SUSE-SU-2017:2777-1: important: Security update for Linux Kernel Live Patch 17 for SLE 12

SUSE Security Update: Security update for Linux Kernel Live Patch 17 for SLE 12
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2777-1
Rating: important
References: #1045327 #1057950
Cross-References: CVE-2017-1000251 CVE-2017-15274
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 3.12.60-52_60 fixes one issue.

The following security bugs were fixed:

– CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
consider the case of a NULL payload in conjunction with a nonzero length
value, which allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a crafted add_key or keyctl system
call (bsc#1045327).
– CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ)
was vulnerable to a stack overflow vulnerability in the processing of
L2CAP configuration responses resulting in Remote code execution in
kernel space (bsc#1057950).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1718=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 12-LTSS (x86_64):

kgraft-patch-3_12_60-52_60-default-9-4.1
kgraft-patch-3_12_60-52_60-xen-9-4.1

References:

https://www.suse.com/security/cve/CVE-2017-1000251.html
https://www.suse.com/security/cve/CVE-2017-15274.html
https://bugzilla.suse.com/1045327
https://bugzilla.suse.com/1057950


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Ubuntu 17.10 (Artful Aardvark) released

Q29kZW5hbWVkICJBcnRmdWwgQWFyZHZhcmsiLCBVYnVudHUgMTcuMTAgY29udGludWVzIFVidW50
dSdzIHByb3VkCnRyYWRpdGlvbiBvZiBpbnRlZ3JhdGluZyB0aGUgbGF0ZXN0IGFuZCBncmVhdGVz
dCBvcGVuIHNvdXJjZSB0ZWNobm9sb2d5CmludG8gYSBoaWdoLXF1YWxpdHksIGVhc3ktdG8tdXNl
IExpbnV4IGRpc3RyaWJ1dGlvbi4gIEFzIGFsd2F5cywgdGhlCnRlYW0gaGFzIGJlZW4gaGFyZCBh
dCB3b3JrIHRocm91Z2ggdGhpcyBjeWNsZSwgaW50cm9kdWNpbmcgbmV3IGZlYXR1cmVzCmFuZCBm
aXhpbmcgYnVncy4KClVuZGVyIHRoZSBob29kLCB0aGVyZSBoYXZlIGJlZW4gdXBkYXRlcyB0byBt
YW55IGNvcmUgcGFja2FnZXMsIGluY2x1ZGluZwphIG5ldyA0LjEzLWJhc2VkIGtlcm5lbCwgZ2xp
YmMgMi4yNiwgZ2NjIDcuMiwgYW5kIG11Y2ggbW9yZS4KClVidW50dSBEZXNrdG9wIGhhcyBoYWQg
YSBtYWpvciBvdmVyaGF1bCwgd2l0aCB0aGUgc3dpdGNoIGZyb20gVW5pdHkgYXMKb3VyIGRlZmF1
bHQgZGVza3RvcCB0byBHTk9NRTMgYW5kIGdub21lLXNoZWxsLiAgQWxvbmcgd2l0aCB0aGF0LCB0
aGVyZQphcmUgdGhlIHVzdWFsIGluY3JlbWVudGFsIGltcHJvdmVtZW50cywgd2l0aCBuZXdlciB2
ZXJzaW9ucyBvZiBHVEsgYW5kClF0LCBhbmQgdXBkYXRlcyB0byBtYWpvciBwYWNrYWdlcyBsaWtl
IEZpcmVmb3ggYW5kIExpYnJlT2ZmaWNlLgoKVWJ1bnR1IFNlcnZlciAxNy4xMCBpbmNsdWRlcyB0
aGUgUGlrZSByZWxlYXNlIG9mIE9wZW5TdGFjaywgYWxvbmdzaWRlCmRlcGxveW1lbnQgYW5kIG1h
bmFnZW1lbnQgdG9vbHMgdGhhdCBzYXZlIGRldm9wcyB0ZWFtcyB0aW1lIHdoZW4KZGVwbG95aW5n
IGRpc3RyaWJ1dGVkIGFwcGxpY2F0aW9ucyAtIHdoZXRoZXIgb24gcHJpdmF0ZSBjbG91ZHMsIHB1
YmxpYwpjbG91ZHMsIHg4NiwgQVJNLCBvciBQT1dFUiBzZXJ2ZXJzLCB6IFN5c3RlbSBtYWluZnJh
bWVzLCBvciBvbiBkZXZlbG9wZXIKbGFwdG9wcy4gIFNldmVyYWwga2V5IHNlcnZlciB0ZWNobm9s
b2dpZXMsIGZyb20gTUFBUyB0byBqdWp1LCBoYXZlIGJlZW4KdXBkYXRlZCB0byBuZXcgdXBzdHJl
YW0gdmVyc2lvbnMgd2l0aCBhIHZhcmlldHkgb2YgbmV3IGZlYXR1cmVzLgoKVGhlIG5ld2VzdCBL
dWJ1bnR1LCBMdWJ1bnR1LCBVYnVudHUgQnVkZ2llLCBVYnVudHUgS3lsaW4sIFVidW50dSBNQVRF
LApVYnVudHUgU3R1ZGlvLCBhbmQgWHVidW50dSBhcmUgYWxzbyBiZWluZyByZWxlYXNlZCB0b2Rh
eS4gIE1vcmUgZGV0YWlscwpjYW4gYmUgZm91bmQgZm9yIHRoZXNlIGF0IHRoZWlyIGluZGl2aWR1
YWwgcmVsZWFzZSBub3RlczoKCiAgIGh0dHBzOi8vd2lraS51YnVudHUuY29tL0FydGZ1bEFhcmR2
YXJrL1JlbGVhc2VOb3RlcyNPZmZpY2lhbF9mbGF2b3VycwoKTWFpbnRlbmFuY2UgdXBkYXRlcyB3
aWxsIGJlIHByb3ZpZGVkIGZvciA5IG1vbnRocyBmb3IgYWxsIGZsYXZvdXJzCnJlbGVhc2luZyB3
aXRoIDE3LjEwLgoKVG8gZ2V0IFVidW50dSAxNy4xMAotLS0tLS0tLS0tLS0tLS0tLS0tCgpJbiBv
cmRlciB0byBkb3dubG9hZCBVYnVudHUgMTcuMTAsIHZpc2l0OgoKICAgaHR0cDovL3d3dy51YnVu
dHUuY29tL2Rvd25sb2FkCgpVc2VycyBvZiBVYnVudHUgMTcuMDQgd2lsbCBiZSBvZmZlcmVkIGFu
IGF1dG9tYXRpYyB1cGdyYWRlIHRvIDE3LjEwLiBGb3IKZnVydGhlciBpbmZvcm1hdGlvbiBhYm91
dCB1cGdyYWRpbmcsIHNlZToKCiAgIGh0dHA6Ly93d3cudWJ1bnR1LmNvbS9kb3dubG9hZC9kZXNr
dG9wL3VwZ3JhZGUKCkFzIGFsd2F5cywgdXBncmFkZXMgdG8gdGhlIGxhdGVzdCB2ZXJzaW9uIG9m
IFVidW50dSBhcmUgZW50aXJlbHkgZnJlZSAKb2YgY2hhcmdlLgoKV2UgcmVjb21tZW5kIHRoYXQg
YWxsIHVzZXJzIHJlYWQgdGhlIHJlbGVhc2Ugbm90ZXMsIHdoaWNoIGRvY3VtZW50CmNhdmVhdHMs
IHdvcmthcm91bmRzIGZvciBrbm93biBpc3N1ZXMsIGFzIHdlbGwgYXMgbW9yZSBpbi1kZXB0aCBu
b3RlcyAKb24gdGhlIHJlbGVhc2UgaXRzZWxmLiBUaGV5IGFyZSBhdmFpbGFibGUgYXQ6CgogICBo
dHRwOi8vd2lraS51YnVudHUuY29tL0FydGZ1bEFhcmR2YXJrL1JlbGVhc2VOb3RlcwoKRmluZCBv
dXQgd2hhdCdzIG5ldyBpbiB0aGlzIHJlbGVhc2Ugd2l0aCBhIGdyYXBoaWNhbCBvdmVydmlldzoK
CiAgIGh0dHA6Ly93d3cudWJ1bnR1LmNvbS9kZXNrdG9wCiAgIGh0dHA6Ly93d3cudWJ1bnR1LmNv
bS9kZXNrdG9wL2ZlYXR1cmVzCgpJZiB5b3UgaGF2ZSBhIHF1ZXN0aW9uLCBvciBpZiB5b3UgdGhp
bmsgeW91IG1heSBoYXZlIGZvdW5kIGEgYnVnCmJ1dCBhcmVuJ3Qgc3VyZSwgeW91IGNhbiB0cnkg
YXNraW5nIGluIGFueSBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczoKCiAgICN1YnVudHUgb24gaXJj
LmZyZWVub2RlLm5ldAogICBodHRwOi8vbGlzdHMudWJ1bnR1LmNvbS9tYWlsbWFuL2xpc3RpbmZv
L3VidW50dS11c2VycwogICBodHRwOi8vd3d3LnVidW50dWZvcnVtcy5vcmcKICAgaHR0cDovL2Fz
a3VidW50dS5jb20KCgpIZWxwIFNoYXBlIFVidW50dQotLS0tLS0tLS0tLS0tLS0tLQoKSWYgeW91
IHdvdWxkIGxpa2UgdG8gaGVscCBzaGFwZSBVYnVudHUsIHRha2UgYSBsb29rIGF0IHRoZSBsaXN0
Cm9mIHdheXMgeW91IGNhbiBwYXJ0aWNpcGF0ZSBhdDoKCiAgIGh0dHA6Ly9jb21tdW5pdHkudWJ1
bnR1LmNvbS9jb250cmlidXRlCgoKQWJvdXQgVWJ1bnR1Ci0tLS0tLS0tLS0tLQoKVWJ1bnR1IGlz
IGEgZnVsbC1mZWF0dXJlZCBMaW51eCBkaXN0cmlidXRpb24gZm9yIGRlc2t0b3BzLCBsYXB0b3Bz
LApuZXRib29rcyBhbmQgc2VydmVycywgd2l0aCBhIGZhc3QgYW5kIGVhc3kgaW5zdGFsbGF0aW9u
IGFuZCByZWd1bGFyCnJlbGVhc2VzLiBBIHRpZ2h0bHktaW50ZWdyYXRlZCBzZWxlY3Rpb24gb2Yg
ZXhjZWxsZW50IGFwcGxpY2F0aW9ucwppcyBpbmNsdWRlZCwgYW5kIGFuIGluY3JlZGlibGUgdmFy
aWV0eSBvZiBhZGQtb24gc29mdHdhcmUgaXMganVzdCBhCmZldyBjbGlja3MgYXdheS4KClByb2Zl
c3Npb25hbCBzZXJ2aWNlcyBpbmNsdWRpbmcgc3VwcG9ydCBhcmUgYXZhaWxhYmxlIGZyb20gQ2Fu
b25pY2FsCmFuZCBodW5kcmVkcyBvZiBvdGhlciBjb21wYW5pZXMgYXJvdW5kIHRoZSB3b3JsZC4g
IEZvciBtb3JlIGluZm9ybWF0aW9uCmFib3V0IHN1cHBvcnQsIHZpc2l0OgoKICAgaHR0cDovL3d3
dy51YnVudHUuY29tL3N1cHBvcnQKCgpNb3JlIEluZm9ybWF0aW9uCi0tLS0tLS0tLS0tLS0tLS0K
CllvdSBjYW4gbGVhcm4gbW9yZSBhYm91dCBVYnVudHUgYW5kIGFib3V0IHRoaXMgcmVsZWFzZSBv
biBvdXIKd2Vic2l0ZSBsaXN0ZWQgYmVsb3c6CgogICBodHRwOi8vd3d3LnVidW50dS5jb20KClRv
IHNpZ24gdXAgZm9yIGZ1dHVyZSBVYnVudHUgYW5ub3VuY2VtZW50cywgcGxlYXNlIHN1YnNjcmli
ZSB0bwpVYnVudHUncyB2ZXJ5IGxvdyB2b2x1bWUgYW5ub3VuY2VtZW50IGxpc3QgYXQ6CgogICBo
dHRwOi8vbGlzdHMudWJ1bnR1LmNvbS9tYWlsbWFuL2xpc3RpbmZvL3VidW50dS1hbm5vdW5jZQoK
Ck9uIGJlaGFsZiBvZiB0aGUgVWJ1bnR1IFJlbGVhc2UgVGVhbSwKCkFkYW0gQ29ucmFkCgotLSAK
dWJ1bnR1LWFubm91bmNlIG1haWxpbmcgbGlzdAp1YnVudHUtYW5ub3VuY2VAbGlzdHMudWJ1bnR1
LmNvbQpNb2RpZnkgc2V0dGluZ3Mgb3IgdW5zdWJzY3JpYmUgYXQ6IGh0dHBzOi8vbGlzdHMudWJ1
bnR1LmNvbS9tYWlsbWFuL2xpc3RpbmZvL3VidW50dS1hbm5vdW5jZQo=

SUSE-SU-2017:2776-1: important: Security update for Linux Kernel Live Patch 16 for SLE 12

SUSE Security Update: Security update for Linux Kernel Live Patch 16 for SLE 12
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2776-1
Rating: important
References: #1045327 #1057950
Cross-References: CVE-2017-1000251 CVE-2017-15274
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 3.12.60-52_57 fixes one issue.

The following security bugs were fixed:

– CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
consider the case of a NULL payload in conjunction with a nonzero length
value, which allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a crafted add_key or keyctl system
call (bsc#1045327).
– CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ)
was vulnerable to a stack overflow vulnerability in the processing of
L2CAP configuration responses resulting in Remote code execution in
kernel space (bsc#1057950).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1717=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 12-LTSS (x86_64):

kgraft-patch-3_12_60-52_57-default-10-4.1
kgraft-patch-3_12_60-52_57-xen-10-4.1

References:

https://www.suse.com/security/cve/CVE-2017-1000251.html
https://www.suse.com/security/cve/CVE-2017-15274.html
https://bugzilla.suse.com/1045327
https://bugzilla.suse.com/1057950


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2769-1: important: Security update for Linux Kernel Live Patch 20 for SLE 12

SUSE Security Update: Security update for Linux Kernel Live Patch 20 for SLE 12
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2769-1
Rating: important
References: #1045327 #1057950
Cross-References: CVE-2017-1000251 CVE-2017-15274
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 3.12.61-52_69 fixes one issue.

The following security bugs were fixed:

– CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
consider the case of a NULL payload in conjunction with a nonzero length
value, which allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a crafted add_key or keyctl system
call (bsc#1045327).
– CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ)
was vulnerable to a stack overflow vulnerability in the processing of
L2CAP configuration responses resulting in Remote code execution in
kernel space (bsc#1057950).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1714=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 12-LTSS (x86_64):

kgraft-patch-3_12_61-52_69-default-6-4.1
kgraft-patch-3_12_61-52_69-xen-6-4.1

References:

https://www.suse.com/security/cve/CVE-2017-1000251.html
https://www.suse.com/security/cve/CVE-2017-15274.html
https://bugzilla.suse.com/1045327
https://bugzilla.suse.com/1057950


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2770-1: important: Security update for Linux Kernel Live Patch 23 for SLE 12

SUSE Security Update: Security update for Linux Kernel Live Patch 23 for SLE 12
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2770-1
Rating: important
References: #1045327 #1057950
Cross-References: CVE-2017-1000251 CVE-2017-15274
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 3.12.61-52_80 fixes one issue.

The following security bugs were fixed:

– CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
consider the case of a NULL payload in conjunction with a nonzero length
value, which allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a crafted add_key or keyctl system
call (bsc#1045327).
– CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ)
was vulnerable to a stack overflow vulnerability in the processing of
L2CAP configuration responses resulting in Remote code execution in
kernel space (bsc#1057950).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1712=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 12-LTSS (x86_64):

kgraft-patch-3_12_61-52_80-default-4-4.1
kgraft-patch-3_12_61-52_80-xen-4-4.1

References:

https://www.suse.com/security/cve/CVE-2017-1000251.html
https://www.suse.com/security/cve/CVE-2017-15274.html
https://bugzilla.suse.com/1045327
https://bugzilla.suse.com/1057950


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2774-1: important: Security update for Linux Kernel Live Patch 25 for SLE 12

SUSE Security Update: Security update for Linux Kernel Live Patch 25 for SLE 12
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2774-1
Rating: important
References: #1045327 #1057950
Cross-References: CVE-2017-1000251 CVE-2017-15274
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 3.12.61-52_86 fixes one issue.

The following security bugs were fixed:

– CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
consider the case of a NULL payload in conjunction with a nonzero length
value, which allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a crafted add_key or keyctl system
call (bsc#1045327).
– CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ)
was vulnerable to a stack overflow vulnerability in the processing of
L2CAP configuration responses resulting in Remote code execution in
kernel space (bsc#1057950).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1711=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 12-LTSS (x86_64):

kgraft-patch-3_12_61-52_86-default-3-4.1
kgraft-patch-3_12_61-52_86-xen-3-4.1

References:

https://www.suse.com/security/cve/CVE-2017-1000251.html
https://www.suse.com/security/cve/CVE-2017-15274.html
https://bugzilla.suse.com/1045327
https://bugzilla.suse.com/1057950


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2772-1: important: Security update for Linux Kernel Live Patch 22 for SLE 12

SUSE Security Update: Security update for Linux Kernel Live Patch 22 for SLE 12
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2772-1
Rating: important
References: #1045327 #1057950
Cross-References: CVE-2017-1000251 CVE-2017-15274
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 3.12.61-52_77 fixes one issue.

The following security bugs were fixed:

– CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
consider the case of a NULL payload in conjunction with a nonzero length
value, which allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a crafted add_key or keyctl system
call (bsc#1045327).
– CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ)
was vulnerable to a stack overflow vulnerability in the processing of
L2CAP configuration responses resulting in Remote code execution in
kernel space (bsc#1057950).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1713=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 12-LTSS (x86_64):

kgraft-patch-3_12_61-52_77-default-5-4.1
kgraft-patch-3_12_61-52_77-xen-5-4.1

References:

https://www.suse.com/security/cve/CVE-2017-1000251.html
https://www.suse.com/security/cve/CVE-2017-15274.html
https://bugzilla.suse.com/1045327
https://bugzilla.suse.com/1057950


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2771-1: important: Security update for Linux Kernel Live Patch 19 for SLE 12

SUSE Security Update: Security update for Linux Kernel Live Patch 19 for SLE 12
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2771-1
Rating: important
References: #1045327 #1057950
Cross-References: CVE-2017-1000251 CVE-2017-15274
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 3.12.61-52_66 fixes one issue.

The following security bugs were fixed:

– CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
consider the case of a NULL payload in conjunction with a nonzero length
value, which allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a crafted add_key or keyctl system
call (bsc#1045327).
– CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ)
was vulnerable to a stack overflow vulnerability in the processing of
L2CAP configuration responses resulting in Remote code execution in
kernel space (bsc#1057950).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1715=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 12-LTSS (x86_64):

kgraft-patch-3_12_61-52_66-default-8-4.1
kgraft-patch-3_12_61-52_66-xen-8-4.1

References:

https://www.suse.com/security/cve/CVE-2017-1000251.html
https://www.suse.com/security/cve/CVE-2017-15274.html
https://bugzilla.suse.com/1045327
https://bugzilla.suse.com/1057950


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2773-1: important: Security update for Linux Kernel Live Patch 26 for SLE 12

SUSE Security Update: Security update for Linux Kernel Live Patch 26 for SLE 12
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2773-1
Rating: important
References: #1045327 #1057950
Cross-References: CVE-2017-1000251 CVE-2017-15274
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 3.12.61-52_89 fixes one issue.

The following security bugs were fixed:

– CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
consider the case of a NULL payload in conjunction with a nonzero length
value, which allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a crafted add_key or keyctl system
call (bsc#1045327).
– CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ)
was vulnerable to a stack overflow vulnerability in the processing of
L2CAP configuration responses resulting in Remote code execution in
kernel space (bsc#1057950).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1710=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 12-LTSS (x86_64):

kgraft-patch-3_12_61-52_89-default-3-4.1
kgraft-patch-3_12_61-52_89-xen-3-4.1

References:

https://www.suse.com/security/cve/CVE-2017-1000251.html
https://www.suse.com/security/cve/CVE-2017-15274.html
https://bugzilla.suse.com/1045327
https://bugzilla.suse.com/1057950


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

FreeBSD Security Advisory FreeBSD-SA-17:07.wpa [REVISED]

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

=============================================================================
FreeBSD-SA-17:07.wpa Security Advisory
The FreeBSD Project

Topic: WPA2 protocol vulnerability

Category: contrib
Module: wpa
Announced: 2017-10-16
Credits: Mathy Vanhoef
Affects: All supported versions of FreeBSD.
Corrected: 2017-10-17 17:30:18 UTC (stable/11, 11.1-STABLE)
2017-10-17 17:57:18 UTC (releng/11.1, 11.1-RELEASE-p2)
2017-10-17 17:56:03 UTC (releng/11.0, 11.0-RELEASE-p13)
2017-10-19 03:18:22 UTC (stable/10, 10.4-STABLE)
2017-10-19 03:20:17 UTC (releng/10.4, 10.4-RELEASE-p1)
2017-10-19 03:19:42 UTC (releng/10.3, 10.3-RELEASE-p22)
CVE Name: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,
CVE-2017-13086, CVE-2017-13087, CVE-2017-13088

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .

0. Revision history

v1.0 2017-10-17 Initial release.
v1.1 2017-10-19 Add patches for 10.x releases.

I. Background

Wi-Fi Protected Access II (WPA2) is a security protocol developed by the
Wi-Fi Alliance to secure wireless computer networks.

hostapd and wpa_supplicant are implementations of user space daemon for
access points and wireless client that implements the WPA2 protocol.

II. Problem Description

A vulnerability was found in how a number of implementations can be
triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
replaying a specific frame that is used to manage the keys.

III. Impact

Such reinstallation of the encryption key can result in two different
types of vulnerabilities: disabling replay protection and significantly
reducing the security of encryption to the point of allowing frames to
be decrypted or some parts of the keys to be determined by an attacker
depending on which cipher is used.

IV. Workaround

An updated version of wpa_supplicant is available in the FreeBSD Ports
Collection. Install version 2.6_2 or later of the
security/wpa_supplicant port/pkg. Once installed, update /etc/rc.conf
to use the new binary:

wpa_supplicant_program=”/usr/local/sbin/wpa_supplicant”

and restart networking.

An updated version of hostapd is available in the FreeBSD Ports
Collection. Install version 2.6_1 or later of the net/hostapd port/pkg.
Once installed, update /etc/rc.conf to use the new binary:

hostapd_program=”/usr/local/sbin/hostapd”

and restart hostapd.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.

Restart the Wi-Fi network interfaces/hostapd or reboot the system.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

Restart the Wi-Fi network interfaces/hostapd or reboot the system.

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

[FreeBSD 11.0-RELEASE, 11.1-RELEASE, and 11-STABLE]
# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch
# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch.asc
# gpg –verify wpa-11.patch.asc

[FreeBSD 10.3-RELEASE, 10.4-RELEASE, and 10-STABLE]
# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch
# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch.asc
# gpg –verify wpa-10.patch.asc

b) Apply the patch. Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in .

Restart the applicable daemons, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each
affected branch.

Branch/path Revision
– ————————————————————————-
stable/11/ r324697
releng/11.0/ r324698
releng/11.1/ r324699
stable/10/ r324739
releng/10.3/ r324740
releng/10.4/ r324741
– ————————————————————————-

To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:

# svn diff -cNNNNNN –summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. References

The latest revision of this advisory is available at

—–BEGIN PGP SIGNATURE—–

iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlnoGpNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD
RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P
auc7WBAAm27w+fujv5sJsRxauUMopTVtRh5utwbDuoHTP+L+RCWmQfVBmueNQ0gf
uJzMNxBIkbtY9LvyukpRsH3iD7mh26c0pd9rxxkkr4F96C9B5+W0amxJF1gdm54/
F/50FpY+lo7cNs5tiBjypPrg8UOBBI/1G4XR7130XC0HjaTwt1ngZ0oQUWUMSsIp
gN5ZfPul81WPWd1NqF+vyObcJhwq/Y1uoexoO27o7GQCFZoL3enZy8c4f1xqMlVM
4HHkTgNGac6E0aW+ArH4J0DFFAOJXPqF8rdt+9XINfoBbtliIyOixJ4oh1n6eAR0
VpBWZKFNyXSlUKIvDGa+LDhxgL1jJXV0ABSyKlUOijdmr3bbbiQE9MW/MNv2AFTd
OAFQ0QQtm9KCWp5JLh+FPIb/kR2l7MOUP+yz4zFcJpdGtl9tDLyPN8vRTq60bY8O
y7tBcf/SMqkd/AIFdchL4zrOguKnRARydIlwTarp8wtAQI3MKSsa1B0wgsDtlL6K
xfdjnwWMKvKKlNOW16e1WXXO0n/ucHV4njBE+bGPro3jLgXP2/WFZpIGAR3I4xrr
SdD4AxSNiR9f3bL7LRfMIbugJAylWNSlTLWUOVUv0/ONh85LqbcCj13NI230B64K
ETx2QOZgKnCs2oDNiw4aQHb7kvi2w94Iw/R1sAPkkxYJWO3reyE=
=h/5q
—–END PGP SIGNATURE—–
_______________________________________________
freebsd-security-notifications@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications
To unsubscribe, send any mail to “freebsd-security-notifications-unsubscribe@freebsd.org”

openSUSE-SU-2017:2757-1: important: Security update for git

openSUSE Security Update: Security update for git
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2757-1
Rating: important
References: #1061041
Cross-References: CVE-2017-14867
Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for git fixes the following issues:

This security issue was fixed:

– CVE-2017-14867: Git used unsafe Perl scripts to support subcommands such
as cvsserver, which allowed attackers to execute arbitrary OS commands
via shell metacharacters in a module name (bsc#1061041).

This update was imported from the SUSE:SLE-12:Update update project.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-1167=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.2 (noarch):

git-doc-2.12.3-5.14.1

– openSUSE Leap 42.2 (x86_64):

git-2.12.3-5.14.1
git-arch-2.12.3-5.14.1
git-core-2.12.3-5.14.1
git-core-debuginfo-2.12.3-5.14.1
git-credential-gnome-keyring-2.12.3-5.14.1
git-credential-gnome-keyring-debuginfo-2.12.3-5.14.1
git-cvs-2.12.3-5.14.1
git-daemon-2.12.3-5.14.1
git-daemon-debuginfo-2.12.3-5.14.1
git-debugsource-2.12.3-5.14.1
git-email-2.12.3-5.14.1
git-gui-2.12.3-5.14.1
git-svn-2.12.3-5.14.1
git-svn-debuginfo-2.12.3-5.14.1
git-web-2.12.3-5.14.1
gitk-2.12.3-5.14.1

References:

https://www.suse.com/security/cve/CVE-2017-14867.html
https://bugzilla.suse.com/1061041


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

CESA-2017:2911 Important CentOS 6 wpa_supplicant Security Update

CentOS Errata and Security Advisory 2017:2911 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2017:2911

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
1c4e471af89b650f2dd8b47db7a09af8a04368b0ed6532125ca37a7e55220193 wpa_supplicant-0.7.3-9.el6_9.2.i686.rpm

x86_64:
0644c3f6c879b7224014c2576384981597aec268b3c8abef3b616c2f05874117 wpa_supplicant-0.7.3-9.el6_9.2.x86_64.rpm

Source:
c74efa3ad9af3b9eb39e505e9a62dc2423791b27f988a3db9ab1057f1d499ef4 wpa_supplicant-0.7.3-9.el6_9.2.src.rpm


Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

openSUSE-SU-2017:2755-1: important: Security update for wpa_supplicant

openSUSE Security Update: Security update for wpa_supplicant
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2755-1
Rating: important
References: #1056061
Cross-References: CVE-2017-13078 CVE-2017-13079 CVE-2017-13080
CVE-2017-13081 CVE-2017-13087 CVE-2017-13088

Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________

An update that fixes 6 vulnerabilities is now available.

Description:

This update for wpa_supplicant fixes the security issues:

– Several vulnerabilities in standard conforming implementations of the
WPA2 protocol have been discovered and published under the code name
KRACK. This update remedies those issues in a backwards compatible
manner, i.e. the updated wpa_supplicant can interface properly with both
vulnerable and patched implementations of WPA2, but an attacker won’t be
able to exploit the KRACK weaknesses in those connections anymore even
if the other party is still vulnerable. [bsc#1056061, CVE-2017-13078,
CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,
CVE-2017-13088]

This update was imported from the SUSE:SLE-12:Update update project.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-1163=1

– openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-1163=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.3 (i586 x86_64):

wpa_supplicant-2.2-13.1
wpa_supplicant-debuginfo-2.2-13.1
wpa_supplicant-debugsource-2.2-13.1
wpa_supplicant-gui-2.2-13.1
wpa_supplicant-gui-debuginfo-2.2-13.1

– openSUSE Leap 42.2 (i586 x86_64):

wpa_supplicant-2.2-9.3.1
wpa_supplicant-debuginfo-2.2-9.3.1
wpa_supplicant-debugsource-2.2-9.3.1
wpa_supplicant-gui-2.2-9.3.1
wpa_supplicant-gui-debuginfo-2.2-9.3.1

References:

https://www.suse.com/security/cve/CVE-2017-13078.html
https://www.suse.com/security/cve/CVE-2017-13079.html
https://www.suse.com/security/cve/CVE-2017-13080.html
https://www.suse.com/security/cve/CVE-2017-13081.html
https://www.suse.com/security/cve/CVE-2017-13087.html
https://www.suse.com/security/cve/CVE-2017-13088.html
https://bugzilla.suse.com/1056061


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

CESA-2017:2907 Important CentOS 7 wpa_supplicant Security Update

CentOS Errata and Security Advisory 2017:2907 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2017:2907

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
bcb982dc33b01aeb8b0807cee6d6b07bfe0ca020fda96d2b64e34e6912daa698 wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm

Source:
d19567c0ecc7a639590f1ebd018618a7e061c42c7549fb60070d6f6581efa71b wpa_supplicant-2.6-5.el7_4.1.src.rpm


Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

SUSE-SU-2017:2752-1: important: Security update for wpa_supplicant

SUSE Security Update: Security update for wpa_supplicant
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2752-1
Rating: important
References: #1056061
Cross-References: CVE-2017-13078 CVE-2017-13079 CVE-2017-13080
CVE-2017-13081 CVE-2017-13087 CVE-2017-13088

Affected Products:
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-SP3-LTSS
SUSE Linux Enterprise Point of Sale 11-SP3
______________________________________________________________________________

An update that fixes 6 vulnerabilities is now available.

Description:

This update for wpa_supplicant fixes the following issues:

– Several vulnerabilities in standard conforming implementations of the
WPA2 protocol have been discovered and published under the code name
KRACK. This update remedies those issues in a backwards compatible
manner, i.e. the updated wpa_supplicant can interface properly with both
vulnerable and patched implementations of WPA2, but an attacker won’t be
able to exploit the KRACK weaknesses in those connections anymore even
if the other party is still vulnerable. [bsc#1056061, CVE-2017-13078,
CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,
CVE-2017-13088]

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 11-SP4:

zypper in -t patch slessp4-wpa_supplicant-13318=1

– SUSE Linux Enterprise Server 11-SP3-LTSS:

zypper in -t patch slessp3-wpa_supplicant-13318=1

– SUSE Linux Enterprise Point of Sale 11-SP3:

zypper in -t patch sleposp3-wpa_supplicant-13318=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

wpa_supplicant-0.7.1-6.18.3.1

– SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):

wpa_supplicant-0.7.1-6.18.3.1

– SUSE Linux Enterprise Point of Sale 11-SP3 (i586):

wpa_supplicant-0.7.1-6.18.3.1

References:

https://www.suse.com/security/cve/CVE-2017-13078.html
https://www.suse.com/security/cve/CVE-2017-13079.html
https://www.suse.com/security/cve/CVE-2017-13080.html
https://www.suse.com/security/cve/CVE-2017-13081.html
https://www.suse.com/security/cve/CVE-2017-13087.html
https://www.suse.com/security/cve/CVE-2017-13088.html
https://bugzilla.suse.com/1056061


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

FreeBSD Security Advisory FreeBSD-SA-17:07.wpa

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

=============================================================================
FreeBSD-SA-17:07.wpa Security Advisory
The FreeBSD Project

Topic: WPA2 protocol vulnerability

Category: contrib
Module: wpa
Announced: 2017-10-16
Credits: Mathy Vanhoef
Affects: All supported versions of FreeBSD.
Corrected: 2017-10-17 17:30:18 UTC (stable/11, 11.1-STABLE)
2017-10-17 17:57:18 UTC (releng/11.1, 11.1-RELEASE-p2)
2017-10-17 17:56:03 UTC (releng/11.0, 11.0-RELEASE-p13)
CVE Name: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,
CVE-2017-13086, CVE-2017-13087, CVE-2017-13088

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .

I. Background

Wi-Fi Protected Access II (WPA2) is a security protocol developed by the
Wi-Fi Alliance to secure wireless computer networks.

hostapd and wpa_supplicant are implementations of user space daemon for
access points and wireless client that implements the WPA2 protocol.

II. Problem Description

A vulnerability was found in how a number of implementations can be
triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
replaying a specific frame that is used to manage the keys.

III. Impact

Such reinstallation of the encryption key can result in two different
types of vulnerabilities: disabling replay protection and significantly
reducing the security of encryption to the point of allowing frames to
be decrypted or some parts of the keys to be determined by an attacker
depending on which cipher is used.

IV. Workaround

An updated version of wpa_supplicant is available in the FreeBSD Ports
Collection. Install version 2.6_2 or later of the
security/wpa_supplicant port/pkg. Once installed, update /etc/rc.conf
to use the new binary:

wpa_supplicant_program=”/usr/local/sbin/wpa_supplicant”

and restart networking.

An updated version of hostapd is available in the FreeBSD Ports
Collection. Install version 2.6_1 or later of the net/hostapd port/pkg.
Once installed, update /etc/rc.conf to use the new binary:

hostapd_program=”/usr/local/sbin/hostapd”

and restart hostapd.

V. Solution

Patches are currently available for stable/11, releng/11.0, and
releng/11.1. Patches for stable/10, releng/10.3, and releng/10.4 are
still being evaluated.

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.

Restart the Wi-Fi network interfaces/hostapd or reboot the system.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

Restart the Wi-Fi network interfaces/hostapd or reboot the system.

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

[FreeBSD 11.0-RELEASE, 11.1-RELEASE, and 11-STABLE]
# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch
# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch.asc
# gpg –verify wpa-11.patch.asc

b) Apply the patch. Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in .

Restart the applicable daemons, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each
affected branch.

Branch/path Revision
– ————————————————————————-
stable/11/ r324697
releng/11.0/ r324698
releng/11.1/ r324699
– ————————————————————————-

To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:

# svn diff -cNNNNNN –summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. References

The latest revision of this advisory is available at

—–BEGIN PGP SIGNATURE—–

iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlnmRUZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD
RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P
aueKcxAAwObogcEZAgGioU4uZvk9kKIpmG/NwvUjcZ0viFhePowKnh6/UoFDd+13
NsjriznPNKbXPch2Gp3Zwgd/hff10vlvr69QOFXnI3/Y8b+thxkl1kCAxC0xkfEl
eQBzjllMrjtrSgfKtoWInxnZLIrghuJAg4Jvvz+uWd3VTggM0pQgLUuhR/a8lWHd
3HBj5//sOhmVW2OFYC5dskYAn6TqyHtlMP9AT32h6QEyEzJeNWMlToELxy6OK59j
MYaS0vclz7QT+4SATvcl8RCmxmYfyWxEtFhDmPNz4mfQ915AxTjGFv7KbjTZtunl
k3niR3O8F450xduw5Yj9Mz3YdZ4ZYmvHbDgQLsMNwAmtQvXSteXUUBVNVAg9PsjR
4kxlEFsStWh6CtJVKYUvKDThnHrWYLiVUh6o/FtRm5fx2ws/gcj7H9csr8mQ0pkO
zm9jVOgMe7pqI7gygOfb61Rjz6PnLgVQcnP2LoC9pB21O5Q/Q2rv9d6XN3mQ6CQ2
+mUEZ5M7TWyd6gFrP2Eu6srec1nT1NjVjzyyupgusiQve3xV0wacG0jwgy7+VXE8
Ls2a/SObVDZkvFhOYMrLVui33l7f/vgT0KImyO2fkaWjbDcEyVcm1f+A7K+hqwp8
2O/Eh+NVSG0GIbt9pro0BxsZhMb/V4WmWV+4WnLKPwCQZ9fimKA=
=aNWn
—–END PGP SIGNATURE—–
_______________________________________________
freebsd-security-notifications@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications
To unsubscribe, send any mail to “freebsd-security-notifications-unsubscribe@freebsd.org”

SUSE-SU-2017:2745-1: important: Security update for wpa_supplicant

SUSE Security Update: Security update for wpa_supplicant
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2745-1
Rating: important
References: #1056061
Cross-References: CVE-2017-13078 CVE-2017-13079 CVE-2017-13080
CVE-2017-13081 CVE-2017-13087 CVE-2017-13088

Affected Products:
SUSE OpenStack Cloud 6
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Server 12-SP1-LTSS
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________

An update that fixes 6 vulnerabilities is now available.

Description:

This update for wpa_supplicant fixes the security issues:

– Several vulnerabilities in standard conforming implementations of the
WPA2 protocol have been discovered and published under the code name
KRACK. This update remedies those issues in a backwards compatible
manner, i.e. the updated wpa_supplicant can interface properly with both
vulnerable and patched implementations of WPA2, but an attacker won’t be
able to exploit the KRACK weaknesses in those connections anymore even
if the other party is still vulnerable. [bsc#1056061, CVE-2017-13078,
CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,
CVE-2017-13088]

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE OpenStack Cloud 6:

zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1705=1

– SUSE Linux Enterprise Server for SAP 12-SP1:

zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1705=1

– SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:

zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1705=1

– SUSE Linux Enterprise Server 12-SP3:

zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1705=1

– SUSE Linux Enterprise Server 12-SP2:

zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1705=1

– SUSE Linux Enterprise Server 12-SP1-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1705=1

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1705=1

– SUSE Linux Enterprise Desktop 12-SP3:

zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1705=1

– SUSE Linux Enterprise Desktop 12-SP2:

zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1705=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE OpenStack Cloud 6 (x86_64):

wpa_supplicant-2.2-15.3.1
wpa_supplicant-debuginfo-2.2-15.3.1
wpa_supplicant-debugsource-2.2-15.3.1

– SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):

wpa_supplicant-2.2-15.3.1
wpa_supplicant-debuginfo-2.2-15.3.1
wpa_supplicant-debugsource-2.2-15.3.1

– SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):

wpa_supplicant-2.2-15.3.1
wpa_supplicant-debuginfo-2.2-15.3.1
wpa_supplicant-debugsource-2.2-15.3.1

– SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

wpa_supplicant-2.2-15.3.1
wpa_supplicant-debuginfo-2.2-15.3.1
wpa_supplicant-debugsource-2.2-15.3.1

– SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):

wpa_supplicant-2.2-15.3.1
wpa_supplicant-debuginfo-2.2-15.3.1
wpa_supplicant-debugsource-2.2-15.3.1

– SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):

wpa_supplicant-2.2-15.3.1
wpa_supplicant-debuginfo-2.2-15.3.1
wpa_supplicant-debugsource-2.2-15.3.1

– SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):

wpa_supplicant-2.2-15.3.1
wpa_supplicant-debuginfo-2.2-15.3.1
wpa_supplicant-debugsource-2.2-15.3.1

– SUSE Linux Enterprise Desktop 12-SP3 (x86_64):

wpa_supplicant-2.2-15.3.1
wpa_supplicant-debuginfo-2.2-15.3.1
wpa_supplicant-debugsource-2.2-15.3.1

– SUSE Linux Enterprise Desktop 12-SP2 (x86_64):

wpa_supplicant-2.2-15.3.1
wpa_supplicant-debuginfo-2.2-15.3.1
wpa_supplicant-debugsource-2.2-15.3.1

References:

https://www.suse.com/security/cve/CVE-2017-13078.html
https://www.suse.com/security/cve/CVE-2017-13079.html
https://www.suse.com/security/cve/CVE-2017-13080.html
https://www.suse.com/security/cve/CVE-2017-13081.html
https://www.suse.com/security/cve/CVE-2017-13087.html
https://www.suse.com/security/cve/CVE-2017-13088.html
https://bugzilla.suse.com/1056061


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2751-1: important: Security update for xen

SUSE Security Update: Security update for xen
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2751-1
Rating: important
References: #1027519 #1055321 #1059777 #1061076 #1061077
#1061080 #1061081 #1061082 #1061084 #1061086
#1061087
Cross-References: CVE-2017-5526
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Desktop 12-SP3
______________________________________________________________________________

An update that solves one vulnerability and has 10 fixes is
now available.

Description:

This update for xen fixes several issues:

These security issues were fixed:

– CVE-2017-5526: The ES1370 audio device emulation support was vulnerable
to a memory leakage issue allowing a privileged user inside the guest to
cause a DoS and/or potentially crash the Qemu process on the host
(bsc#1059777)
– bsc#1061084: Missing cleanup in the page type system allowed a malicious
or buggy PV guest to cause DoS (XSA-242)
– bsc#1061086: A problem in the shadow pagetable code allowed a malicious
or buggy HVM guest to cause DoS or cause hypervisor memory corruption
potentially allowing the guest to escalate its privilege (XSA-243)
– bsc#1061087: Problematic handling of the selector fields in the
Interrupt Descriptor Table (IDT) allowed a malicious or buggy x86 PV
guest to escalate its privileges or cause DoS (XSA-244)
– bsc#1061077 Missing checks in the handling of DMOPs allowed malicious or
buggy stub domain kernels or tool stacks otherwise living outside of
Domain0 to cause a DoS (XSA-238)
– bsc#1061080: Intercepted I/O write operations with less than a full
machine word’s worth of data were not properly handled, which allowed a
malicious unprivileged x86 HVM guest to obtain sensitive information
from the host or
other guests (XSA-239)
– bsc#1061081: In certain configurations of linear page tables a stack
overflow might have occured that allowed a malicious or buggy PV guest
to cause DoS and potentially privilege escalation and information leaks
(XSA-240)
– bsc#1061082: Under certain conditions x86 PV guests could have caused
the hypervisor to miss a necessary TLB flush for a page. This allowed a
malicious x86 PV guest to access all of system memory, allowing for
privilege escalation, DoS, and information leaks (XSA-241)
– bsc#1061076: Multiple issues existed with the setup of PCI MSI
interrupts that allowed a malicious or buggy guest to cause DoS and
potentially privilege escalation and information leaks (XSA-237)
– bsc#1055321: When dealing with the grant map space of add-to-physmap
operations, ARM specific code failed to release a lock. This allowed a
malicious guest administrator to cause DoS (XSA-235)

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Software Development Kit 12-SP3:

zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1702=1

– SUSE Linux Enterprise Server 12-SP3:

zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1702=1

– SUSE Linux Enterprise Desktop 12-SP3:

zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1702=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 x86_64):

xen-debugsource-4.9.0_14-3.18.1
xen-devel-4.9.0_14-3.18.1

– SUSE Linux Enterprise Server 12-SP3 (x86_64):

xen-4.9.0_14-3.18.1
xen-debugsource-4.9.0_14-3.18.1
xen-doc-html-4.9.0_14-3.18.1
xen-libs-32bit-4.9.0_14-3.18.1
xen-libs-4.9.0_14-3.18.1
xen-libs-debuginfo-32bit-4.9.0_14-3.18.1
xen-libs-debuginfo-4.9.0_14-3.18.1
xen-tools-4.9.0_14-3.18.1
xen-tools-debuginfo-4.9.0_14-3.18.1
xen-tools-domU-4.9.0_14-3.18.1
xen-tools-domU-debuginfo-4.9.0_14-3.18.1

– SUSE Linux Enterprise Desktop 12-SP3 (x86_64):

xen-4.9.0_14-3.18.1
xen-debugsource-4.9.0_14-3.18.1
xen-libs-32bit-4.9.0_14-3.18.1
xen-libs-4.9.0_14-3.18.1
xen-libs-debuginfo-32bit-4.9.0_14-3.18.1
xen-libs-debuginfo-4.9.0_14-3.18.1

References:

https://www.suse.com/security/cve/CVE-2017-5526.html
https://bugzilla.suse.com/1027519
https://bugzilla.suse.com/1055321
https://bugzilla.suse.com/1059777
https://bugzilla.suse.com/1061076
https://bugzilla.suse.com/1061077
https://bugzilla.suse.com/1061080
https://bugzilla.suse.com/1061081
https://bugzilla.suse.com/1061082
https://bugzilla.suse.com/1061084
https://bugzilla.suse.com/1061086
https://bugzilla.suse.com/1061087


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2747-1: important: Security update for git

SUSE Security Update: Security update for git
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2747-1
Rating: important
References: #1061041
Cross-References: CVE-2017-14867
Affected Products:
SUSE OpenStack Cloud 6
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Server 12-SP1-LTSS
SUSE Container as a Service Platform ALL
OpenStack Cloud Magnum Orchestration 7
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for git fixes the following issues:

This security issue was fixed:

– CVE-2017-14867: Git used unsafe Perl scripts to support subcommands such
as cvsserver, which allowed attackers to execute arbitrary OS commands
via shell metacharacters in a module name (bsc#1061041).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE OpenStack Cloud 6:

zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1704=1

– SUSE Linux Enterprise Software Development Kit 12-SP3:

zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1704=1

– SUSE Linux Enterprise Software Development Kit 12-SP2:

zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1704=1

– SUSE Linux Enterprise Server for SAP 12-SP1:

zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1704=1

– SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:

zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1704=1

– SUSE Linux Enterprise Server 12-SP3:

zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1704=1

– SUSE Linux Enterprise Server 12-SP2:

zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1704=1

– SUSE Linux Enterprise Server 12-SP1-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1704=1

– SUSE Container as a Service Platform ALL:

zypper in -t patch SUSE-CAASP-ALL-2017-1704=1

– OpenStack Cloud Magnum Orchestration 7:

zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1704=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE OpenStack Cloud 6 (noarch):

git-doc-2.12.3-27.9.1

– SUSE OpenStack Cloud 6 (x86_64):

git-core-2.12.3-27.9.1
git-core-debuginfo-2.12.3-27.9.1
git-debugsource-2.12.3-27.9.1

– SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):

git-2.12.3-27.9.1
git-arch-2.12.3-27.9.1
git-core-2.12.3-27.9.1
git-core-debuginfo-2.12.3-27.9.1
git-cvs-2.12.3-27.9.1
git-daemon-2.12.3-27.9.1
git-daemon-debuginfo-2.12.3-27.9.1
git-debugsource-2.12.3-27.9.1
git-email-2.12.3-27.9.1
git-gui-2.12.3-27.9.1
git-svn-2.12.3-27.9.1
git-svn-debuginfo-2.12.3-27.9.1
git-web-2.12.3-27.9.1
gitk-2.12.3-27.9.1

– SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch):

git-doc-2.12.3-27.9.1

– SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):

git-2.12.3-27.9.1
git-arch-2.12.3-27.9.1
git-core-2.12.3-27.9.1
git-core-debuginfo-2.12.3-27.9.1
git-cvs-2.12.3-27.9.1
git-daemon-2.12.3-27.9.1
git-daemon-debuginfo-2.12.3-27.9.1
git-debugsource-2.12.3-27.9.1
git-email-2.12.3-27.9.1
git-gui-2.12.3-27.9.1
git-svn-2.12.3-27.9.1
git-svn-debuginfo-2.12.3-27.9.1
git-web-2.12.3-27.9.1
gitk-2.12.3-27.9.1

– SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch):

git-doc-2.12.3-27.9.1

– SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):

git-core-2.12.3-27.9.1
git-core-debuginfo-2.12.3-27.9.1
git-debugsource-2.12.3-27.9.1

– SUSE Linux Enterprise Server for SAP 12-SP1 (noarch):

git-doc-2.12.3-27.9.1

– SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):

git-core-2.12.3-27.9.1
git-core-debuginfo-2.12.3-27.9.1
git-debugsource-2.12.3-27.9.1

– SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch):

git-doc-2.12.3-27.9.1

– SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

git-core-2.12.3-27.9.1
git-core-debuginfo-2.12.3-27.9.1
git-debugsource-2.12.3-27.9.1

– SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):

git-core-2.12.3-27.9.1
git-core-debuginfo-2.12.3-27.9.1
git-debugsource-2.12.3-27.9.1

– SUSE Linux Enterprise Server 12-SP2 (noarch):

git-doc-2.12.3-27.9.1

– SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):

git-core-2.12.3-27.9.1
git-core-debuginfo-2.12.3-27.9.1
git-debugsource-2.12.3-27.9.1

– SUSE Linux Enterprise Server 12-SP1-LTSS (noarch):

git-doc-2.12.3-27.9.1

– SUSE Container as a Service Platform ALL (x86_64):

git-core-2.12.3-27.9.1
git-core-debuginfo-2.12.3-27.9.1
git-debugsource-2.12.3-27.9.1

– OpenStack Cloud Magnum Orchestration 7 (x86_64):

git-core-2.12.3-27.9.1
git-core-debuginfo-2.12.3-27.9.1
git-debugsource-2.12.3-27.9.1

References:

https://www.suse.com/security/cve/CVE-2017-14867.html
https://bugzilla.suse.com/1061041


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Zabbix 3.4.3, 3.2.9 and 3.0.12 released

Greetings!

Zabbix Team is pleased to announce the availability of Zabbix 3.4.3, 3.2.9 and 3.0.12.

Complete Release Notes:

Zabbix 3.4.3: https://www.zabbix.com/rn3.4.3
Zabbix 3.2.9: https://www.zabbix.com/rn3.2.9
Zabbix 3.0.12: https://www.zabbix.com/rn3.0.12

Download: https://www.zabbix.com/download

Kind regards,
Alexei Vladishev,
Zabbix Product Manager, CEO
——————————————————————————
Check out the vibrant tech community on one of the world’s most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Zabbix-announce mailing list
Zabbix-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/zabbix-announce