052580
https://bugzilla.suse.com/1052888
https://bugzilla.suse.com/1053117
https://bugzilla.suse.com/1053309
https://bugzilla.suse.com/1053472
https://bugzilla.suse.com/1053627
https://bugzilla.suse.com/1053629
https://bugzilla.suse.com/1053633
https://bugzilla.suse.com/1053681
https://bugzilla.suse.com/1053685
https://bugzilla.suse.com/1053802
https://bugzilla.suse.com/1053915
https://bugzilla.suse.com/1053919
https://bugzilla.suse.com/1054082
https://bugzilla.suse.com/1054084
https://bugzilla.suse.com/1055013
https://bugzilla.suse.com/1055096
https://bugzilla.suse.com/1055272
https://bugzilla.suse.com/1055290
https://bugzilla.suse.com/1055359
https://bugzilla.suse.com/1055709
https://bugzilla.suse.com/1055896
https://bugzilla.suse.com/1055935
https://bugzilla.suse.com/1055963
https://bugzilla.suse.com/1056185
https://bugzilla.suse.com/1056588
https://bugzilla.suse.com/1056827
https://bugzilla.suse.com/969756


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2381-1: important: Security update for gdk-pixbuf

SUSE Security Update: Security update for gdk-pixbuf
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2381-1
Rating: important
References: #1027024 #1027025 #1027026 #1048289 #1048544
#1049877
Cross-References: CVE-2017-2862 CVE-2017-2870 CVE-2017-6312
CVE-2017-6313 CVE-2017-6314
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________

An update that solves 5 vulnerabilities and has one errata
is now available.

Description:

This update for gdk-pixbuf fixes the following issues:

– CVE-2017-2862: JPEG gdk_pixbuf__jpeg_image_load_increment Code Execution
Vulnerability (bsc#1048289)
– CVE-2017-2870: tiff_image_parse Code Execution Vulnerability
(bsc#1048544)
– CVE-2017-6313: A dangerous integer underflow in io-icns.c (bsc#1027024)
– CVE-2017-6314: Infinite loop in io-tiff.c (bsc#1027025)
– CVE-2017-6312: Out-of-bounds read on io-ico.c (bsc#1027026)

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Software Development Kit 12-SP3:

zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1471=1

– SUSE Linux Enterprise Software Development Kit 12-SP2:

zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1471=1

– SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:

zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1471=1

– SUSE Linux Enterprise Server 12-SP3:

zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1471=1

– SUSE Linux Enterprise Server 12-SP2:

zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1471=1

– SUSE Linux Enterprise Desktop 12-SP3:

zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1471=1

– SUSE Linux Enterprise Desktop 12-SP2:

zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1471=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):

gdk-pixbuf-debugsource-2.34.0-19.5.1
gdk-pixbuf-devel-2.34.0-19.5.1
gdk-pixbuf-devel-debuginfo-2.34.0-19.5.1

– SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):

gdk-pixbuf-debugsource-2.34.0-19.5.1
gdk-pixbuf-devel-2.34.0-19.5.1
gdk-pixbuf-devel-debuginfo-2.34.0-19.5.1

– SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):

gdk-pixbuf-debugsource-2.34.0-19.5.1
gdk-pixbuf-query-loaders-2.34.0-19.5.1
gdk-pixbuf-query-loaders-debuginfo-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-debuginfo-2.34.0-19.5.1
typelib-1_0-GdkPixbuf-2_0-2.34.0-19.5.1

– SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch):

gdk-pixbuf-lang-2.34.0-19.5.1

– SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

gdk-pixbuf-debugsource-2.34.0-19.5.1
gdk-pixbuf-query-loaders-2.34.0-19.5.1
gdk-pixbuf-query-loaders-debuginfo-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-debuginfo-2.34.0-19.5.1
typelib-1_0-GdkPixbuf-2_0-2.34.0-19.5.1

– SUSE Linux Enterprise Server 12-SP3 (s390x x86_64):

gdk-pixbuf-query-loaders-32bit-2.34.0-19.5.1
gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-32bit-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-19.5.1

– SUSE Linux Enterprise Server 12-SP3 (noarch):

gdk-pixbuf-lang-2.34.0-19.5.1

– SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):

gdk-pixbuf-debugsource-2.34.0-19.5.1
gdk-pixbuf-query-loaders-2.34.0-19.5.1
gdk-pixbuf-query-loaders-debuginfo-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-debuginfo-2.34.0-19.5.1
typelib-1_0-GdkPixbuf-2_0-2.34.0-19.5.1

– SUSE Linux Enterprise Server 12-SP2 (s390x x86_64):

gdk-pixbuf-query-loaders-32bit-2.34.0-19.5.1
gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-32bit-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-19.5.1

– SUSE Linux Enterprise Server 12-SP2 (noarch):

gdk-pixbuf-lang-2.34.0-19.5.1

– SUSE Linux Enterprise Desktop 12-SP3 (x86_64):

gdk-pixbuf-debugsource-2.34.0-19.5.1
gdk-pixbuf-query-loaders-2.34.0-19.5.1
gdk-pixbuf-query-loaders-32bit-2.34.0-19.5.1
gdk-pixbuf-query-loaders-debuginfo-2.34.0-19.5.1
gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-32bit-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-debuginfo-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-19.5.1
typelib-1_0-GdkPixbuf-2_0-2.34.0-19.5.1

– SUSE Linux Enterprise Desktop 12-SP3 (noarch):

gdk-pixbuf-lang-2.34.0-19.5.1

– SUSE Linux Enterprise Desktop 12-SP2 (noarch):

gdk-pixbuf-lang-2.34.0-19.5.1

– SUSE Linux Enterprise Desktop 12-SP2 (x86_64):

gdk-pixbuf-debugsource-2.34.0-19.5.1
gdk-pixbuf-query-loaders-2.34.0-19.5.1
gdk-pixbuf-query-loaders-32bit-2.34.0-19.5.1
gdk-pixbuf-query-loaders-debuginfo-2.34.0-19.5.1
gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-32bit-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-debuginfo-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-19.5.1
typelib-1_0-GdkPixbuf-2_0-2.34.0-19.5.1

References:

https://www.suse.com/security/cve/CVE-2017-2862.html
https://www.suse.com/security/cve/CVE-2017-2870.html
https://www.suse.com/security/cve/CVE-2017-6312.html
https://www.suse.com/security/cve/CVE-2017-6313.html
https://www.suse.com/security/cve/CVE-2017-6314.html
https://bugzilla.suse.com/1027024
https://bugzilla.suse.com/1027025
https://bugzilla.suse.com/1027026
https://bugzilla.suse.com/1048289
https://bugzilla.suse.com/1048544
https://bugzilla.suse.com/1049877


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE-SU-2017:2370-1: important: Security update for libzypp, zypper

openSUSE Security Update: Security update for libzypp, zypper
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2370-1
Rating: important
References: #1008325 #1038984 #1045735 #1047785 #1054088
#1054671 #1055920
Cross-References: CVE-2017-7436
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves one vulnerability and has 6 fixes is
now available.

Description:

The Software Update Stack was updated to receive fixes and enhancements.

libzypp:

– Adapt to work with GnuPG 2.1.23. (bsc#1054088)
– Support signing with subkeys. (bsc#1008325)
– Enhance sort order for media.1/products. (bsc#1054671)

zypper:

– Also show a gpg key’s subkeys. (bsc#1008325)
– Improve signature check callback messages. (bsc#1045735)
– Add options to tune the GPG check settings. (bsc#1045735)
– Adapt download callback to report and handle unsigned packages.
(bsc#1038984, CVE-2017-7436)
– Report missing/optional files as ‘not found’ rather than ‘error’.
(bsc#1047785)

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-1009=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.3 (i586 x86_64):

libzypp-16.15.6-12.1
libzypp-debuginfo-16.15.6-12.1
libzypp-debugsource-16.15.6-12.1
libzypp-devel-16.15.6-12.1
libzypp-devel-doc-16.15.6-12.1
zypper-1.13.32-8.1
zypper-debuginfo-1.13.32-8.1
zypper-debugsource-1.13.32-8.1

– openSUSE Leap 42.3 (noarch):

zypper-aptitude-1.13.32-8.1
zypper-log-1.13.32-8.1

References:

https://www.suse.com/security/cve/CVE-2017-7436.html
https://bugzilla.suse.com/1008325
https://bugzilla.suse.com/1038984
https://bugzilla.suse.com/1045735
https://bugzilla.suse.com/1047785
https://bugzilla.suse.com/1054088
https://bugzilla.suse.com/1054671
https://bugzilla.suse.com/1055920


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2355-1: important: Security update for postgresql94

SUSE Security Update: Security update for postgresql94
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2355-1
Rating: important
References: #1051684 #1051685 #1053259
Cross-References: CVE-2017-7546 CVE-2017-7547 CVE-2017-7548

Affected Products:
SUSE OpenStack Cloud 6
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server for SAP 12
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Server 12-SP1-LTSS
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for postgresql94 fixes the following issues:

* CVE-2017-7547: Further restrict visibility of
pg_user_mappings.umoptions, to protect passwords stored as user mapping
options. (bsc#1051685)
* CVE-2017-7546: Disallow empty passwords in all password-based
authentication methods. (bsc#1051684)
* CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259)

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE OpenStack Cloud 6:

zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1460=1

– SUSE Linux Enterprise Software Development Kit 12-SP2:

zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1460=1

– SUSE Linux Enterprise Server for SAP 12-SP1:

zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1460=1

– SUSE Linux Enterprise Server for SAP 12:

zypper in -t patch SUSE-SLE-SAP-12-2017-1460=1

– SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:

zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1460=1

– SUSE Linux Enterprise Server 12-SP2:

zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1460=1

– SUSE Linux Enterprise Server 12-SP1-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1460=1

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1460=1

– SUSE Linux Enterprise Desktop 12-SP2:

zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1460=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE OpenStack Cloud 6 (noarch):

postgresql94-docs-9.4.13-21.5.1

– SUSE OpenStack Cloud 6 (x86_64):

postgresql94-9.4.13-21.5.1
postgresql94-contrib-9.4.13-21.5.1
postgresql94-contrib-debuginfo-9.4.13-21.5.1
postgresql94-debuginfo-9.4.13-21.5.1
postgresql94-debugsource-9.4.13-21.5.1
postgresql94-server-9.4.13-21.5.1
postgresql94-server-debuginfo-9.4.13-21.5.1

– SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):

postgresql94-devel-9.4.13-21.5.1
postgresql94-devel-debuginfo-9.4.13-21.5.1
postgresql94-libs-debugsource-9.4.13-21.5.1

– SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):

postgresql94-9.4.13-21.5.1
postgresql94-contrib-9.4.13-21.5.1
postgresql94-contrib-debuginfo-9.4.13-21.5.1
postgresql94-debuginfo-9.4.13-21.5.1
postgresql94-debugsource-9.4.13-21.5.1
postgresql94-server-9.4.13-21.5.1
postgresql94-server-debuginfo-9.4.13-21.5.1

– SUSE Linux Enterprise Server for SAP 12-SP1 (noarch):

postgresql94-docs-9.4.13-21.5.1

– SUSE Linux Enterprise Server for SAP 12 (noarch):

postgresql94-docs-9.4.13-21.5.1

– SUSE Linux Enterprise Server for SAP 12 (x86_64):

postgresql94-9.4.13-21.5.1
postgresql94-contrib-9.4.13-21.5.1
postgresql94-contrib-debuginfo-9.4.13-21.5.1
postgresql94-debuginfo-9.4.13-21.5.1
postgresql94-debugsource-9.4.13-21.5.1
postgresql94-server-9.4.13-21.5.1
postgresql94-server-debuginfo-9.4.13-21.5.1

– SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):

postgresql94-9.4.13-21.5.1
postgresql94-contrib-9.4.13-21.5.1
postgresql94-contrib-debuginfo-9.4.13-21.5.1
postgresql94-debuginfo-9.4.13-21.5.1
postgresql94-debugsource-9.4.13-21.5.1
postgresql94-server-9.4.13-21.5.1
postgresql94-server-debuginfo-9.4.13-21.5.1

– SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch):

postgresql94-docs-9.4.13-21.5.1

– SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):

postgresql94-9.4.13-21.5.1
postgresql94-contrib-9.4.13-21.5.1
postgresql94-contrib-debuginfo-9.4.13-21.5.1
postgresql94-debuginfo-9.4.13-21.5.1
postgresql94-debugsource-9.4.13-21.5.1
postgresql94-server-9.4.13-21.5.1
postgresql94-server-debuginfo-9.4.13-21.5.1

– SUSE Linux Enterprise Server 12-SP2 (noarch):

postgresql94-docs-9.4.13-21.5.1

– SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):

postgresql94-9.4.13-21.5.1
postgresql94-contrib-9.4.13-21.5.1
postgresql94-contrib-debuginfo-9.4.13-21.5.1
postgresql94-debuginfo-9.4.13-21.5.1
postgresql94-debugsource-9.4.13-21.5.1
postgresql94-server-9.4.13-21.5.1
postgresql94-server-debuginfo-9.4.13-21.5.1

– SUSE Linux Enterprise Server 12-SP1-LTSS (noarch):

postgresql94-docs-9.4.13-21.5.1

– SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):

postgresql94-9.4.13-21.5.1
postgresql94-contrib-9.4.13-21.5.1
postgresql94-contrib-debuginfo-9.4.13-21.5.1
postgresql94-debuginfo-9.4.13-21.5.1
postgresql94-debugsource-9.4.13-21.5.1
postgresql94-server-9.4.13-21.5.1
postgresql94-server-debuginfo-9.4.13-21.5.1

– SUSE Linux Enterprise Server 12-LTSS (noarch):

postgresql94-docs-9.4.13-21.5.1

– SUSE Linux Enterprise Desktop 12-SP2 (x86_64):

postgresql94-9.4.13-21.5.1
postgresql94-debuginfo-9.4.13-21.5.1
postgresql94-debugsource-9.4.13-21.5.1

References:

https://www.suse.com/security/cve/CVE-2017-7546.html
https://www.suse.com/security/cve/CVE-2017-7547.html
https://www.suse.com/security/cve/CVE-2017-7548.html
https://bugzilla.suse.com/1051684
https://bugzilla.suse.com/1051685
https://bugzilla.suse.com/1053259


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2356-1: important: Security update for postgresql96

SUSE Security Update: Security update for postgresql96
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2356-1
Rating: important
References: #1051684 #1051685 #1053259
Cross-References: CVE-2017-7546 CVE-2017-7547 CVE-2017-7548

Affected Products:
SUSE OpenStack Cloud 6
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server for SAP 12
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Server 12-SP1-LTSS
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for postgresql96 fixes the following issues:

* CVE-2017-7547: Further restrict visibility of
pg_user_mappings.umoptions, to protect passwords stored as user mapping
options. (bsc#1051685)
* CVE-2017-7546: Disallow empty passwords in all password-based
authentication methods. (bsc#1051684)
* CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259)

The changelog for this release is here:
https://www.postgresql.org/docs/9.6/static/release-9-6-4.html

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE OpenStack Cloud 6:

zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1461=1

– SUSE Linux Enterprise Software Development Kit 12-SP3:

zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1461=1

– SUSE Linux Enterprise Software Development Kit 12-SP2:

zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1461=1

– SUSE Linux Enterprise Server for SAP 12-SP1:

zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1461=1

– SUSE Linux Enterprise Server for SAP 12:

zypper in -t patch SUSE-SLE-SAP-12-2017-1461=1

– SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:

zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1461=1

– SUSE Linux Enterprise Server 12-SP3:

zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1461=1

– SUSE Linux Enterprise Server 12-SP2:

zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1461=1

– SUSE Linux Enterprise Server 12-SP1-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1461=1

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1461=1

– SUSE Linux Enterprise Desktop 12-SP3:

zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1461=1

– SUSE Linux Enterprise Desktop 12-SP2:

zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1461=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE OpenStack Cloud 6 (x86_64):

libecpg6-9.6.4-3.6.1
libecpg6-debuginfo-9.6.4-3.6.1
libpq5-32bit-9.6.4-3.6.1
libpq5-9.6.4-3.6.1
libpq5-debuginfo-32bit-9.6.4-3.6.1
libpq5-debuginfo-9.6.4-3.6.1
postgresql96-9.6.4-3.6.1
postgresql96-contrib-9.6.4-3.6.1
postgresql96-contrib-debuginfo-9.6.4-3.6.1
postgresql96-debuginfo-9.6.4-3.6.1
postgresql96-debugsource-9.6.4-3.6.1
postgresql96-libs-debugsource-9.6.4-3.6.1
postgresql96-server-9.6.4-3.6.1
postgresql96-server-debuginfo-9.6.4-3.6.1

– SUSE OpenStack Cloud 6 (noarch):

postgresql96-docs-9.6.4-3.6.1

– SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):

postgresql96-devel-9.6.4-3.6.1
postgresql96-devel-debuginfo-9.6.4-3.6.1
postgresql96-libs-debugsource-9.6.4-3.6.1

– SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):

postgresql96-devel-9.6.4-3.6.1
postgresql96-devel-debuginfo-9.6.4-3.6.1
postgresql96-libs-debugsource-9.6.4-3.6.1

– SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):

libecpg6-9.6.4-3.6.1
libecpg6-debuginfo-9.6.4-3.6.1
libpq5-9.6.4-3.6.1
libpq5-debuginfo-9.6.4-3.6.1
postgresql96-9.6.4-3.6.1
postgresql96-contrib-9.6.4-3.6.1
postgresql96-contrib-debuginfo-9.6.4-3.6.1
postgresql96-debuginfo-9.6.4-3.6.1
postgresql96-debugsource-9.6.4-3.6.1
postgresql96-libs-debugsource-9.6.4-3.6.1
postgresql96-server-9.6.4-3.6.1
postgresql96-server-debuginfo-9.6.4-3.6.1

– SUSE Linux Enterprise Server for SAP 12-SP1 (noarch):

postgresql96-docs-9.6.4-3.6.1

– SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):

libpq5-32bit-9.6.4-3.6.1
libpq5-debuginfo-32bit-9.6.4-3.6.1

– SUSE Linux Enterprise Server for SAP 12 (noarch):

postgresql96-docs-9.6.4-3.6.1

– SUSE Linux Enterprise Server for SAP 12 (x86_64):

libecpg6-9.6.4-3.6.1
libecpg6-debuginfo-9.6.4-3.6.1
libpq5-32bit-9.6.4-3.6.1
libpq5-9.6.4-3.6.1
libpq5-debuginfo-32bit-9.6.4-3.6.1
libpq5-debuginfo-9.6.4-3.6.1
postgresql96-9.6.4-3.6.1
postgresql96-contrib-9.6.4-3.6.1
postgresql96-contrib-debuginfo-9.6.4-3.6.1
postgresql96-debuginfo-9.6.4-3.6.1
postgresql96-debugsource-9.6.4-3.6.1
postgresql96-libs-debugsource-9.6.4-3.6.1
postgresql96-server-9.6.4-3.6.1
postgresql96-server-debuginfo-9.6.4-3.6.1

– SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):

libecpg6-9.6.4-3.6.1
libecpg6-debuginfo-9.6.4-3.6.1
libpq5-9.6.4-3.6.1
libpq5-debuginfo-9.6.4-3.6.1
postgresql96-9.6.4-3.6.1
postgresql96-contrib-9.6.4-3.6.1
postgresql96-contrib-debuginfo-9.6.4-3.6.1
postgresql96-debuginfo-9.6.4-3.6.1
postgresql96-debugsource-9.6.4-3.6.1
postgresql96-libs-debugsource-9.6.4-3.6.1
postgresql96-server-9.6.4-3.6.1
postgresql96-server-debuginfo-9.6.4-3.6.1

– SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch):

postgresql96-docs-9.6.4-3.6.1

– SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

libecpg6-9.6.4-3.6.1
libecpg6-debuginfo-9.6.4-3.6.1
libpq5-9.6.4-3.6.1
libpq5-debuginfo-9.6.4-3.6.1
postgresql96-9.6.4-3.6.1
postgresql96-contrib-9.6.4-3.6.1
postgresql96-contrib-debuginfo-9.6.4-3.6.1
postgresql96-debuginfo-9.6.4-3.6.1
postgresql96-debugsource-9.6.4-3.6.1
postgresql96-libs-debugsource-9.6.4-3.6.1
postgresql96-server-9.6.4-3.6.1
postgresql96-server-debuginfo-9.6.4-3.6.1

– SUSE Linux Enterprise Server 12-SP3 (s390x x86_64):

libpq5-32bit-9.6.4-3.6.1
libpq5-debuginfo-32bit-9.6.4-3.6.1

– SUSE Linux Enterprise Server 12-SP3 (noarch):

postgresql96-docs-9.6.4-3.6.1

– SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):

libecpg6-9.6.4-3.6.1
libecpg6-debuginfo-9.6.4-3.6.1
libpq5-9.6.4-3.6.1
libpq5-debuginfo-9.6.4-3.6.1
postgresql96-9.6.4-3.6.1
postgresql96-contrib-9.6.4-3.6.1
postgresql96-contrib-debuginfo-9.6.4-3.6.1
postgresql96-debuginfo-9.6.4-3.6.1
postgresql96-debugsource-9.6.4-3.6.1
postgresql96-libs-debugsource-9.6.4-3.6.1
postgresql96-server-9.6.4-3.6.1
postgresql96-server-debuginfo-9.6.4-3.6.1

– SUSE Linux Enterprise Server 12-SP2 (s390x x86_64):

libpq5-32bit-9.6.4-3.6.1
libpq5-debuginfo-32bit-9.6.4-3.6.1

– SUSE Linux Enterprise Server 12-SP2 (noarch):

postgresql96-docs-9.6.4-3.6.1

– SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):

libecpg6-9.6.4-3.6.1
libecpg6-debuginfo-9.6.4-3.6.1
libpq5-9.6.4-3.6.1
libpq5-debuginfo-9.6.4-3.6.1
postgresql96-9.6.4-3.6.1
postgresql96-contrib-9.6.4-3.6.1
postgresql96-contrib-debuginfo-9.6.4-3.6.1
postgresql96-debuginfo-9.6.4-3.6.1
postgresql96-debugsource-9.6.4-3.6.1
postgresql96-libs-debugsource-9.6.4-3.6.1
postgresql96-server-9.6.4-3.6.1
postgresql96-server-debuginfo-9.6.4-3.6.1

– SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64):

libpq5-32bit-9.6.4-3.6.1
libpq5-debuginfo-32bit-9.6.4-3.6.1

– SUSE Linux Enterprise Server 12-SP1-LTSS (noarch):

postgresql96-docs-9.6.4-3.6.1

– SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):

libecpg6-9.6.4-3.6.1
libecpg6-debuginfo-9.6.4-3.6.1
libpq5-9.6.4-3.6.1
libpq5-debuginfo-9.6.4-3.6.1
postgresql96-9.6.4-3.6.1
postgresql96-contrib-9.6.4-3.6.1
postgresql96-contrib-debuginfo-9.6.4-3.6.1
postgresql96-debuginfo-9.6.4-3.6.1
postgresql96-debugsource-9.6.4-3.6.1
postgresql96-libs-debugsource-9.6.4-3.6.1
postgresql96-server-9.6.4-3.6.1
postgresql96-server-debuginfo-9.6.4-3.6.1

– SUSE Linux Enterprise Server 12-LTSS (s390x x86_64):

libpq5-32bit-9.6.4-3.6.1
libpq5-debuginfo-32bit-9.6.4-3.6.1

– SUSE Linux Enterprise Server 12-LTSS (noarch):

postgresql96-docs-9.6.4-3.6.1

– SUSE Linux Enterprise Desktop 12-SP3 (x86_64):

libecpg6-9.6.4-3.6.1
libecpg6-debuginfo-9.6.4-3.6.1
libpq5-32bit-9.6.4-3.6.1
libpq5-9.6.4-3.6.1
libpq5-debuginfo-32bit-9.6.4-3.6.1
libpq5-debuginfo-9.6.4-3.6.1
postgresql96-9.6.4-3.6.1
postgresql96-debuginfo-9.6.4-3.6.1
postgresql96-debugsource-9.6.4-3.6.1
postgresql96-libs-debugsource-9.6.4-3.6.1

– SUSE Linux Enterprise Desktop 12-SP2 (x86_64):

libecpg6-9.6.4-3.6.1
libecpg6-debuginfo-9.6.4-3.6.1
libpq5-32bit-9.6.4-3.6.1
libpq5-9.6.4-3.6.1
libpq5-debuginfo-32bit-9.6.4-3.6.1
libpq5-debuginfo-9.6.4-3.6.1
postgresql96-9.6.4-3.6.1
postgresql96-debuginfo-9.6.4-3.6.1
postgresql96-debugsource-9.6.4-3.6.1
postgresql96-libs-debugsource-9.6.4-3.6.1

References:

https://www.suse.com/security/cve/CVE-2017-7546.html
https://www.suse.com/security/cve/CVE-2017-7547.html
https://www.suse.com/security/cve/CVE-2017-7548.html
https://bugzilla.suse.com/1051684
https://bugzilla.suse.com/1051685
https://bugzilla.suse.com/1053259


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2350-1: important: Security update for python-pycrypto

SUSE Security Update: Security update for python-pycrypto
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2350-1
Rating: important
References: #1017420 #1047666
Cross-References: CVE-2013-7459
Affected Products:
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 6
SUSE Manager Tools 12
SUSE Manager Server 3.1
SUSE Manager Server 3.0
SUSE Manager Proxy 3.1
SUSE Manager Proxy 3.0
SUSE Linux Enterprise Point of Sale 12-SP2
SUSE Linux Enterprise Module for Web Scripting 12
SUSE Linux Enterprise Module for Public Cloud 12
SUSE Linux Enterprise Module for Advanced Systems Management 12
SUSE Enterprise Storage 4
SUSE Enterprise Storage 3
SUSE Container as a Service Platform ALL
OpenStack Cloud Magnum Orchestration 7
______________________________________________________________________________

An update that solves one vulnerability and has one errata
is now available.

Description:

This update for python-pycrypto fixes the following issues:

– CVE-2013-7459: Fixed a potential heap buffer overflow in ALGnew
(bsc#1017420).

python-paramiko was adjusted to work together with this python-pycrypto
change. (bsc#1047666)

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE OpenStack Cloud 7:

zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1457=1

– SUSE OpenStack Cloud 6:

zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1457=1

– SUSE Manager Tools 12:

zypper in -t patch SUSE-SLE-Manager-Tools-12-2017-1457=1

– SUSE Manager Server 3.1:

zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2017-1457=1

– SUSE Manager Server 3.0:

zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-1457=1

– SUSE Manager Proxy 3.1:

zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2017-1457=1

– SUSE Manager Proxy 3.0:

zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2017-1457=1

– SUSE Linux Enterprise Point of Sale 12-SP2:

zypper in -t patch SUSE-SLE-POS-12-SP2-2017-1457=1

– SUSE Linux Enterprise Module for Web Scripting 12:

zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2017-1457=1

– SUSE Linux Enterprise Module for Public Cloud 12:

zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1457=1

– SUSE Linux Enterprise Module for Advanced Systems Management 12:

zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2017-1457=1

– SUSE Enterprise Storage 4:

zypper in -t patch SUSE-Storage-4-2017-1457=1

– SUSE Enterprise Storage 3:

zypper in -t patch SUSE-Storage-3-2017-1457=1

– SUSE Container as a Service Platform ALL:

zypper in -t patch SUSE-CAASP-ALL-2017-1457=1

– OpenStack Cloud Magnum Orchestration 7:

zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1457=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE OpenStack Cloud 7 (aarch64 s390x x86_64):

python-pycrypto-2.6.1-10.3.1

– SUSE OpenStack Cloud 7 (s390x x86_64):

python-pycrypto-debuginfo-2.6.1-10.3.1

– SUSE OpenStack Cloud 6 (noarch):

python-paramiko-1.15.2-2.3.1

– SUSE OpenStack Cloud 6 (x86_64):

python-pycrypto-2.6.1-10.3.1
python-pycrypto-debuginfo-2.6.1-10.3.1

– SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64):

python-pycrypto-2.6.1-10.3.1

– SUSE Manager Tools 12 (ppc64le s390x x86_64):

python-pycrypto-debuginfo-2.6.1-10.3.1

– SUSE Manager Server 3.1 (ppc64le s390x x86_64):

python-pycrypto-2.6.1-10.3.1
python-pycrypto-debuginfo-2.6.1-10.3.1

– SUSE Manager Server 3.0 (s390x x86_64):

python-pycrypto-2.6.1-10.3.1
python-pycrypto-debuginfo-2.6.1-10.3.1

– SUSE Manager Proxy 3.1 (ppc64le x86_64):

python-pycrypto-2.6.1-10.3.1
python-pycrypto-debuginfo-2.6.1-10.3.1

– SUSE Manager Proxy 3.0 (x86_64):

python-pycrypto-2.6.1-10.3.1
python-pycrypto-debuginfo-2.6.1-10.3.1

– SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64):

python-pycrypto-2.6.1-10.3.1
python-pycrypto-debuginfo-2.6.1-10.3.1

– SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64):

python-pycrypto-2.6.1-10.3.1

– SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le s390x x86_64):

python-pycrypto-debuginfo-2.6.1-10.3.1

– SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64):

python-pycrypto-2.6.1-10.3.1

– SUSE Linux Enterprise Module for Public Cloud 12 (ppc64le s390x x86_64):

python-pycrypto-debuginfo-2.6.1-10.3.1

– SUSE Linux Enterprise Module for Public Cloud 12 (noarch):

python-paramiko-1.15.2-2.6.1

– SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64):

python-pycrypto-2.6.1-10.3.1
python-pycrypto-debuginfo-2.6.1-10.3.1

– SUSE Enterprise Storage 4 (aarch64 x86_64):

python-pycrypto-2.6.1-10.3.1

– SUSE Enterprise Storage 4 (x86_64):

python-pycrypto-debuginfo-2.6.1-10.3.1

– SUSE Enterprise Storage 3 (aarch64 x86_64):

python-pycrypto-2.6.1-10.3.1

– SUSE Enterprise Storage 3 (noarch):

python-paramiko-1.15.2-2.3.1

– SUSE Enterprise Storage 3 (x86_64):

python-pycrypto-debuginfo-2.6.1-10.3.1

– SUSE Container as a Service Platform ALL (x86_64):

python-pycrypto-2.6.1-10.3.1
python-pycrypto-debuginfo-2.6.1-10.3.1

– SUSE Container as a Service Platform ALL (noarch):

python-paramiko-1.16.0-10.3.5

– OpenStack Cloud Magnum Orchestration 7 (x86_64):

python-pycrypto-2.6.1-10.3.1
python-pycrypto-debuginfo-2.6.1-10.3.1

References:

https://www.suse.com/security/cve/CVE-2013-7459.html
https://bugzilla.suse.com/1017420
https://bugzilla.suse.com/1047666


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2344-1: important: Security update for libzypp, zypper

SUSE Security Update: Security update for libzypp, zypper
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2344-1
Rating: important
References: #1008325 #1038984 #1045735 #1047785 #1054088
#1054671 #1055920
Cross-References: CVE-2017-7436
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Desktop 12-SP3
______________________________________________________________________________

An update that solves one vulnerability and has 6 fixes is
now available.

Description:

The Software Update Stack was updated to receive fixes and enhancements.

libzypp:

– Adapt to work with GnuPG 2.1.23. (bsc#1054088)
– Support signing with subkeys. (bsc#1008325)
– Enhance sort order for media.1/products. (bsc#1054671)

zypper:

– Also show a gpg key’s subkeys. (bsc#1008325)
– Improve signature check callback messages. (bsc#1045735)
– Add options to tune the GPG check settings. (bsc#1045735)
– Adapt download callback to report and handle unsigned packages.
(bsc#1038984, CVE-2017-7436)
– Report missing/optional files as ‘not found’ rather than ‘error’.
(bsc#1047785)

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Software Development Kit 12-SP3:

zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1447=1

– SUSE Linux Enterprise Server 12-SP3:

zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1447=1

– SUSE Linux Enterprise Desktop 12-SP3:

zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1447=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):

libzypp-debuginfo-16.15.6-2.8.1
libzypp-debugsource-16.15.6-2.8.1
libzypp-devel-16.15.6-2.8.1
libzypp-devel-doc-16.15.6-2.8.1

– SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

libzypp-16.15.6-2.8.1
libzypp-debuginfo-16.15.6-2.8.1
libzypp-debugsource-16.15.6-2.8.1
zypper-1.13.32-21.3.2
zypper-debuginfo-1.13.32-21.3.2
zypper-debugsource-1.13.32-21.3.2

– SUSE Linux Enterprise Server 12-SP3 (noarch):

zypper-log-1.13.32-21.3.2

– SUSE Linux Enterprise Desktop 12-SP3 (noarch):

zypper-log-1.13.32-21.3.2

– SUSE Linux Enterprise Desktop 12-SP3 (x86_64):

libzypp-16.15.6-2.8.1
libzypp-debuginfo-16.15.6-2.8.1
libzypp-debugsource-16.15.6-2.8.1
zypper-1.13.32-21.3.2
zypper-debuginfo-1.13.32-21.3.2
zypper-debugsource-1.13.32-21.3.2

References:

https://www.suse.com/security/cve/CVE-2017-7436.html
https://bugzilla.suse.com/1008325
https://bugzilla.suse.com/1038984
https://bugzilla.suse.com/1045735
https://bugzilla.suse.com/1047785
https://bugzilla.suse.com/1054088
https://bugzilla.suse.com/1054671
https://bugzilla.suse.com/1055920


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2342-1: important: Security update for the Linux Kernel

SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2342-1
Rating: important
References: #1003077 #1005651 #1008374 #1008850 #1008893
#1012422 #1013018 #1013070 #1013800 #1013862
#1016489 #1017143 #1018074 #1018263 #1018446
#1019168 #1020229 #1021256 #1021913 #1022971
#1023014 #1023051 #1023163 #1023888 #1024508
#1024788 #1024938 #1025235 #1025702 #1026024
#1026260 #1026722 #1026914 #1027066 #1027101
#1027178 #1027565 #1028372 #1028415 #1028880
#1029140 #1029212 #1029770 #1029850 #1030213
#1030552 #1030573 #1030593 #1030814 #1031003
#1031052 #1031440 #1031579 #1032141 #1032340
#1032471 #1033287 #1033336 #1033771 #1033794
#1033804 #1033816 #1034026 #1034670 #1035576
#1035777 #1035920 #1036056 #1036288 #1036629
#1037182 #1037183 #1037191 #1037193 #1037227
#1037232 #1037233 #1037356 #1037358 #1037359
#1037441 #1038544 #1038879 #1038981 #1038982
#1039258 #1039348 #1039354 #1039456 #1039594
#1039882 #1039883 #1039885 #1040069 #1040351
#1041160 #1041431 #1041762 #1041975 #1042045
#1042200 #1042615 #1042633 #1042687 #1042832
#1043014 #1043234 #1043935 #1044015 #1044125
#1044216 #1044230 #1044854 #1044882 #1044913
#1044985 #1045154 #1045340 #1045356 #1045406
#1045416 #1045525 #1045538 #1045547 #1045615
#1046107 #1046122 #1046192 #1046715 #1047027
#1047053 #1047343 #1047354 #1047487 #1047523
#1047653 #1048185 #1048221 #1048232 #1048275
#1049483 #1049603 #1049688 #1049882 #1050154
#1050431 #1051478 #1051515 #1051770 #784815
#792863 #799133 #870618 #909486 #909618 #911105
#919382 #928138 #931620 #938352 #943786 #948562
#962257 #970956 #971975 #972891 #979021 #982783
#983212 #985561 #986362 #986365 #986924 #988065
#989056 #990682 #991651 #995542 #999245
Cross-References: CVE-2014-9922 CVE-2015-3288 CVE-2015-8970
CVE-2016-10200 CVE-2016-2188 CVE-2016-4997
CVE-2016-4998 CVE-2016-5243 CVE-2016-7117
CVE-2017-1000363 CVE-2017-1000364 CVE-2017-1000365
CVE-2017-1000380 CVE-2017-11176 CVE-2017-11473
CVE-2017-2636 CVE-2017-2647 CVE-2017-2671
CVE-2017-5669 CVE-2017-5970 CVE-2017-5986
CVE-2017-6074 CVE-2017-6214 CVE-2017-6348
CVE-2017-6353 CVE-2017-6951 CVE-2017-7184
CVE-2017-7187 CVE-2017-7261 CVE-2017-7294
CVE-2017-7308 CVE-2017-7482 CVE-2017-7487
CVE-2017-7533 CVE-2017-7542 CVE-2017-7616
CVE-2017-8890 CVE-2017-8924 CVE-2017-8925
CVE-2017-9074 CVE-2017-9075 CVE-2017-9076
CVE-2017-9077 CVE-2017-9242
Affected Products:
SUSE Linux Enterprise Real Time Extension 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

An update that solves 44 vulnerabilities and has 135 fixes
is now available.

Description:

The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

– CVE-2014-9922: The eCryptfs subsystem in the Linux kernel allowed local
users to gain privileges via a large filesystem stack that includes an
overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c
(bsc#1032340).
– CVE-2015-3288: mm/memory.c in the Linux kernel mishandled anonymous
pages, which allowed local users to gain privileges or cause a denial of
service (page tainting) via a crafted application that triggers writing
to page zero (bnc#979021).
– CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not
verify that a setkey operation has been performed on an AF_ALG socket
before an accept system call is processed, which allowed local users to
cause a denial of service (NULL pointer dereference and system crash)
via a crafted application that did not supply a key, related to the
lrw_crypt function in crypto/lrw.c (bnc#1008374 bsc#1008850).
– CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in
the Linux kernel allowed local users to gain privileges or cause a
denial of service (use-after-free) by making multiple bind system calls
without properly ascertaining whether a socket has the SOCK_ZAPPED
status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c
(bnc#1028415).
– CVE-2016-2188: The iowarrior_probe function in
drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically
proximate attackers to cause a denial of service (NULL pointer
dereference and system crash) via a crafted endpoints value in a USB
device descriptor (bnc#970956).
– CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE
setsockopt implementations in the netfilter subsystem in the Linux
kernel allow local users to gain privileges or cause a denial of service
(memory corruption) by leveraging in-container root access to provide a
crafted offset value that triggers an unintended decrement (bnc#986362).
– CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the
netfilter subsystem in the Linux kernel allowed local users to cause a
denial of service (out-of-bounds read) or possibly obtain sensitive
information from kernel heap memory by leveraging in-container root
access to provide a crafted offset value that leads to crossing a
ruleset blob boundary (bnc#986365).
– CVE-2016-5243: The tipc_nl_compat_link_dump function in
net/tipc/netlink_compat.c in the Linux kernel did not properly copy a
certain string, which allowed local users to obtain sensitive
information from kernel stack memory by reading a Netlink message
(bnc#983212).
– CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg
function in net/socket.c in the Linux kernel allowed remote attackers to
execute arbitrary code via vectors involving a recvmmsg system call that
is mishandled during error processing (bnc#1003077).
– CVE-2017-1000363: A buffer overflow in kernel commandline handling of
the “lp” parameter could be used to bypass certain secure boot settings.
(bnc#1039456).
– CVE-2017-1000364: An issue was discovered in the size of the stack guard
page on Linux, specifically a 4k stack guard page is not sufficiently
large and can be “jumped” over (the stack guard page is bypassed), this
affects Linux Kernel versions 4.11.5 and earlier (the stackguard page
was introduced in 2010) (bnc#1039348).
– CVE-2017-1000365: The Linux Kernel imposes a size restriction on the
arguments and environmental strings passed through
RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the
argument and environment pointers into account, which allowed attackers
to bypass this limitation (bnc#1039354).
– CVE-2017-1000380: sound/core/timer.c in the Linux kernel is vulnerable
to a data race in the ALSA /dev/snd/timer driver resulting in local
users being able to read information belonging to other users, i.e.,
uninitialized memory contents may be disclosed when a read and an ioctl
happen at the same time (bnc#1044125).
– CVE-2017-11176: The mq_notify function in the Linux kernel did not set
the sock pointer to NULL upon entry into the retry logic. During a
user-space close of a Netlink socket, it allowed attackers to cause a
denial of service (use-after-free) or possibly have unspecified other
impact (bnc#1048275).
– CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function
in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users
to gain privileges via a crafted ACPI table (bsc#1049603).
– CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux
kernel allowed local users to gain privileges or cause a denial of
service (double free) by setting the HDLC line discipline (bnc#1027565
bsc#1028372).
– CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local
users to gain privileges or cause a denial of service (NULL pointer
dereference and system crash) via vectors involving a NULL value for a
certain match field, related to the keyring_search_iterator function in
keyring.c (bnc#1030593).
– CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux
kernel is too late in obtaining a certain lock and consequently cannot
ensure that disconnect function calls are safe, which allowed local
users to cause a denial of service (panic) by leveraging access to the
protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003).
– CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel
did not restrict the address calculated by a certain rounding operation,
which allowed local users to map page zero, and consequently bypass a
protection mechanism that exists for the mmap system call, by making
crafted shmget and shmat system calls in a privileged context
(bnc#1026914).
– CVE-2017-5970: The ipv4_pktinfo_prepare function in
net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a
denial of service (system crash) via (1) an application that made
crafted system calls or possibly (2) IPv4 traffic with invalid IP
options (bnc#1024938).
– CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in
net/sctp/socket.c in the Linux kernel allowed local users to cause a
denial of service (assertion failure and panic) via a multithreaded
application that peels off an association in a certain buffer-full state
(bnc#1025235).
– CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c
in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures
in the LISTEN state, which allowed local users to obtain root privileges
or cause a denial of service (double free) via an application that made
an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024 bsc#1033287).
– CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the
Linux kernel allowed remote attackers to cause a denial of service
(infinite loop and soft lockup) via vectors involving a TCP packet with
the URG flag (bnc#1026722).
– CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the
Linux kernel improperly manages lock dropping, which allowed local users
to cause a denial of service (deadlock) via crafted operations on IrDA
devices (bnc#1027178).
– CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly
restrict association peel-off operations during certain wait states,
which allowed local users to cause a denial of service (invalid unlock
and double free) via a multithreaded application. NOTE: this
vulnerability exists because of an incorrect fix for CVE-2017-5986
(bnc#1027066).
– CVE-2017-6951: The keyring_search_aux function in
security/keys/keyring.c in the Linux kernel allowed local users to cause
a denial of service (NULL pointer dereference and OOPS) via a
request_key system call for the “dead” type (bnc#1029850).
– CVE-2017-7184: The xfrm_replay_verify_len function in
net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size
data after an XFRM_MSG_NEWAE update, which allowed local users to obtain
root privileges or cause a denial of service (heap-based out-of-bounds
access) by leveraging the CAP_NET_ADMIN capability, as demonstrated
during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10
linux-image-* package 4.8.0.41.52 (bnc#1030573).
– CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux
kernel allowed local users to cause a denial of service (stack-based
buffer overflow) or possibly have unspecified other impact via a large
command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds
write access in the sg_write function (bnc#1030213).
– CVE-2017-7261: The vmw_surface_define_ioctl function in
drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
check for a zero value of certain levels data, which allowed local users
to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and
possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device
(bnc#1031052).
– CVE-2017-7294: The vmw_surface_define_ioctl function in
drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
validate addition of certain levels data, which allowed local users to
trigger an integer overflow and out-of-bounds write, and cause a denial
of service (system hang or crash) or possibly gain privileges, via a
crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440).
– CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in
the Linux kernel did not properly validate certain block-size data,
which allowed local users to cause a denial of service (integer
signedness error and out-of-bounds write), or gain privileges (if the
CAP_NET_RAW capability is held), via crafted system calls (bnc#1031579).
– CVE-2017-7482: Fixed a potential overflow in the net/rxprc where a
padded len isn’t checked in ticket decode (bsc#1046107).
– CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the
Linux kernel mishandled reference counts, which allowed local users to
cause a denial of service (use-after-free) or possibly have unspecified
other impact via a failed SIOCGIFADDR ioctl call for an IPX interface
(bnc#1038879).
– CVE-2017-7533: Race condition in the fsnotify implementation in the
Linux kernel allowed local users to gain privileges or cause a denial of
service (memory corruption) via a crafted application that leverages
simultaneous execution of the inotify_handle_event and vfs_rename
functions (bsc#1049483).
– CVE-2017-7542: The ip6_find_1stfragopt function in
net/ipv6/output_core.c in the Linux kernel allowed local users to cause
a denial of service (integer overflow and infinite loop) by leveraging
the ability to open a raw socket (bsc#1049882).
– CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind
compat syscalls in mm/mempolicy.c in the Linux kernel allowed local
users to obtain sensitive information from uninitialized stack data by
triggering failure of a certain bitmap operation (bnc#1033336).
– CVE-2017-8890: The inet_csk_clone_lock function in
net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to
cause a denial of service (double free) or possibly have unspecified
other impact by leveraging use of the accept system call (bnc#1038544).
– CVE-2017-8924: The edge_bulk_in_callback function in
drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to
obtain sensitive information (in the dmesg ringbuffer and syslog) from
uninitialized kernel memory by using a crafted USB device (posing as an
io_ti USB serial device) to trigger an integer underflow (bnc#1037182
bsc#1038982).
– CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c
in the Linux kernel allowed local users to cause a denial of service
(tty exhaustion) by leveraging reference count mishandling (bnc#1037183
bsc#1038981).
– CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel
did not consider that the nexthdr field may be associated with an
invalid option, which allowed local users to cause a denial of service
(out-of-bounds read and BUG) or possibly have unspecified other impact
via crafted socket and send system calls (bnc#1039882).
– CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c
in the Linux kernel mishandled inheritance, which allowed local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883).
– CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c
in the Linux kernel mishandled inheritance, which allowed local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885).
– CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c
in the Linux kernel mishandled inheritance, which allowed local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069).
– CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c
in the Linux kernel is too late in checking whether an overwrite of an
skb data structure may occur, which allowed local users to cause a
denial of service (system crash) via crafted system calls (bnc#1041431).

The following non-security bugs were fixed:

– 8250: use callbacks to access UART_DLL/UART_DLM.
– acpi: Disable APEI error injection if securelevel is set (bsc#972891,
bsc#1023051).
– af_key: Add lock to key dump (bsc#1047653).
– af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).
– alsa: ctxfi: Fallback DMA mask to 32bit (bsc#1045538).
– alsa: hda – Fix regression of HD-audio controller fallback modes
(bsc#1045538).
– alsa: hda/realtek – Correction of fixup codes for PB V7900 laptop
(bsc#1045538).
– alsa: hda/realtek – Fix COEF widget NID for ALC260 replacer fixup
(bsc#1045538).
– alsa: hda – using uninitialized data (bsc#1045538).
– alsa: off by one bug in snd_riptide_joystick_probe() (bsc#1045538).
– alsa: seq: Fix snd_seq_call_port_info_ioctl in compat mode (bsc#1045538).
– ath9k: fix buffer overrun for ar9287 (bsc#1045538).
– __bitmap_parselist: fix bug in empty string handling (bnc#1042633).
– blacklist.conf: Add a few inapplicable items (bsc#1045538).
– blacklist.conf: blacklisted 1fe89e1b6d27 (bnc#1046122)
– block: do not allow updates through sysfs until registration completes
(bsc#1047027).
– block: fix ext_dev_lock lockdep report (bsc#1050154).
– btrfs: Don’t clear SGID when inheriting ACLs (bsc#1030552).
– cifs: backport prepath matching fix (bsc#799133).
– cifs: don’t compare uniqueids in cifs_prime_dcache unless server inode
numbers are in use (bsc#1041975).
– cifs: small underflow in cnvrtDosUnixTm() (bsc#1043935).
– cifs: Timeout on SMBNegotiate request (bsc#1044913).
– clocksource: Remove “weak” from clocksource_default_clock() declaration
(bnc#1013018).
– cputime: Avoid multiplication overflow on utime scaling (bnc#938352).
– crypto: nx – off by one bug in nx_of_update_msc()
(fate#314588,bnc#792863).
– decompress_bunzip2: off by one in get_next_block() (git-fixes).
– devres: fix a for loop bounds check (git-fixes).
– dlm: backport “fix lvb invalidation conditions” (bsc#1005651).
– dm: fix ioctl retry termination with signal (bsc#1050154).
– drm/mgag200: Add support for G200eH3 (bnc#1044216, fate#323551)
– drm/mgag200: Add support for G200e rev 4 (bnc#995542, comment #81)
– edac, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr()
(fate#313937).
– enic: set skb->hash type properly (bsc#911105 FATE#317501).
– ext2: Don’t clear SGID when inheriting ACLs (bsc#1030552).
– ext3: Don’t clear SGID when inheriting ACLs (bsc#1030552).
– ext4: Don’t clear SGID when inheriting ACLs (bsc#1030552).
– ext4: fix fdatasync(2) after extent manipulation operations
(bsc#1013018).
– ext4: fix mballoc breakage with 64k block size (bsc#1013018).
– ext4: fix stack memory corruption with 64k block size (bsc#1013018).
– ext4: keep existing extra fields when inode expands (bsc#1013018).
– ext4: reject inodes with negative size (bsc#1013018).
– fbdev/efifb: Fix 16 color palette entry calculation (bsc#1041762).
– firmware: fix directory creation rule matching with make 3.80
(bsc#1012422).
– firmware: fix directory creation rule matching with make 3.82
(bsc#1012422).
– fixed invalid assignment of 64bit mask to host dma_boundary for scatter
gather segment boundary limit (bsc#1042045).
– Fix soft lockup in svc_rdma_send (bsc#1044854).
– fnic: Return ‘DID_IMM_RETRY’ if rport is not ready (bsc#1035920).
– fnic: Using rport->dd_data to check rport online instead of rport_lookup
(bsc#1035920).
– fs/block_dev: always invalidate cleancache in invalidate_bdev()
(git-fixes).
– fs: fix data invalidation in the cleancache during direct IO (git-fixes).
– fs/xattr.c: zero out memory copied to userspace in getxattr
(bsc#1013018).
– fuse: add missing FR_FORCE (bsc#1013018).
– fuse: initialize fc->release before calling it (bsc#1013018).
– genirq: Prevent proc race against freeing of irq descriptors
(bnc#1044230).
– hrtimer: Allow concurrent hrtimer_start() for self restarting timers
(bnc#1013018).
– i40e: avoid null pointer dereference (bsc#909486 FATE#317393).
– i40e: Fix TSO with more than 8 frags per segment issue (bsc#985561).
– i40e/i40evf: Break up xmit_descriptor_count from maybe_stop_tx
(bsc#985561).
– i40e/i40evf: Fix mixed size frags and linearization (bsc#985561).
– i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per
packet (bsc#985561).
– i40e/i40evf: Rewrite logic for 8 descriptor per packet check
(bsc#985561).
– i40e: Impose a lower limit on gso size (bsc#985561).
– i40e: Limit TX descriptor count in cases where frag size is greater than
16K (bsc#985561).
– ib/mlx4: Demote mcg message from warning to debug (bsc#919382).
– ib/mlx4: Fix ib device initialization error flow (bsc#919382).
– ib/mlx4: Fix port query for 56Gb Ethernet links (bsc#919382).
– ib/mlx4: Handle well-known-gid in mad_demux processing (bsc#919382).
– ib/mlx4: Reduce SRIOV multicast cleanup warning message to debug level
(bsc#919382).
– ib/mlx4: Set traffic class in AH (bsc#919382).
– Implement an ioctl to support the USMTMC-USB488 READ_STATUS_BYTE
operation (bsc#1036288).
– initial cr0 bits (bnc#1036056, LTC#153612).
– input: cm109 – validate number of endpoints before using them
(bsc#1037193).
– input: hanwang – validate number of endpoints before using them
(bsc#1037232).
– input: yealink – validate number of endpoints before using them
(bsc#1037227).
– ipmr, ip6mr: fix scheduling while atomic and a deadlock with
ipmr_get_route (git-fixes).
– irq: Fix race condition (bsc#1042615).
– isdn/gigaset: fix NULL-deref at probe (bsc#1037356).
– isofs: Do not return EACCES for unknown filesystems (bsc#1013018).
– jbd: do not wait (forever) for stale tid caused by wraparound
(bsc#1020229).
– jbd: Fix oops in journal_remove_journal_head() (bsc#1017143).
– jsm: add support for additional Neo cards (bsc#1045615).
– kabi fix (bsc#1008893).
– kABI: mask struct xfs_icdinode change (bsc#1024788).
– kabi: Protect xfs_mount and xfs_buftarg (bsc#1024508).
– kabi:severeties: Add splice_write_to_file PASS This function is part of
an xfs-specific fix which never went upstream and is not expected to
have 3rdparty users other than xfs itself.
– kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422)
– keys: Disallow keyrings beginning with ‘.’ to be joined as session
keyrings (bnc#1035576).
– kvm: kvm_io_bus_unregister_dev() should never fail.
– libata: fix sff host state machine locking while polling (bsc#1045525).
– libceph: NULL deref on crush_decode() error path (bsc#1044015).
– libceph: potential NULL dereference in ceph_msg_data_create()
(bsc#1051515).
– libfc: fixup locking in fc_disc_stop() (bsc#1029140).
– libfc: move ‘pending’ and ‘requested’ setting (bsc#1029140).
– libfc: only restart discovery after timeout if not already running
(bsc#1029140).
– lockd: use init_utsname for id encoding (bsc#1033804).
– lockd: use rpc client’s cl_nodename for id encoding (bsc#1033804).
– locking/rtmutex: Prevent dequeue vs. unlock race (bnc#1013018).
– math64: New div64_u64_rem helper (bnc#938352).
– md: ensure md devices are freed before module is unloaded (git-fixes).
– md: fix a null dereference (bsc#1040351).
– md: flush ->event_work before stopping array (git-fixes).
– md linear: fix a race between linear_add() and linear_congested()
(bsc#1018446).
– md/linear: shutup lockdep warnning (bsc#1018446).
– md: make sure GET_ARRAY_INFO ioctl reports correct “clean” status
(git-fixes).
– md/raid0: apply base queue limits *before* disk_stack_limits (git-fixes).
– md/raid1: extend spinlock to protect raid1_end_read_request against
inconsistencies (git-fixes).
– md/raid1: fix test for ‘was read error from last working device’
(git-fixes).
– md/raid5: do not record new size if resize_stripes fails (git-fixes).
– md/raid5: Fix CPU hotplug callback registration (git-fixes).
– md: use separate bio_pool for metadata writes (bsc#1040351).
– megaraid_sas: add missing curly braces in ioctl handler (bsc#1050154).
– mlx4: reduce OOM risk on arches with large pages (bsc#919382).
– mmc: core: add missing pm event in mmc_pm_notify to fix hib restore
(bsc#1045547).
– mmc: ushc: fix NULL-deref at probe (bsc#1037191).
– mm: do not collapse stack gap into THP (bnc#1039348)
– mm: enlarge stack guard gap (bnc#1039348).
– mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (VM
Functionality, bsc#1042832).
– mm: hugetlb: call huge_pte_alloc() only if ptep is null (VM
Functionality, bsc#1042832).
– mm/memory-failure.c: use compound_head() flags for huge pages
(bnc#971975 VM — git fixes).
– mm/mempolicy.c: do not put mempolicy before using its nodemask
(References: VM Performance, bnc#931620).
– mm, mmap: do not blow on PROT_NONE MAP_FIXED holes in the stack
(bnc#1039348, bnc#1045340, bnc#1045406).
– module: fix memory leak on early load_module() failures (bsc#1043014).
– Move nr_cpus_allowed into a hole in struct_sched_entity instead of the
one below task_struct.policy. RT fills the hole 29baa7478ba4 used, which
will screw up kABI for RT instead of curing the space needed problem in
sched_rt_entity caused by adding ff77e4685359. This leaves
nr_cpus_alowed in an odd spot, but safely allows the RT entity specific
data added by ff77e4685359 to reside where it belongs.. nr_cpus_allowed
just moves from one odd spot to another.
– mwifiex: printk() overflow with 32-byte SSIDs (bsc#1048185).
– net: avoid reference counter overflows on fib_rules in multicast
forwarding (git-fixes).
– net: ip6mr: fix static mfc/dev leaks on table destruction (git-fixes).
– net: ipmr: fix static mfc/dev leaks on table destruction (git-fixes).
– net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV
(bsc#919382).
– net/mlx4_core: Enhance the MAD_IFC wrapper to convert VF port to
physical (bsc#919382).
– net/mlx4_core: Fix VF overwrite of module param which disables DMFS on
new probed PFs (bsc#919382).
– net/mlx4_core: Fix when to save some qp context flags for dynamic VST to
VGT transitions (bsc#919382).
– net/mlx4_core: Get num_tc using netdev_get_num_tc (bsc#919382).
– net/mlx4_core: Prevent VF from changing port configuration (bsc#919382).
– net/mlx4_core: Use-after-free causes a resource leak in flow-steering
detach (bsc#919382).
– net/mlx4_core: Use cq quota in SRIOV when creating completion EQs
(bsc#919382).
– net/mlx4_en: Avoid adding steering rules with invalid ring (bsc#919382).
– net/mlx4_en: Change the error print to debug print (bsc#919382).
– net/mlx4_en: fix overflow in mlx4_en_init_timestamp() (bsc#919382).
– net/mlx4_en: Fix type mismatch for 32-bit systems (bsc#919382).
– net/mlx4_en: Resolve dividing by zero in 32-bit system (bsc#919382).
– net/mlx4_en: Wake TX queues only when there’s enough room (bsc#1039258).
– net/mlx4: Fix the check in attaching steering rules (bsc#919382).
– net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode
to device managed flow steering (bsc#919382).
– net: wimax/i2400m: fix NULL-deref at probe (bsc#1037358).
– netxen_nic: set rcode to the return status from the call to
netxen_issue_cmd (bnc#784815 FATE#313898).
– nfs: Avoid getting confused by confused server (bsc#1045416).
– nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670).
– nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670).
– nfsd: do not risk using duplicate owner/file/delegation ids
(bsc#1029212).
– nfsd: Don’t use state id of 0 – it is reserved (bsc#1049688 bsc#1051770).
– nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670).
– nfs: Fix another OPEN_DOWNGRADE bug (git-next).
– nfs: fix nfs_size_to_loff_t (git-fixes).
– nfs: Fix size of NFSACL SETACL operations (git-fixes).
– nfs: Make nfs_readdir revalidate less often (bsc#1048232).
– nfs: tidy up nfs_show_mountd_netid (git-fixes).
– nfsv4: Do not call put_rpccred() under the rcu_read_lock() (git-fixes).
– nfsv4: Fix another bug in the close/open_downgrade code (git-fixes).
– nfsv4: fix getacl head length estimation (git-fixes).
– nfsv4: Fix problems with close in the presence of a delegation
(git-fixes).
– nfsv4: Fix the underestimation of delegation XDR space reservation
(git-fixes).
– ocfs2: do not write error flag to user structure we cannot copy from/to
(bsc#1013018).
– ocfs2: Don’t clear SGID when inheriting ACLs (bsc#1030552).
– ocfs2: fix crash caused by stale lvb with fsdlm plugin (bsc#1013800).
– ocfs2: fix error return code in ocfs2_info_handle_freefrag()
(bsc#1013018).
– ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with
ocfs2_unblock_lock (bsc#962257).
– ocfs2: null deref on allocation error (bsc#1013018).
– pci: Allow access to VPD attributes with size 0 (bsc#1018074).
– pciback: only check PF if actually dealing with a VF (bsc#999245).
– pciback: use pci_physfn() (bsc#999245).
– pci: Fix devfn for VPD access through function 0 (bnc#943786 git-fixes).
– perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1013018).
– perf/core: Fix event inheritance on fork() (bnc#1013018).
– posix-timers: Fix stack info leak in timer_create() (bnc#1013018).
– powerpc,cpuidle: Dont toggle CPUIDLE_FLAG_IGNORE while setting
smt_snooze_delay (bsc#1023163).
– powerpc: Drop support for pre-POWER4 cpus (fate#322495, bsc#1032471).
– powerpc/fadump: Fix the race in crash_fadump() (bsc#1022971).
– powerpc/fadump: Reserve memory at an offset closer to bottom of RAM
(bsc#1032141).
– powerpc/fadump: Update fadump documentation (bsc#1032141).
– powerpc/mm: Do not alias user region to other regions below PAGE_OFFSET
(bsc#928138,fate#319026).
– powerpc/mm/hash: Check for non-kernel address in get_kernel_vsid()
(fate#322495, bsc#1032471).
– powerpc/mm/hash: Convert mask to unsigned long (fate#322495,
bsc#1032471).
– powerpc/mm/hash: Increase VA range to 128TB (fate#322495, bsc#1032471).
– powerpc/mm/hash: Properly mask the ESID bits when building proto VSID
(fate#322495, bsc#1032471).
– powerpc/mm/hash: Support 68 bit VA (fate#322495, bsc#1032471).
– powerpc/mm/hash: Use context ids 1-4 for the kernel (fate#322495,
bsc#1032471).
– powerpc/mm: Remove checks that TASK_SIZE_USER64 is too small
(fate#322495, bsc#1032471).
– powerpc/mm/slice: Convert slice_mask high slice to a bitmap
(fate#322495, bsc#1032471).
– powerpc/mm/slice: Fix off-by-1 error when computing slice mask
(fate#322495, bsc#1032471).
– powerpc/mm/slice: Move slice_mask struct definition to slice.c
(fate#322495, bsc#1032471).
– powerpc/mm/slice: Update slice mask printing to use bitmap printing
(fate#322495, bsc#1032471).
– powerpc/mm/slice: Update the function prototype (fate#322495,
bsc#1032471).
– powerpc/mm: use macro PGTABLE_EADDR_SIZE instead of digital
(fate#322495, bsc#1032471).
– powerpc/nvram: Fix an incorrect partition merge (bsc#1016489).
– powerpc/pseries: Release DRC when configure_connector fails
(bsc#1035777, Pending Base Kernel Fixes).
– powerpc: Remove STAB code (fate#322495, bsc#1032471).
– powerpc/vdso64: Use double word compare on pointers (bsc#1016489).
– raid1: avoid unnecessary spin locks in I/O barrier code
(bsc#982783,bsc#1026260).
– random32: fix off-by-one in seeding requirement (git-fixes).
– rcu: Call out dangers of expedited RCU primitives (bsc#1008893).
– rcu: Direct algorithmic SRCU implementation (bsc#1008893).
– rcu: Flip ->completed only once per SRCU grace period (bsc#1008893).
– rcu: Implement a variant of Peter’s SRCU algorithm (bsc#1008893).
– rcu: Increment upper bit only for srcu_read_lock() (bsc#1008893).
– rcu: Remove fast check path from __synchronize_srcu() (bsc#1008893).
– reiserfs: Don’t clear SGID when inheriting ACLs (bsc#1030552).
– reiserfs: don’t preallocate blocks for extended attributes (bsc#990682).
– Remove patches causing regression (bsc#1043234)
– Remove superfluous make flags (bsc#1012422)
– Return short read or 0 at end of a raw device, not EIO (bsc#1039594).
– Revert “kabi:severeties: Add splice_write_to_file PASS” This reverts
commit 05ecf7ab16b2ea555fadd1ce17d8177394de88f2.
– Revert “math64: New div64_u64_rem helper” (bnc#938352).
– Revert “xfs: fix up xfs_swap_extent_forks inline extent handling
(bsc#1023888).” I was baing my assumption of SLE11-SP4 needing this
patch on an old kernel build (3.0.101-63). Re-testing with the latest
one 3.0.101-94 shows that the issue is not present. Furthermore this one
was causing some crashes. This reverts commit
16ceeac70f7286b6232861c3170ed32e39dcc68c.
– rfkill: fix rfkill_fop_read wait_event usage (bsc#1046192).
– s390/kmsg: add missing kmsg descriptions (bnc#1025702, LTC#151573).
– s390/qdio: clear DSCI prior to scanning multiple input queues
(bnc#1046715, LTC#156234).
– s390/qeth: no ETH header for outbound AF_IUCV (bnc#1046715, LTC#156276).
– s390/qeth: size calculation outbound buffers (bnc#1046715, LTC#156276).
– s390/vmlogrdr: fix IUCV buffer allocation (bnc#1025702, LTC#152144).
– s390/zcrypt: Introduce CEX6 toleration (FATE#321782, LTC#147505).
– sched: Always initialize cpu-power (bnc#1013018).
– sched: Avoid cputime scaling overflow (bnc#938352).
– sched: Avoid prev->stime underflow (bnc#938352).
– sched/core: Fix TASK_DEAD race in finish_task_switch() (bnc#1013018).
– sched/core: Remove false-positive warning from wake_up_process()
(bnc#1044882).
– sched/cputime: Do not scale when utime == 0 (bnc#938352).
– sched/debug: Print the scheduler topology group mask (bnc#1013018).
– sched: Do not account bogus utime (bnc#938352).
– sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1013018).
– sched/fair: Fix min_vruntime tracking (bnc#1013018).
– sched: Fix domain iteration (bnc#1013018).
– sched: Fix SD_OVERLAP (bnc#1013018).
– sched/loadavg: Fix loadavg artifacts on fully idle and on fully loaded
systems (bnc#1013018).
– sched: Lower chances of cputime scaling overflow (bnc#938352).
– sched: Move nr_cpus_allowed out of ‘struct sched_rt_entity’
(bnc#1013018). Prep for b60205c7c558 sched/fair: Fix min_vruntime
tracking
– sched: Rename a misleading variable in build_overlap_sched_groups()
(bnc#1013018).
– sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1013018). Prep
for b60205c7c558 sched/fair: Fix min_vruntime tracking
– sched/topology: Fix building of overlapping sched-groups (bnc#1013018).
– sched/topology: Fix overlapping sched_group_capacity (bnc#1013018).
– sched/topology: Fix overlapping sched_group_mask (bnc#1013018).
– sched/topology: Move comment about asymmetric node setups (bnc#1013018).
– sched/topology: Optimize build_group_mask() (bnc#1013018).
– sched/topology: Refactor function build_overlap_sched_groups()
(bnc#1013018).
– sched/topology: Remove FORCE_SD_OVERLAP (bnc#1013018).
– sched/topology: Simplify build_overlap_sched_groups() (bnc#1013018).
– sched/topology: Verify the first group matches the child domain
(bnc#1013018).
– sched: Use swap() macro in scale_stime() (bnc#938352).
– scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221).
– scsi: fix race between simultaneous decrements of ->host_failed
(bsc#1050154).
– scsi: fnic: Correcting rport check location in fnic_queuecommand_lck
(bsc#1035920).
– scsi: mvsas: fix command_active typo (bsc#1050154).
– scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init
(bsc#1050154).
– scsi: virtio_scsi: fix memory leak on full queue condition (bsc#1028880).
– scsi: zfcp: do not trace pure benign residual HBA responses at default
level (bnc#1025702, LTC#151317).
– scsi: zfcp: fix rport unblock race with LUN recovery (bnc#1025702,
LTC#151319).
– scsi: zfcp: fix use-after-free by not tracing WKA port open/close on
failed send (bnc#1025702, LTC#151365).
– scsi: zfcp: fix use-after-“free” in FC ingress path after TMF
(bnc#1025702, LTC#151312).
– sfc: do not device_attach if a reset is pending (bsc#909618 FATE#317521).
– sfc: reduce severity of PIO buffer alloc failures (bsc#1019168).
– smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).
– splice: Stub splice_write_to_file (bsc#1043234).
– sunrpc: Clean up the slot table allocation (bsc#1013862).
– sunrpc: Fix a memory leak in the backchannel code (git-fixes).
– sunrpc: Initalise the struct xprt upon allocation (bsc#1013862).
– svcrdma: Fix send_reply() scatter/gather set-up (git-fixes).
– target/iscsi: Fix double free in lio_target_tiqn_addtpg() (bsc#1050154).
– tcp: abort orphan sockets stalling on zero window probes (bsc#1021913).
– tracing: Fix syscall_*regfunc() vs copy_process() race (bnc#1042687).
– tracing/kprobes: Enforce kprobes teardown after testing (bnc#1013018).
– udf: Fix deadlock between writeback and udf_setsize() (bsc#1013018).
– udf: Fix races with i_size changes during readpage (bsc#1013018).
– Update metadata for serial fixes (bsc#1013070)
– Update patches.fixes/nfs-svc-rdma.fix (bsc#1044854).
– usb: cdc-acm: fix broken runtime suspend (bsc#1033771).
– usb: cdc-acm: fix open and suspend race (bsc#1033771).
– usb: cdc-acm: fix potential urb leak and PM imbalance in write
(bsc#1033771).
– usb: cdc-acm: fix runtime PM for control messages (bsc#1033771).
– usb: cdc-acm: fix runtime PM imbalance at shutdown (bsc#1033771).
– usb: cdc-acm: fix shutdown and suspend race (bsc#1033771).
– usb: cdc-acm: fix write and resume race (bsc#1033771).
– usb: cdc-acm: fix write and suspend race (bsc#1033771).
– usb: class: usbtmc.c: Cleaning up uninitialized variables (bsc#1036288).
– usb: class: usbtmc: do not print error when allocating urb fails
(bsc#1036288).
– usb: class: usbtmc: do not print on ENOMEM (bsc#1036288).
– usb: hub: Fix crash after failure to read BOS descriptor (FATE#317453).
– usb: iowarrior: fix info ioctl on big-endian hosts (bsc#1037441).
– usb: iowarrior: fix NULL-deref in write (bsc#1037359).
– usb: r8a66597-hcd: select a different endpoint on timeout (bsc#1047053).
– usb: serial: ark3116: fix register-accessor error handling (git-fixes).
– usb: serial: ch341: fix open error handling (bsc#1037441).
– usb: serial: cp210x: fix tiocmget error handling (bsc#1037441).
– usb: serial: ftdi_sio: fix line-status over-reporting (bsc#1037441).
– usb: serial: io_edgeport: fix epic-descriptor handling (bsc#1037441).
– usb: serial: io_ti: fix information leak in completion handler
(git-fixes).
– usb: serial: iuu_phoenix: fix NULL-deref at open (bsc#1033794).
– usb: serial: kl5kusb105: fix line-state error handling (bsc#1021256).
– usb: serial: mos7720: fix NULL-deref at open (bsc#1033816).
– usb: serial: mos7720: fix parallel probe (bsc#1033816).
– usb: serial: mos7720: fix parport use-after-free on probe errors
(bsc#1033816).
– usb: serial: mos7720: fix use-after-free on probe errors (bsc#1033816).
– usb: serial: mos7840: fix another NULL-deref at open (bsc#1034026).
– usb: serial: mos7840: fix NULL-deref at open (bsc#1034026).
– usb: serial: oti6858: fix NULL-deref at open (bsc#1037441).
– usb: serial: sierra: fix bogus alternate-setting assumption
(bsc#1037441).
– usb: serial: spcp8x5: fix NULL-deref at open (bsc#1037441).
– usbtmc: remove redundant braces (bsc#1036288).
– usbtmc: remove trailing spaces (bsc#1036288).
– usb: usbip: fix nonconforming hub descriptor (bsc#1047487).
– usb: usbtmc: add device quirk for Rigol DS6104 (bsc#1036288).
– usb: usbtmc: Add flag rigol_quirk to usbtmc_device_data (bsc#1036288).
– usb: usbtmc: add missing endpoint sanity check (bsc#1036288).
– usb: usbtmc: Change magic number to constant (bsc#1036288).
– usb: usbtmc: fix big-endian probe of Rigol devices (bsc#1036288).
– usb: usbtmc: fix DMA on stack (bsc#1036288).
– usb: usbtmc: fix probe error path (bsc#1036288).
– usb: usbtmc: Set rigol_quirk if device is listed (bsc#1036288).
– usb: usbtmc: TMC request code segregated from usbtmc_read (bsc#1036288).
– usb: usbtmc: usbtmc_read sends multiple TMC header based on rigol_quirk
(bsc#1036288).
– usbvision: fix NULL-deref at probe (bsc#1050431).
– usb: xhci-mem: use passed in GFP flags instead of GFP_KERNEL
(bsc#1023014).
– Use make –output-sync feature when available (bsc#1012422). The mesages
in make output can interleave making it impossible to extract warnings
reliably. Since version 4 GNU Make supports –output-sync flag that
prints output of each sub-command atomically preventing this issue.
Detect the flag and use it if available. SLE11 has make 3.81 so it is
required to include make 4 in the kernel OBS projects to take advantege
of this.
– Use PF_LESS_THROTTLE in loop device thread (bsc#1027101).
– uwb: hwa-rc: fix NULL-deref at probe (bsc#1037233).
– uwb: i1480-dfu: fix NULL-deref at probe (bsc#1036629).
– vb2: Fix an off by one error in ‘vb2_plane_vaddr’ (bsc#1050431).
– vfs: split generic splice code from i_mutex locking (bsc#1024788).
– vmxnet3: avoid calling pskb_may_pull with interrupts disabled
(bsc#1045356).
– vmxnet3: fix checks for dma mapping errors (bsc#1045356).
– vmxnet3: fix lock imbalance in vmxnet3_tq_xmit() (bsc#1045356).
– vmxnet3: segCnt can be 1 for LRO packets (bsc#988065, bsc#1029770).
– x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates
(bsc#948562).
– x86/pci-calgary: Fix iommu_free() comparison of unsigned expression >= 0
(bsc#1051478).
– xen: avoid deadlock in xenbus (bnc#1047523).
– xen-blkfront: correct maximum segment accounting (bsc#1018263).
– xen-blkfront: do not call talk_to_blkback when already connected to
blkback.
– xen-blkfront: free resources if xlvbd_alloc_gendisk fails.
– xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924).
– xfrm: dst_entries_init() per-net dst_ops (bsc#1030814).
– xfrm: NULL dereference on allocation failure (bsc#1047343).
– xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653).
– xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056).
– xfs: do not assert fail on non-async buffers on ioacct decrement
(bsc#1024508).
– xfs: exclude never-released buffers from buftarg I/O accounting
(bsc#1024508).
– xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056).
– xfs: Fix lock ordering in splice write (bsc#1024788).
– xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888).
– xfs: kill xfs_itruncate_start (bsc#1024788).
– xfs: Make xfs_icdinode->di_dmstate atomic_t (bsc#1024788).
– xfs: remove the i_new_size field in struct xfs_inode (bsc#1024788).
– xfs: remove the i_size field in struct xfs_inode (bsc#1024788).
– xfs: remove xfs_itruncate_data (bsc#1024788).
– xfs: replace global xfslogd wq with per-mount wq (bsc#1024508).
– xfs: split xfs_itruncate_finish (bsc#1024788).
– xfs: split xfs_setattr (bsc#1024788).
– xfs: Synchronize xfs_buf disposal routines (bsc#1041160).
– xfs: track and serialize in-flight async buffers against unmount
(bsc#1024508).
– xfs: use ->b_state to fix buffer I/O accounting release race
(bsc#1041160).
– xprtrdma: Free the pd if ib_query_qp() fails (git-fixes).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Real Time Extension 11-SP4:

zypper in -t patch slertesp4-kernel-rt-13262=1

– SUSE Linux Enterprise Debuginfo 11-SP4:

zypper in -t patch dbgsp4-kernel-rt-13262=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64):

kernel-rt-3.0.101.rt130-69.5.1
kernel-rt-base-3.0.101.rt130-69.5.1
kernel-rt-devel-3.0.101.rt130-69.5.1
kernel-rt_trace-3.0.101.rt130-69.5.1
kernel-rt_trace-base-3.0.101.rt130-69.5.1
kernel-rt_trace-devel-3.0.101.rt130-69.5.1
kernel-source-rt-3.0.101.rt130-69.5.1
kernel-syms-rt-3.0.101.rt130-69.5.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64):

kernel-rt-debuginfo-3.0.101.rt130-69.5.1
kernel-rt-debugsource-3.0.101.rt130-69.5.1
kernel-rt_debug-debuginfo-3.0.101.rt130-69.5.1
kernel-rt_debug-debugsource-3.0.101.rt130-69.5.1
kernel-rt_trace-debuginfo-3.0.101.rt130-69.5.1
kernel-rt_trace-debugsource-3.0.101.rt130-69.5.1

References:

https://www.suse.com/security/cve/CVE-2014-9922.html
https://www.suse.com/security/cve/CVE-2015-3288.html
https://www.suse.com/security/cve/CVE-2015-8970.html
https://www.suse.com/security/cve/CVE-2016-10200.html
https://www.suse.com/security/cve/CVE-2016-2188.html
https://www.suse.com/security/cve/CVE-2016-4997.html
https://www.suse.com/security/cve/CVE-2016-4998.html
https://www.suse.com/security/cve/CVE-2016-5243.html
https://www.suse.com/security/cve/CVE-2016-7117.html
https://www.suse.com/security/cve/CVE-2017-1000363.html
https://www.suse.com/security/cve/CVE-2017-1000364.html
https://www.suse.com/security/cve/CVE-2017-1000365.html
https://www.suse.com/security/cve/CVE-2017-1000380.html
https://www.suse.com/security/cve/CVE-2017-11176.html
https://www.suse.com/security/cve/CVE-2017-11473.html
https://www.suse.com/security/cve/CVE-2017-2636.html
https://www.suse.com/security/cve/CVE-2017-2647.html
https://www.suse.com/security/cve/CVE-2017-2671.html
https://www.suse.com/security/cve/CVE-2017-5669.html
https://www.suse.com/security/cve/CVE-2017-5970.html
https://www.suse.com/security/cve/CVE-2017-5986.html
https://www.suse.com/security/cve/CVE-2017-6074.html
https://www.suse.com/security/cve/CVE-2017-6214.html
https://www.suse.com/security/cve/CVE-2017-6348.html
https://www.suse.com/security/cve/CVE-2017-6353.html
https://www.suse.com/security/cve/CVE-2017-6951.html
https://www.suse.com/security/cve/CVE-2017-7184.html
https://www.suse.com/security/cve/CVE-2017-7187.html
https://www.suse.com/security/cve/CVE-2017-7261.html
https://www.suse.com/security/cve/CVE-2017-7294.html
https://www.suse.com/security/cve/CVE-2017-7308.html
https://www.suse.com/security/cve/CVE-2017-7482.html
https://www.suse.com/security/cve/CVE-2017-7487.html
https://www.suse.com/security/cve/CVE-2017-7533.html
https://www.suse.com/security/cve/CVE-2017-7542.html
https://www.suse.com/security/cve/CVE-2017-7616.html
https://www.suse.com/security/cve/CVE-2017-8890.html
https://www.suse.com/security/cve/CVE-2017-8924.html
https://www.suse.com/security/cve/CVE-2017-8925.html
https://www.suse.com/security/cve/CVE-2017-9074.html
https://www.suse.com/security/cve/CVE-2017-9075.html
https://www.suse.com/security/cve/CVE-2017-9076.html
https://www.suse.com/security/cve/CVE-2017-9077.html
https://www.suse.com/security/cve/CVE-2017-9242.html
https://bugzilla.suse.com/1003077
https://bugzilla.suse.com/1005651
https://bugzilla.suse.com/1008374
https://bugzilla.suse.com/1008850
https://bugzilla.suse.com/1008893
https://bugzilla.suse.com/1012422
https://bugzilla.suse.com/1013018
https://bugzilla.suse.com/1013070
https://bugzilla.suse.com/1013800
https://bugzilla.suse.com/1013862
https://bugzilla.suse.com/1016489
https://bugzilla.suse.com/1017143
https://bugzilla.suse.com/1018074
https://bugzilla.suse.com/1018263
https://bugzilla.suse.com/1018446
https://bugzilla.suse.com/1019168
https://bugzilla.suse.com/1020229
https://bugzilla.suse.com/1021256
https://bugzilla.suse.com/1021913
https://bugzilla.suse.com/1022971
https://bugzilla.suse.com/1023014
https://bugzilla.suse.com/1023051
https://bugzilla.suse.com/1023163
https://bugzilla.suse.com/1023888
https://bugzilla.suse.com/1024508
https://bugzilla.suse.com/1024788
https://bugzilla.suse.com/1024938
https://bugzilla.suse.com/1025235
https://bugzilla.suse.com/1025702
https://bugzilla.suse.com/1026024
https://bugzilla.suse.com/1026260
https://bugzilla.suse.com/1026722
https://bugzilla.suse.com/1026914
https://bugzilla.suse.com/1027066
https://bugzilla.suse.com/1027101
https://bugzilla.suse.com/1027178
https://bugzilla.suse.com/1027565
https://bugzilla.suse.com/1028372
https://bugzilla.suse.com/1028415
https://bugzilla.suse.com/1028880
https://bugzilla.suse.com/1029140
https://bugzilla.suse.com/1029212
https://bugzilla.suse.com/1029770
https://bugzilla.suse.com/1029850
https://bugzilla.suse.com/1030213
https://bugzilla.suse.com/1030552
https://bugzilla.suse.com/1030573
https://bugzilla.suse.com/1030593
https://bugzilla.suse.com/1030814
https://bugzilla.suse.com/1031003
https://bugzilla.suse.com/1031052
https://bugzilla.suse.com/1031440
https://bugzilla.suse.com/1031579
https://bugzilla.suse.com/1032141
https://bugzilla.suse.com/1032340
https://bugzilla.suse.com/1032471
https://bugzilla.suse.com/1033287
https://bugzilla.suse.com/1033336
https://bugzilla.suse.com/1033771
https://bugzilla.suse.com/1033794
https://bugzilla.suse.com/1033804
https://bugzilla.suse.com/1033816
https://bugzilla.suse.com/1034026
https://bugzilla.suse.com/1034670
https://bugzilla.suse.com/1035576
https://bugzilla.suse.com/1035777
https://bugzilla.suse.com/1035920
https://bugzilla.suse.com/1036056
https://bugzilla.suse.com/1036288
https://bugzilla.suse.com/1036629
https://bugzilla.suse.com/1037182
https://bugzilla.suse.com/1037183
https://bugzilla.suse.com/1037191
https://bugzilla.suse.com/1037193
https://bugzilla.suse.com/1037227
https://bugzilla.suse.com/1037232
https://bugzilla.suse.com/1037233
https://bugzilla.suse.com/1037356
https://bugzilla.suse.com/1037358
https://bugzilla.suse.com/1037359
https://bugzilla.suse.com/1037441
https://bugzilla.suse.com/1038544
https://bugzilla.suse.com/1038879
https://bugzilla.suse.com/1038981
https://bugzilla.suse.com/1038982
https://bugzilla.suse.com/1039258
https://bugzilla.suse.com/1039348
https://bugzilla.suse.com/1039354
https://bugzilla.suse.com/1039456
https://bugzilla.suse.com/1039594
https://bugzilla.suse.com/1039882
https://bugzilla.suse.com/1039883
https://bugzilla.suse.com/1039885
https://bugzilla.suse.com/1040069
https://bugzilla.suse.com/1040351
https://bugzilla.suse.com/1041160
https://bugzilla.suse.com/1041431
https://bugzilla.suse.com/1041762
https://bugzilla.suse.com/1041975
https://bugzilla.suse.com/1042045
https://bugzilla.suse.com/1042200
https://bugzilla.suse.com/1042615
https://bugzilla.suse.com/1042633
https://bugzilla.suse.com/1042687
https://bugzilla.suse.com/1042832
https://bugzilla.suse.com/1043014
https://bugzilla.suse.com/1043234
https://bugzilla.suse.com/1043935
https://bugzilla.suse.com/1044015
https://bugzilla.suse.com/1044125
https://bugzilla.suse.com/1044216
https://bugzilla.suse.com/1044230
https://bugzilla.suse.com/1044854
https://bugzilla.suse.com/1044882
https://bugzilla.suse.com/1044913
https://bugzilla.suse.com/1044985
https://bugzilla.suse.com/1045154
https://bugzilla.suse.com/1045340
https://bugzilla.suse.com/1045356
https://bugzilla.suse.com/1045406
https://bugzilla.suse.com/1045416
https://bugzilla.suse.com/1045525
https://bugzilla.suse.com/1045538
https://bugzilla.suse.com/1045547
https://bugzilla.suse.com/1045615
https://bugzilla.suse.com/1046107
https://bugzilla.suse.com/1046122
https://bugzilla.suse.com/1046192
https://bugzilla.suse.com/1046715
https://bugzilla.suse.com/1047027
https://bugzilla.suse.com/1047053
https://bugzilla.suse.com/1047343
https://bugzilla.suse.com/1047354
https://bugzilla.suse.com/1047487
https://bugzilla.suse.com/1047523
https://bugzilla.suse.com/1047653
https://bugzilla.suse.com/1048185
https://bugzilla.suse.com/1048221
https://bugzilla.suse.com/1048232
https://bugzilla.suse.com/1048275
https://bugzilla.suse.com/1049483
https://bugzilla.suse.com/1049603
https://bugzilla.suse.com/1049688
https://bugzilla.suse.com/1049882
https://bugzilla.suse.com/1050154
https://bugzilla.suse.com/1050431
https://bugzilla.suse.com/1051478
https://bugzilla.suse.com/1051515
https://bugzilla.suse.com/1051770
https://bugzilla.suse.com/784815
https://bugzilla.suse.com/792863
https://bugzilla.suse.com/799133
https://bugzilla.suse.com/870618
https://bugzilla.suse.com/909486
https://bugzilla.suse.com/909618
https://bugzilla.suse.com/911105
https://bugzilla.suse.com/919382
https://bugzilla.suse.com/928138
https://bugzilla.suse.com/931620
https://bugzilla.suse.com/938352
https://bugzilla.suse.com/943786
https://bugzilla.suse.com/948562
https://bugzilla.suse.com/962257
https://bugzilla.suse.com/970956
https://bugzilla.suse.com/971975
https://bugzilla.suse.com/972891
https://bugzilla.suse.com/979021
https://bugzilla.suse.com/982783
https://bugzilla.suse.com/983212
https://bugzilla.suse.com/985561
https://bugzilla.suse.com/986362
https://bugzilla.suse.com/986365
https://bugzilla.suse.com/986924
https://bugzilla.suse.com/988065
https://bugzilla.suse.com/989056
https://bugzilla.suse.com/990682
https://bugzilla.suse.com/991651
https://bugzilla.suse.com/995542
https://bugzilla.suse.com/999245


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2339-1: important: Security update for xen

SUSE Security Update: Security update for xen
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2339-1
Rating: important
References: #1046637 #1048920 #1049578 #1051787 #1051788
#1052686
Cross-References: CVE-2017-10664 CVE-2017-11334 CVE-2017-11434
CVE-2017-12135 CVE-2017-12137 CVE-2017-12855

Affected Products:
SUSE Linux Enterprise Server 11-SP3-LTSS
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

An update that fixes 6 vulnerabilities is now available.

Description:

This update for xen fixes the following issues:

– CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to
potentially leaking sensitive information (XSA-230, bsc#1052686).
– CVE-2017-12135: Unbounded recursion in grant table code allowed a
malicious guest to crash the host or potentially escalate
privileges/leak information (XSA-226, bsc#1051787).
– CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for
privilege escalation (XSA-227, bsc#1051788).
– CVE-2017-11334: The address_space_write_continue function in exec.c
allowed local guest OS privileged users to cause a denial of service
(out-of-bounds access and guest instance crash) by leveraging use of
qemu_map_ram_ptr to access guest ram block area (bsc#1048920).
– CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local
guest OS users to cause a denial of service (out-of-bounds read) via a
crafted DHCP
options string (bsc#1049578).
– CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote
attackers to cause a denial of service (daemon crash) by disconnecting
during a server-to-client reply attempt (bsc#1046637).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 11-SP3-LTSS:

zypper in -t patch slessp3-xen-13259=1

– SUSE Linux Enterprise Point of Sale 11-SP3:

zypper in -t patch sleposp3-xen-13259=1

– SUSE Linux Enterprise Debuginfo 11-SP3:

zypper in -t patch dbgsp3-xen-13259=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64):

xen-kmp-default-4.2.5_21_3.0.101_0.47.105-45.5.1
xen-libs-4.2.5_21-45.5.1
xen-tools-domU-4.2.5_21-45.5.1

– SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64):

xen-4.2.5_21-45.5.1
xen-doc-html-4.2.5_21-45.5.1
xen-doc-pdf-4.2.5_21-45.5.1
xen-libs-32bit-4.2.5_21-45.5.1
xen-tools-4.2.5_21-45.5.1

– SUSE Linux Enterprise Server 11-SP3-LTSS (i586):

xen-kmp-pae-4.2.5_21_3.0.101_0.47.105-45.5.1

– SUSE Linux Enterprise Point of Sale 11-SP3 (i586):

xen-kmp-default-4.2.5_21_3.0.101_0.47.105-45.5.1
xen-kmp-pae-4.2.5_21_3.0.101_0.47.105-45.5.1
xen-libs-4.2.5_21-45.5.1
xen-tools-domU-4.2.5_21-45.5.1

– SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64):

xen-debuginfo-4.2.5_21-45.5.1
xen-debugsource-4.2.5_21-45.5.1

References:

https://www.suse.com/security/cve/CVE-2017-10664.html
https://www.suse.com/security/cve/CVE-2017-11334.html
https://www.suse.com/security/cve/CVE-2017-11434.html
https://www.suse.com/security/cve/CVE-2017-12135.html
https://www.suse.com/security/cve/CVE-2017-12137.html
https://www.suse.com/security/cve/CVE-2017-12855.html
https://bugzilla.suse.com/1046637
https://bugzilla.suse.com/1048920
https://bugzilla.suse.com/1049578
https://bugzilla.suse.com/1051787
https://bugzilla.suse.com/1051788
https://bugzilla.suse.com/1052686


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE-SU-2017:2337-1: important: Security update for php7

openSUSE Security Update: Security update for php7
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2337-1
Rating: important
References: #1047454 #1048094 #1048096 #1048100 #1048111
#1048112 #1050241 #1050726 #1052389 #1053645
#986386
Cross-References: CVE-2016-10397 CVE-2016-5766 CVE-2017-11142
CVE-2017-11144 CVE-2017-11145 CVE-2017-11146
CVE-2017-11147 CVE-2017-11628 CVE-2017-7890

Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________

An update that solves 9 vulnerabilities and has two fixes
is now available.

Description:

This update for php7 fixes the following issues:

– CVE-2016-10397: parse_url() can be bypassed to return fake host.
(bsc#1047454)
– CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of
service attack by injectinglong form variables, related to
main/php_variables. (bsc#1048100)
– CVE-2017-11144: The opensslextension PEM sealing code did not check the
return value of the OpenSSL sealingfunction, which could lead to a
crash. (bsc#1048096)
– CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to
information leak. (bsc#1048112)
– CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code
could lead to information leak. (bsc#1048111)
– CVE-2017-11147: The PHAR archive handler could beused by attackers
supplying malicious archive files to crash the PHP interpreteror
potentially disclose information. (bsc#1048094)
– CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could
lead to denial of service (bsc#1050726)
– CVE-2017-7890: Buffer over-read from unitialized data in
gdImageCreateFromGifCtx function could lead to denial of service
(bsc#1050241)
– CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap
overflow could lead to denial of service or code execution (bsc#986386)

Other fixes:

– Soap Request with References (bsc#1053645)
– php7-pear should explicitly require php7-pear-Archive_Tar
otherwise this dependency must be declared in every php7-pear-* package
explicitly. [bnc#1052389]

This update was imported from the SUSE:SLE-12:Update update project.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-994=1

– openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-994=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.3 (i586 x86_64):

apache2-mod_php7-7.0.7-19.1
apache2-mod_php7-debuginfo-7.0.7-19.1
php7-7.0.7-19.1
php7-bcmath-7.0.7-19.1
php7-bcmath-debuginfo-7.0.7-19.1
php7-bz2-7.0.7-19.1
php7-bz2-debuginfo-7.0.7-19.1
php7-calendar-7.0.7-19.1
php7-calendar-debuginfo-7.0.7-19.1
php7-ctype-7.0.7-19.1
php7-ctype-debuginfo-7.0.7-19.1
php7-curl-7.0.7-19.1
php7-curl-debuginfo-7.0.7-19.1
php7-dba-7.0.7-19.1
php7-dba-debuginfo-7.0.7-19.1
php7-debuginfo-7.0.7-19.1
php7-debugsource-7.0.7-19.1
php7-devel-7.0.7-19.1
php7-dom-7.0.7-19.1
php7-dom-debuginfo-7.0.7-19.1
php7-enchant-7.0.7-19.1
php7-enchant-debuginfo-7.0.7-19.1
php7-exif-7.0.7-19.1
php7-exif-debuginfo-7.0.7-19.1
php7-fastcgi-7.0.7-19.1
php7-fastcgi-debuginfo-7.0.7-19.1
php7-fileinfo-7.0.7-19.1
php7-fileinfo-debuginfo-7.0.7-19.1
php7-firebird-7.0.7-19.1
php7-firebird-debuginfo-7.0.7-19.1
php7-fpm-7.0.7-19.1
php7-fpm-debuginfo-7.0.7-19.1
php7-ftp-7.0.7-19.1
php7-ftp-debuginfo-7.0.7-19.1
php7-gd-7.0.7-19.1
php7-gd-debuginfo-7.0.7-19.1
php7-gettext-7.0.7-19.1
php7-gettext-debuginfo-7.0.7-19.1
php7-gmp-7.0.7-19.1
php7-gmp-debuginfo-7.0.7-19.1
php7-iconv-7.0.7-19.1
php7-iconv-debuginfo-7.0.7-19.1
php7-imap-7.0.7-19.1
php7-imap-debuginfo-7.0.7-19.1
php7-intl-7.0.7-19.1
php7-intl-debuginfo-7.0.7-19.1
php7-json-7.0.7-19.1
php7-json-debuginfo-7.0.7-19.1
php7-ldap-7.0.7-19.1
php7-ldap-debuginfo-7.0.7-19.1
php7-mbstring-7.0.7-19.1
php7-mbstring-debuginfo-7.0.7-19.1
php7-mcrypt-7.0.7-19.1
php7-mcrypt-debuginfo-7.0.7-19.1
php7-mysql-7.0.7-19.1
php7-mysql-debuginfo-7.0.7-19.1
php7-odbc-7.0.7-19.1
php7-odbc-debuginfo-7.0.7-19.1
php7-opcache-7.0.7-19.1
php7-opcache-debuginfo-7.0.7-19.1
php7-openssl-7.0.7-19.1
php7-openssl-debuginfo-7.0.7-19.1
php7-pcntl-7.0.7-19.1
php7-pcntl-debuginfo-7.0.7-19.1
php7-pdo-7.0.7-19.1
php7-pdo-debuginfo-7.0.7-19.1
php7-pgsql-7.0.7-19.1
php7-pgsql-debuginfo-7.0.7-19.1
php7-phar-7.0.7-19.1
php7-phar-debuginfo-7.0.7-19.1
php7-posix-7.0.7-19.1
php7-posix-debuginfo-7.0.7-19.1
php7-pspell-7.0.7-19.1
php7-pspell-debuginfo-7.0.7-19.1
php7-readline-7.0.7-19.1
php7-readline-debuginfo-7.0.7-19.1
php7-shmop-7.0.7-19.1
php7-shmop-debuginfo-7.0.7-19.1
php7-snmp-7.0.7-19.1
php7-snmp-debuginfo-7.0.7-19.1
php7-soap-7.0.7-19.1
php7-soap-debuginfo-7.0.7-19.1
php7-sockets-7.0.7-19.1
php7-sockets-debuginfo-7.0.7-19.1
php7-sqlite-7.0.7-19.1
php7-sqlite-debuginfo-7.0.7-19.1
php7-sysvmsg-7.0.7-19.1
php7-sysvmsg-debuginfo-7.0.7-19.1
php7-sysvsem-7.0.7-19.1
php7-sysvsem-debuginfo-7.0.7-19.1
php7-sysvshm-7.0.7-19.1
php7-sysvshm-debuginfo-7.0.7-19.1
php7-tidy-7.0.7-19.1
php7-tidy-debuginfo-7.0.7-19.1
php7-tokenizer-7.0.7-19.1
php7-tokenizer-debuginfo-7.0.7-19.1
php7-wddx-7.0.7-19.1
php7-wddx-debuginfo-7.0.7-19.1
php7-xmlreader-7.0.7-19.1
php7-xmlreader-debuginfo-7.0.7-19.1
php7-xmlrpc-7.0.7-19.1
php7-xmlrpc-debuginfo-7.0.7-19.1
php7-xmlwriter-7.0.7-19.1
php7-xmlwriter-debuginfo-7.0.7-19.1
php7-xsl-7.0.7-19.1
php7-xsl-debuginfo-7.0.7-19.1
php7-zip-7.0.7-19.1
php7-zip-debuginfo-7.0.7-19.1
php7-zlib-7.0.7-19.1
php7-zlib-debuginfo-7.0.7-19.1

– openSUSE Leap 42.3 (noarch):

php7-pear-7.0.7-19.1
php7-pear-Archive_Tar-7.0.7-19.1

– openSUSE Leap 42.2 (i586 x86_64):

apache2-mod_php7-7.0.7-14.9.1
apache2-mod_php7-debuginfo-7.0.7-14.9.1
php7-7.0.7-14.9.1
php7-bcmath-7.0.7-14.9.1
php7-bcmath-debuginfo-7.0.7-14.9.1
php7-bz2-7.0.7-14.9.1
php7-bz2-debuginfo-7.0.7-14.9.1
php7-calendar-7.0.7-14.9.1
php7-calendar-debuginfo-7.0.7-14.9.1
php7-ctype-7.0.7-14.9.1
php7-ctype-debuginfo-7.0.7-14.9.1
php7-curl-7.0.7-14.9.1
php7-curl-debuginfo-7.0.7-14.9.1
php7-dba-7.0.7-14.9.1
php7-dba-debuginfo-7.0.7-14.9.1
php7-debuginfo-7.0.7-14.9.1
php7-debugsource-7.0.7-14.9.1
php7-devel-7.0.7-14.9.1
php7-dom-7.0.7-14.9.1
php7-dom-debuginfo-7.0.7-14.9.1
php7-enchant-7.0.7-14.9.1
php7-enchant-debuginfo-7.0.7-14.9.1
php7-exif-7.0.7-14.9.1
php7-exif-debuginfo-7.0.7-14.9.1
php7-fastcgi-7.0.7-14.9.1
php7-fastcgi-debuginfo-7.0.7-14.9.1
php7-fileinfo-7.0.7-14.9.1
php7-fileinfo-debuginfo-7.0.7-14.9.1
php7-firebird-7.0.7-14.9.1
php7-firebird-debuginfo-7.0.7-14.9.1
php7-fpm-7.0.7-14.9.1
php7-fpm-debuginfo-7.0.7-14.9.1
php7-ftp-7.0.7-14.9.1
php7-ftp-debuginfo-7.0.7-14.9.1
php7-gd-7.0.7-14.9.1
php7-gd-debuginfo-7.0.7-14.9.1
php7-gettext-7.0.7-14.9.1
php7-gettext-debuginfo-7.0.7-14.9.1
php7-gmp-7.0.7-14.9.1
php7-gmp-debuginfo-7.0.7-14.9.1
php7-iconv-7.0.7-14.9.1
php7-iconv-debuginfo-7.0.7-14.9.1
php7-imap-7.0.7-14.9.1
php7-imap-debuginfo-7.0.7-14.9.1
php7-intl-7.0.7-14.9.1
php7-intl-debuginfo-7.0.7-14.9.1
php7-json-7.0.7-14.9.1
php7-json-debuginfo-7.0.7-14.9.1
php7-ldap-7.0.7-14.9.1
php7-ldap-debuginfo-7.0.7-14.9.1
php7-mbstring-7.0.7-14.9.1
php7-mbstring-debuginfo-7.0.7-14.9.1
php7-mcrypt-7.0.7-14.9.1
php7-mcrypt-debuginfo-7.0.7-14.9.1
php7-mysql-7.0.7-14.9.1
php7-mysql-debuginfo-7.0.7-14.9.1
php7-odbc-7.0.7-14.9.1
php7-odbc-debuginfo-7.0.7-14.9.1
php7-opcache-7.0.7-14.9.1
php7-opcache-debuginfo-7.0.7-14.9.1
php7-openssl-7.0.7-14.9.1
php7-openssl-debuginfo-7.0.7-14.9.1
php7-pcntl-7.0.7-14.9.1
php7-pcntl-debuginfo-7.0.7-14.9.1
php7-pdo-7.0.7-14.9.1
php7-pdo-debuginfo-7.0.7-14.9.1
php7-pgsql-7.0.7-14.9.1
php7-pgsql-debuginfo-7.0.7-14.9.1
php7-phar-7.0.7-14.9.1
php7-phar-debuginfo-7.0.7-14.9.1
php7-posix-7.0.7-14.9.1
php7-posix-debuginfo-7.0.7-14.9.1
php7-pspell-7.0.7-14.9.1
php7-pspell-debuginfo-7.0.7-14.9.1
php7-readline-7.0.7-14.9.1
php7-readline-debuginfo-7.0.7-14.9.1
php7-shmop-7.0.7-14.9.1
php7-shmop-debuginfo-7.0.7-14.9.1
php7-snmp-7.0.7-14.9.1
php7-snmp-debuginfo-7.0.7-14.9.1
php7-soap-7.0.7-14.9.1
php7-soap-debuginfo-7.0.7-14.9.1
php7-sockets-7.0.7-14.9.1
php7-sockets-debuginfo-7.0.7-14.9.1
php7-sqlite-7.0.7-14.9.1
php7-sqlite-debuginfo-7.0.7-14.9.1
php7-sysvmsg-7.0.7-14.9.1
php7-sysvmsg-debuginfo-7.0.7-14.9.1
php7-sysvsem-7.0.7-14.9.1
php7-sysvsem-debuginfo-7.0.7-14.9.1
php7-sysvshm-7.0.7-14.9.1
php7-sysvshm-debuginfo-7.0.7-14.9.1
php7-tidy-7.0.7-14.9.1
php7-tidy-debuginfo-7.0.7-14.9.1
php7-tokenizer-7.0.7-14.9.1
php7-tokenizer-debuginfo-7.0.7-14.9.1
php7-wddx-7.0.7-14.9.1
php7-wddx-debuginfo-7.0.7-14.9.1
php7-xmlreader-7.0.7-14.9.1
php7-xmlreader-debuginfo-7.0.7-14.9.1
php7-xmlrpc-7.0.7-14.9.1
php7-xmlrpc-debuginfo-7.0.7-14.9.1
php7-xmlwriter-7.0.7-14.9.1
php7-xmlwriter-debuginfo-7.0.7-14.9.1
php7-xsl-7.0.7-14.9.1
php7-xsl-debuginfo-7.0.7-14.9.1
php7-zip-7.0.7-14.9.1
php7-zip-debuginfo-7.0.7-14.9.1
php7-zlib-7.0.7-14.9.1
php7-zlib-debuginfo-7.0.7-14.9.1

– openSUSE Leap 42.2 (noarch):

php7-pear-7.0.7-14.9.1
php7-pear-Archive_Tar-7.0.7-14.9.1

References:

https://www.suse.com/security/cve/CVE-2016-10397.html
https://www.suse.com/security/cve/CVE-2016-5766.html
https://www.suse.com/security/cve/CVE-2017-11142.html
https://www.suse.com/security/cve/CVE-2017-11144.html
https://www.suse.com/security/cve/CVE-2017-11145.html
https://www.suse.com/security/cve/CVE-2017-11146.html
https://www.suse.com/security/cve/CVE-2017-11147.html
https://www.suse.com/security/cve/CVE-2017-11628.html
https://www.suse.com/security/cve/CVE-2017-7890.html
https://bugzilla.suse.com/1047454
https://bugzilla.suse.com/1048094
https://bugzilla.suse.com/1048096
https://bugzilla.suse.com/1048100
https://bugzilla.suse.com/1048111
https://bugzilla.suse.com/1048112
https://bugzilla.suse.com/1050241
https://bugzilla.suse.com/1050726
https://bugzilla.suse.com/1052389
https://bugzilla.suse.com/1053645
https://bugzilla.suse.com/986386


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE-SU-2017:2332-1: important: Security update for freerdp

openSUSE Security Update: Security update for freerdp
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2332-1
Rating: important
References: #1050699 #1050704 #1050708 #1050711 #1050712
#1050714
Cross-References: CVE-2017-2834 CVE-2017-2835 CVE-2017-2836
CVE-2017-2837 CVE-2017-2838 CVE-2017-2839

Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________

An update that fixes 6 vulnerabilities is now available.

Description:

This update for freerdp fixes the following issues:

– CVE-2017-2834: Out-of-bounds write in license_recv() (bsc#1050714)
– CVE-2017-2835: Out-of-bounds write in rdp_recv_tpkt_pdu (bsc#1050712)
– CVE-2017-2836: Rdp Client Read Server Proprietary Certificate Denial of
Service (bsc#1050699)
– CVE-2017-2837: Client GCC Read Server Security Data DoS (bsc#1050704)
– CVE-2017-2838: Client License Read Product Info Denial of Service
Vulnerability (bsc#1050708)
– CVE-2017-2839: Client License Read Challenge Packet Denial of Service
(bsc#1050711)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-992=1

– openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-992=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.3 (i586 x86_64):

freerdp-2.0.0~git.1463131968.4e66df7-6.1
freerdp-debuginfo-2.0.0~git.1463131968.4e66df7-6.1
freerdp-debugsource-2.0.0~git.1463131968.4e66df7-6.1
freerdp-devel-2.0.0~git.1463131968.4e66df7-6.1
libfreerdp2-2.0.0~git.1463131968.4e66df7-6.1
libfreerdp2-debuginfo-2.0.0~git.1463131968.4e66df7-6.1

– openSUSE Leap 42.2 (i586 x86_64):

freerdp-2.0.0~git.1463131968.4e66df7-3.3.1
freerdp-debuginfo-2.0.0~git.1463131968.4e66df7-3.3.1
freerdp-debugsource-2.0.0~git.1463131968.4e66df7-3.3.1
freerdp-devel-2.0.0~git.1463131968.4e66df7-3.3.1
libfreerdp2-2.0.0~git.1463131968.4e66df7-3.3.1
libfreerdp2-debuginfo-2.0.0~git.1463131968.4e66df7-3.3.1

References:

https://www.suse.com/security/cve/CVE-2017-2834.html
https://www.suse.com/security/cve/CVE-2017-2835.html
https://www.suse.com/security/cve/CVE-2017-2836.html
https://www.suse.com/security/cve/CVE-2017-2837.html
https://www.suse.com/security/cve/CVE-2017-2838.html
https://www.suse.com/security/cve/CVE-2017-2839.html
https://bugzilla.suse.com/1050699
https://bugzilla.suse.com/1050704
https://bugzilla.suse.com/1050708
https://bugzilla.suse.com/1050711
https://bugzilla.suse.com/1050712
https://bugzilla.suse.com/1050714


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE-SU-2017:2335-1: important: Security update for libzypp

openSUSE Security Update: Security update for libzypp
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2335-1
Rating: important
References: #1009745 #1036659 #1038984 #1043218 #1045735
#1046417 #1047785 #1048315
Cross-References: CVE-2017-7435 CVE-2017-7436 CVE-2017-9269

Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves three vulnerabilities and has 5 fixes
is now available.

Description:

The Software Update Stack was updated to receive fixes and enhancements.

libzypp:

– CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows,
mainly for unsigned repositories and packages. (bsc#1045735, bsc#1038984)
– Fix gpg-pubkey release (creation time) computation. (bsc#1036659)
– Update lsof blacklist. (bsc#1046417)
– Re-probe on refresh if the repository type changes. (bsc#1048315)
– Propagate proper error code to DownloadProgressReport. (bsc#1047785)
– Allow to trigger an appdata refresh unconditionally. (bsc#1009745)
– Support custom repo variables defined in /etc/zypp/vars.d.

yast2-pkg-bindings:

– Do not crash when the repository URL is not defined. (bsc#1043218)

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-989=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.3 (i586 x86_64):

libzypp-16.15.3-9.1
libzypp-debuginfo-16.15.3-9.1
libzypp-debugsource-16.15.3-9.1
libzypp-devel-16.15.3-9.1
libzypp-devel-doc-16.15.3-9.1
yast2-pkg-bindings-3.2.4-4.1
yast2-pkg-bindings-debuginfo-3.2.4-4.1
yast2-pkg-bindings-debugsource-3.2.4-4.1

– openSUSE Leap 42.3 (noarch):

yast2-pkg-bindings-devel-doc-3.2.4-4.1

References:

https://www.suse.com/security/cve/CVE-2017-7435.html
https://www.suse.com/security/cve/CVE-2017-7436.html
https://www.suse.com/security/cve/CVE-2017-9269.html
https://bugzilla.suse.com/1009745
https://bugzilla.suse.com/1036659
https://bugzilla.suse.com/1038984
https://bugzilla.suse.com/1043218
https://bugzilla.suse.com/1045735
https://bugzilla.suse.com/1046417
https://bugzilla.suse.com/1047785
https://bugzilla.suse.com/1048315


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE-SU-2017:2331-1: important: Security update for git

openSUSE Security Update: Security update for git
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2331-1
Rating: important
References: #1052481
Cross-References: CVE-2017-1000117
Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for git fixes the following issues:

– CVE-2017-1000117: A client side code execution via shell injection when
receiving special submodule strings from a malicious server was fixed
(bsc#1052481)

This update was imported from the SUSE:SLE-12:Update update project.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-988=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.2 (noarch):

git-doc-2.12.3-5.10.1

– openSUSE Leap 42.2 (x86_64):

git-2.12.3-5.10.1
git-arch-2.12.3-5.10.1
git-core-2.12.3-5.10.1
git-core-debuginfo-2.12.3-5.10.1
git-credential-gnome-keyring-2.12.3-5.10.1
git-credential-gnome-keyring-debuginfo-2.12.3-5.10.1
git-cvs-2.12.3-5.10.1
git-daemon-2.12.3-5.10.1
git-daemon-debuginfo-2.12.3-5.10.1
git-debugsource-2.12.3-5.10.1
git-email-2.12.3-5.10.1
git-gui-2.12.3-5.10.1
git-svn-2.12.3-5.10.1
git-svn-debuginfo-2.12.3-5.10.1
git-web-2.12.3-5.10.1
gitk-2.12.3-5.10.1

References:

https://www.suse.com/security/cve/CVE-2017-1000117.html
https://bugzilla.suse.com/1052481


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org