SUSE-SU-2017:2778-1: important: Security update for Linux Kernel Live Patch 9 for SLE 12 SP1

SUSE Security Update: Security update for Linux Kernel Live Patch 9 for SLE 12 SP1
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2778-1
Rating: important
References: #1045327 #1057950
Cross-References: CVE-2017-1000251 CVE-2017-15274
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server 12-SP1-LTSS
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 3.12.67-60_64_18 fixes one issue.

The following security bugs were fixed:

– CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
consider the case of a NULL payload in conjunction with a nonzero length
value, which allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a crafted add_key or keyctl system
call (bsc#1045327).
– CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ)
was vulnerable to a stack overflow vulnerability in the processing of
L2CAP configuration responses resulting in Remote code execution in
kernel space (bsc#1057950).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server for SAP 12-SP1:

zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1722=1

– SUSE Linux Enterprise Server 12-SP1-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1722=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):

kgraft-patch-3_12_67-60_64_18-default-11-4.1
kgraft-patch-3_12_67-60_64_18-xen-11-4.1

– SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64):

kgraft-patch-3_12_67-60_64_18-default-11-4.1
kgraft-patch-3_12_67-60_64_18-xen-11-4.1

References:

https://www.suse.com/security/cve/CVE-2017-1000251.html
https://www.suse.com/security/cve/CVE-2017-15274.html
https://bugzilla.suse.com/1045327
https://bugzilla.suse.com/1057950


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2781-1: important: Security update for Linux Kernel Live Patch 24 for SLE 12

SUSE Security Update: Security update for Linux Kernel Live Patch 24 for SLE 12
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2781-1
Rating: important
References: #1045327 #1057950
Cross-References: CVE-2017-1000251 CVE-2017-15274
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 3.12.61-52_83 fixes one issue.

The following security bugs were fixed:

– CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
consider the case of a NULL payload in conjunction with a nonzero length
value, which allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a crafted add_key or keyctl system
call (bsc#1045327).
– CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ)
was vulnerable to a stack overflow vulnerability in the processing of
L2CAP configuration responses resulting in Remote code execution in
kernel space (bsc#1057950).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1719=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 12-LTSS (x86_64):

kgraft-patch-3_12_61-52_83-default-3-4.1
kgraft-patch-3_12_61-52_83-xen-3-4.1

References:

https://www.suse.com/security/cve/CVE-2017-1000251.html
https://www.suse.com/security/cve/CVE-2017-15274.html
https://bugzilla.suse.com/1045327
https://bugzilla.suse.com/1057950


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2783-1: important: Security update for Linux Kernel Live Patch 12 for SLE 12 SP1

SUSE Security Update: Security update for Linux Kernel Live Patch 12 for SLE 12 SP1
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2783-1
Rating: important
References: #1045327 #1057950
Cross-References: CVE-2017-1000251 CVE-2017-15274
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server 12-SP1-LTSS
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 3.12.69-60_64_29 fixes one issue.

The following security bugs were fixed:

– CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
consider the case of a NULL payload in conjunction with a nonzero length
value, which allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a crafted add_key or keyctl system
call (bsc#1045327).
– CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ)
was vulnerable to a stack overflow vulnerability in the processing of
L2CAP configuration responses resulting in Remote code execution in
kernel space (bsc#1057950).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server for SAP 12-SP1:

zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1723=1

– SUSE Linux Enterprise Server 12-SP1-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1723=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):

kgraft-patch-3_12_69-60_64_29-default-8-4.1
kgraft-patch-3_12_69-60_64_29-xen-8-4.1

– SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64):

kgraft-patch-3_12_69-60_64_29-default-8-4.1
kgraft-patch-3_12_69-60_64_29-xen-8-4.1

References:

https://www.suse.com/security/cve/CVE-2017-1000251.html
https://www.suse.com/security/cve/CVE-2017-15274.html
https://bugzilla.suse.com/1045327
https://bugzilla.suse.com/1057950


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2779-1: important: Security update for Linux Kernel Live Patch 10 for SLE 12 SP1

SUSE Security Update: Security update for Linux Kernel Live Patch 10 for SLE 12 SP1
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2779-1
Rating: important
References: #1045327 #1057950
Cross-References: CVE-2017-1000251 CVE-2017-15274
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server 12-SP1-LTSS
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 3.12.67-60_64_21 fixes one issue.

The following security bugs were fixed:

– CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
consider the case of a NULL payload in conjunction with a nonzero length
value, which allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a crafted add_key or keyctl system
call (bsc#1045327).
– CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ)
was vulnerable to a stack overflow vulnerability in the processing of
L2CAP configuration responses resulting in Remote code execution in
kernel space (bsc#1057950).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server for SAP 12-SP1:

zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1721=1

– SUSE Linux Enterprise Server 12-SP1-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1721=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):

kgraft-patch-3_12_67-60_64_21-default-10-4.1
kgraft-patch-3_12_67-60_64_21-xen-10-4.1

– SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64):

kgraft-patch-3_12_67-60_64_21-default-10-4.1
kgraft-patch-3_12_67-60_64_21-xen-10-4.1

References:

https://www.suse.com/security/cve/CVE-2017-1000251.html
https://www.suse.com/security/cve/CVE-2017-15274.html
https://bugzilla.suse.com/1045327
https://bugzilla.suse.com/1057950


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2780-1: important: Security update for Linux Kernel Live Patch 21 for SLE 12

SUSE Security Update: Security update for Linux Kernel Live Patch 21 for SLE 12
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2780-1
Rating: important
References: #1045327 #1057950
Cross-References: CVE-2017-1000251 CVE-2017-15274
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 3.12.61-52_72 fixes one issue.

The following security bugs were fixed:

– CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
consider the case of a NULL payload in conjunction with a nonzero length
value, which allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a crafted add_key or keyctl system
call (bsc#1045327).
– CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ)
was vulnerable to a stack overflow vulnerability in the processing of
L2CAP configuration responses resulting in Remote code execution in
kernel space (bsc#1057950).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1726=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 12-LTSS (x86_64):

kgraft-patch-3_12_61-52_72-default-5-4.1
kgraft-patch-3_12_61-52_72-xen-5-4.1

References:

https://www.suse.com/security/cve/CVE-2017-1000251.html
https://www.suse.com/security/cve/CVE-2017-15274.html
https://bugzilla.suse.com/1045327
https://bugzilla.suse.com/1057950


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2782-1: important: Security update for Linux Kernel Live Patch 13 for SLE 12 SP1

SUSE Security Update: Security update for Linux Kernel Live Patch 13 for SLE 12 SP1
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2782-1
Rating: important
References: #1045327 #1057950
Cross-References: CVE-2017-1000251 CVE-2017-15274
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server 12-SP1-LTSS
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 3.12.69-60_64_32 fixes one issue.

The following security bugs were fixed:

– CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
consider the case of a NULL payload in conjunction with a nonzero length
value, which allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a crafted add_key or keyctl system
call (bsc#1045327).
– CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ)
was vulnerable to a stack overflow vulnerability in the processing of
L2CAP configuration responses resulting in Remote code execution in
kernel space (bsc#1057950).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server for SAP 12-SP1:

zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1724=1

– SUSE Linux Enterprise Server 12-SP1-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1724=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):

kgraft-patch-3_12_69-60_64_32-default-7-4.1
kgraft-patch-3_12_69-60_64_32-xen-7-4.1

– SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64):

kgraft-patch-3_12_69-60_64_32-default-7-4.1
kgraft-patch-3_12_69-60_64_32-xen-7-4.1

References:

https://www.suse.com/security/cve/CVE-2017-1000251.html
https://www.suse.com/security/cve/CVE-2017-15274.html
https://bugzilla.suse.com/1045327
https://bugzilla.suse.com/1057950


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2775-1: important: Security update for Linux Kernel Live Patch 27 for SLE 12

SUSE Security Update: Security update for Linux Kernel Live Patch 27 for SLE 12
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2775-1
Rating: important
References: #1042892 #1045327 #1046191 #1052311 #1052368

Cross-References: CVE-2017-1000112 CVE-2017-15274 CVE-2017-7645
CVE-2017-9242
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

An update that solves four vulnerabilities and has one
errata is now available.

Description:

This update for the Linux Kernel 3.12.61-52_92 fixes several issues.

The following security bugs were fixed:

– CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
consider the case of a NULL payload in conjunction with a nonzero length
value, which allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a crafted add_key or keyctl system
call (bsc#1045327).
– CVE-2017-1000112: Updated patch for this issue to be in sync with the
other livepatches. Description of the issue: Prevent race condition in
net-packet code that could have been exploited by unprivileged users to
gain root access (bsc#1052368, bsc#1052311).
– CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c
was too late in checking whether an overwrite of an skb data structure
may occur, which allowed local users to cause a denial of service
(system crash) via crafted system calls (bsc#1042892).
– CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem allowed
remote attackers to cause a denial of service (system crash) via a long
RPC reply (bsc#1046191).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1716=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 12-LTSS (x86_64):

kgraft-patch-3_12_61-52_92-default-2-4.1
kgraft-patch-3_12_61-52_92-xen-2-4.1

References:

https://www.suse.com/security/cve/CVE-2017-1000112.html
https://www.suse.com/security/cve/CVE-2017-15274.html
https://www.suse.com/security/cve/CVE-2017-7645.html
https://www.suse.com/security/cve/CVE-2017-9242.html
https://bugzilla.suse.com/1042892
https://bugzilla.suse.com/1045327
https://bugzilla.suse.com/1046191
https://bugzilla.suse.com/1052311
https://bugzilla.suse.com/1052368


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2777-1: important: Security update for Linux Kernel Live Patch 17 for SLE 12

SUSE Security Update: Security update for Linux Kernel Live Patch 17 for SLE 12
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2777-1
Rating: important
References: #1045327 #1057950
Cross-References: CVE-2017-1000251 CVE-2017-15274
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 3.12.60-52_60 fixes one issue.

The following security bugs were fixed:

– CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
consider the case of a NULL payload in conjunction with a nonzero length
value, which allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a crafted add_key or keyctl system
call (bsc#1045327).
– CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ)
was vulnerable to a stack overflow vulnerability in the processing of
L2CAP configuration responses resulting in Remote code execution in
kernel space (bsc#1057950).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1718=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 12-LTSS (x86_64):

kgraft-patch-3_12_60-52_60-default-9-4.1
kgraft-patch-3_12_60-52_60-xen-9-4.1

References:

https://www.suse.com/security/cve/CVE-2017-1000251.html
https://www.suse.com/security/cve/CVE-2017-15274.html
https://bugzilla.suse.com/1045327
https://bugzilla.suse.com/1057950


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Ubuntu 17.10 (Artful Aardvark) released

Q29kZW5hbWVkICJBcnRmdWwgQWFyZHZhcmsiLCBVYnVudHUgMTcuMTAgY29udGludWVzIFVidW50
dSdzIHByb3VkCnRyYWRpdGlvbiBvZiBpbnRlZ3JhdGluZyB0aGUgbGF0ZXN0IGFuZCBncmVhdGVz
dCBvcGVuIHNvdXJjZSB0ZWNobm9sb2d5CmludG8gYSBoaWdoLXF1YWxpdHksIGVhc3ktdG8tdXNl
IExpbnV4IGRpc3RyaWJ1dGlvbi4gIEFzIGFsd2F5cywgdGhlCnRlYW0gaGFzIGJlZW4gaGFyZCBh
dCB3b3JrIHRocm91Z2ggdGhpcyBjeWNsZSwgaW50cm9kdWNpbmcgbmV3IGZlYXR1cmVzCmFuZCBm
aXhpbmcgYnVncy4KClVuZGVyIHRoZSBob29kLCB0aGVyZSBoYXZlIGJlZW4gdXBkYXRlcyB0byBt
YW55IGNvcmUgcGFja2FnZXMsIGluY2x1ZGluZwphIG5ldyA0LjEzLWJhc2VkIGtlcm5lbCwgZ2xp
YmMgMi4yNiwgZ2NjIDcuMiwgYW5kIG11Y2ggbW9yZS4KClVidW50dSBEZXNrdG9wIGhhcyBoYWQg
YSBtYWpvciBvdmVyaGF1bCwgd2l0aCB0aGUgc3dpdGNoIGZyb20gVW5pdHkgYXMKb3VyIGRlZmF1
bHQgZGVza3RvcCB0byBHTk9NRTMgYW5kIGdub21lLXNoZWxsLiAgQWxvbmcgd2l0aCB0aGF0LCB0
aGVyZQphcmUgdGhlIHVzdWFsIGluY3JlbWVudGFsIGltcHJvdmVtZW50cywgd2l0aCBuZXdlciB2
ZXJzaW9ucyBvZiBHVEsgYW5kClF0LCBhbmQgdXBkYXRlcyB0byBtYWpvciBwYWNrYWdlcyBsaWtl
IEZpcmVmb3ggYW5kIExpYnJlT2ZmaWNlLgoKVWJ1bnR1IFNlcnZlciAxNy4xMCBpbmNsdWRlcyB0
aGUgUGlrZSByZWxlYXNlIG9mIE9wZW5TdGFjaywgYWxvbmdzaWRlCmRlcGxveW1lbnQgYW5kIG1h
bmFnZW1lbnQgdG9vbHMgdGhhdCBzYXZlIGRldm9wcyB0ZWFtcyB0aW1lIHdoZW4KZGVwbG95aW5n
IGRpc3RyaWJ1dGVkIGFwcGxpY2F0aW9ucyAtIHdoZXRoZXIgb24gcHJpdmF0ZSBjbG91ZHMsIHB1
YmxpYwpjbG91ZHMsIHg4NiwgQVJNLCBvciBQT1dFUiBzZXJ2ZXJzLCB6IFN5c3RlbSBtYWluZnJh
bWVzLCBvciBvbiBkZXZlbG9wZXIKbGFwdG9wcy4gIFNldmVyYWwga2V5IHNlcnZlciB0ZWNobm9s
b2dpZXMsIGZyb20gTUFBUyB0byBqdWp1LCBoYXZlIGJlZW4KdXBkYXRlZCB0byBuZXcgdXBzdHJl
YW0gdmVyc2lvbnMgd2l0aCBhIHZhcmlldHkgb2YgbmV3IGZlYXR1cmVzLgoKVGhlIG5ld2VzdCBL
dWJ1bnR1LCBMdWJ1bnR1LCBVYnVudHUgQnVkZ2llLCBVYnVudHUgS3lsaW4sIFVidW50dSBNQVRF
LApVYnVudHUgU3R1ZGlvLCBhbmQgWHVidW50dSBhcmUgYWxzbyBiZWluZyByZWxlYXNlZCB0b2Rh
eS4gIE1vcmUgZGV0YWlscwpjYW4gYmUgZm91bmQgZm9yIHRoZXNlIGF0IHRoZWlyIGluZGl2aWR1
YWwgcmVsZWFzZSBub3RlczoKCiAgIGh0dHBzOi8vd2lraS51YnVudHUuY29tL0FydGZ1bEFhcmR2
YXJrL1JlbGVhc2VOb3RlcyNPZmZpY2lhbF9mbGF2b3VycwoKTWFpbnRlbmFuY2UgdXBkYXRlcyB3
aWxsIGJlIHByb3ZpZGVkIGZvciA5IG1vbnRocyBmb3IgYWxsIGZsYXZvdXJzCnJlbGVhc2luZyB3
aXRoIDE3LjEwLgoKVG8gZ2V0IFVidW50dSAxNy4xMAotLS0tLS0tLS0tLS0tLS0tLS0tCgpJbiBv
cmRlciB0byBkb3dubG9hZCBVYnVudHUgMTcuMTAsIHZpc2l0OgoKICAgaHR0cDovL3d3dy51YnVu
dHUuY29tL2Rvd25sb2FkCgpVc2VycyBvZiBVYnVudHUgMTcuMDQgd2lsbCBiZSBvZmZlcmVkIGFu
IGF1dG9tYXRpYyB1cGdyYWRlIHRvIDE3LjEwLiBGb3IKZnVydGhlciBpbmZvcm1hdGlvbiBhYm91
dCB1cGdyYWRpbmcsIHNlZToKCiAgIGh0dHA6Ly93d3cudWJ1bnR1LmNvbS9kb3dubG9hZC9kZXNr
dG9wL3VwZ3JhZGUKCkFzIGFsd2F5cywgdXBncmFkZXMgdG8gdGhlIGxhdGVzdCB2ZXJzaW9uIG9m
IFVidW50dSBhcmUgZW50aXJlbHkgZnJlZSAKb2YgY2hhcmdlLgoKV2UgcmVjb21tZW5kIHRoYXQg
YWxsIHVzZXJzIHJlYWQgdGhlIHJlbGVhc2Ugbm90ZXMsIHdoaWNoIGRvY3VtZW50CmNhdmVhdHMs
IHdvcmthcm91bmRzIGZvciBrbm93biBpc3N1ZXMsIGFzIHdlbGwgYXMgbW9yZSBpbi1kZXB0aCBu
b3RlcyAKb24gdGhlIHJlbGVhc2UgaXRzZWxmLiBUaGV5IGFyZSBhdmFpbGFibGUgYXQ6CgogICBo
dHRwOi8vd2lraS51YnVudHUuY29tL0FydGZ1bEFhcmR2YXJrL1JlbGVhc2VOb3RlcwoKRmluZCBv
dXQgd2hhdCdzIG5ldyBpbiB0aGlzIHJlbGVhc2Ugd2l0aCBhIGdyYXBoaWNhbCBvdmVydmlldzoK
CiAgIGh0dHA6Ly93d3cudWJ1bnR1LmNvbS9kZXNrdG9wCiAgIGh0dHA6Ly93d3cudWJ1bnR1LmNv
bS9kZXNrdG9wL2ZlYXR1cmVzCgpJZiB5b3UgaGF2ZSBhIHF1ZXN0aW9uLCBvciBpZiB5b3UgdGhp
bmsgeW91IG1heSBoYXZlIGZvdW5kIGEgYnVnCmJ1dCBhcmVuJ3Qgc3VyZSwgeW91IGNhbiB0cnkg
YXNraW5nIGluIGFueSBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczoKCiAgICN1YnVudHUgb24gaXJj
LmZyZWVub2RlLm5ldAogICBodHRwOi8vbGlzdHMudWJ1bnR1LmNvbS9tYWlsbWFuL2xpc3RpbmZv
L3VidW50dS11c2VycwogICBodHRwOi8vd3d3LnVidW50dWZvcnVtcy5vcmcKICAgaHR0cDovL2Fz
a3VidW50dS5jb20KCgpIZWxwIFNoYXBlIFVidW50dQotLS0tLS0tLS0tLS0tLS0tLQoKSWYgeW91
IHdvdWxkIGxpa2UgdG8gaGVscCBzaGFwZSBVYnVudHUsIHRha2UgYSBsb29rIGF0IHRoZSBsaXN0
Cm9mIHdheXMgeW91IGNhbiBwYXJ0aWNpcGF0ZSBhdDoKCiAgIGh0dHA6Ly9jb21tdW5pdHkudWJ1
bnR1LmNvbS9jb250cmlidXRlCgoKQWJvdXQgVWJ1bnR1Ci0tLS0tLS0tLS0tLQoKVWJ1bnR1IGlz
IGEgZnVsbC1mZWF0dXJlZCBMaW51eCBkaXN0cmlidXRpb24gZm9yIGRlc2t0b3BzLCBsYXB0b3Bz
LApuZXRib29rcyBhbmQgc2VydmVycywgd2l0aCBhIGZhc3QgYW5kIGVhc3kgaW5zdGFsbGF0aW9u
IGFuZCByZWd1bGFyCnJlbGVhc2VzLiBBIHRpZ2h0bHktaW50ZWdyYXRlZCBzZWxlY3Rpb24gb2Yg
ZXhjZWxsZW50IGFwcGxpY2F0aW9ucwppcyBpbmNsdWRlZCwgYW5kIGFuIGluY3JlZGlibGUgdmFy
aWV0eSBvZiBhZGQtb24gc29mdHdhcmUgaXMganVzdCBhCmZldyBjbGlja3MgYXdheS4KClByb2Zl
c3Npb25hbCBzZXJ2aWNlcyBpbmNsdWRpbmcgc3VwcG9ydCBhcmUgYXZhaWxhYmxlIGZyb20gQ2Fu
b25pY2FsCmFuZCBodW5kcmVkcyBvZiBvdGhlciBjb21wYW5pZXMgYXJvdW5kIHRoZSB3b3JsZC4g
IEZvciBtb3JlIGluZm9ybWF0aW9uCmFib3V0IHN1cHBvcnQsIHZpc2l0OgoKICAgaHR0cDovL3d3
dy51YnVudHUuY29tL3N1cHBvcnQKCgpNb3JlIEluZm9ybWF0aW9uCi0tLS0tLS0tLS0tLS0tLS0K
CllvdSBjYW4gbGVhcm4gbW9yZSBhYm91dCBVYnVudHUgYW5kIGFib3V0IHRoaXMgcmVsZWFzZSBv
biBvdXIKd2Vic2l0ZSBsaXN0ZWQgYmVsb3c6CgogICBodHRwOi8vd3d3LnVidW50dS5jb20KClRv
IHNpZ24gdXAgZm9yIGZ1dHVyZSBVYnVudHUgYW5ub3VuY2VtZW50cywgcGxlYXNlIHN1YnNjcmli
ZSB0bwpVYnVudHUncyB2ZXJ5IGxvdyB2b2x1bWUgYW5ub3VuY2VtZW50IGxpc3QgYXQ6CgogICBo
dHRwOi8vbGlzdHMudWJ1bnR1LmNvbS9tYWlsbWFuL2xpc3RpbmZvL3VidW50dS1hbm5vdW5jZQoK
Ck9uIGJlaGFsZiBvZiB0aGUgVWJ1bnR1IFJlbGVhc2UgVGVhbSwKCkFkYW0gQ29ucmFkCgotLSAK
dWJ1bnR1LWFubm91bmNlIG1haWxpbmcgbGlzdAp1YnVudHUtYW5ub3VuY2VAbGlzdHMudWJ1bnR1
LmNvbQpNb2RpZnkgc2V0dGluZ3Mgb3IgdW5zdWJzY3JpYmUgYXQ6IGh0dHBzOi8vbGlzdHMudWJ1
bnR1LmNvbS9tYWlsbWFuL2xpc3RpbmZvL3VidW50dS1hbm5vdW5jZQo=

SUSE-SU-2017:2776-1: important: Security update for Linux Kernel Live Patch 16 for SLE 12

SUSE Security Update: Security update for Linux Kernel Live Patch 16 for SLE 12
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2776-1
Rating: important
References: #1045327 #1057950
Cross-References: CVE-2017-1000251 CVE-2017-15274
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 3.12.60-52_57 fixes one issue.

The following security bugs were fixed:

– CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
consider the case of a NULL payload in conjunction with a nonzero length
value, which allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a crafted add_key or keyctl system
call (bsc#1045327).
– CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ)
was vulnerable to a stack overflow vulnerability in the processing of
L2CAP configuration responses resulting in Remote code execution in
kernel space (bsc#1057950).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1717=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 12-LTSS (x86_64):

kgraft-patch-3_12_60-52_57-default-10-4.1
kgraft-patch-3_12_60-52_57-xen-10-4.1

References:

https://www.suse.com/security/cve/CVE-2017-1000251.html
https://www.suse.com/security/cve/CVE-2017-15274.html
https://bugzilla.suse.com/1045327
https://bugzilla.suse.com/1057950


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2769-1: important: Security update for Linux Kernel Live Patch 20 for SLE 12

SUSE Security Update: Security update for Linux Kernel Live Patch 20 for SLE 12
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2769-1
Rating: important
References: #1045327 #1057950
Cross-References: CVE-2017-1000251 CVE-2017-15274
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 3.12.61-52_69 fixes one issue.

The following security bugs were fixed:

– CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
consider the case of a NULL payload in conjunction with a nonzero length
value, which allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a crafted add_key or keyctl system
call (bsc#1045327).
– CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ)
was vulnerable to a stack overflow vulnerability in the processing of
L2CAP configuration responses resulting in Remote code execution in
kernel space (bsc#1057950).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1714=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 12-LTSS (x86_64):

kgraft-patch-3_12_61-52_69-default-6-4.1
kgraft-patch-3_12_61-52_69-xen-6-4.1

References:

https://www.suse.com/security/cve/CVE-2017-1000251.html
https://www.suse.com/security/cve/CVE-2017-15274.html
https://bugzilla.suse.com/1045327
https://bugzilla.suse.com/1057950


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2770-1: important: Security update for Linux Kernel Live Patch 23 for SLE 12

SUSE Security Update: Security update for Linux Kernel Live Patch 23 for SLE 12
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2770-1
Rating: important
References: #1045327 #1057950
Cross-References: CVE-2017-1000251 CVE-2017-15274
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 3.12.61-52_80 fixes one issue.

The following security bugs were fixed:

– CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
consider the case of a NULL payload in conjunction with a nonzero length
value, which allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a crafted add_key or keyctl system
call (bsc#1045327).
– CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ)
was vulnerable to a stack overflow vulnerability in the processing of
L2CAP configuration responses resulting in Remote code execution in
kernel space (bsc#1057950).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1712=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 12-LTSS (x86_64):

kgraft-patch-3_12_61-52_80-default-4-4.1
kgraft-patch-3_12_61-52_80-xen-4-4.1

References:

https://www.suse.com/security/cve/CVE-2017-1000251.html
https://www.suse.com/security/cve/CVE-2017-15274.html
https://bugzilla.suse.com/1045327
https://bugzilla.suse.com/1057950


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2774-1: important: Security update for Linux Kernel Live Patch 25 for SLE 12

SUSE Security Update: Security update for Linux Kernel Live Patch 25 for SLE 12
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2774-1
Rating: important
References: #1045327 #1057950
Cross-References: CVE-2017-1000251 CVE-2017-15274
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 3.12.61-52_86 fixes one issue.

The following security bugs were fixed:

– CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
consider the case of a NULL payload in conjunction with a nonzero length
value, which allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a crafted add_key or keyctl system
call (bsc#1045327).
– CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ)
was vulnerable to a stack overflow vulnerability in the processing of
L2CAP configuration responses resulting in Remote code execution in
kernel space (bsc#1057950).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1711=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 12-LTSS (x86_64):

kgraft-patch-3_12_61-52_86-default-3-4.1
kgraft-patch-3_12_61-52_86-xen-3-4.1

References:

https://www.suse.com/security/cve/CVE-2017-1000251.html
https://www.suse.com/security/cve/CVE-2017-15274.html
https://bugzilla.suse.com/1045327
https://bugzilla.suse.com/1057950


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2772-1: important: Security update for Linux Kernel Live Patch 22 for SLE 12

SUSE Security Update: Security update for Linux Kernel Live Patch 22 for SLE 12
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2772-1
Rating: important
References: #1045327 #1057950
Cross-References: CVE-2017-1000251 CVE-2017-15274
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 3.12.61-52_77 fixes one issue.

The following security bugs were fixed:

– CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
consider the case of a NULL payload in conjunction with a nonzero length
value, which allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a crafted add_key or keyctl system
call (bsc#1045327).
– CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ)
was vulnerable to a stack overflow vulnerability in the processing of
L2CAP configuration responses resulting in Remote code execution in
kernel space (bsc#1057950).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1713=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 12-LTSS (x86_64):

kgraft-patch-3_12_61-52_77-default-5-4.1
kgraft-patch-3_12_61-52_77-xen-5-4.1

References:

https://www.suse.com/security/cve/CVE-2017-1000251.html
https://www.suse.com/security/cve/CVE-2017-15274.html
https://bugzilla.suse.com/1045327
https://bugzilla.suse.com/1057950


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2771-1: important: Security update for Linux Kernel Live Patch 19 for SLE 12

SUSE Security Update: Security update for Linux Kernel Live Patch 19 for SLE 12
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2771-1
Rating: important
References: #1045327 #1057950
Cross-References: CVE-2017-1000251 CVE-2017-15274
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 3.12.61-52_66 fixes one issue.

The following security bugs were fixed:

– CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
consider the case of a NULL payload in conjunction with a nonzero length
value, which allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a crafted add_key or keyctl system
call (bsc#1045327).
– CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ)
was vulnerable to a stack overflow vulnerability in the processing of
L2CAP configuration responses resulting in Remote code execution in
kernel space (bsc#1057950).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1715=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 12-LTSS (x86_64):

kgraft-patch-3_12_61-52_66-default-8-4.1
kgraft-patch-3_12_61-52_66-xen-8-4.1

References:

https://www.suse.com/security/cve/CVE-2017-1000251.html
https://www.suse.com/security/cve/CVE-2017-15274.html
https://bugzilla.suse.com/1045327
https://bugzilla.suse.com/1057950


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2773-1: important: Security update for Linux Kernel Live Patch 26 for SLE 12

SUSE Security Update: Security update for Linux Kernel Live Patch 26 for SLE 12
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2773-1
Rating: important
References: #1045327 #1057950
Cross-References: CVE-2017-1000251 CVE-2017-15274
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 3.12.61-52_89 fixes one issue.

The following security bugs were fixed:

– CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
consider the case of a NULL payload in conjunction with a nonzero length
value, which allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a crafted add_key or keyctl system
call (bsc#1045327).
– CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ)
was vulnerable to a stack overflow vulnerability in the processing of
L2CAP configuration responses resulting in Remote code execution in
kernel space (bsc#1057950).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1710=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 12-LTSS (x86_64):

kgraft-patch-3_12_61-52_89-default-3-4.1
kgraft-patch-3_12_61-52_89-xen-3-4.1

References:

https://www.suse.com/security/cve/CVE-2017-1000251.html
https://www.suse.com/security/cve/CVE-2017-15274.html
https://bugzilla.suse.com/1045327
https://bugzilla.suse.com/1057950


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

FreeBSD Security Advisory FreeBSD-SA-17:07.wpa [REVISED]

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

=============================================================================
FreeBSD-SA-17:07.wpa Security Advisory
The FreeBSD Project

Topic: WPA2 protocol vulnerability

Category: contrib
Module: wpa
Announced: 2017-10-16
Credits: Mathy Vanhoef
Affects: All supported versions of FreeBSD.
Corrected: 2017-10-17 17:30:18 UTC (stable/11, 11.1-STABLE)
2017-10-17 17:57:18 UTC (releng/11.1, 11.1-RELEASE-p2)
2017-10-17 17:56:03 UTC (releng/11.0, 11.0-RELEASE-p13)
2017-10-19 03:18:22 UTC (stable/10, 10.4-STABLE)
2017-10-19 03:20:17 UTC (releng/10.4, 10.4-RELEASE-p1)
2017-10-19 03:19:42 UTC (releng/10.3, 10.3-RELEASE-p22)
CVE Name: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,
CVE-2017-13086, CVE-2017-13087, CVE-2017-13088

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .

0. Revision history

v1.0 2017-10-17 Initial release.
v1.1 2017-10-19 Add patches for 10.x releases.

I. Background

Wi-Fi Protected Access II (WPA2) is a security protocol developed by the
Wi-Fi Alliance to secure wireless computer networks.

hostapd and wpa_supplicant are implementations of user space daemon for
access points and wireless client that implements the WPA2 protocol.

II. Problem Description

A vulnerability was found in how a number of implementations can be
triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
replaying a specific frame that is used to manage the keys.

III. Impact

Such reinstallation of the encryption key can result in two different
types of vulnerabilities: disabling replay protection and significantly
reducing the security of encryption to the point of allowing frames to
be decrypted or some parts of the keys to be determined by an attacker
depending on which cipher is used.

IV. Workaround

An updated version of wpa_supplicant is available in the FreeBSD Ports
Collection. Install version 2.6_2 or later of the
security/wpa_supplicant port/pkg. Once installed, update /etc/rc.conf
to use the new binary:

wpa_supplicant_program=”/usr/local/sbin/wpa_supplicant”

and restart networking.

An updated version of hostapd is available in the FreeBSD Ports
Collection. Install version 2.6_1 or later of the net/hostapd port/pkg.
Once installed, update /etc/rc.conf to use the new binary:

hostapd_program=”/usr/local/sbin/hostapd”

and restart hostapd.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.

Restart the Wi-Fi network interfaces/hostapd or reboot the system.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

Restart the Wi-Fi network interfaces/hostapd or reboot the system.

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

[FreeBSD 11.0-RELEASE, 11.1-RELEASE, and 11-STABLE]
# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch
# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch.asc
# gpg –verify wpa-11.patch.asc

[FreeBSD 10.3-RELEASE, 10.4-RELEASE, and 10-STABLE]
# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch
# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch.asc
# gpg –verify wpa-10.patch.asc

b) Apply the patch. Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in .

Restart the applicable daemons, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each
affected branch.

Branch/path Revision
– ————————————————————————-
stable/11/ r324697
releng/11.0/ r324698
releng/11.1/ r324699
stable/10/ r324739
releng/10.3/ r324740
releng/10.4/ r324741
– ————————————————————————-

To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:

# svn diff -cNNNNNN –summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. References

The latest revision of this advisory is available at

—–BEGIN PGP SIGNATURE—–

iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlnoGpNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD
RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P
auc7WBAAm27w+fujv5sJsRxauUMopTVtRh5utwbDuoHTP+L+RCWmQfVBmueNQ0gf
uJzMNxBIkbtY9LvyukpRsH3iD7mh26c0pd9rxxkkr4F96C9B5+W0amxJF1gdm54/
F/50FpY+lo7cNs5tiBjypPrg8UOBBI/1G4XR7130XC0HjaTwt1ngZ0oQUWUMSsIp
gN5ZfPul81WPWd1NqF+vyObcJhwq/Y1uoexoO27o7GQCFZoL3enZy8c4f1xqMlVM
4HHkTgNGac6E0aW+ArH4J0DFFAOJXPqF8rdt+9XINfoBbtliIyOixJ4oh1n6eAR0
VpBWZKFNyXSlUKIvDGa+LDhxgL1jJXV0ABSyKlUOijdmr3bbbiQE9MW/MNv2AFTd
OAFQ0QQtm9KCWp5JLh+FPIb/kR2l7MOUP+yz4zFcJpdGtl9tDLyPN8vRTq60bY8O
y7tBcf/SMqkd/AIFdchL4zrOguKnRARydIlwTarp8wtAQI3MKSsa1B0wgsDtlL6K
xfdjnwWMKvKKlNOW16e1WXXO0n/ucHV4njBE+bGPro3jLgXP2/WFZpIGAR3I4xrr
SdD4AxSNiR9f3bL7LRfMIbugJAylWNSlTLWUOVUv0/ONh85LqbcCj13NI230B64K
ETx2QOZgKnCs2oDNiw4aQHb7kvi2w94Iw/R1sAPkkxYJWO3reyE=
=h/5q
—–END PGP SIGNATURE—–
_______________________________________________
freebsd-security-notifications@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications
To unsubscribe, send any mail to “freebsd-security-notifications-unsubscribe@freebsd.org”

openSUSE-SU-2017:2757-1: important: Security update for git

openSUSE Security Update: Security update for git
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2757-1
Rating: important
References: #1061041
Cross-References: CVE-2017-14867
Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for git fixes the following issues:

This security issue was fixed:

– CVE-2017-14867: Git used unsafe Perl scripts to support subcommands such
as cvsserver, which allowed attackers to execute arbitrary OS commands
via shell metacharacters in a module name (bsc#1061041).

This update was imported from the SUSE:SLE-12:Update update project.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-1167=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.2 (noarch):

git-doc-2.12.3-5.14.1

– openSUSE Leap 42.2 (x86_64):

git-2.12.3-5.14.1
git-arch-2.12.3-5.14.1
git-core-2.12.3-5.14.1
git-core-debuginfo-2.12.3-5.14.1
git-credential-gnome-keyring-2.12.3-5.14.1
git-credential-gnome-keyring-debuginfo-2.12.3-5.14.1
git-cvs-2.12.3-5.14.1
git-daemon-2.12.3-5.14.1
git-daemon-debuginfo-2.12.3-5.14.1
git-debugsource-2.12.3-5.14.1
git-email-2.12.3-5.14.1
git-gui-2.12.3-5.14.1
git-svn-2.12.3-5.14.1
git-svn-debuginfo-2.12.3-5.14.1
git-web-2.12.3-5.14.1
gitk-2.12.3-5.14.1

References:

https://www.suse.com/security/cve/CVE-2017-14867.html
https://bugzilla.suse.com/1061041


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

CESA-2017:2911 Important CentOS 6 wpa_supplicant Security Update

CentOS Errata and Security Advisory 2017:2911 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2017:2911

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
1c4e471af89b650f2dd8b47db7a09af8a04368b0ed6532125ca37a7e55220193 wpa_supplicant-0.7.3-9.el6_9.2.i686.rpm

x86_64:
0644c3f6c879b7224014c2576384981597aec268b3c8abef3b616c2f05874117 wpa_supplicant-0.7.3-9.el6_9.2.x86_64.rpm

Source:
c74efa3ad9af3b9eb39e505e9a62dc2423791b27f988a3db9ab1057f1d499ef4 wpa_supplicant-0.7.3-9.el6_9.2.src.rpm


Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

openSUSE-SU-2017:2755-1: important: Security update for wpa_supplicant

openSUSE Security Update: Security update for wpa_supplicant
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2755-1
Rating: important
References: #1056061
Cross-References: CVE-2017-13078 CVE-2017-13079 CVE-2017-13080
CVE-2017-13081 CVE-2017-13087 CVE-2017-13088

Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________

An update that fixes 6 vulnerabilities is now available.

Description:

This update for wpa_supplicant fixes the security issues:

– Several vulnerabilities in standard conforming implementations of the
WPA2 protocol have been discovered and published under the code name
KRACK. This update remedies those issues in a backwards compatible
manner, i.e. the updated wpa_supplicant can interface properly with both
vulnerable and patched implementations of WPA2, but an attacker won’t be
able to exploit the KRACK weaknesses in those connections anymore even
if the other party is still vulnerable. [bsc#1056061, CVE-2017-13078,
CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,
CVE-2017-13088]

This update was imported from the SUSE:SLE-12:Update update project.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-1163=1

– openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-1163=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.3 (i586 x86_64):

wpa_supplicant-2.2-13.1
wpa_supplicant-debuginfo-2.2-13.1
wpa_supplicant-debugsource-2.2-13.1
wpa_supplicant-gui-2.2-13.1
wpa_supplicant-gui-debuginfo-2.2-13.1

– openSUSE Leap 42.2 (i586 x86_64):

wpa_supplicant-2.2-9.3.1
wpa_supplicant-debuginfo-2.2-9.3.1
wpa_supplicant-debugsource-2.2-9.3.1
wpa_supplicant-gui-2.2-9.3.1
wpa_supplicant-gui-debuginfo-2.2-9.3.1

References:

https://www.suse.com/security/cve/CVE-2017-13078.html
https://www.suse.com/security/cve/CVE-2017-13079.html
https://www.suse.com/security/cve/CVE-2017-13080.html
https://www.suse.com/security/cve/CVE-2017-13081.html
https://www.suse.com/security/cve/CVE-2017-13087.html
https://www.suse.com/security/cve/CVE-2017-13088.html
https://bugzilla.suse.com/1056061


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org