openSUSE-SU-2017:2741-1: important: Security update for the Linux Kernel

openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2741-1
Rating: important
References: #1005778 #1005780 #1005781 #1012382 #1022967
#1036215 #1036737 #1037579 #1037890 #1043598
#1044503 #1047238 #1051987 #1052593 #1053043
#1055493 #1055755 #1056686 #1057383 #1057498
#1058038 #1058410 #1058507 #1058512 #1058550
#1059051 #1059465 #1059500 #1060197 #1060229
#1061017 #1061046 #1061064 #1061067 #1061172
#1061831 #1061872
Cross-References: CVE-2017-1000252 CVE-2017-12153 CVE-2017-12154
CVE-2017-14489
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves four vulnerabilities and has 33 fixes
is now available.

Description:

The openSUSE Leap 42.3 kernel was updated to 4.4.90 to receive various
security and bugfixes.

The following security bugs were fixed:

– CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS
users to cause a denial of service (assertion failure, and hypervisor
hang or crash) via an out-of bounds guest_irq value, related to
arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).
– CVE-2017-14489: The iscsi_if_rx function in
drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local
users to cause a denial of service (panic) by leveraging incorrect
length validation (bnc#1059051).
– CVE-2017-12153: A security flaw was discovered in the
nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux
kernel This function did not check whether the required attributes are
present in a Netlink request. This request can be issued by a user with
the CAP_NET_ADMIN capability and may result in a NULL pointer
dereference and system crash (bnc#1058410).
– CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the
Linux kernel did not ensure that the “CR8-load exiting” and “CR8-store
exiting” L0 vmcs02 controls exist in cases where L1 omits the “use TPR
shadow” vmcs12 control, which allowed KVM L2 guest OS users to obtain
read and write access to the hardware CR8 register (bnc#1058507).

The following non-security bugs were fixed:

– arc: Re-enable MMU upon Machine Check exception (bnc#1012382).
– arm64: fault: Route pte translation faults via do_translation_fault
(bnc#1012382).
– arm64: Make sure SPsel is always set (bnc#1012382).
– arm: pxa: add the number of DMA requestor lines (bnc#1012382).
– arm: pxa: fix the number of DMA requestor lines (bnc#1012382).
– bcache: correct cache_dirty_target in __update_writeback_rate()
(bnc#1012382).
– bcache: Correct return value for sysfs attach errors (bnc#1012382).
– bcache: do not subtract sectors_to_gc for bypassed IO (bnc#1012382).
– bcache: fix bch_hprint crash and improve output (bnc#1012382).
– bcache: fix for gc and write-back race (bnc#1012382).
– bcache: Fix leak of bdev reference (bnc#1012382).
– bcache: initialize dirty stripes in flash_dev_run() (bnc#1012382).
– block: Relax a check in blk_start_queue() (bnc#1012382).
– bsg-lib: do not free job in bsg_prepare_job (bnc#1012382).
– btrfs: change how we decide to commit transactions during flushing
(bsc#1060197).
– btrfs: fix NULL pointer dereference from free_reloc_roots()
(bnc#1012382).
– btrfs: prevent to set invalid default subvolid (bnc#1012382).
– btrfs: propagate error to btrfs_cmp_data_prepare caller (bnc#1012382).
– btrfs: qgroup: move noisy underflow warning to debugging build
(bsc#1055755).
– cifs: Fix SMB3.1.1 guest authentication to Samba (bnc#1012382).
– cifs: release auth_key.response for reconnect (bnc#1012382).
– crypto: AF_ALG – remove SGL terminator indicator when chaining
(bnc#1012382).
– crypto: talitos – Do not provide setkey for non hmac hashing algs
(bnc#1012382).
– crypto: talitos – fix sha224 (bnc#1012382).
– cxl: Fix driver use count (bnc#1012382).
– dmaengine: mmp-pdma: add number of requestors (bnc#1012382).
– drivers: net: phy: xgene: Fix mdio write (bsc#1057383).
– drm: Add driver-private objects to atomic state (bsc#1055493).
– drm/dp: Introduce MST topology state to track available link bandwidth
(bsc#1055493).
– efi/fb: Avoid reconfiguration of BAR that covers the framebuffer
(bsc#1051987).
– efi/fb: Correct PCI_STD_RESOURCE_END usage (bsc#1051987).
– ext4: fix incorrect quotaoff if the quota feature is enabled
(bnc#1012382).
– ext4: fix quota inconsistency during orphan cleanup for read-only mounts
(bnc#1012382).
– f2fs: check hot_data for roll-forward recovery (bnc#1012382).
– fix xen_swiotlb_dma_mmap prototype (bnc#1012382).
– ftrace: Fix memleak when unregistering dynamic ops when tracing disabled
(bnc#1012382).
– ftrace: Fix selftest goto location on error (bnc#1012382).
– genirq: Fix for_each_action_of_desc() macro (bsc#1061064).
– getcwd: Close race with d_move called by lustre (bsc#1052593).
– gfs2: Fix debugfs glocks dump (bnc#1012382).
– gianfar: Fix Tx flow control deactivation (bnc#1012382).
– hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM switch
(bnc#1022967).
– input: i8042 – add Gigabyte P57 to the keyboard reset table
(bnc#1012382).
– iommu/vt-d: Avoid calling virt_to_phys() on null pointer (bsc#1061067).
– ipv6: accept 64k – 1 packet length in ip6_find_1stfragopt()
(bnc#1012382).
– ipv6: add rcu grace period before freeing fib6_node (bnc#1012382).
– ipv6: fix memory leak with multiple tables during netns destruction
(bnc#1012382).
– ipv6: fix sparse warning on rt6i_node (bnc#1012382).
– ipv6: fix typo in fib6_net_exit() (bnc#1012382).
– iw_cxgb4: put ep reference in pass_accept_req() (fate#321658 bsc#1005778
fate#321660 bsc#1005780 fate#321661 bsc#1005781).
– KABI fix drivers/nvme/target/nvmet.h (bsc#1058550).
– kabi/severities: ignore nfs_pgio_data_destroy
– kABI: Workaround kABI breakage of AMD-AVIC fixes (bsc#1044503).
– keys: fix writing past end of user-supplied buffer in keyring_read()
(bnc#1012382).
– keys: prevent creating a different user’s keyrings (bnc#1012382).
– keys: prevent KEYCTL_READ on negative key (bnc#1012382).
– kvm: Add struct kvm_vcpu pointer parameter to get_enable_apicv()
(bsc#1044503).
– kvm: async_pf: Fix #DF due to inject “Page not Present” and “Page Ready”
exceptions simultaneously (bsc#1061017).
– kvm: PPC: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce()
(bnc#1012382).
– kvm: SVM: Add a missing ‘break’ statement (bsc#1061017).
– kvm: SVM: Add irqchip_split() checks before enabling AVIC (bsc#1044503).
– kvm: SVM: delete avic_vm_id_bitmap (2 megabyte static array)
(bsc#1059500).
– kvm: SVM: Refactor AVIC vcpu initialization into avic_init_vcpu()
(bsc#1044503).
– kvm: VMX: do not change SN bit in vmx_update_pi_irte() (bsc#1061017).
– kvm: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt
(bsc#1061017).
– kvm: VMX: use cmpxchg64 (bnc#1012382).
– mac80211: flush hw_roc_start work before cancelling the ROC
(bnc#1012382).
– md/bitmap: disable bitmap_resize for file-backed bitmaps (bsc#1061172).
– md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list
(bnc#1012382).
– md/raid5: release/flush io in raid5_do_work() (bnc#1012382).
– media: uvcvideo: Prevent heap overflow when accessing mapped controls
(bnc#1012382).
– media: v4l2-compat-ioctl32: Fix timespec conversion (bnc#1012382).
– mips: math-emu: .: Fix cases of both infinite inputs
(bnc#1012382).
– mips: math-emu: .: Fix cases of input values with
opposite signs (bnc#1012382).
– mips: math-emu: .: Fix cases of both inputs zero
(bnc#1012382).
– mips: math-emu: .: Fix quiet NaN propagation
(bnc#1012382).
– mips: math-emu: .: Fix cases of both inputs negative
(bnc#1012382).
– mips: math-emu: MINA.: Fix some cases of infinity and zero inputs
(bnc#1012382).
– mm: prevent double decrease of nr_reserved_highatomic (bnc#1012382).
– nfsd: Fix general protection fault in release_lock_stateid()
(bnc#1012382).
– nvme-fabrics: generate spec-compliant UUID NQNs (bsc#1057498).
– nvmet: Move serial number from controller to subsystem (bsc#1058550).
– nvmet: preserve controller serial number between reboots (bsc#1058550).
– pci: Allow PCI express root ports to find themselves (bsc#1061046).
– pci: fix oops when try to find Root Port for a PCI device (bsc#1061046).
– pci: Fix race condition with driver_override (bnc#1012382).
– pci: Mark AMD Stoney GPU ATS as broken (bsc#1061046).
– pci: shpchp: Enable bridge bus mastering if MSI is enabled (bnc#1012382).
– perf/x86: Fix RDPMC vs. mm_struct tracking (bsc#1061831).
– perf/x86: kABI Workaround for ‘perf/x86: Fix RDPMC vs. mm_struct
tracking’ (bsc#1061831).
– perf: xgene: Add APM X-Gene SoC Performance Monitoring Unit driver
(bsc#1036737).
– perf: xgene: Include module.h (bsc#1036737).
– perf: xgene: Move PMU leaf functions into function pointer structure
(bsc#1036737).
– perf: xgene: Parse PMU subnode from the match table (bsc#1036737).
– powerpc: Fix DAR reporting when alignment handler faults (bnc#1012382).
– powerpc/perf: Cleanup of PM_BR_CMPL vs. PM_BRU_CMPL in Power9 event list
(bsc#1056686, fate#321438, bsc#1047238, git-fixes 34922527a2bc).
– powerpc/perf: Factor out PPMU_ONLY_COUNT_RUN check code from power8
(fate#321438, bsc#1053043, git-fixes efe881afdd999).
– powerpc/pseries: Fix parent_dn reference leak in add_dt_node()
(bnc#1012382).
– qlge: avoid memcpy buffer overflow (bnc#1012382).
– rdma/bnxt_re: Allocate multiple notification queues (bsc#1037579).
– rdma/bnxt_re: Implement the alloc/get_hw_stats callback (bsc#1037579).
– Revert “net: fix percpu memory leaks” (bnc#1012382).
– Revert “net: phy: Correctly process PHY_HALTED in phy_stop_machine()”
(bnc#1012382).
– Revert “net: use lib/percpu_counter API for fragmentation mem
accounting” (bnc#1012382).
– Revert “Update
patches.fixes/xfs-refactor-log-record-unpack-and-data-processing.patch
(bsc#1043598, bsc#1036215).”
– Revert “xfs: detect and handle invalid iclog size set by mkfs
(bsc#1043598).”
– Revert “xfs: detect and trim torn writes during log recovery
(bsc#1036215).”
– Revert “xfs: refactor and open code log record crc check (bsc#1036215).”
– Revert “xfs: refactor log record start detection into a new helper
(bsc#1036215).”
– Revert “xfs: return start block of first bad log record during recovery
(bsc#1036215).”
– Revert “xfs: support a crc verification only log record pass
(bsc#1036215).”
– scsi: ILLEGAL REQUEST + ASC==27 => target failure (bsc#1059465).
– scsi: megaraid_sas: Check valid aen class range to avoid kernel panic
(bnc#1012382).
– scsi: megaraid_sas: Return pended IOCTLs with cmd_status
MFI_STAT_WRONG_STATE in case adapter is dead (bnc#1012382).
– scsi: sg: factor out sg_fill_request_table() (bnc#1012382).
– scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE (bnc#1012382).
– scsi: sg: off by one in sg_ioctl() (bnc#1012382).
– scsi: sg: remove ‘save_scat_len’ (bnc#1012382).
– scsi: sg: use standard lists for sg_requests (bnc#1012382).
– scsi: storvsc: fix memory leak on ring buffer busy (bnc#1012382).
– scsi_transport_fc: Also check for NOTPRESENT in fc_remote_port_add()
(bsc#1037890).
– scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path
(bnc#1012382).
– scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace
records (bnc#1012382).
– scsi: zfcp: fix missing trace records for early returns in TMF eh
handlers (bnc#1012382).
– scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with
HBA (bnc#1012382).
– scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records
(bnc#1012382).
– scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled
(bnc#1012382).
– scsi: zfcp: trace HBA FSF response by default on dismiss or timedout
late response (bnc#1012382).
– scsi: zfcp: trace high part of “new” 64 bit SCSI LUN (bnc#1012382).
– seccomp: fix the usage of get/put_seccomp_filter() in
seccomp_get_filter() (bnc#1012382).
– skd: Avoid that module unloading triggers a use-after-free (bnc#1012382).
– skd: Submit requests to firmware before triggering the doorbell
(bnc#1012382).
– smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bnc#1012382).
– smb: Validate negotiate (to protect against downgrade) even if signing
off (bnc#1012382).
– swiotlb-xen: implement xen_swiotlb_dma_mmap callback (bnc#1012382).
– timer/sysclt: Restrict timer migration sysctl values to 0 and 1
(bnc#1012382).
– tracing: Apply trace_clock changes to instance max buffer (bnc#1012382).
– tracing: Erase irqsoff trace with empty write (bnc#1012382).
– tracing: Fix trace_pipe behavior for instance traces (bnc#1012382).
– tty: fix __tty_insert_flip_char regression (bnc#1012382).
– tty: improve tty_insert_flip_char() fast path (bnc#1012382).
– tty: improve tty_insert_flip_char() slow path (bnc#1012382).
– Update patches.drivers/0029-perf-xgene-Remove-bogus-IS_ERR-check.patch
(bsc#1036737).
– vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets
(bnc#1012382).
– video: fbdev: aty: do not leak uninitialized padding in clk to userspace
(bnc#1012382).
– Workaround for kABI compatibility with DP-MST patches (bsc#1055493).
– x86/cpu/amd: Hide unused legacy_fixup_core_id() function (bsc#1060229).
– x86/cpu/amd: Limit cpu_core_id fixup to families older than F17h
(bsc#1060229).
– x86/fpu: Do not let userspace set bogus xcomp_bv (bnc#1012382).
– x86/fsgsbase/64: Report FSBASE and GSBASE correctly in core dumps
(bnc#1012382).
– x86/ldt: Fix off by one in get_segment_base() (bsc#1061872).
– x86/mm: Fix boot crash caused by incorrect loop count calculation in
sync_global_pgds() (bsc#1058512).
– x86/mm: Fix fault error path using unsafe vma pointer (fate#321300).

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-1160=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.3 (noarch):

kernel-devel-4.4.90-28.1
kernel-docs-4.4.90-28.2
kernel-docs-html-4.4.90-28.2
kernel-docs-pdf-4.4.90-28.2
kernel-macros-4.4.90-28.1
kernel-source-4.4.90-28.1
kernel-source-vanilla-4.4.90-28.1

– openSUSE Leap 42.3 (x86_64):

kernel-debug-4.4.90-28.1
kernel-debug-base-4.4.90-28.1
kernel-debug-base-debuginfo-4.4.90-28.1
kernel-debug-debuginfo-4.4.90-28.1
kernel-debug-debugsource-4.4.90-28.1
kernel-debug-devel-4.4.90-28.1
kernel-debug-devel-debuginfo-4.4.90-28.1
kernel-default-4.4.90-28.1
kernel-default-base-4.4.90-28.1
kernel-default-base-debuginfo-4.4.90-28.1
kernel-default-debuginfo-4.4.90-28.1
kernel-default-debugsource-4.4.90-28.1
kernel-default-devel-4.4.90-28.1
kernel-obs-build-4.4.90-28.1
kernel-obs-build-debugsource-4.4.90-28.1
kernel-obs-qa-4.4.90-28.1
kernel-syms-4.4.90-28.1
kernel-vanilla-4.4.90-28.1
kernel-vanilla-base-4.4.90-28.1
kernel-vanilla-base-debuginfo-4.4.90-28.1
kernel-vanilla-debuginfo-4.4.90-28.1
kernel-vanilla-debugsource-4.4.90-28.1
kernel-vanilla-devel-4.4.90-28.1

References:

https://www.suse.com/security/cve/CVE-2017-1000252.html
https://www.suse.com/security/cve/CVE-2017-12153.html
https://www.suse.com/security/cve/CVE-2017-12154.html
https://www.suse.com/security/cve/CVE-2017-14489.html
https://bugzilla.suse.com/1005778
https://bugzilla.suse.com/1005780
https://bugzilla.suse.com/1005781
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1022967
https://bugzilla.suse.com/1036215
https://bugzilla.suse.com/1036737
https://bugzilla.suse.com/1037579
https://bugzilla.suse.com/1037890
https://bugzilla.suse.com/1043598
https://bugzilla.suse.com/1044503
https://bugzilla.suse.com/1047238
https://bugzilla.suse.com/1051987
https://bugzilla.suse.com/1052593
https://bugzilla.suse.com/1053043
https://bugzilla.suse.com/1055493
https://bugzilla.suse.com/1055755
https://bugzilla.suse.com/1056686
https://bugzilla.suse.com/1057383
https://bugzilla.suse.com/1057498
https://bugzilla.suse.com/1058038
https://bugzilla.suse.com/1058410
https://bugzilla.suse.com/1058507
https://bugzilla.suse.com/1058512
https://bugzilla.suse.com/1058550
https://bugzilla.suse.com/1059051
https://bugzilla.suse.com/1059465
https://bugzilla.suse.com/1059500
https://bugzilla.suse.com/1060197
https://bugzilla.suse.com/1060229
https://bugzilla.suse.com/1061017
https://bugzilla.suse.com/1061046
https://bugzilla.suse.com/1061064
https://bugzilla.suse.com/1061067
https://bugzilla.suse.com/1061172
https://bugzilla.suse.com/1061831
https://bugzilla.suse.com/1061872


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Zabbix 3.4.3rc1, 3.2.9rc1 and 3.0.12rc1 released

Greetings!

Zabbix Team is pleased to announce the availability of Zabbix 3.4.3rc1, 3.2.9rc1 and 3.0.12rc1.

Complete Release Notes:

Zabbix 3.4.3rc1: https://www.zabbix.com/rn3.4.3rc1
Zabbix 3.2.9rc1: https://www.zabbix.com/rn3.2.9rc1
Zabbix 3.0.12rc1: https://www.zabbix.com/rn3.0.12rc1

Download: https://www.zabbix.com/download

Kind regards,
Alexei Vladishev,
Zabbix Product Manager, CEO
——————————————————————————
Check out the vibrant tech community on one of the world’s most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Zabbix-announce mailing list
Zabbix-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/zabbix-announce

CESA-2017:2885 Important CentOS 6 thunderbird Security Update

CentOS Errata and Security Advisory 2017:2885 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2017:2885

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
23ba7f540fdf0317df088f6434ca63634e7200ced7d735fe5c1921e2a1da1757 thunderbird-52.4.0-2.el6.centos.i686.rpm

x86_64:
1b568daabf9aec0562d4781e18188a3cc8a257ce8fa6cfaa5772fbd003e9320b thunderbird-52.4.0-2.el6.centos.x86_64.rpm

Source:
6c5b1c8a602f538d77c40222646611d2c409de7f6e44d364ad7f3dbc2d0bb580 thunderbird-52.4.0-2.el6.centos.src.rpm


Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

SUSE-SU-2017:2725-1: important: Security update for the Linux Kernel

SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2725-1
Rating: important
References: #1059525
Cross-References: CVE-2017-1000253
Affected Products:
SUSE Linux Enterprise Server 11-SP3-LTSS
SUSE Linux Enterprise Server 11-EXTRA
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

The SUSE Linux Enterprise 11 SP3 kernel was updated to fix the following
issues:

– Stack corruption could have lead to local privilege escalation
(bsc#1059525, CVE-2017-1000253).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 11-SP3-LTSS:

zypper in -t patch slessp3-kernel-13314=1

– SUSE Linux Enterprise Server 11-EXTRA:

zypper in -t patch slexsp3-kernel-13314=1

– SUSE Linux Enterprise Point of Sale 11-SP3:

zypper in -t patch sleposp3-kernel-13314=1

– SUSE Linux Enterprise Debuginfo 11-SP3:

zypper in -t patch dbgsp3-kernel-13314=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):

kernel-default-3.0.101-0.47.106.8.1
kernel-default-base-3.0.101-0.47.106.8.1
kernel-default-devel-3.0.101-0.47.106.8.1
kernel-source-3.0.101-0.47.106.8.1
kernel-syms-3.0.101-0.47.106.8.1
kernel-trace-3.0.101-0.47.106.8.1
kernel-trace-base-3.0.101-0.47.106.8.1
kernel-trace-devel-3.0.101-0.47.106.8.1

– SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64):

kernel-ec2-3.0.101-0.47.106.8.1
kernel-ec2-base-3.0.101-0.47.106.8.1
kernel-ec2-devel-3.0.101-0.47.106.8.1
kernel-xen-3.0.101-0.47.106.8.1
kernel-xen-base-3.0.101-0.47.106.8.1
kernel-xen-devel-3.0.101-0.47.106.8.1

– SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64):

kernel-bigsmp-3.0.101-0.47.106.8.1
kernel-bigsmp-base-3.0.101-0.47.106.8.1
kernel-bigsmp-devel-3.0.101-0.47.106.8.1

– SUSE Linux Enterprise Server 11-SP3-LTSS (s390x):

kernel-default-man-3.0.101-0.47.106.8.1

– SUSE Linux Enterprise Server 11-SP3-LTSS (i586):

kernel-pae-3.0.101-0.47.106.8.1
kernel-pae-base-3.0.101-0.47.106.8.1
kernel-pae-devel-3.0.101-0.47.106.8.1

– SUSE Linux Enterprise Server 11-EXTRA (i586 ppc64 s390x x86_64):

kernel-default-extra-3.0.101-0.47.106.8.1

– SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

kernel-xen-extra-3.0.101-0.47.106.8.1

– SUSE Linux Enterprise Server 11-EXTRA (x86_64):

kernel-bigsmp-extra-3.0.101-0.47.106.8.1
kernel-trace-extra-3.0.101-0.47.106.8.1

– SUSE Linux Enterprise Server 11-EXTRA (ppc64):

kernel-ppc64-extra-3.0.101-0.47.106.8.1

– SUSE Linux Enterprise Server 11-EXTRA (i586):

kernel-pae-extra-3.0.101-0.47.106.8.1

– SUSE Linux Enterprise Point of Sale 11-SP3 (i586):

kernel-default-3.0.101-0.47.106.8.1
kernel-default-base-3.0.101-0.47.106.8.1
kernel-default-devel-3.0.101-0.47.106.8.1
kernel-ec2-3.0.101-0.47.106.8.1
kernel-ec2-base-3.0.101-0.47.106.8.1
kernel-ec2-devel-3.0.101-0.47.106.8.1
kernel-pae-3.0.101-0.47.106.8.1
kernel-pae-base-3.0.101-0.47.106.8.1
kernel-pae-devel-3.0.101-0.47.106.8.1
kernel-source-3.0.101-0.47.106.8.1
kernel-syms-3.0.101-0.47.106.8.1
kernel-trace-3.0.101-0.47.106.8.1
kernel-trace-base-3.0.101-0.47.106.8.1
kernel-trace-devel-3.0.101-0.47.106.8.1
kernel-xen-3.0.101-0.47.106.8.1
kernel-xen-base-3.0.101-0.47.106.8.1
kernel-xen-devel-3.0.101-0.47.106.8.1

– SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):

kernel-default-debuginfo-3.0.101-0.47.106.8.1
kernel-default-debugsource-3.0.101-0.47.106.8.1
kernel-trace-debuginfo-3.0.101-0.47.106.8.1
kernel-trace-debugsource-3.0.101-0.47.106.8.1

– SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64):

kernel-ec2-debuginfo-3.0.101-0.47.106.8.1
kernel-ec2-debugsource-3.0.101-0.47.106.8.1
kernel-xen-debuginfo-3.0.101-0.47.106.8.1
kernel-xen-debugsource-3.0.101-0.47.106.8.1

– SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64):

kernel-bigsmp-debuginfo-3.0.101-0.47.106.8.1
kernel-bigsmp-debugsource-3.0.101-0.47.106.8.1

– SUSE Linux Enterprise Debuginfo 11-SP3 (i586):

kernel-pae-debuginfo-3.0.101-0.47.106.8.1
kernel-pae-debugsource-3.0.101-0.47.106.8.1

References:

https://www.suse.com/security/cve/CVE-2017-1000253.html
https://bugzilla.suse.com/1059525


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2723-1: important: Security update for the Linux Kernel

SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2723-1
Rating: important
References: #1059525
Cross-References: CVE-2017-1000253
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-EXTRA
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

The SUSE Linux Enterprise 11 SP4 kernel was updated to fix the following
issues:

– Stack corruption could have lead to local privilege escalation
(bsc#1059525, CVE-2017-1000253).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Software Development Kit 11-SP4:

zypper in -t patch sdksp4-kernel-13312=1

– SUSE Linux Enterprise Server 11-SP4:

zypper in -t patch slessp4-kernel-13312=1

– SUSE Linux Enterprise Server 11-EXTRA:

zypper in -t patch slexsp3-kernel-13312=1

– SUSE Linux Enterprise Debuginfo 11-SP4:

zypper in -t patch dbgsp4-kernel-13312=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch):

kernel-docs-3.0.101-108.13.2

– SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

kernel-default-3.0.101-108.13.1
kernel-default-base-3.0.101-108.13.1
kernel-default-devel-3.0.101-108.13.1
kernel-source-3.0.101-108.13.1
kernel-syms-3.0.101-108.13.1
kernel-trace-3.0.101-108.13.1
kernel-trace-base-3.0.101-108.13.1
kernel-trace-devel-3.0.101-108.13.1

– SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):

kernel-ec2-3.0.101-108.13.1
kernel-ec2-base-3.0.101-108.13.1
kernel-ec2-devel-3.0.101-108.13.1
kernel-xen-3.0.101-108.13.1
kernel-xen-base-3.0.101-108.13.1
kernel-xen-devel-3.0.101-108.13.1

– SUSE Linux Enterprise Server 11-SP4 (ppc64):

kernel-bigmem-3.0.101-108.13.1
kernel-bigmem-base-3.0.101-108.13.1
kernel-bigmem-devel-3.0.101-108.13.1
kernel-ppc64-3.0.101-108.13.1
kernel-ppc64-base-3.0.101-108.13.1
kernel-ppc64-devel-3.0.101-108.13.1

– SUSE Linux Enterprise Server 11-SP4 (s390x):

kernel-default-man-3.0.101-108.13.1

– SUSE Linux Enterprise Server 11-SP4 (i586):

kernel-pae-3.0.101-108.13.1
kernel-pae-base-3.0.101-108.13.1
kernel-pae-devel-3.0.101-108.13.1

– SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):

kernel-default-extra-3.0.101-108.13.1

– SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

kernel-xen-extra-3.0.101-108.13.1

– SUSE Linux Enterprise Server 11-EXTRA (x86_64):

kernel-trace-extra-3.0.101-108.13.1

– SUSE Linux Enterprise Server 11-EXTRA (ppc64):

kernel-ppc64-extra-3.0.101-108.13.1

– SUSE Linux Enterprise Server 11-EXTRA (i586):

kernel-pae-extra-3.0.101-108.13.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

kernel-default-debuginfo-3.0.101-108.13.1
kernel-default-debugsource-3.0.101-108.13.1
kernel-trace-debuginfo-3.0.101-108.13.1
kernel-trace-debugsource-3.0.101-108.13.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64):

kernel-default-devel-debuginfo-3.0.101-108.13.1
kernel-trace-devel-debuginfo-3.0.101-108.13.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):

kernel-ec2-debuginfo-3.0.101-108.13.1
kernel-ec2-debugsource-3.0.101-108.13.1
kernel-xen-debuginfo-3.0.101-108.13.1
kernel-xen-debugsource-3.0.101-108.13.1
kernel-xen-devel-debuginfo-3.0.101-108.13.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):

kernel-bigmem-debuginfo-3.0.101-108.13.1
kernel-bigmem-debugsource-3.0.101-108.13.1
kernel-ppc64-debuginfo-3.0.101-108.13.1
kernel-ppc64-debugsource-3.0.101-108.13.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (i586):

kernel-pae-debuginfo-3.0.101-108.13.1
kernel-pae-debugsource-3.0.101-108.13.1
kernel-pae-devel-debuginfo-3.0.101-108.13.1

References:

https://www.suse.com/security/cve/CVE-2017-1000253.html
https://bugzilla.suse.com/1059525


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

CESA-2017:2885 Important CentOS 7 thunderbird Security Update

CentOS Errata and Security Advisory 2017:2885 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2017:2885

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
8689cc4ee4be5aeed443100d44d5a94bc1b58ad1aa061392c1971d5ed26f41c4 thunderbird-52.4.0-2.el7.centos.x86_64.rpm

Source:
e402822a322f5e009ea129511cd0b9e449ba2a39e600002de2ae77dce97af4ea thunderbird-52.4.0-2.el7.centos.src.rpm


Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] Release for CentOS AltArch 7 (1708) on i386 Architecture

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
–===============0204176667952959124==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol=”application/pgp-signature”;
boundary=”dftXnUq7QNctbQsO6If48jdmQNcnLQuRm”

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
–dftXnUq7QNctbQsO6If48jdmQNcnLQuRm
Content-Type: multipart/mixed; boundary=”qk3WwAv817xgbl4FkfjW1SlbXAN8dcUHV”;
protected-headers=”v1″
From: Johnny Hughes
To: CentOS-Announce
Message-ID:
Subject: Release for CentOS AltArch 7 (1708) on i386 Architecture

–qk3WwAv817xgbl4FkfjW1SlbXAN8dcUHV
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US

This is the release announcement for the i386 (Intel 32-bit)
Architecture based on the source code released for CentOS-7 (1708).=C2=A0=
It
includes all packages that build on x86 32-bit processors.

The release notes for the normal CentOS-7 apply:

https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7

with the following notes that are specific to i386:

https://wiki.centos.org/SpecialInterestGroup/AltArch/i386

If you already have a previous version of CentOS-7 i386 installed, just
running ‘yum update’ will get you the latest packages installed.

ISOs can be downloaded from:

http://mirror.centos.org/altarch/7/isos/i386/

Here are the SHA256SUMS for the ISOs:

CentOS-7-i386-DVD-1708.iso:
36df0a7d687e058ec11708ccace7981fe2faf1040d4efd796a4ffab67863eace

CentOS-7-i386-Everything-1708.iso
e118987646ca5e916a1cdc89e916ea64bd06e1c09564721a13ad90b0caffd4b2

CentOS-7-i386-LiveGNOME-1708.iso:
e97c5475e5a45539a213970d13231c3da85927c8d5f34f7fc187fd37cdfe72aa

CentOS-7-i386-LiveKDE-1708.iso:
7c2130993783c089453d6f55aea2431c9c7617be922e2b206bcef03580c521f7

CentOS-7-i386-Minimal-1708.iso:
8e73904c870f93ca3b553048a0092b1fc0ddebd2d8990e0f7b13a22d70eb725e

CentOS-7-i386-NetInstall-1708.iso:
5fd4075b841e8500826408ef95352ed1d2868b2ebe2cdcf66cd505a51a6c8484

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D

Bug reports and feedback about specific packages should be filed at
https://bugs.centos.org/ against the relevant package name, for project
CentOS Linux 7, in the same manner as you would for x86_64. However, do
mention the architecture as applicable.

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D

Johnny Hughes
Twitter:=C2=A0 @JohnnyCentOS
Freenode IRC:=C2=A0 hughesjr

–qk3WwAv817xgbl4FkfjW1SlbXAN8dcUHV–

–dftXnUq7QNctbQsO6If48jdmQNcnLQuRm
Content-Type: application/pgp-signature; name=”signature.asc”
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename=”signature.asc”

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlnf04wACgkQTKkMgmrBY7NUagCfQfNCR9JogC0VN6yi95NLqEkt
c00An3GU7NDC7bg7StxgHkwoYBMK77Ws
=jcD7
—–END PGP SIGNATURE—–

–dftXnUq7QNctbQsO6If48jdmQNcnLQuRm–

–===============0204176667952959124==
Content-Type: text/plain; charset=”us-ascii”
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

–===============0204176667952959124==–

New Check_MK stable release 1.4.0p15

Dear friends of Check_MK,

the new stable release 1.4.0p15 of Check_MK is ready for download.

This maintenance release ships with 5 changes affecing all editions of Chec=
k_MK,
1 Enterprise Edition specific changes and 0 Managed Services Edition specif=
ic changes.

The most important fix is werk 5234 that fixes an issue affecing the Enterp=
rise
Edition. The problem caused unexpected behaviours in the Check_MK check hel=
pers
in 1.4.0p14 after config reloads. CEE users of the 1.4.0p14 are recommended=
to update
to this release.

Changes in all Check_MK Editions:

WATO:
* 5391 FIX: Removed CEE specific broken link from host edit page (CRE)
* 5362 FIX: Fixed possible exception on global settings page related to “di=
skspace cleanup”
* 5389 FIX: Fixed disabling services via discovery page when a host rule ex=
ists in wrong folder

Checks & agents:
* 5234 FIX: Fixed recently introduced issue with non working WATO rules
* 5379 FIX: Allow Windows logfiles to be monitored without monitoring also =
eventlog

Other components:
* 5388 FIX: Dokuwiki: Fixed missing page edit dialog toolbar when using SLES

Changes in the Check_MK Enterprise Edition:

NO CHANGES

Changes in the Check_MK Managed Services Edition:

NO CHANGES

You can download Check_MK from our download page:
* http://mathias-kettner.de/check_mk_download.html

Please mail bug reports and qualified feedback to feedback@check-mk.org.
We greatly thank you for using Check_MK and wish you a successful monitorin=
g,

Your Check_MK Team

— =

Mathias Kettner GmbH
Kellerstra=DFe 29, 81667 M=FCnchen, Germany
Registergericht: Amtsgericht M=FCnchen, HRB 165902
Gesch=E4ftsf=FChrer: Mathias Kettner
http://mathias-kettner.de
Tel. +49 89 1890 435-0
Fax. +49 89 1890 435-29

_______________________________________________
Checkmk-announce mailing list
Checkmk-announce@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-announce

OPNsense 17.7.5 image refresh

SGkgYWxsLAoKV2UgYXJlIGhhcHB5IHRvIGFubm91bmNlIHRoZSBpbW1lZGlhdGUgYXZhaWxhYmls
aXR5IG9mIHRoZSByZW5ld2VkCk9QTnNlbnNlIDE3LjcgaW1hZ2VzIGJhc2VkIG9uIHZlcnNpb24g
MTcuNy41LiAgQXBhcnQgZnJvbSB0aGUKbnVtZXJvdXMgaW1wcm92ZW1lbnRzIHNpbmNlIHRoZSBp
bml0aWFsIHJlbGVhc2UsIHRoZSBpbWFnZXMgY29udGFpbgphbiBhZGRpdGlvbiBmb3Igc2luZ2xl
IGludGVyZmFjZXMgU1NIIGluc3RhbGxlciBzY2VuYXJpb3MgYXMgd2VsbAphcyBhbiBQUFBvRSBt
dWx0aS1BUCBrZXJuZWwgcGF0Y2guICBBbmQgZHVlIHRvIHBvcHVsYXIgZGVtYW5kIHRoZQpkeW5h
bWljIEROUyBwbHVnaW4gbm93IGNvbWVzIHByZWluc3RhbGxlZCwgc29tZXRoaW5nIHdlIG1pc3Nl
ZCBpbgp0aGUgb3JpZ2luYWwgMTcuNyBwbHVnaW4gY29udmVyc2lvbiBwcm9jZXNzLgoKRm9yIGFs
bW9zdCAzIHllYXJzIG5vdywgT1BOc2Vuc2UgaXMgZHJpdmluZyBpbm5vdmF0aW9uIHRocm91Z2gK
bW9kdWxhcmlzaW5nIGFuZCBoYXJkZW5pbmcgdGhlIGNvZGUgYmFzZSwgcXVpY2sgYW5kIHJlbGlh
YmxlCmZpcm13YXJlIHVwZ3JhZGVzLCBtdWx0aS1sYW5ndWFnZSBzdXBwb3J0LCBmYXN0IGFkb3B0
aW9uIG9mCnVwc3RyZWFtIHNvZnR3YXJlIHVwZGF0ZXMgYXMgd2VsbCBhcyBjbGVhciBhbmQgc3Rh
YmxlIDItQ2xhdXNlCkJTRCBsaWNlbnNpbmcuCgpXZSB3b3VsZCBhbHNvIGxpa2UgdG8gdXNlIHRo
aXMgb3Bwb3J0dW5pdHkgdG8gcmVtaW5kIGV2ZXJ5b25lCnRoYXQgT1BOc2Vuc2UgaXMgYW5kIGFs
d2F5cyB3aWxsIGJlIGZyZWUgc29mdHdhcmUuICBBbGwgb2YgaXRzCnNvdXJjZSBjb2RlIGFuZCBh
c3NvY2lhdGVkIGJ1aWxkIHRvb2xzIGNhbiBiZSBmb3VuZCBoZXJlOgoKaHR0cHM6Ly9naXRodWIu
Y29tL29wbnNlbnNlCgpEb3dubG9hZCBsaW5rcywgYW4gaW5zdGFsbGF0aW9uIGd1aWRlLCB0aGUg
ZnVsbCBsaXN0IG9mIGNoYW5nZXMKYW5kIHRoZSBjaGVja3N1bXMgZm9yIHRoZSBpbWFnZXMgY2Fu
IGJlIGZvdW5kIGJlbG93LgoKRG93bmxvYWQgTG9jYXRpb25zCgpvIEV1cm9wZTogaHR0cHM6Ly9v
cG5zZW5zZS5jMHVyaWVyLm5ldC9yZWxlYXNlcy8xNy43LwpvIFVTIEVhc3QgQ29hc3Q6IGh0dHA6
Ly9taXJyb3JzLm55Y2J1Zy5vcmcvcHViL29wbnNlbnNlL3JlbGVhc2VzLzE3LjcvCm8gVVMgV2Vz
dCBDb2FzdDogaHR0cHM6Ly9taXJyb3Iuc2ZvMTIudXMubGVhc2V3ZWIubmV0L29wbnNlbnNlL3Jl
bGVhc2VzLzE3LjcvCm8gU291dGggQW1lcmljYTogaHR0cDovL21pcnJvci51cGIuZWR1LmNvL29w
bnNlbnNlL3JlbGVhc2VzLzE3LjcvCm8gU291dGgtRWFzdCBBc2lhOiBodHRwczovL2Z0cC55enUu
ZWR1LnR3L29wbnNlbnNlL3JlbGVhc2VzLzE3LjcvCm8gRnVsbCBtaXJyb3IgbGlzdDogaHR0cHM6
Ly9vcG5zZW5zZS5vcmcvZG93bmxvYWQvCgpJbnN0YWxsIEluc3RydWN0aW9ucwoKVGhlIGJvb3Qg
cHJvY2VzcyBnaXZlcyB5b3UgdGhlIG9wcG9ydHVuaXR5IHRvIHJ1biBzZXZlcmFsCm9wdGlvbmFs
IGNvbmZpZ3VyYXRpb24gc3RlcHMuICBJdCBoYXMgYmVlbiBkZXNpZ25lZCB0byBhbHdheXMKYm9v
dCBpbnRvIGEgbGl2ZSBlbnZpcm9ubWVudCBpbiBvcmRlciB0byBiZSBhYmxlIHRvIGFjY2VzcyB0
aGUKR1VJIG9yIGV2ZW4gU1NIIGRpcmVjdGx5LiAgSWYgYSB0aW1lb3V0IHdhcyBtaXNzZWQgc2lt
cGx5CnJlc3RhcnQgdGhlIGJvb3QgcHJvY2VkdXJlLgoKQWxsIGltYWdlcyBmZWF0dXJlIHRoZSBu
ZXcgIm9wbnNlbnNlLWltcG9ydGVyIiB1dGlsaXR5LCB3aGljaAppcyBub3cgaW52b2tlZCBpbnN0
ZWFkIG9mIHRoZSBlYXJseSBpbnN0YWxsZXIuICBZb3UgY2FuIHN0b3AKdGhlIGF1dG9tYXRpYyB0
aW1lb3V0IGJ5IHByZXNzaW5nIGFueSBrZXkuICBBZnRlcndhcmRzIHlvdSB3aWxsCmhhdmUgdGhl
IG9wcG9ydHVuaXR5IHRvIHNlbGVjdCBhIGRpc2sgdG8gaW1wb3J0IGZyb20uICBJZiB0aGUKb3B0
aW9uIHRpbWVzIG91dCBvciB0aGUgaW1wb3J0ZXIgaXMgZXhpdGVkIHdpdGhvdXQgYSBkaXNrCnNl
bGVjdGlvbiwgdGhlIGZhY3RvcnkgZGVmYXVsdHMgd2lsbCBiZSB1c2VkIGZvciB0aGUgYm9vdC4K
ClRoZSBuZXh0IHByb21wdCB3aWxsIGJlIGZvciBtYW51YWwgaW50ZXJmYWNlIHNlbGVjdGlvbi4K
VGhpcyBzdGVwIGlzIHdlbGwtZXN0YWJsaXNoZWQgc2luY2UgT1BOc2Vuc2UgMTUuNy4KClRoZSBz
eXN0ZW0gd2lsbCB0aGVuIGNvbnRpbnVlIGludG8gYSBsaXZlIGVudmlyb25tZW50LiAgSWYgdGhl
CmNvbmZpZyBpbXBvcnRlciB3YXMgdXNlZCBwcmV2aW91c2x5IG9uIGFuIGV4aXN0aW5nIGluc3Rh
bGxhdGlvbiwKdGhlIHN5c3RlbSB3aWxsIGJvb3QgdXAgd2l0aCBhIGZ1bGx5IGZ1bmN0aW9uYWwg
c2V0dXAsIGJ1dCB3aWxsCm5vdCBvdmVyd3JpdGUgdGhlIHByZXZpb3VzIGluc3RhbGxhdGlvbi4g
VXNlIHRoaXMgZmVhdHVyZSBmb3IKc2FmZWx5IHByZXZpZXdpbmcgdXBncmFkZXMuCgpJZiB5b3Ug
aGF2ZSB1c2VkIGEgQ0QtUk9NLCBWR0EsIFNlcmlhbCBpbWFnZSB3aXRob3V0IGEgY29uZmlnCmlt
cG9ydCB5b3UgYXJlIGJ5IGRlZmF1bHQgYWJsZSB0byAoYSkgbG9nIGludG8gdGhlIHJvb3Qgc2hl
bGwKdXNpbmcgdGhlIHVzZXIgInJvb3QiIHdpdGggcGFzc3dvcmQgIm9wbnNlbnNlIiwgb3IgKGIp
IGxvZyBpbnRvCnRoZSBpbnN0YWxsZXIgdXNpbmcgdGhlIHVzZXIgImluc3RhbGxlciIgd2l0aCBw
YXNzd29yZCAib3Buc2Vuc2UiLgpUaGUgR1VJIHdpbGwgbGlzdGVuIG9uIGh0dHBzOi8vMTkyLjE2
OC4xLjEvIGZvciB1c2VyICJyb290IiB3aXRoCnBhc3N3b3JkICJvcG5zZW5zZSIuICBVc2luZyBT
U0gsIHRoZSAicm9vdCIgYW5kICJpbnN0YWxsZXIiIHVzZXJzCmFyZSBhdmFpbGFibGUgYXMgd2Vs
bCBvbiBJUCAxOTIuMTY4LjEuMS4gIE5vdGUgdGhhdCB0aGVzZSBpbnN0YWxsCm1lZGlhcyBhcmUg
cmVhZC1vbmx5LCB3aGljaCBtZWFucyB5b3VyIGN1cnJlbnQgbGl2ZSBjb25maWd1cmF0aW9uCndp
bGwgYmUgbG9zdCBhZnRlciByZWJvb3QuCgpJZiB5b3UgaGF2ZSB1c2VkIGEgTmFubyBpbWFnZSwg
eW91ciBzeXN0ZW0gaXMgYWxyZWFkeSB1cCBhbmQKcnVubmluZyBhcyBpdCBpcyBkZXNpZ25lZCBh
cyBzdWNoLiAgSXQgaXMgc2V0IHRvIHJlYWQtd3JpdGUKYXR0ZW1wdGluZyB0byBtaW5pbWlzZSB3
cml0ZSBjeWNsZXMgYnkgbW91bnRpbmcgcmVsZXZhbnQgcGFydGl0aW9ucwphcyBtZW1vcnkgZmls
ZSBzeXN0ZW1zLiAgSWYgeW91IHNob3VsZCByZXF1aXJlIGFuIGluc3RhbGxlciBhbnl3YXksCmxv
ZyBpbiBhcyB1c2VyICJyb290Iiwgc2VsZWN0IG9wdGlvbiA4IGZyb20gdGhlIG1lbnUgYW5kIHR5
cGUKIm9wbnNlbnNlLWluc3RhbGxlciIuICBUaGUgIm9wbnNlbnNlLWltcG9ydGVyIiBjYW4gYmUg
cnVuIHRoaXMgd2F5CmFzIHdlbGwgc2hvdWxkIHlvdSByZXF1aXJlIHRvIHJ1biB0aGUgaW1wb3J0
IGFnYWluLgoKVGhlIGZ1bGwgbGlzdCBvZiBjaGFuZ2VzIG9mIE9QTnNlbnNlIDE3LjcgY2FuIGJl
IHJldmlld2VkIHVzaW5nCnRoZWlyIG9yaWdpbmFsIGFubm91bmNlbWVudHM6CgpvIDE3Ljc6IGh0
dHBzOi8vZm9ydW0ub3Buc2Vuc2Uub3JnL2luZGV4LnBocD90b3BpYz01NjA0LjAKbyAxNy43LjE6
IGh0dHBzOi8vZm9ydW0ub3Buc2Vuc2Uub3JnL2luZGV4LnBocD90b3BpYz01ODYzLjAKbyAxNy43
LjI6IGh0dHBzOi8vZm9ydW0ub3Buc2Vuc2Uub3JnL2luZGV4LnBocD90b3BpYz01OTU2LjAKbyAx
Ny43LjM6IGh0dHBzOi8vZm9ydW0ub3Buc2Vuc2Uub3JnL2luZGV4LnBocD90b3BpYz01OTk0LjAK
byAxNy43LjQ6IGh0dHBzOi8vZm9ydW0ub3Buc2Vuc2Uub3JnL2luZGV4LnBocD90b3BpYz02MDQx
LjAKbyAxNy43LjU6IGh0dHBzOi8vZm9ydW0ub3Buc2Vuc2Uub3JnL2luZGV4LnBocD90b3BpYz02
MDk0LjAKCgpTdGF5IHNhZmUsCllvdXIgT1BOc2Vuc2UgdGVhbQoKLS0KIyBTSEEyNTYgKE9QTnNl
bnNlLTE3LjcuNS1PcGVuU1NMLWR2ZC1hbWQ2NC5pc28uYnoyKSA9IDNmYWI1YjdmNDU5NmRjMDMw
MGU0YjM2ZmI1ZmU4NjQ3ZWJkNDI3NTBlNmUyOGY1YzdmMTQyNGVlMDdjMzUwZWMKIyBTSEEyNTYg
KE9QTnNlbnNlLTE3LjcuNS1PcGVuU1NMLW5hbm8tYW1kNjQuaW1nLmJ6MikgPSAyOTI0Y2VlYzNm
MTEyMDZlODY2YzYxNDYxMTJhZTE0ZDMwNGNkNWUxOGFjYjM4MDNhOTIzZTA0MDE5NjUxYzFiCiMg
U0hBMjU2IChPUE5zZW5zZS0xNy43LjUtT3BlblNTTC1zZXJpYWwtYW1kNjQuaW1nLmJ6MikgPSA3
YTg1YWUzNmI1MmQ2Zjg1MjM5YjdhOTM2Y2VmYTVjNTNkZGRmYTI3MmI5NjhlMjRiYzZiNjFjNzdm
NGRmYmNlCiMgU0hBMjU2IChPUE5zZW5zZS0xNy43LjUtT3BlblNTTC12Z2EtYW1kNjQuaW1nLmJ6
MikgPSA3MzBkZmFhZDM4NTY0MjkwMmQwMGRjNzM2MWZlYTZjNmM3ZTFjMTg2MWNiNTc2ZDU0ZGYw
M2Y5ZDhkMmUyOWM2CiMgU0hBMjU2IChPUE5zZW5zZS0xNy43LjUtT3BlblNTTC1kdmQtaTM4Ni5p
c28uYnoyKSA9IGJlY2U1MTZkZDRlMGZhZmJkNGZlZTA3YjU1NTk1NjNhNjZhYmQ1NDJhOGVmZjlm
M2U4MzNiYzMyMDMzODAyOGYKIyBTSEEyNTYgKE9QTnNlbnNlLTE3LjcuNS1PcGVuU1NMLW5hbm8t
aTM4Ni5pbWcuYnoyKSA9IDllYTI0MzI5NjUwNDg3ZGMwOGI3ZTg0NmJlYzRiMGU3NWFlOTY1YzFi
YTk0OGQwMmEwODU3ZjFiNGRmYzk4OWMKIyBTSEEyNTYgKE9QTnNlbnNlLTE3LjcuNS1PcGVuU1NM
LXNlcmlhbC1pMzg2LmltZy5iejIpID0gZTYwMGMwYzIyMzc3ODQyNWVkOTkwYWUzZjM0ZDY4Y2Ji
NzA1YzU2M2QxYzMwOTE5MGZlZGJjYzk3ZjQ1ODYxZQojIFNIQTI1NiAoT1BOc2Vuc2UtMTcuNy41
LU9wZW5TU0wtdmdhLWkzODYuaW1nLmJ6MikgPSAwNjAwZWVkZDc4NDIxODdjY2ZhMWY5NzY0Mjk1
OWQxMGZlMjkwZDJkYjYwZDEwNjg3ZDAwODk2MjdmNTc0ZWZlCgojIE1ENSAoT1BOc2Vuc2UtMTcu
Ny41LU9wZW5TU0wtZHZkLWFtZDY0Lmlzby5iejIpID0gYWM2OWQxOTYzZWUwYTQ1ZTcwNWYzZjcw
NDRkODQ1MTEKIyBNRDUgKE9QTnNlbnNlLTE3LjcuNS1PcGVuU1NMLW5hbm8tYW1kNjQuaW1nLmJ6
MikgPSBlNWY4ZjdhMzIxZTE2ZDdkMWFmMGQ5OWEwYjJiOGE4MAojIE1ENSAoT1BOc2Vuc2UtMTcu
Ny41LU9wZW5TU0wtc2VyaWFsLWFtZDY0LmltZy5iejIpID0gYzg1MTI4MjExOTA1MTVlOWNjM2Fi
NmY3ZTc2MzY5ZGMKIyBNRDUgKE9QTnNlbnNlLTE3LjcuNS1PcGVuU1NMLXZnYS1hbWQ2NC5pbWcu
YnoyKSA9IDgxMWVlYjM0YmZiODUzYjNmM2YyMTg1YzI0NGM4MDUxCiMgTUQ1IChPUE5zZW5zZS0x
Ny43LjUtT3BlblNTTC1kdmQtaTM4Ni5pc28uYnoyKSA9IGJmZWQ5ZTQ0NDY3Mzg3OTc1MjVhM2M2
Zjc5MGM0NTA3CiMgTUQ1IChPUE5zZW5zZS0xNy43LjUtT3BlblNTTC1uYW5vLWkzODYuaW1nLmJ6
MikgPSBhNTZkZWY1NTgzOTdkNmYyMGE5YWRhNGFiNWNkOTg0OAojIE1ENSAoT1BOc2Vuc2UtMTcu
Ny41LU9wZW5TU0wtc2VyaWFsLWkzODYuaW1nLmJ6MikgPSA0MDRkYzlhN2Q1Zjg0MjQ0NDI4ZDFl
ODIzMDJhNDVmMgojIE1ENSAoT1BOc2Vuc2UtMTcuNy41LU9wZW5TU0wtdmdhLWkzODYuaW1nLmJ6
MikgPSBiM2VhNjgzYTkyODMyNGQzZmQxNDljMjU4MGJkZGU1NwpfX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fXwphbm5vdW5jZSBtYWlsaW5nIGxpc3QKYW5ub3Vu
Y2VAbGlzdHMub3Buc2Vuc2Uub3JnCmh0dHA6Ly9saXN0cy5vcG5zZW5zZS5vcmcvbGlzdGluZm8v
YW5ub3VuY2UK

[Dovecot-news] v2.2.33.1 released

https://dovecot.org/releases/2.2/dovecot-2.2.33.1.tar.gz
https://dovecot.org/releases/2.2/dovecot-2.2.33.1.tar.gz.sig

Oops, one a bit too bad bug was left in the release, so fixing it here.

– dovecot-lda was logging to stderr instead of to the log file.

_______________________________________________
Dovecot-news mailing list
Dovecot-news@dovecot.org
https://dovecot.org/mailman/listinfo/dovecot-news

CESA-2017:2882 Moderate CentOS 7 httpd Security Update

CentOS Errata and Security Advisory 2017:2882 Moderate

Upstream details at : https://access.redhat.com/errata/RHSA-2017:2882

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
41421bbfa809cd1fea427ffd689e2caa4d92643aec1094ce7c2271702f19480a httpd-2.4.6-67.el7.centos.5.x86_64.rpm
2814b75b35bf8fed0fd12033d1fc0b6203a60926646fb3151cbda49260175522 httpd-devel-2.4.6-67.el7.centos.5.x86_64.rpm
2156dda1f88729bbf47dcd000911942d122a0797d55fcfdcb65e1ead2e3601e8 httpd-manual-2.4.6-67.el7.centos.5.noarch.rpm
d1152bdf63709d455dbba51fd7aafc4b69cb45dd48073edfe4b337157a3974b4 httpd-tools-2.4.6-67.el7.centos.5.x86_64.rpm
0e4029a1ac0b75e2363c7803282e5230cdf4260122ffbf2daeaec955a94f71ac mod_ldap-2.4.6-67.el7.centos.5.x86_64.rpm
fe94afba530fb88bfbe1bd782afe61dd69212c30920d14574099468a2ce76844 mod_proxy_html-2.4.6-67.el7.centos.5.x86_64.rpm
cae78de9a2bb32f12af2bf7895cc27c2f95119787b7139b5ab0ea018b6738113 mod_session-2.4.6-67.el7.centos.5.x86_64.rpm
829d9f95fafbdc31c0e14180b688f27beb329c00961c5340e9609b9789070ea6 mod_ssl-2.4.6-67.el7.centos.5.x86_64.rpm

Source:
5cc7d1292f22dc068f166c8e722456158f9856c29a71887581394a99a4615ab0 httpd-2.4.6-67.el7.centos.5.src.rpm


Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[Dovecot-news] Released Pigeonhole v0.4.21 for Dovecot v2.2.33.1.

Hello Dovecot users,

Here’s the definitive 0.4.21 release. There were no changes since the
release candidate.

Changelog v0.4.21:

* redirect action: Always set the X-Sieve-Redirected-From header to
sieve_user_email if configured. Before, it would use the envelope
recipient instead if available, which makes no sense if the primary
e-mail address is available.
+ vacation extension: Allow ignoring the envelope sender while composing
the “To:” header for the reply. Normally, the “To:” header is composed
from the address found in the “Sender”, “Resent-From” or “From”
headers that is equal to the envelope sender. If none is then found,
the bare envelope sender is used. This change adds a new setting
“sieve_vacation_to_header_ignore_envelope”. With this setting enabled,
the “To:” header is always composed from those headers in the source
message. The new setting thus allows ignoring the envelope, which is
useful e.g. when SRS is used.
+ vacation extension: Compose the “To:” header from the full sender
address found in the first “Sender:”, “From:” or “Resent-From:”
header. Before, it would create a “To:” header without a phrase part.
The new behavior is nicer, since the reply will be addressed to the
sender by name if possible.
– LDA Sieve plugin: Fixed sequential execution of LDAP-based scripts. A
missing LDAP-based script could cause the script sequence to exit
earlier.
– sieve-filter: Removed the (now) duplicate utf8 to mutf7 mailbox name
conversion. This caused problems with mailbox names containing UTF-8
characters. The Dovecot API was changed years ago, but apparently
sieve-filter was never updated.

The release is available as follows:

https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.21.tar.gz
https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.21.tar.gz.sig

Refer to http://pigeonhole.dovecot.org and the Dovecot v2.x wiki for
more information. Have fun testing this release and don’t hesitate to
notify me when there are any problems.

Regards,


Stephan Bosch
stephan@rename-it.nl

_______________________________________________
Dovecot-news mailing list
Dovecot-news@dovecot.org
https://dovecot.org/mailman/listinfo/dovecot-news

openSUSE-SU-2017:2707-1: important: Security update for MozillaThunderbird

openSUSE Security Update: Security update for MozillaThunderbird
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2707-1
Rating: important
References: #1060445
Cross-References: CVE-2017-7793 CVE-2017-7805 CVE-2017-7810
CVE-2017-7814 CVE-2017-7818 CVE-2017-7819
CVE-2017-7823 CVE-2017-7824 CVE-2017-7825

Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________

An update that fixes 9 vulnerabilities is now available.

Description:

Mozilla Thunderbird was updated to 52.4.0 (boo#1060445)
* new behavior was introduced for replies to mailing list posts: “When
replying to a mailing list, reply will be sent to address in From
header ignoring Reply-to header”. A new preference
mail.override_list_reply_to allows to restore the previous behavior.
* Under certain circumstances (image attachment and non-image
attachment), attached images were shown truncated in messages stored
in IMAP folders not synchronised for offline use.
* IMAP UIDs > 0x7FFFFFFF now handled properly Security fixes from Gecko
52.4esr
* CVE-2017-7793 (bmo#1371889) Use-after-free with Fetch API
* CVE-2017-7818 (bmo#1363723) Use-after-free during ARIA array
manipulation
* CVE-2017-7819 (bmo#1380292) Use-after-free while resizing images in
design mode
* CVE-2017-7824 (bmo#1398381) Buffer overflow when drawing and
validating elements with ANGLE
* CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement) Use-after-free
in TLS 1.2 generating handshake hashes
* CVE-2017-7814 (bmo#1376036) Blob and data URLs bypass phishing and
malware protection warnings
* CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only) OS X fonts render
some Tibetan and Arabic unicode characters as spaces
* CVE-2017-7823 (bmo#1396320) CSP sandbox directive did not create a
unique origin
* CVE-2017-7810 Memory safety bugs fixed in Firefox 56 and Firefox ESR
52.4

– Add alsa-devel BuildRequires: we care for ALSA support to be built and
thus need to ensure we get the dependencies in place. In the past,
alsa-devel was pulled in by accident: we buildrequire libgnome-devel.
This required esound-devel and that in turn pulled in alsa-devel for us.
libgnome is being fixed to no longer require esound-devel.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2017-1144=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):

MozillaThunderbird-52.4.0-45.1
MozillaThunderbird-buildsymbols-52.4.0-45.1
MozillaThunderbird-debuginfo-52.4.0-45.1
MozillaThunderbird-debugsource-52.4.0-45.1
MozillaThunderbird-devel-52.4.0-45.1
MozillaThunderbird-translations-common-52.4.0-45.1
MozillaThunderbird-translations-other-52.4.0-45.1

References:

https://www.suse.com/security/cve/CVE-2017-7793.html
https://www.suse.com/security/cve/CVE-2017-7805.html
https://www.suse.com/security/cve/CVE-2017-7810.html
https://www.suse.com/security/cve/CVE-2017-7814.html
https://www.suse.com/security/cve/CVE-2017-7818.html
https://www.suse.com/security/cve/CVE-2017-7819.html
https://www.suse.com/security/cve/CVE-2017-7823.html
https://www.suse.com/security/cve/CVE-2017-7824.html
https://www.suse.com/security/cve/CVE-2017-7825.html
https://bugzilla.suse.com/1060445


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2717-1: important: Security update for git

SUSE Security Update: Security update for git
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2717-1
Rating: important
References: #1061041
Cross-References: CVE-2017-14867
Affected Products:
SUSE Studio Onsite 1.3
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for git fixes the following issues:

– CVE-2017-14867: A cvsserver perl script command injection was fixed
(CVE-2017-14867, bsc#1061041):

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Studio Onsite 1.3:

zypper in -t patch slestso13-git-13310=1

– SUSE Linux Enterprise Software Development Kit 11-SP4:

zypper in -t patch sdksp4-git-13310=1

– SUSE Linux Enterprise Debuginfo 11-SP4:

zypper in -t patch dbgsp4-git-13310=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Studio Onsite 1.3 (x86_64):

git-1.7.12.4-0.18.6.1
git-core-1.7.12.4-0.18.6.1

– SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):

git-1.7.12.4-0.18.6.1
git-arch-1.7.12.4-0.18.6.1
git-core-1.7.12.4-0.18.6.1
git-cvs-1.7.12.4-0.18.6.1
git-daemon-1.7.12.4-0.18.6.1
git-email-1.7.12.4-0.18.6.1
git-gui-1.7.12.4-0.18.6.1
git-svn-1.7.12.4-0.18.6.1
git-web-1.7.12.4-0.18.6.1
gitk-1.7.12.4-0.18.6.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

git-debuginfo-1.7.12.4-0.18.6.1
git-debugsource-1.7.12.4-0.18.6.1

References:

https://www.suse.com/security/cve/CVE-2017-14867.html
https://bugzilla.suse.com/1061041


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE-SU-2017:2710-1: important: Security update for MozillaThunderbird

openSUSE Security Update: Security update for MozillaThunderbird
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2710-1
Rating: important
References: #1060445
Cross-References: CVE-2017-7793 CVE-2017-7805 CVE-2017-7810
CVE-2017-7814 CVE-2017-7818 CVE-2017-7819
CVE-2017-7823 CVE-2017-7824 CVE-2017-7825

Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________

An update that fixes 9 vulnerabilities is now available.

Description:

Mozilla Thunderbird was updated to 52.4.0 (boo#1060445)
* new behavior was introduced for replies to mailing list posts: “When
replying to a mailing list, reply will be sent to address in From
header ignoring Reply-to header”. A new preference
mail.override_list_reply_to allows to restore the previous behavior.
* Under certain circumstances (image attachment and non-image
attachment), attached images were shown truncated in messages stored
in IMAP folders not synchronised for offline use.
* IMAP UIDs > 0x7FFFFFFF now handled properly Security fixes from Gecko
52.4esr
* CVE-2017-7793 (bmo#1371889) Use-after-free with Fetch API
* CVE-2017-7818 (bmo#1363723) Use-after-free during ARIA array
manipulation
* CVE-2017-7819 (bmo#1380292) Use-after-free while resizing images in
design mode
* CVE-2017-7824 (bmo#1398381) Buffer overflow when drawing and
validating elements with ANGLE
* CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement) Use-after-free
in TLS 1.2 generating handshake hashes
* CVE-2017-7814 (bmo#1376036) Blob and data URLs bypass phishing and
malware protection warnings
* CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only) OS X fonts render
some Tibetan and Arabic unicode characters as spaces
* CVE-2017-7823 (bmo#1396320) CSP sandbox directive did not create a
unique origin
* CVE-2017-7810 Memory safety bugs fixed in Firefox 56 and Firefox ESR
52.4

– Add alsa-devel BuildRequires: we care for ALSA support to be built and
thus need to ensure we get the dependencies in place. In the past,
alsa-devel was pulled in by accident: we buildrequire libgnome-devel.
This required esound-devel and that in turn pulled in alsa-devel for us.
libgnome is being fixed to no longer require esound-devel.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-1144=1

– openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-1144=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.3 (i586 x86_64):

MozillaThunderbird-52.4.0-47.1
MozillaThunderbird-buildsymbols-52.4.0-47.1
MozillaThunderbird-debuginfo-52.4.0-47.1
MozillaThunderbird-debugsource-52.4.0-47.1
MozillaThunderbird-devel-52.4.0-47.1
MozillaThunderbird-translations-common-52.4.0-47.1
MozillaThunderbird-translations-other-52.4.0-47.1

– openSUSE Leap 42.2 (i586 x86_64):

MozillaThunderbird-52.4.0-41.18.1
MozillaThunderbird-buildsymbols-52.4.0-41.18.1
MozillaThunderbird-debuginfo-52.4.0-41.18.1
MozillaThunderbird-debugsource-52.4.0-41.18.1
MozillaThunderbird-devel-52.4.0-41.18.1
MozillaThunderbird-translations-common-52.4.0-41.18.1
MozillaThunderbird-translations-other-52.4.0-41.18.1

References:

https://www.suse.com/security/cve/CVE-2017-7793.html
https://www.suse.com/security/cve/CVE-2017-7805.html
https://www.suse.com/security/cve/CVE-2017-7810.html
https://www.suse.com/security/cve/CVE-2017-7814.html
https://www.suse.com/security/cve/CVE-2017-7818.html
https://www.suse.com/security/cve/CVE-2017-7819.html
https://www.suse.com/security/cve/CVE-2017-7823.html
https://www.suse.com/security/cve/CVE-2017-7824.html
https://www.suse.com/security/cve/CVE-2017-7825.html
https://bugzilla.suse.com/1060445


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2700-1: important: Security update for SLES 12-SP1 Docker image

SUSE Security Update: Security update for SLES 12-SP1 Docker image
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2700-1
Rating: important
References: #1056193 #975726
Cross-References: CVE-2012-6702 CVE-2014-0191 CVE-2014-6271
CVE-2014-6277 CVE-2014-6278 CVE-2014-7169
CVE-2014-7187 CVE-2014-7824 CVE-2014-8964
CVE-2014-9770 CVE-2015-0245 CVE-2015-0860
CVE-2015-1283 CVE-2015-2059 CVE-2015-2325
CVE-2015-2327 CVE-2015-2328 CVE-2015-3210
CVE-2015-3217 CVE-2015-3238 CVE-2015-3622
CVE-2015-5073 CVE-2015-5276 CVE-2015-7511
CVE-2015-8380 CVE-2015-8381 CVE-2015-8382
CVE-2015-8383 CVE-2015-8384 CVE-2015-8385
CVE-2015-8386 CVE-2015-8387 CVE-2015-8388
CVE-2015-8389 CVE-2015-8390 CVE-2015-8391
CVE-2015-8392 CVE-2015-8393 CVE-2015-8394
CVE-2015-8395 CVE-2015-8806 CVE-2015-8842
CVE-2015-8853 CVE-2015-8948 CVE-2016-0634
CVE-2016-0718 CVE-2016-0787 CVE-2016-1234
CVE-2016-1238 CVE-2016-1283 CVE-2016-1762
CVE-2016-1833 CVE-2016-1834 CVE-2016-1835
CVE-2016-1837 CVE-2016-1838 CVE-2016-1839
CVE-2016-1840 CVE-2016-2037 CVE-2016-2073
CVE-2016-2105 CVE-2016-2106 CVE-2016-2107
CVE-2016-2108 CVE-2016-2109 CVE-2016-2177
CVE-2016-2178 CVE-2016-2179 CVE-2016-2180
CVE-2016-2181 CVE-2016-2182 CVE-2016-2183
CVE-2016-2381 CVE-2016-3075 CVE-2016-3191
CVE-2016-3627 CVE-2016-3705 CVE-2016-3706
CVE-2016-4008 CVE-2016-4429 CVE-2016-4447
CVE-2016-4448 CVE-2016-4449 CVE-2016-4483
CVE-2016-4574 CVE-2016-4579 CVE-2016-4658
CVE-2016-5011 CVE-2016-5300 CVE-2016-5419
CVE-2016-5420 CVE-2016-5421 CVE-2016-6185
CVE-2016-6261 CVE-2016-6262 CVE-2016-6263
CVE-2016-6302 CVE-2016-6303 CVE-2016-6304
CVE-2016-6306 CVE-2016-6313 CVE-2016-6318
CVE-2016-7056 CVE-2016-7141 CVE-2016-7167
CVE-2016-7543 CVE-2016-7796 CVE-2016-8610
CVE-2016-8615 CVE-2016-8616 CVE-2016-8617
CVE-2016-8618 CVE-2016-8619 CVE-2016-8620
CVE-2016-8621 CVE-2016-8622 CVE-2016-8623
CVE-2016-8624 CVE-2016-9063 CVE-2016-9318
CVE-2016-9586 CVE-2016-9597 CVE-2016-9840
CVE-2016-9841 CVE-2016-9842 CVE-2016-9843
CVE-2017-1000100 CVE-2017-1000101 CVE-2017-1000366
CVE-2017-10684 CVE-2017-10685 CVE-2017-11112
CVE-2017-11113 CVE-2017-2616 CVE-2017-3731
CVE-2017-6507 CVE-2017-7407 CVE-2017-7526
CVE-2017-9047 CVE-2017-9048 CVE-2017-9049
CVE-2017-9050 CVE-2017-9233
Affected Products:
SUSE Linux Enterprise Module for Containers 12
______________________________________________________________________________

An update that fixes 143 vulnerabilities is now available.

Description:

The SUSE Linux Enterprise Server 12 SP1 container image has been updated
to include security and stability fixes.

The following issues related to building of the container images have been
fixed:

– Included krb5 package to avoid the inclusion of krb5-mini which gets
selected as a dependency by the Build Service solver. (bsc#1056193)
– Do not install recommended packages when building container images.
(bsc#975726)

A number of security issues that have been already fixed by updates
released for SUSE Linux Enterprise Server 12 SP1 are now included in the
base image. A package/CVE cross-reference is available below.

pam:

– CVE-2015-3238

libtasn1:

– CVE-2015-3622
– CVE-2016-4008

expat:

expat:

– CVE-2012-6702
– CVE-2015-1283
– CVE-2016-0718
– CVE-2016-5300
– CVE-2016-9063
– CVE-2017-9233

libidn:

– CVE-2015-2059
– CVE-2015-8948
– CVE-2016-6261
– CVE-2016-6262
– CVE-2016-6263

zlib:

– CVE-2016-9840
– CVE-2016-9841
– CVE-2016-9842
– CVE-2016-9843

curl:

– CVE-2016-5419
– CVE-2016-5420
– CVE-2016-5421
– CVE-2016-7141
– CVE-2016-7167
– CVE-2016-8615
– CVE-2016-8616
– CVE-2016-8617
– CVE-2016-8618
– CVE-2016-8619
– CVE-2016-8620
– CVE-2016-8621
– CVE-2016-8622
– CVE-2016-8623
– CVE-2016-8624
– CVE-2016-9586
– CVE-2017-1000100
– CVE-2017-1000101
– CVE-2017-7407

openssl:

– CVE-2016-2105
– CVE-2016-2106
– CVE-2016-2107
– CVE-2016-2108
– CVE-2016-2109
– CVE-2016-2177
– CVE-2016-2178
– CVE-2016-2179
– CVE-2016-2180
– CVE-2016-2181
– CVE-2016-2182
– CVE-2016-2183
– CVE-2016-6302
– CVE-2016-6303
– CVE-2016-6304
– CVE-2016-6306
– CVE-2016-7056
– CVE-2016-8610
– CVE-2017-3731

cracklib:

– CVE-2016-6318

pcre:

– CVE-2014-8964
– CVE-2015-2325
– CVE-2015-2327
– CVE-2015-2328
– CVE-2015-3210
– CVE-2015-3217
– CVE-2015-5073
– CVE-2015-8380
– CVE-2015-8381
– CVE-2015-8382
– CVE-2015-8383
– CVE-2015-8384
– CVE-2015-8385
– CVE-2015-8386
– CVE-2015-8387
– CVE-2015-8388
– CVE-2015-8389
– CVE-2015-8390
– CVE-2015-8391
– CVE-2015-8392
– CVE-2015-8393
– CVE-2015-8394
– CVE-2015-8395
– CVE-2016-1283
– CVE-2016-3191

appamor:

– CVE-2017-6507

bash:

– CVE-2014-6277
– CVE-2014-6278
– CVE-2016-0634
– CVE-2016-7543

cpio:

– CVE-2016-2037

glibc:

– CVE-2016-1234
– CVE-2016-3075
– CVE-2016-3706
– CVE-2016-4429
– CVE-2017-1000366

perl:

– CVE-2015-8853
– CVE-2016-1238
– CVE-2016-2381
– CVE-2016-6185

libssh2_org:

– CVE-2016-0787

util-linux:

– CVE-2016-5011
– CVE-2017-2616

ncurses:

– CVE-2017-10684
– CVE-2017-10685
– CVE-2017-11112
– CVE-2017-11113

libksba:

– CVE-2016-4574
– CVE-2016-4579

libxml2:

– CVE-2014-0191
– CVE-2015-8806
– CVE-2016-1762
– CVE-2016-1833
– CVE-2016-1834
– CVE-2016-1835
– CVE-2016-1837
– CVE-2016-1838
– CVE-2016-1839
– CVE-2016-1840
– CVE-2016-2073
– CVE-2016-3627
– CVE-2016-3705
– CVE-2016-4447
– CVE-2016-4448
– CVE-2016-4449
– CVE-2016-4483
– CVE-2016-4658
– CVE-2016-9318
– CVE-2016-9597
– CVE-2017-9047
– CVE-2017-9048
– CVE-2017-9049
– CVE-2017-9050

libgcrypt:

– CVE-2015-7511
– CVE-2016-6313
– CVE-2017-7526

update-alternatives:

– CVE-2015-0860

systemd:

– CVE-2014-9770
– CVE-2015-8842
– CVE-2016-7796

dbus-1:

– CVE-2014-7824
– CVE-2015-0245

Finally, the following packages received non-security fixes:

– augeas
– bzip2
– ca-certificates-mozilla
– coreutils
– cryptsetup
– cyrus-sasl
– dirmngr
– e2fsprogs
– findutils
– gpg2
– insserv-compat
– kmod
– libcap
– libsolv
– libzypp
– lua51
– lvm2
– netcfg
– p11-kit
– permissions
– procps
– rpm
– sed
– sg3_utils
– shadow
– zypper

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Module for Containers 12:

zypper in -t patch SUSE-SLE-Module-Containers-12-2017-1673=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64):

sles12sp1-docker-image-1.0.7-20171002

References:

https://www.suse.com/security/cve/CVE-2012-6702.html
https://www.suse.com/security/cve/CVE-2014-0191.html
https://www.suse.com/security/cve/CVE-2014-6271.html
https://www.suse.com/security/cve/CVE-2014-6277.html
https://www.suse.com/security/cve/CVE-2014-6278.html
https://www.suse.com/security/cve/CVE-2014-7169.html
https://www.suse.com/security/cve/CVE-2014-7187.html
https://www.suse.com/security/cve/CVE-2014-7824.html
https://www.suse.com/security/cve/CVE-2014-8964.html
https://www.suse.com/security/cve/CVE-2014-9770.html
https://www.suse.com/security/cve/CVE-2015-0245.html
https://www.suse.com/security/cve/CVE-2015-0860.html
https://www.suse.com/security/cve/CVE-2015-1283.html
https://www.suse.com/security/cve/CVE-2015-2059.html
https://www.suse.com/security/cve/CVE-2015-2325.html
https://www.suse.com/security/cve/CVE-2015-2327.html
https://www.suse.com/security/cve/CVE-2015-2328.html
https://www.suse.com/security/cve/CVE-2015-3210.html
https://www.suse.com/security/cve/CVE-2015-3217.html
https://www.suse.com/security/cve/CVE-2015-3238.html
https://www.suse.com/security/cve/CVE-2015-3622.html
https://www.suse.com/security/cve/CVE-2015-5073.html
https://www.suse.com/security/cve/CVE-2015-5276.html
https://www.suse.com/security/cve/CVE-2015-7511.html
https://www.suse.com/security/cve/CVE-2015-8380.html
https://www.suse.com/security/cve/CVE-2015-8381.html
https://www.suse.com/security/cve/CVE-2015-8382.html
https://www.suse.com/security/cve/CVE-2015-8383.html
https://www.suse.com/security/cve/CVE-2015-8384.html
https://www.suse.com/security/cve/CVE-2015-8385.html
https://www.suse.com/security/cve/CVE-2015-8386.html
https://www.suse.com/security/cve/CVE-2015-8387.html
https://www.suse.com/security/cve/CVE-2015-8388.html
https://www.suse.com/security/cve/CVE-2015-8389.html
https://www.suse.com/security/cve/CVE-2015-8390.html
https://www.suse.com/security/cve/CVE-2015-8391.html
https://www.suse.com/security/cve/CVE-2015-8392.html
https://www.suse.com/security/cve/CVE-2015-8393.html
https://www.suse.com/security/cve/CVE-2015-8394.html
https://www.suse.com/security/cve/CVE-2015-8395.html
https://www.suse.com/security/cve/CVE-2015-8806.html
https://www.suse.com/security/cve/CVE-2015-8842.html
https://www.suse.com/security/cve/CVE-2015-8853.html
https://www.suse.com/security/cve/CVE-2015-8948.html
https://www.suse.com/security/cve/CVE-2016-0634.html
https://www.suse.com/security/cve/CVE-2016-0718.html
https://www.suse.com/security/cve/CVE-2016-0787.html
https://www.suse.com/security/cve/CVE-2016-1234.html
https://www.suse.com/security/cve/CVE-2016-1238.html
https://www.suse.com/security/cve/CVE-2016-1283.html
https://www.suse.com/security/cve/CVE-2016-1762.html
https://www.suse.com/security/cve/CVE-2016-1833.html
https://www.suse.com/security/cve/CVE-2016-1834.html
https://www.suse.com/security/cve/CVE-2016-1835.html
https://www.suse.com/security/cve/CVE-2016-1837.html
https://www.suse.com/security/cve/CVE-2016-1838.html
https://www.suse.com/security/cve/CVE-2016-1839.html
https://www.suse.com/security/cve/CVE-2016-1840.html
https://www.suse.com/security/cve/CVE-2016-2037.html
https://www.suse.com/security/cve/CVE-2016-2073.html
https://www.suse.com/security/cve/CVE-2016-2105.html
https://www.suse.com/security/cve/CVE-2016-2106.html
https://www.suse.com/security/cve/CVE-2016-2107.html
https://www.suse.com/security/cve/CVE-2016-2108.html
https://www.suse.com/security/cve/CVE-2016-2109.html
https://www.suse.com/security/cve/CVE-2016-2177.html
https://www.suse.com/security/cve/CVE-2016-2178.html
https://www.suse.com/security/cve/CVE-2016-2179.html
https://www.suse.com/security/cve/CVE-2016-2180.html
https://www.suse.com/security/cve/CVE-2016-2181.html
https://www.suse.com/security/cve/CVE-2016-2182.html
https://www.suse.com/security/cve/CVE-2016-2183.html
https://www.suse.com/security/cve/CVE-2016-2381.html
https://www.suse.com/security/cve/CVE-2016-3075.html
https://www.suse.com/security/cve/CVE-2016-3191.html
https://www.suse.com/security/cve/CVE-2016-3627.html
https://www.suse.com/security/cve/CVE-2016-3705.html
https://www.suse.com/security/cve/CVE-2016-3706.html
https://www.suse.com/security/cve/CVE-2016-4008.html
https://www.suse.com/security/cve/CVE-2016-4429.html
https://www.suse.com/security/cve/CVE-2016-4447.html
https://www.suse.com/security/cve/CVE-2016-4448.html
https://www.suse.com/security/cve/CVE-2016-4449.html
https://www.suse.com/security/cve/CVE-2016-4483.html
https://www.suse.com/security/cve/CVE-2016-4574.html
https://www.suse.com/security/cve/CVE-2016-4579.html
https://www.suse.com/security/cve/CVE-2016-4658.html
https://www.suse.com/security/cve/CVE-2016-5011.html
https://www.suse.com/security/cve/CVE-2016-5300.html
https://www.suse.com/security/cve/CVE-2016-5419.html
https://www.suse.com/security/cve/CVE-2016-5420.html
https://www.suse.com/security/cve/CVE-2016-5421.html
https://www.suse.com/security/cve/CVE-2016-6185.html
https://www.suse.com/security/cve/CVE-2016-6261.html
https://www.suse.com/security/cve/CVE-2016-6262.html
https://www.suse.com/security/cve/CVE-2016-6263.html
https://www.suse.com/security/cve/CVE-2016-6302.html
https://www.suse.com/security/cve/CVE-2016-6303.html
https://www.suse.com/security/cve/CVE-2016-6304.html
https://www.suse.com/security/cve/CVE-2016-6306.html
https://www.suse.com/security/cve/CVE-2016-6313.html
https://www.suse.com/security/cve/CVE-2016-6318.html
https://www.suse.com/security/cve/CVE-2016-7056.html
https://www.suse.com/security/cve/CVE-2016-7141.html
https://www.suse.com/security/cve/CVE-2016-7167.html
https://www.suse.com/security/cve/CVE-2016-7543.html
https://www.suse.com/security/cve/CVE-2016-7796.html
https://www.suse.com/security/cve/CVE-2016-8610.html
https://www.suse.com/security/cve/CVE-2016-8615.html
https://www.suse.com/security/cve/CVE-2016-8616.html
https://www.suse.com/security/cve/CVE-2016-8617.html
https://www.suse.com/security/cve/CVE-2016-8618.html
https://www.suse.com/security/cve/CVE-2016-8619.html
https://www.suse.com/security/cve/CVE-2016-8620.html
https://www.suse.com/security/cve/CVE-2016-8621.html
https://www.suse.com/security/cve/CVE-2016-8622.html
https://www.suse.com/security/cve/CVE-2016-8623.html
https://www.suse.com/security/cve/CVE-2016-8624.html
https://www.suse.com/security/cve/CVE-2016-9063.html
https://www.suse.com/security/cve/CVE-2016-9318.html
https://www.suse.com/security/cve/CVE-2016-9586.html
https://www.suse.com/security/cve/CVE-2016-9597.html
https://www.suse.com/security/cve/CVE-2016-9840.html
https://www.suse.com/security/cve/CVE-2016-9841.html
https://www.suse.com/security/cve/CVE-2016-9842.html
https://www.suse.com/security/cve/CVE-2016-9843.html
https://www.suse.com/security/cve/CVE-2017-1000100.html
https://www.suse.com/security/cve/CVE-2017-1000101.html
https://www.suse.com/security/cve/CVE-2017-1000366.html
https://www.suse.com/security/cve/CVE-2017-10684.html
https://www.suse.com/security/cve/CVE-2017-10685.html
https://www.suse.com/security/cve/CVE-2017-11112.html
https://www.suse.com/security/cve/CVE-2017-11113.html
https://www.suse.com/security/cve/CVE-2017-2616.html
https://www.suse.com/security/cve/CVE-2017-3731.html
https://www.suse.com/security/cve/CVE-2017-6507.html
https://www.suse.com/security/cve/CVE-2017-7407.html
https://www.suse.com/security/cve/CVE-2017-7526.html
https://www.suse.com/security/cve/CVE-2017-9047.html
https://www.suse.com/security/cve/CVE-2017-9048.html
https://www.suse.com/security/cve/CVE-2017-9049.html
https://www.suse.com/security/cve/CVE-2017-9050.html
https://www.suse.com/security/cve/CVE-2017-9233.html
https://bugzilla.suse.com/1056193
https://bugzilla.suse.com/975726


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2701-1: important: Security update for SLES 12-SP2 Docker image

SUSE Security Update: Security update for SLES 12-SP2 Docker image
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2701-1
Rating: important
References: #1056193
Cross-References: CVE-2012-6702 CVE-2015-3238 CVE-2016-10156
CVE-2016-1839 CVE-2016-2037 CVE-2016-4658
CVE-2016-5011 CVE-2016-5300 CVE-2016-7055
CVE-2016-9063 CVE-2016-9318 CVE-2016-9401
CVE-2016-9586 CVE-2016-9597 CVE-2016-9840
CVE-2016-9841 CVE-2016-9842 CVE-2016-9843
CVE-2017-0663 CVE-2017-1000100 CVE-2017-1000101
CVE-2017-1000366 CVE-2017-10684 CVE-2017-10685
CVE-2017-11112 CVE-2017-11113 CVE-2017-2616
CVE-2017-3731 CVE-2017-3732 CVE-2017-5969
CVE-2017-6507 CVE-2017-7375 CVE-2017-7376
CVE-2017-7407 CVE-2017-7435 CVE-2017-7436
CVE-2017-7526 CVE-2017-8872 CVE-2017-9047
CVE-2017-9048 CVE-2017-9049 CVE-2017-9050
CVE-2017-9217 CVE-2017-9233 CVE-2017-9269
CVE-2017-9287 CVE-2017-9445
Affected Products:
SUSE Linux Enterprise Module for Containers 12
______________________________________________________________________________

An update that fixes 47 vulnerabilities is now available.

Description:

The SUSE Linux Enterprise Server 12 SP2 container image has been updated
to include security and stability fixes.

The following issues related to building of the container images have been
fixed:

– Included krb5 package to avoid the inclusion of krb5-mini which gets
selected as a dependency by the Build Service solver. (bsc#1056193)

A number of security issues that have been already fixed by updates
released for SUSE Linux Enterprise Server 12 are now included in the base
image. A package/CVE cross-reference is available below.

bash:

– CVE-2016-9401

expat:

– CVE-2012-6702
– CVE-2016-5300
– CVE-2016-9063
– CVE-2017-9233

curl:

– CVE-2016-9586
– CVE-2017-1000100
– CVE-2017-1000101
– CVE-2017-7407

glibc:

– CVE-2017-1000366

openssl:

– CVE-2017-3731
– CVE-2017-3732
– CVE-2016-7055

pam:

– CVE-2015-3238

apparmor:

– CVE-2017-6507

ncurses:

– CVE-2017-10684
– CVE-2017-10685
– CVE-2017-11112
– CVE-2017-11113

libgcrypt:

– CVE-2017-7526

libxml2:

– CVE-2016-1839
– CVE-2016-4658
– CVE-2016-9318
– CVE-2016-9597
– CVE-2017-0663
– CVE-2017-5969
– CVE-2017-7375
– CVE-2017-7376
– CVE-2017-8872
– CVE-2017-9047
– CVE-2017-9048
– CVE-2017-9049
– CVE-2017-9050

libzypp:

– CVE-2017-9269
– CVE-2017-7435
– CVE-2017-7436

openldap2:

– CVE-2017-9287

systemd:

– CVE-2016-10156
– CVE-2017-9217
– CVE-2017-9445

util-linux:

– CVE-2016-5011
– CVE-2017-2616

zlib:

– CVE-2016-9840
– CVE-2016-9841
– CVE-2016-9842
– CVE-2016-9843

zypper:

– CVE-2017-7436

Finally, the following packages received non-security fixes:

– binutils
– cpio
– cryptsetup
– cyrus-sasl
– dbus-1
– dirmngr
– e2fsprogs
– gpg2
– insserv-compat
– kmod
– libsolv
– libsemanage
– lvm2
– lua51
– netcfg
– procps
– sed
– sg3_utils
– shadow

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Module for Containers 12:

zypper in -t patch SUSE-SLE-Module-Containers-12-2017-1674=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64):

sles12sp2-docker-image-1.0.2-20171006

References:

https://www.suse.com/security/cve/CVE-2012-6702.html
https://www.suse.com/security/cve/CVE-2015-3238.html
https://www.suse.com/security/cve/CVE-2016-10156.html
https://www.suse.com/security/cve/CVE-2016-1839.html
https://www.suse.com/security/cve/CVE-2016-2037.html
https://www.suse.com/security/cve/CVE-2016-4658.html
https://www.suse.com/security/cve/CVE-2016-5011.html
https://www.suse.com/security/cve/CVE-2016-5300.html
https://www.suse.com/security/cve/CVE-2016-7055.html
https://www.suse.com/security/cve/CVE-2016-9063.html
https://www.suse.com/security/cve/CVE-2016-9318.html
https://www.suse.com/security/cve/CVE-2016-9401.html
https://www.suse.com/security/cve/CVE-2016-9586.html
https://www.suse.com/security/cve/CVE-2016-9597.html
https://www.suse.com/security/cve/CVE-2016-9840.html
https://www.suse.com/security/cve/CVE-2016-9841.html
https://www.suse.com/security/cve/CVE-2016-9842.html
https://www.suse.com/security/cve/CVE-2016-9843.html
https://www.suse.com/security/cve/CVE-2017-0663.html
https://www.suse.com/security/cve/CVE-2017-1000100.html
https://www.suse.com/security/cve/CVE-2017-1000101.html
https://www.suse.com/security/cve/CVE-2017-1000366.html
https://www.suse.com/security/cve/CVE-2017-10684.html
https://www.suse.com/security/cve/CVE-2017-10685.html
https://www.suse.com/security/cve/CVE-2017-11112.html
https://www.suse.com/security/cve/CVE-2017-11113.html
https://www.suse.com/security/cve/CVE-2017-2616.html
https://www.suse.com/security/cve/CVE-2017-3731.html
https://www.suse.com/security/cve/CVE-2017-3732.html
https://www.suse.com/security/cve/CVE-2017-5969.html
https://www.suse.com/security/cve/CVE-2017-6507.html
https://www.suse.com/security/cve/CVE-2017-7375.html
https://www.suse.com/security/cve/CVE-2017-7376.html
https://www.suse.com/security/cve/CVE-2017-7407.html
https://www.suse.com/security/cve/CVE-2017-7435.html
https://www.suse.com/security/cve/CVE-2017-7436.html
https://www.suse.com/security/cve/CVE-2017-7526.html
https://www.suse.com/security/cve/CVE-2017-8872.html
https://www.suse.com/security/cve/CVE-2017-9047.html
https://www.suse.com/security/cve/CVE-2017-9048.html
https://www.suse.com/security/cve/CVE-2017-9049.html
https://www.suse.com/security/cve/CVE-2017-9050.html
https://www.suse.com/security/cve/CVE-2017-9217.html
https://www.suse.com/security/cve/CVE-2017-9233.html
https://www.suse.com/security/cve/CVE-2017-9269.html
https://www.suse.com/security/cve/CVE-2017-9287.html
https://www.suse.com/security/cve/CVE-2017-9445.html
https://bugzilla.suse.com/1056193


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2699-1: important: Security update for SLES 12 Docker image

SUSE Security Update: Security update for SLES 12 Docker image
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2699-1
Rating: important
References: #1056193 #975726
Cross-References: CVE-2012-6702 CVE-2014-0191 CVE-2014-6271
CVE-2014-6277 CVE-2014-6278 CVE-2014-7169
CVE-2014-7187 CVE-2014-7824 CVE-2014-8964
CVE-2014-9770 CVE-2015-0245 CVE-2015-1283
CVE-2015-2059 CVE-2015-2325 CVE-2015-2327
CVE-2015-2328 CVE-2015-3210 CVE-2015-3217
CVE-2015-3238 CVE-2015-3622 CVE-2015-5073
CVE-2015-5218 CVE-2015-5276 CVE-2015-7511
CVE-2015-8380 CVE-2015-8381 CVE-2015-8382
CVE-2015-8383 CVE-2015-8384 CVE-2015-8385
CVE-2015-8386 CVE-2015-8387 CVE-2015-8388
CVE-2015-8389 CVE-2015-8390 CVE-2015-8391
CVE-2015-8392 CVE-2015-8393 CVE-2015-8394
CVE-2015-8395 CVE-2015-8806 CVE-2015-8842
CVE-2015-8853 CVE-2015-8948 CVE-2016-0634
CVE-2016-0718 CVE-2016-0787 CVE-2016-1234
CVE-2016-1238 CVE-2016-1283 CVE-2016-1762
CVE-2016-1833 CVE-2016-1834 CVE-2016-1835
CVE-2016-1837 CVE-2016-1838 CVE-2016-1839
CVE-2016-1840 CVE-2016-2037 CVE-2016-2073
CVE-2016-2105 CVE-2016-2106 CVE-2016-2107
CVE-2016-2108 CVE-2016-2109 CVE-2016-2177
CVE-2016-2178 CVE-2016-2179 CVE-2016-2180
CVE-2016-2181 CVE-2016-2182 CVE-2016-2183
CVE-2016-2381 CVE-2016-3075 CVE-2016-3191
CVE-2016-3627 CVE-2016-3705 CVE-2016-3706
CVE-2016-4008 CVE-2016-4429 CVE-2016-4447
CVE-2016-4448 CVE-2016-4449 CVE-2016-4483
CVE-2016-4574 CVE-2016-4579 CVE-2016-4658
CVE-2016-5011 CVE-2016-5300 CVE-2016-5419
CVE-2016-5420 CVE-2016-5421 CVE-2016-6185
CVE-2016-6261 CVE-2016-6262 CVE-2016-6263
CVE-2016-6302 CVE-2016-6303 CVE-2016-6304
CVE-2016-6306 CVE-2016-6313 CVE-2016-6318
CVE-2016-7141 CVE-2016-7167 CVE-2016-7543
CVE-2016-7796 CVE-2016-8615 CVE-2016-8616
CVE-2016-8617 CVE-2016-8618 CVE-2016-8619
CVE-2016-8620 CVE-2016-8621 CVE-2016-8622
CVE-2016-8623 CVE-2016-8624 CVE-2016-9063
CVE-2016-9318 CVE-2016-9586 CVE-2016-9597
CVE-2016-9840 CVE-2016-9841 CVE-2016-9842
CVE-2016-9843 CVE-2017-1000100 CVE-2017-1000101
CVE-2017-1000366 CVE-2017-10684 CVE-2017-10685
CVE-2017-11112 CVE-2017-11113 CVE-2017-2616
CVE-2017-6507 CVE-2017-7407 CVE-2017-7526
CVE-2017-9047 CVE-2017-9048 CVE-2017-9049
CVE-2017-9050 CVE-2017-9233
Affected Products:
SUSE Linux Enterprise Module for Containers 12
______________________________________________________________________________

An update that fixes 140 vulnerabilities is now available.

Description:

The SUSE Linux Enterprise Server 12 container image has been updated to
include security and stability fixes.

The following issues related to building of the container images have been
fixed:

– Included krb5 package to avoid the inclusion of krb5-mini which gets
selected as a dependency by the Build Service solver. (bsc#1056193)
– Do not install recommended packages when building container images.
(bsc#975726)

A number of security issues that have been already fixed by updates
released for SUSE Linux Enterprise Server 12 are now included in the base
image. A package/CVE cross-reference is available below.

pam:

– CVE-2015-3238

libtasn1:

– CVE-2015-3622
– CVE-2016-4008

libidn:

– CVE-2015-2059
– CVE-2015-8948
– CVE-2016-6261
– CVE-2016-6262
– CVE-2016-6263

zlib:

– CVE-2016-9840
– CVE-2016-9841
– CVE-2016-9842
– CVE-2016-9843

curl:

– CVE-2016-5419
– CVE-2016-5420
– CVE-2016-5421
– CVE-2016-7141
– CVE-2016-7167
– CVE-2016-8615
– CVE-2016-8616
– CVE-2016-8617
– CVE-2016-8618
– CVE-2016-8619
– CVE-2016-8620
– CVE-2016-8621
– CVE-2016-8622
– CVE-2016-8623
– CVE-2016-8624
– CVE-2016-9586
– CVE-2017-1000100
– CVE-2017-1000101
– CVE-2017-7407

openssl:

– CVE-2016-2105
– CVE-2016-2106
– CVE-2016-2107
– CVE-2016-2108
– CVE-2016-2109
– CVE-2016-2177
– CVE-2016-2178
– CVE-2016-2179
– CVE-2016-2180
– CVE-2016-2181
– CVE-2016-2182
– CVE-2016-2183
– CVE-2016-6302
– CVE-2016-6303
– CVE-2016-6304
– CVE-2016-6306

libxml2:

– CVE-2014-0191
– CVE-2015-8806
– CVE-2016-1762
– CVE-2016-1833
– CVE-2016-1834
– CVE-2016-1835
– CVE-2016-1837
– CVE-2016-1838
– CVE-2016-1839
– CVE-2016-1840
– CVE-2016-2073
– CVE-2016-3627
– CVE-2016-3705
– CVE-2016-4447
– CVE-2016-4448
– CVE-2016-4449
– CVE-2016-4483
– CVE-2016-4658
– CVE-2016-9318
– CVE-2016-9597
– CVE-2017-9047
– CVE-2017-9048
– CVE-2017-9049
– CVE-2017-9050

util-linux:

– CVE-2015-5218
– CVE-2016-5011
– CVE-2017-2616

cracklib:

– CVE-2016-6318

systemd:

– CVE-2014-9770
– CVE-2015-8842
– CVE-2016-7796

pcre:

– CVE-2014-8964
– CVE-2015-2325
– CVE-2015-2327
– CVE-2015-2328
– CVE-2015-3210
– CVE-2015-3217
– CVE-2015-5073
– CVE-2015-8380
– CVE-2015-8381
– CVE-2015-8382
– CVE-2015-8383
– CVE-2015-8384
– CVE-2015-8385
– CVE-2015-8386
– CVE-2015-8387
– CVE-2015-8388
– CVE-2015-8389
– CVE-2015-8390
– CVE-2015-8391
– CVE-2015-8392
– CVE-2015-8393
– CVE-2015-8394
– CVE-2015-8395
– CVE-2016-1283
– CVE-2016-3191

appamor:

– CVE-2017-6507

bash:

– CVE-2014-6277
– CVE-2014-6278
– CVE-2016-0634
– CVE-2016-7543

cpio:

– CVE-2016-2037

glibc:

– CVE-2016-1234
– CVE-2016-3075
– CVE-2016-3706
– CVE-2016-4429
– CVE-2017-1000366

perl:

– CVE-2015-8853
– CVE-2016-1238
– CVE-2016-2381
– CVE-2016-6185

libssh2_org:

– CVE-2016-0787

expat:

– CVE-2012-6702
– CVE-2015-1283
– CVE-2016-0718
– CVE-2016-5300
– CVE-2016-9063
– CVE-2017-9233

ncurses:

– CVE-2017-10684
– CVE-2017-10685
– CVE-2017-11112
– CVE-2017-11113

libksba:

– CVE-2016-4574
– CVE-2016-4579

libgcrypt:

– CVE-2015-7511
– CVE-2016-6313
– CVE-2017-7526

dbus-1:

– CVE-2014-7824
– CVE-2015-0245

Finally, the following packages received non-security fixes:

– augeas
– bzip2
– ca-certificates-mozilla
– coreutils
– cryptsetup
– cyrus-sasl
– dirmngr
– e2fsprogs
– findutils
– gpg2
– insserv-compat
– kmod
– libcap
– libsolv
– libzypp
– openldap2
– p11-kit
– permissions
– procps
– rpm
– sed
– shadow
– zypper

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Module for Containers 12:

zypper in -t patch SUSE-SLE-Module-Containers-12-2017-1672=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64):

sles12-docker-image-1.1.4-20171002

References:

https://www.suse.com/security/cve/CVE-2012-6702.html
https://www.suse.com/security/cve/CVE-2014-0191.html
https://www.suse.com/security/cve/CVE-2014-6271.html
https://www.suse.com/security/cve/CVE-2014-6277.html
https://www.suse.com/security/cve/CVE-2014-6278.html
https://www.suse.com/security/cve/CVE-2014-7169.html
https://www.suse.com/security/cve/CVE-2014-7187.html
https://www.suse.com/security/cve/CVE-2014-7824.html
https://www.suse.com/security/cve/CVE-2014-8964.html
https://www.suse.com/security/cve/CVE-2014-9770.html
https://www.suse.com/security/cve/CVE-2015-0245.html
https://www.suse.com/security/cve/CVE-2015-1283.html
https://www.suse.com/security/cve/CVE-2015-2059.html
https://www.suse.com/security/cve/CVE-2015-2325.html
https://www.suse.com/security/cve/CVE-2015-2327.html
https://www.suse.com/security/cve/CVE-2015-2328.html
https://www.suse.com/security/cve/CVE-2015-3210.html
https://www.suse.com/security/cve/CVE-2015-3217.html
https://www.suse.com/security/cve/CVE-2015-3238.html
https://www.suse.com/security/cve/CVE-2015-3622.html
https://www.suse.com/security/cve/CVE-2015-5073.html
https://www.suse.com/security/cve/CVE-2015-5218.html
https://www.suse.com/security/cve/CVE-2015-5276.html
https://www.suse.com/security/cve/CVE-2015-7511.html
https://www.suse.com/security/cve/CVE-2015-8380.html
https://www.suse.com/security/cve/CVE-2015-8381.html
https://www.suse.com/security/cve/CVE-2015-8382.html
https://www.suse.com/security/cve/CVE-2015-8383.html
https://www.suse.com/security/cve/CVE-2015-8384.html
https://www.suse.com/security/cve/CVE-2015-8385.html
https://www.suse.com/security/cve/CVE-2015-8386.html
https://www.suse.com/security/cve/CVE-2015-8387.html
https://www.suse.com/security/cve/CVE-2015-8388.html
https://www.suse.com/security/cve/CVE-2015-8389.html
https://www.suse.com/security/cve/CVE-2015-8390.html
https://www.suse.com/security/cve/CVE-2015-8391.html
https://www.suse.com/security/cve/CVE-2015-8392.html
https://www.suse.com/security/cve/CVE-2015-8393.html
https://www.suse.com/security/cve/CVE-2015-8394.html
https://www.suse.com/security/cve/CVE-2015-8395.html
https://www.suse.com/security/cve/CVE-2015-8806.html
https://www.suse.com/security/cve/CVE-2015-8842.html
https://www.suse.com/security/cve/CVE-2015-8853.html
https://www.suse.com/security/cve/CVE-2015-8948.html
https://www.suse.com/security/cve/CVE-2016-0634.html
https://www.suse.com/security/cve/CVE-2016-0718.html
https://www.suse.com/security/cve/CVE-2016-0787.html
https://www.suse.com/security/cve/CVE-2016-1234.html
https://www.suse.com/security/cve/CVE-2016-1238.html
https://www.suse.com/security/cve/CVE-2016-1283.html
https://www.suse.com/security/cve/CVE-2016-1762.html
https://www.suse.com/security/cve/CVE-2016-1833.html
https://www.suse.com/security/cve/CVE-2016-1834.html
https://www.suse.com/security/cve/CVE-2016-1835.html
https://www.suse.com/security/cve/CVE-2016-1837.html
https://www.suse.com/security/cve/CVE-2016-1838.html
https://www.suse.com/security/cve/CVE-2016-1839.html
https://www.suse.com/security/cve/CVE-2016-1840.html
https://www.suse.com/security/cve/CVE-2016-2037.html
https://www.suse.com/security/cve/CVE-2016-2073.html
https://www.suse.com/security/cve/CVE-2016-2105.html
https://www.suse.com/security/cve/CVE-2016-2106.html
https://www.suse.com/security/cve/CVE-2016-2107.html
https://www.suse.com/security/cve/CVE-2016-2108.html
https://www.suse.com/security/cve/CVE-2016-2109.html
https://www.suse.com/security/cve/CVE-2016-2177.html
https://www.suse.com/security/cve/CVE-2016-2178.html
https://www.suse.com/security/cve/CVE-2016-2179.html
https://www.suse.com/security/cve/CVE-2016-2180.html
https://www.suse.com/security/cve/CVE-2016-2181.html
https://www.suse.com/security/cve/CVE-2016-2182.html
https://www.suse.com/security/cve/CVE-2016-2183.html
https://www.suse.com/security/cve/CVE-2016-2381.html
https://www.suse.com/security/cve/CVE-2016-3075.html
https://www.suse.com/security/cve/CVE-2016-3191.html
https://www.suse.com/security/cve/CVE-2016-3627.html
https://www.suse.com/security/cve/CVE-2016-3705.html
https://www.suse.com/security/cve/CVE-2016-3706.html
https://www.suse.com/security/cve/CVE-2016-4008.html
https://www.suse.com/security/cve/CVE-2016-4429.html
https://www.suse.com/security/cve/CVE-2016-4447.html
https://www.suse.com/security/cve/CVE-2016-4448.html
https://www.suse.com/security/cve/CVE-2016-4449.html
https://www.suse.com/security/cve/CVE-2016-4483.html
https://www.suse.com/security/cve/CVE-2016-4574.html
https://www.suse.com/security/cve/CVE-2016-4579.html
https://www.suse.com/security/cve/CVE-2016-4658.html
https://www.suse.com/security/cve/CVE-2016-5011.html
https://www.suse.com/security/cve/CVE-2016-5300.html
https://www.suse.com/security/cve/CVE-2016-5419.html
https://www.suse.com/security/cve/CVE-2016-5420.html
https://www.suse.com/security/cve/CVE-2016-5421.html
https://www.suse.com/security/cve/CVE-2016-6185.html
https://www.suse.com/security/cve/CVE-2016-6261.html
https://www.suse.com/security/cve/CVE-2016-6262.html
https://www.suse.com/security/cve/CVE-2016-6263.html
https://www.suse.com/security/cve/CVE-2016-6302.html
https://www.suse.com/security/cve/CVE-2016-6303.html
https://www.suse.com/security/cve/CVE-2016-6304.html
https://www.suse.com/security/cve/CVE-2016-6306.html
https://www.suse.com/security/cve/CVE-2016-6313.html
https://www.suse.com/security/cve/CVE-2016-6318.html
https://www.suse.com/security/cve/CVE-2016-7141.html
https://www.suse.com/security/cve/CVE-2016-7167.html
https://www.suse.com/security/cve/CVE-2016-7543.html
https://www.suse.com/security/cve/CVE-2016-7796.html
https://www.suse.com/security/cve/CVE-2016-8615.html
https://www.suse.com/security/cve/CVE-2016-8616.html
https://www.suse.com/security/cve/CVE-2016-8617.html
https://www.suse.com/security/cve/CVE-2016-8618.html
https://www.suse.com/security/cve/CVE-2016-8619.html
https://www.suse.com/security/cve/CVE-2016-8620.html
https://www.suse.com/security/cve/CVE-2016-8621.html
https://www.suse.com/security/cve/CVE-2016-8622.html
https://www.suse.com/security/cve/CVE-2016-8623.html
https://www.suse.com/security/cve/CVE-2016-8624.html
https://www.suse.com/security/cve/CVE-2016-9063.html
https://www.suse.com/security/cve/CVE-2016-9318.html
https://www.suse.com/security/cve/CVE-2016-9586.html
https://www.suse.com/security/cve/CVE-2016-9597.html
https://www.suse.com/security/cve/CVE-2016-9840.html
https://www.suse.com/security/cve/CVE-2016-9841.html
https://www.suse.com/security/cve/CVE-2016-9842.html
https://www.suse.com/security/cve/CVE-2016-9843.html
https://www.suse.com/security/cve/CVE-2017-1000100.html
https://www.suse.com/security/cve/CVE-2017-1000101.html
https://www.suse.com/security/cve/CVE-2017-1000366.html
https://www.suse.com/security/cve/CVE-2017-10684.html
https://www.suse.com/security/cve/CVE-2017-10685.html
https://www.suse.com/security/cve/CVE-2017-11112.html
https://www.suse.com/security/cve/CVE-2017-11113.html
https://www.suse.com/security/cve/CVE-2017-2616.html
https://www.suse.com/security/cve/CVE-2017-6507.html
https://www.suse.com/security/cve/CVE-2017-7407.html
https://www.suse.com/security/cve/CVE-2017-7526.html
https://www.suse.com/security/cve/CVE-2017-9047.html
https://www.suse.com/security/cve/CVE-2017-9048.html
https://www.suse.com/security/cve/CVE-2017-9049.html
https://www.suse.com/security/cve/CVE-2017-9050.html
https://www.suse.com/security/cve/CVE-2017-9233.html
https://bugzilla.suse.com/1056193
https://bugzilla.suse.com/975726


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2694-1: important: Security update for the Linux Kernel

SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2694-1
Rating: important
References: #1013018 #1024450 #1031358 #1036629 #1037441
#1037667 #1037669 #1037994 #1039803 #1040609
#1042863 #1045154 #1047523 #1050381 #1050431
#1051932 #1052311 #1052370 #1053148 #1053152
#1053802 #1053933 #1054070 #1054076 #1054093
#1054247 #1054706 #1055680 #1056588 #1057179
#1057389 #1058524 #984530
Cross-References: CVE-2017-1000112 CVE-2017-1000251 CVE-2017-10661
CVE-2017-12762 CVE-2017-14051 CVE-2017-14140
CVE-2017-14340 CVE-2017-8831
Affected Products:
SUSE Linux Enterprise Real Time Extension 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

An update that solves 8 vulnerabilities and has 25 fixes is
now available.

Description:

The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

– CVE-2017-1000251: The native Bluetooth stack was vulnerable to a stack
overflow vulnerability in the processing of L2CAP configuration
responses resulting in remote code execution in kernel space
(bnc#1057389).
– CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h
did not verify that a filesystem has a realtime device, which allowed
local users to cause a denial of service (NULL pointer dereference and
OOPS) via vectors related to setting an RHINHERIT flag on a directory
(bnc#1058524).
– CVE-2017-14140: The move_pages system call in mm/migrate.c did not check
the effective uid of the target process, enabling a local attacker to
learn the memory layout of a setuid executable despite ASLR
(bnc#1057179).
– CVE-2017-14051: An integer overflow in the
qla2x00_sysfs_write_optrom_ctl function in
drivers/scsi/qla2xxx/qla_attr.c allowed local users to cause a denial of
service (memory corruption and system crash) by leveraging root access
(bnc#1056588).
– CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to
gain privileges or cause a denial of service (list corruption or
use-after-free) via simultaneous file-descriptor operations that
leverage improper might_cancel queueing (bnc#1053152).
– CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c a user-controlled buffer
was copied into a local buffer of constant size using strcpy without a
length check which can cause a buffer overflow (bnc#1053148).
– CVE-2017-8831: The saa7164_bus_get function allowed local users to cause
a denial of service (out-of-bounds array access) or possibly have
unspecified
other impact by changing a certain sequence-number value, aka a “double
fetch” vulnerability (bnc#1037994).
– CVE-2017-1000112: Prevent race condition in net-packet code that could
have been exploited by unprivileged users to gain root
access.(bnc#1052311).

The following non-security bugs were fixed:

– ALSA: Fix Lewisburg audio issue
– Drop commit 96234ae:kvm_io_bus_unregister_dev() should never fail
(bsc#1055680)
– Fixup build warnings in drivers/scsi/scsi.c (bsc#1031358)
– NFS: Cache aggressively when file is open for writing (bsc#1053933).
– NFS: Do drop directory dentry when error clearly requires it
(bsc#1051932).
– NFS: Do not flush caches for a getattr that races with writeback
(bsc#1053933).
– NFS: Optimize fallocate by refreshing mapping when needed (bsc#1053933).
– NFS: invalidate file size when taking a lock (bsc#1053933).
– PCI: fix hotplug related issues (bnc#1054247).
– af_key: do not use GFP_KERNEL in atomic contexts (bsc#1054093).
– avoid deadlock in xenbus (bnc#1047523).
– blacklist 9754d45e9970 tpm: read burstcount from TPM_STS in one 32-bit
transaction
– blkback/blktap: do not leak stack data via response ring (bsc#1042863
XSA-216).
– cx231xx-audio: fix NULL-deref at probe (bsc#1050431).
– cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc#1045154).
– fuse: do not use iocb after it may have been freed (bsc#1054706).
– fuse: fix fuse_write_end() if zero bytes were copied (bsc#1054706).
– fuse: fsync() did not return IO errors (bsc#1054076).
– fuse: fuse_flush must check mapping->flags for errors (bsc#1054706).
– gspca: konica: add missing endpoint sanity check (bsc#1050431).
– kabi/severities: Ignore zpci symbol changes (bsc#1054247)
– lib/mpi: mpi_read_raw_data(): fix nbits calculation
– media: platform: davinci: return -EINVAL for VPFE_CMD_S_CCDC_RAW_PARAMS
ioctl (bsc#1050431).
– net: Fix RCU splat in af_key (bsc#1054093).
– powerpc/fadump: add reschedule point while releasing memory (bsc#1040609
bsc#1024450).
– powerpc/fadump: avoid duplicates in crash memory ranges (bsc#1037669
bsc#1037667).
– powerpc/fadump: provide a helpful error message (bsc#1037669
bsc#1037667).
– powerpc/prom: Increase minimum RMA size to 512MB (bsc#984530,
bsc#1052370).
– powerpc/slb: Force a full SLB flush when we insert for a bad EA
(bsc#1054070).
– reiserfs: fix race in readdir (bsc#1039803).
– s390/pci: do not cleanup in arch_setup_msi_irqs (bnc#1054247).
– s390/pci: fix handling of PEC 306 (bnc#1054247).
– s390/pci: improve error handling during fmb (de)registration
(bnc#1054247).
– s390/pci: improve error handling during interrupt deregistration
(bnc#1054247).
– s390/pci: improve pci hotplug (bnc#1054247).
– s390/pci: improve unreg_ioat error handling (bnc#1054247).
– s390/pci: introduce clp_get_state (bnc#1054247).
– s390/pci: provide more debug information (bnc#1054247).
– scsi: avoid system stall due to host_busy race (bsc#1031358).
– scsi: close race when updating blocked counters (bsc#1031358).
– ser_gigaset: return -ENOMEM on error instead of success (bsc#1037441).
– supported.conf: clear mistaken external support flag for cifs.ko
(bsc#1053802).
– tpm: fix a kernel memory leak in tpm-sysfs.c (bsc#1050381).
– uwb: fix device quirk on big-endian hosts (bsc#1036629).
– xfs: fix inobt inode allocation search optimization (bsc#1013018).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Real Time Extension 11-SP4:

zypper in -t patch slertesp4-linux-kernel-rt-13307=1

– SUSE Linux Enterprise Debuginfo 11-SP4:

zypper in -t patch dbgsp4-linux-kernel-rt-13307=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64):

kernel-rt-3.0.101.rt130-69.8.1
kernel-rt-base-3.0.101.rt130-69.8.1
kernel-rt-devel-3.0.101.rt130-69.8.1
kernel-rt_trace-3.0.101.rt130-69.8.1
kernel-rt_trace-base-3.0.101.rt130-69.8.1
kernel-rt_trace-devel-3.0.101.rt130-69.8.1
kernel-source-rt-3.0.101.rt130-69.8.1
kernel-syms-rt-3.0.101.rt130-69.8.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64):

kernel-rt-debuginfo-3.0.101.rt130-69.8.1
kernel-rt-debugsource-3.0.101.rt130-69.8.1
kernel-rt_debug-debuginfo-3.0.101.rt130-69.8.1
kernel-rt_debug-debugsource-3.0.101.rt130-69.8.1
kernel-rt_trace-debuginfo-3.0.101.rt130-69.8.1
kernel-rt_trace-debugsource-3.0.101.rt130-69.8.1

References:

https://www.suse.com/security/cve/CVE-2017-1000112.html
https://www.suse.com/security/cve/CVE-2017-1000251.html
https://www.suse.com/security/cve/CVE-2017-10661.html
https://www.suse.com/security/cve/CVE-2017-12762.html
https://www.suse.com/security/cve/CVE-2017-14051.html
https://www.suse.com/security/cve/CVE-2017-14140.html
https://www.suse.com/security/cve/CVE-2017-14340.html
https://www.suse.com/security/cve/CVE-2017-8831.html
https://bugzilla.suse.com/1013018
https://bugzilla.suse.com/1024450
https://bugzilla.suse.com/1031358
https://bugzilla.suse.com/1036629
https://bugzilla.suse.com/1037441
https://bugzilla.suse.com/1037667
https://bugzilla.suse.com/1037669
https://bugzilla.suse.com/1037994
https://bugzilla.suse.com/1039803
https://bugzilla.suse.com/1040609
https://bugzilla.suse.com/1042863
https://bugzilla.suse.com/1045154
https://bugzilla.suse.com/1047523
https://bugzilla.suse.com/1050381
https://bugzilla.suse.com/1050431
https://bugzilla.suse.com/1051932
https://bugzilla.suse.com/1052311
https://bugzilla.suse.com/1052370
https://bugzilla.suse.com/1053148
https://bugzilla.suse.com/1053152
https://bugzilla.suse.com/1053802
https://bugzilla.suse.com/1053933
https://bugzilla.suse.com/1054070
https://bugzilla.suse.com/1054076
https://bugzilla.suse.com/1054093
https://bugzilla.suse.com/1054247
https://bugzilla.suse.com/1054706
https://bugzilla.suse.com/1055680
https://bugzilla.suse.com/1056588
https://bugzilla.suse.com/1057179
https://bugzilla.suse.com/1057389
https://bugzilla.suse.com/1058524
https://bugzilla.suse.com/984530


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

[Dovecot-news] v2.2.33 released

https://dovecot.org/releases/2.2/dovecot-2.2.33.tar.gz
https://dovecot.org/releases/2.2/dovecot-2.2.33.tar.gz.sig

We’re getting close to the last v2.2.x releases. Hopefully we’ll have the first v2.3 beta releases out soon.

* doveadm director commands wait for the changes to be visible in the
whole ring before they return. This is especially useful in testing.
* Environments listed in import_environment setting are now set or
preserved when executing standalone commands (e.g. doveadm)

+ doveadm proxy: Support proxying logs. Previously the logs were
visible only in the backend’s logs.
+ Added %{if}, see https://wiki2.dovecot.org/Variables#Conditionals
+ Added a new notify_status plugin, which can be used to update dict
with current status of a mailbox when it changes. See
https://wiki2.dovecot.org/Plugins/NotifyStatus
+ Mailbox list index can be disabled for a namespace by appending
“:LISTINDEX=” to location setting.
+ dsync/imapc: Added dsync_hashed_headers setting to specify which
headers are used to match emails.
+ pop3-migration: Add pop3_migration_ignore_extra_uidls=yes to ignore
mails that are visible in POP3 but not IMAP. This could happen if
new mails were delivered during the migration run.
+ pop3-migration: Further improvements to help with Zimbra
+ pop3-migration: Cache POP3 UIDLs in imapc’s dovecot.index.cache
if indexes are enabled. These are used to optimize incremental syncs.
+ cassandra, dict-sql: Use prepared statements if protocol version>3.
+ auth: Added %{ldap_dn} variable for passdb/userdb ldap
– acl: The “create” (k) permission in global acl-file was sometimes
ignored, allowing users to create mailboxes when they shouldn’t have.
– sdbox: Mails were always opened when expunging, unless
mail_attachment_fs was explicitly set to empty.
– lmtp/doveadm proxy: hostip passdb field was ignored, which caused
unnecessary DNS lookups if host field wasn’t an IP
– lmtp proxy: Fix crash when receiving unexpected reply in RCPT TO
– quota_clone: Update also when quota is unlimited (broken in v2.2.31)
– mbox, zlib: Fix assert-crash when accessing compressed mbox
– doveadm director kick -f parameter didn’t work
– doveadm director flush resulted flushing all hosts, if
wasn’t an IP address.
– director: Various fixes to handling backend/director changes at
abnormal times, especially while ring was unsynced. These could have
resulted in crashes, non-optimal behavior or ignoring some of the
changes.
– director: Use less CPU in imap-login processes when moving/kicking
many users.
– lmtp: Session IDs were duplicated/confusing with multiple RCPT TOs
when lmtp_rcpt_check_quota=yes
– doveadm sync -1 fails when local mailboxes exist that do not exist
remotely. This commonly happened when lazy_expunge mailbox was
autocreated when incremental sync expunged mails.
– pop3: rawlog_dir setting didn’t work

_______________________________________________
Dovecot-news mailing list
Dovecot-news@dovecot.org
https://dovecot.org/mailman/listinfo/dovecot-news