SUSE-SU-2017:2688-1: important: Security update for MozillaFirefox, mozilla-nss

SUSE Security Update: Security update for MozillaFirefox, mozilla-nss
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2688-1
Rating: important
References: #1060445 #1061005
Cross-References: CVE-2017-7793 CVE-2017-7805 CVE-2017-7810
CVE-2017-7814 CVE-2017-7818 CVE-2017-7819
CVE-2017-7823 CVE-2017-7824 CVE-2017-7825

Affected Products:
SUSE OpenStack Cloud 6
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Server 12-SP1-LTSS
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2
SUSE Container as a Service Platform ALL
______________________________________________________________________________

An update that fixes 9 vulnerabilities is now available.

Description:

This update for MozillaFirefox to ESR 52.4, mozilla-nss fixes the
following issues:

This security issue was fixed for mozilla-nss:

– CVE-2017-7805: Prevent use-after-free in TLS 1.2 when generating
handshake hashes (bsc#1061005)

These security issues were fixed for Firefox

– CVE-2017-7825: Fixed some Tibetan and Arabic unicode characters
rendering (bsc#1060445).
– CVE-2017-7805: Prevent Use-after-free in TLS 1.2 generating handshake
hashes (bsc#1060445).
– CVE-2017-7819: Prevent Use-after-free while resizing images in design
mode (bsc#1060445).
– CVE-2017-7818: Prevent Use-after-free during ARIA array manipulation
(bsc#1060445).
– CVE-2017-7793: Prevent Use-after-free with Fetch API (bsc#1060445).
– CVE-2017-7824: Prevent Buffer overflow when drawing and validating
elements with ANGLE (bsc#1060445).
– CVE-2017-7810: Fixed several memory safety bugs (bsc#1060445).
– CVE-2017-7823: CSP sandbox directive did not create a unique origin
(bsc#1060445).
– CVE-2017-7814: Blob and data URLs bypassed phishing and malware
protection warnings (bsc#1060445).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE OpenStack Cloud 6:

zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1662=1

– SUSE Linux Enterprise Software Development Kit 12-SP3:

zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1662=1

– SUSE Linux Enterprise Software Development Kit 12-SP2:

zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1662=1

– SUSE Linux Enterprise Server for SAP 12-SP1:

zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1662=1

– SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:

zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1662=1

– SUSE Linux Enterprise Server 12-SP3:

zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1662=1

– SUSE Linux Enterprise Server 12-SP2:

zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1662=1

– SUSE Linux Enterprise Server 12-SP1-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1662=1

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1662=1

– SUSE Linux Enterprise Desktop 12-SP3:

zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1662=1

– SUSE Linux Enterprise Desktop 12-SP2:

zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1662=1

– SUSE Container as a Service Platform ALL:

zypper in -t patch SUSE-CAASP-ALL-2017-1662=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE OpenStack Cloud 6 (x86_64):

MozillaFirefox-52.4.0esr-109.6.2
MozillaFirefox-debuginfo-52.4.0esr-109.6.2
MozillaFirefox-debugsource-52.4.0esr-109.6.2
MozillaFirefox-devel-52.4.0esr-109.6.2
MozillaFirefox-translations-52.4.0esr-109.6.2
libfreebl3-3.29.5-58.3.1
libfreebl3-32bit-3.29.5-58.3.1
libfreebl3-debuginfo-3.29.5-58.3.1
libfreebl3-debuginfo-32bit-3.29.5-58.3.1
libfreebl3-hmac-3.29.5-58.3.1
libfreebl3-hmac-32bit-3.29.5-58.3.1
libsoftokn3-3.29.5-58.3.1
libsoftokn3-32bit-3.29.5-58.3.1
libsoftokn3-debuginfo-3.29.5-58.3.1
libsoftokn3-debuginfo-32bit-3.29.5-58.3.1
libsoftokn3-hmac-3.29.5-58.3.1
libsoftokn3-hmac-32bit-3.29.5-58.3.1
mozilla-nss-3.29.5-58.3.1
mozilla-nss-32bit-3.29.5-58.3.1
mozilla-nss-certs-3.29.5-58.3.1
mozilla-nss-certs-32bit-3.29.5-58.3.1
mozilla-nss-certs-debuginfo-3.29.5-58.3.1
mozilla-nss-certs-debuginfo-32bit-3.29.5-58.3.1
mozilla-nss-debuginfo-3.29.5-58.3.1
mozilla-nss-debuginfo-32bit-3.29.5-58.3.1
mozilla-nss-debugsource-3.29.5-58.3.1
mozilla-nss-devel-3.29.5-58.3.1
mozilla-nss-sysinit-3.29.5-58.3.1
mozilla-nss-sysinit-32bit-3.29.5-58.3.1
mozilla-nss-sysinit-debuginfo-3.29.5-58.3.1
mozilla-nss-sysinit-debuginfo-32bit-3.29.5-58.3.1
mozilla-nss-tools-3.29.5-58.3.1
mozilla-nss-tools-debuginfo-3.29.5-58.3.1

– SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):

MozillaFirefox-debuginfo-52.4.0esr-109.6.2
MozillaFirefox-debugsource-52.4.0esr-109.6.2
MozillaFirefox-devel-52.4.0esr-109.6.2
mozilla-nss-debuginfo-3.29.5-58.3.1
mozilla-nss-debugsource-3.29.5-58.3.1
mozilla-nss-devel-3.29.5-58.3.1

– SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):

MozillaFirefox-debuginfo-52.4.0esr-109.6.2
MozillaFirefox-debugsource-52.4.0esr-109.6.2
MozillaFirefox-devel-52.4.0esr-109.6.2
mozilla-nss-debuginfo-3.29.5-58.3.1
mozilla-nss-debugsource-3.29.5-58.3.1
mozilla-nss-devel-3.29.5-58.3.1

– SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):

MozillaFirefox-52.4.0esr-109.6.2
MozillaFirefox-debuginfo-52.4.0esr-109.6.2
MozillaFirefox-debugsource-52.4.0esr-109.6.2
MozillaFirefox-devel-52.4.0esr-109.6.2
MozillaFirefox-translations-52.4.0esr-109.6.2
libfreebl3-3.29.5-58.3.1
libfreebl3-debuginfo-3.29.5-58.3.1
libfreebl3-hmac-3.29.5-58.3.1
libsoftokn3-3.29.5-58.3.1
libsoftokn3-debuginfo-3.29.5-58.3.1
libsoftokn3-hmac-3.29.5-58.3.1
mozilla-nss-3.29.5-58.3.1
mozilla-nss-certs-3.29.5-58.3.1
mozilla-nss-certs-debuginfo-3.29.5-58.3.1
mozilla-nss-debuginfo-3.29.5-58.3.1
mozilla-nss-debugsource-3.29.5-58.3.1
mozilla-nss-devel-3.29.5-58.3.1
mozilla-nss-sysinit-3.29.5-58.3.1
mozilla-nss-sysinit-debuginfo-3.29.5-58.3.1
mozilla-nss-tools-3.29.5-58.3.1
mozilla-nss-tools-debuginfo-3.29.5-58.3.1

– SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):

libfreebl3-32bit-3.29.5-58.3.1
libfreebl3-debuginfo-32bit-3.29.5-58.3.1
libfreebl3-hmac-32bit-3.29.5-58.3.1
libsoftokn3-32bit-3.29.5-58.3.1
libsoftokn3-debuginfo-32bit-3.29.5-58.3.1
libsoftokn3-hmac-32bit-3.29.5-58.3.1
mozilla-nss-32bit-3.29.5-58.3.1
mozilla-nss-certs-32bit-3.29.5-58.3.1
mozilla-nss-certs-debuginfo-32bit-3.29.5-58.3.1
mozilla-nss-debuginfo-32bit-3.29.5-58.3.1
mozilla-nss-sysinit-32bit-3.29.5-58.3.1
mozilla-nss-sysinit-debuginfo-32bit-3.29.5-58.3.1

– SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):

MozillaFirefox-52.4.0esr-109.6.2
MozillaFirefox-debuginfo-52.4.0esr-109.6.2
MozillaFirefox-debugsource-52.4.0esr-109.6.2
MozillaFirefox-translations-52.4.0esr-109.6.2
libfreebl3-3.29.5-58.3.1
libfreebl3-debuginfo-3.29.5-58.3.1
libfreebl3-hmac-3.29.5-58.3.1
libsoftokn3-3.29.5-58.3.1
libsoftokn3-debuginfo-3.29.5-58.3.1
libsoftokn3-hmac-3.29.5-58.3.1
mozilla-nss-3.29.5-58.3.1
mozilla-nss-certs-3.29.5-58.3.1
mozilla-nss-certs-debuginfo-3.29.5-58.3.1
mozilla-nss-debuginfo-3.29.5-58.3.1
mozilla-nss-debugsource-3.29.5-58.3.1
mozilla-nss-sysinit-3.29.5-58.3.1
mozilla-nss-sysinit-debuginfo-3.29.5-58.3.1
mozilla-nss-tools-3.29.5-58.3.1
mozilla-nss-tools-debuginfo-3.29.5-58.3.1

– SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

MozillaFirefox-52.4.0esr-109.6.2
MozillaFirefox-debuginfo-52.4.0esr-109.6.2
MozillaFirefox-debugsource-52.4.0esr-109.6.2
MozillaFirefox-translations-52.4.0esr-109.6.2
libfreebl3-3.29.5-58.3.1
libfreebl3-debuginfo-3.29.5-58.3.1
libfreebl3-hmac-3.29.5-58.3.1
libsoftokn3-3.29.5-58.3.1
libsoftokn3-debuginfo-3.29.5-58.3.1
libsoftokn3-hmac-3.29.5-58.3.1
mozilla-nss-3.29.5-58.3.1
mozilla-nss-certs-3.29.5-58.3.1
mozilla-nss-certs-debuginfo-3.29.5-58.3.1
mozilla-nss-debuginfo-3.29.5-58.3.1
mozilla-nss-debugsource-3.29.5-58.3.1
mozilla-nss-sysinit-3.29.5-58.3.1
mozilla-nss-sysinit-debuginfo-3.29.5-58.3.1
mozilla-nss-tools-3.29.5-58.3.1
mozilla-nss-tools-debuginfo-3.29.5-58.3.1

– SUSE Linux Enterprise Server 12-SP3 (s390x x86_64):

libfreebl3-32bit-3.29.5-58.3.1
libfreebl3-debuginfo-32bit-3.29.5-58.3.1
libfreebl3-hmac-32bit-3.29.5-58.3.1
libsoftokn3-32bit-3.29.5-58.3.1
libsoftokn3-debuginfo-32bit-3.29.5-58.3.1
libsoftokn3-hmac-32bit-3.29.5-58.3.1
mozilla-nss-32bit-3.29.5-58.3.1
mozilla-nss-certs-32bit-3.29.5-58.3.1
mozilla-nss-certs-debuginfo-32bit-3.29.5-58.3.1
mozilla-nss-debuginfo-32bit-3.29.5-58.3.1
mozilla-nss-sysinit-32bit-3.29.5-58.3.1
mozilla-nss-sysinit-debuginfo-32bit-3.29.5-58.3.1

– SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):

MozillaFirefox-52.4.0esr-109.6.2
MozillaFirefox-debuginfo-52.4.0esr-109.6.2
MozillaFirefox-debugsource-52.4.0esr-109.6.2
MozillaFirefox-translations-52.4.0esr-109.6.2
libfreebl3-3.29.5-58.3.1
libfreebl3-debuginfo-3.29.5-58.3.1
libfreebl3-hmac-3.29.5-58.3.1
libsoftokn3-3.29.5-58.3.1
libsoftokn3-debuginfo-3.29.5-58.3.1
libsoftokn3-hmac-3.29.5-58.3.1
mozilla-nss-3.29.5-58.3.1
mozilla-nss-certs-3.29.5-58.3.1
mozilla-nss-certs-debuginfo-3.29.5-58.3.1
mozilla-nss-debuginfo-3.29.5-58.3.1
mozilla-nss-debugsource-3.29.5-58.3.1
mozilla-nss-sysinit-3.29.5-58.3.1
mozilla-nss-sysinit-debuginfo-3.29.5-58.3.1
mozilla-nss-tools-3.29.5-58.3.1
mozilla-nss-tools-debuginfo-3.29.5-58.3.1

– SUSE Linux Enterprise Server 12-SP2 (s390x x86_64):

libfreebl3-32bit-3.29.5-58.3.1
libfreebl3-debuginfo-32bit-3.29.5-58.3.1
libfreebl3-hmac-32bit-3.29.5-58.3.1
libsoftokn3-32bit-3.29.5-58.3.1
libsoftokn3-debuginfo-32bit-3.29.5-58.3.1
libsoftokn3-hmac-32bit-3.29.5-58.3.1
mozilla-nss-32bit-3.29.5-58.3.1
mozilla-nss-certs-32bit-3.29.5-58.3.1
mozilla-nss-certs-debuginfo-32bit-3.29.5-58.3.1
mozilla-nss-debuginfo-32bit-3.29.5-58.3.1
mozilla-nss-sysinit-32bit-3.29.5-58.3.1
mozilla-nss-sysinit-debuginfo-32bit-3.29.5-58.3.1

– SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):

MozillaFirefox-52.4.0esr-109.6.2
MozillaFirefox-debuginfo-52.4.0esr-109.6.2
MozillaFirefox-debugsource-52.4.0esr-109.6.2
MozillaFirefox-devel-52.4.0esr-109.6.2
MozillaFirefox-translations-52.4.0esr-109.6.2
libfreebl3-3.29.5-58.3.1
libfreebl3-debuginfo-3.29.5-58.3.1
libfreebl3-hmac-3.29.5-58.3.1
libsoftokn3-3.29.5-58.3.1
libsoftokn3-debuginfo-3.29.5-58.3.1
libsoftokn3-hmac-3.29.5-58.3.1
mozilla-nss-3.29.5-58.3.1
mozilla-nss-certs-3.29.5-58.3.1
mozilla-nss-certs-debuginfo-3.29.5-58.3.1
mozilla-nss-debuginfo-3.29.5-58.3.1
mozilla-nss-debugsource-3.29.5-58.3.1
mozilla-nss-devel-3.29.5-58.3.1
mozilla-nss-sysinit-3.29.5-58.3.1
mozilla-nss-sysinit-debuginfo-3.29.5-58.3.1
mozilla-nss-tools-3.29.5-58.3.1
mozilla-nss-tools-debuginfo-3.29.5-58.3.1

– SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64):

libfreebl3-32bit-3.29.5-58.3.1
libfreebl3-debuginfo-32bit-3.29.5-58.3.1
libfreebl3-hmac-32bit-3.29.5-58.3.1
libsoftokn3-32bit-3.29.5-58.3.1
libsoftokn3-debuginfo-32bit-3.29.5-58.3.1
libsoftokn3-hmac-32bit-3.29.5-58.3.1
mozilla-nss-32bit-3.29.5-58.3.1
mozilla-nss-certs-32bit-3.29.5-58.3.1
mozilla-nss-certs-debuginfo-32bit-3.29.5-58.3.1
mozilla-nss-debuginfo-32bit-3.29.5-58.3.1
mozilla-nss-sysinit-32bit-3.29.5-58.3.1
mozilla-nss-sysinit-debuginfo-32bit-3.29.5-58.3.1

– SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):

MozillaFirefox-52.4.0esr-109.6.2
MozillaFirefox-debuginfo-52.4.0esr-109.6.2
MozillaFirefox-debugsource-52.4.0esr-109.6.2
MozillaFirefox-devel-52.4.0esr-109.6.2
MozillaFirefox-translations-52.4.0esr-109.6.2
libfreebl3-3.29.5-58.3.1
libfreebl3-debuginfo-3.29.5-58.3.1
libfreebl3-hmac-3.29.5-58.3.1
libsoftokn3-3.29.5-58.3.1
libsoftokn3-debuginfo-3.29.5-58.3.1
libsoftokn3-hmac-3.29.5-58.3.1
mozilla-nss-3.29.5-58.3.1
mozilla-nss-certs-3.29.5-58.3.1
mozilla-nss-certs-debuginfo-3.29.5-58.3.1
mozilla-nss-debuginfo-3.29.5-58.3.1
mozilla-nss-debugsource-3.29.5-58.3.1
mozilla-nss-devel-3.29.5-58.3.1
mozilla-nss-sysinit-3.29.5-58.3.1
mozilla-nss-sysinit-debuginfo-3.29.5-58.3.1
mozilla-nss-tools-3.29.5-58.3.1
mozilla-nss-tools-debuginfo-3.29.5-58.3.1

– SUSE Linux Enterprise Server 12-LTSS (s390x x86_64):

libfreebl3-32bit-3.29.5-58.3.1
libfreebl3-debuginfo-32bit-3.29.5-58.3.1
libfreebl3-hmac-32bit-3.29.5-58.3.1
libsoftokn3-32bit-3.29.5-58.3.1
libsoftokn3-debuginfo-32bit-3.29.5-58.3.1
libsoftokn3-hmac-32bit-3.29.5-58.3.1
mozilla-nss-32bit-3.29.5-58.3.1
mozilla-nss-certs-32bit-3.29.5-58.3.1
mozilla-nss-certs-debuginfo-32bit-3.29.5-58.3.1
mozilla-nss-debuginfo-32bit-3.29.5-58.3.1
mozilla-nss-sysinit-32bit-3.29.5-58.3.1
mozilla-nss-sysinit-debuginfo-32bit-3.29.5-58.3.1

– SUSE Linux Enterprise Desktop 12-SP3 (x86_64):

MozillaFirefox-52.4.0esr-109.6.2
MozillaFirefox-debuginfo-52.4.0esr-109.6.2
MozillaFirefox-debugsource-52.4.0esr-109.6.2
MozillaFirefox-translations-52.4.0esr-109.6.2
libfreebl3-3.29.5-58.3.1
libfreebl3-32bit-3.29.5-58.3.1
libfreebl3-debuginfo-3.29.5-58.3.1
libfreebl3-debuginfo-32bit-3.29.5-58.3.1
libsoftokn3-3.29.5-58.3.1
libsoftokn3-32bit-3.29.5-58.3.1
libsoftokn3-debuginfo-3.29.5-58.3.1
libsoftokn3-debuginfo-32bit-3.29.5-58.3.1
mozilla-nss-3.29.5-58.3.1
mozilla-nss-32bit-3.29.5-58.3.1
mozilla-nss-certs-3.29.5-58.3.1
mozilla-nss-certs-32bit-3.29.5-58.3.1
mozilla-nss-certs-debuginfo-3.29.5-58.3.1
mozilla-nss-certs-debuginfo-32bit-3.29.5-58.3.1
mozilla-nss-debuginfo-3.29.5-58.3.1
mozilla-nss-debuginfo-32bit-3.29.5-58.3.1
mozilla-nss-debugsource-3.29.5-58.3.1
mozilla-nss-sysinit-3.29.5-58.3.1
mozilla-nss-sysinit-32bit-3.29.5-58.3.1
mozilla-nss-sysinit-debuginfo-3.29.5-58.3.1
mozilla-nss-sysinit-debuginfo-32bit-3.29.5-58.3.1
mozilla-nss-tools-3.29.5-58.3.1
mozilla-nss-tools-debuginfo-3.29.5-58.3.1

– SUSE Linux Enterprise Desktop 12-SP2 (x86_64):

MozillaFirefox-52.4.0esr-109.6.2
MozillaFirefox-debuginfo-52.4.0esr-109.6.2
MozillaFirefox-debugsource-52.4.0esr-109.6.2
MozillaFirefox-translations-52.4.0esr-109.6.2
libfreebl3-3.29.5-58.3.1
libfreebl3-32bit-3.29.5-58.3.1
libfreebl3-debuginfo-3.29.5-58.3.1
libfreebl3-debuginfo-32bit-3.29.5-58.3.1
libsoftokn3-3.29.5-58.3.1
libsoftokn3-32bit-3.29.5-58.3.1
libsoftokn3-debuginfo-3.29.5-58.3.1
libsoftokn3-debuginfo-32bit-3.29.5-58.3.1
mozilla-nss-3.29.5-58.3.1
mozilla-nss-32bit-3.29.5-58.3.1
mozilla-nss-certs-3.29.5-58.3.1
mozilla-nss-certs-32bit-3.29.5-58.3.1
mozilla-nss-certs-debuginfo-3.29.5-58.3.1
mozilla-nss-certs-debuginfo-32bit-3.29.5-58.3.1
mozilla-nss-debuginfo-3.29.5-58.3.1
mozilla-nss-debuginfo-32bit-3.29.5-58.3.1
mozilla-nss-debugsource-3.29.5-58.3.1
mozilla-nss-sysinit-3.29.5-58.3.1
mozilla-nss-sysinit-32bit-3.29.5-58.3.1
mozilla-nss-sysinit-debuginfo-3.29.5-58.3.1
mozilla-nss-sysinit-debuginfo-32bit-3.29.5-58.3.1
mozilla-nss-tools-3.29.5-58.3.1
mozilla-nss-tools-debuginfo-3.29.5-58.3.1

– SUSE Container as a Service Platform ALL (x86_64):

libfreebl3-3.29.5-58.3.1
libfreebl3-debuginfo-3.29.5-58.3.1
libsoftokn3-3.29.5-58.3.1
libsoftokn3-debuginfo-3.29.5-58.3.1
mozilla-nss-3.29.5-58.3.1
mozilla-nss-certs-3.29.5-58.3.1
mozilla-nss-certs-debuginfo-3.29.5-58.3.1
mozilla-nss-debuginfo-3.29.5-58.3.1
mozilla-nss-debugsource-3.29.5-58.3.1

References:

https://www.suse.com/security/cve/CVE-2017-7793.html
https://www.suse.com/security/cve/CVE-2017-7805.html
https://www.suse.com/security/cve/CVE-2017-7810.html
https://www.suse.com/security/cve/CVE-2017-7814.html
https://www.suse.com/security/cve/CVE-2017-7818.html
https://www.suse.com/security/cve/CVE-2017-7819.html
https://www.suse.com/security/cve/CVE-2017-7823.html
https://www.suse.com/security/cve/CVE-2017-7824.html
https://www.suse.com/security/cve/CVE-2017-7825.html
https://bugzilla.suse.com/1060445
https://bugzilla.suse.com/1061005


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

[Dovecot-news] Released Pigeonhole v0.4.21.rc1 for Dovecot v2.2.33.rc1.

Hello Dovecot users,

Here is the Pigeonhole hole release candidate that goes with the Dovecot
release candidate. Nothing really special going on, just a few changes
and fixes that accumulated over the last few months.

Changelog v0.4.21:

* redirect action: Always set the X-Sieve-Redirected-From header to
sieve_user_email if configured. Before, it would use the envelope
recipient instead if available, which makes no sense if the primary
e-mail address is available.
+ vacation extension: Allow ignoring the envelope sender while composing
the “To:” header for the reply. Normally, the “To:” header is composed
from the address found in the “Sender”, “Resent-From” or “From”
headers that is equal to the envelope sender. If none is then found,
the bare envelope sender is used. This change adds a new setting
“sieve_vacation_to_header_ignore_envelope”. With this setting enabled,
the “To:” header is always composed from those headers in the source
message. The new setting thus allows ignoring the envelope, which is
useful e.g. when SRS is used.
+ vacation extension: Compose the “To:” header from the full sender
address found in the first “Sender:”, “From:” or “Resent-From:”
header. Before, it would create a “To:” header without a phrase part.
The new behavior is nicer, since the reply will be addressed to the
sender by name if possible.
– LDA Sieve plugin: Fixed sequential execution of LDAP-based scripts. A
missing LDAP-based script could cause the script sequence to exit
earlier.
– sieve-filter: Removed the (now) duplicate utf8 to mutf7 mailbox name
conversion. This caused problems with mailbox names containing UTF-8
characters. The Dovecot API was changed years ago, but apparently
sieve-filter was never updated.

The release is available as follows:

http://pigeonhole.dovecot.org/releases/2.2/rc/dovecot-2.2-pigeonhole-0.4.21.rc1.tar.gz
http://pigeonhole.dovecot.org/releases/2.2/rc/dovecot-2.2-pigeonhole-0.4.21.rc1.tar.gz.sig

Refer to http://pigeonhole.dovecot.org and the Dovecot v2.x wiki for
more information. Have fun testing this release candidate and don’t
hesitate to notify me when there are any problems.

Regards,


Stephan Bosch
stephan@rename-it.nl

_______________________________________________
Dovecot-news mailing list
Dovecot-news@dovecot.org
https://dovecot.org/mailman/listinfo/dovecot-news

CESA-2017:2863 Moderate CentOS 6 kernel Security Update

CentOS Errata and Security Advisory 2017:2863 Moderate

Upstream details at : https://access.redhat.com/errata/RHSA-2017:2863

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
f44aa5fe35ee6057f09d3ae976a1ac20b9484680d5ad74ab3188ef786105b4c6 kernel-2.6.32-696.13.2.el6.i686.rpm
e504863f5d383083501f9857d958562a4c9be4900c2e1d64b3cac99234b0773f kernel-abi-whitelists-2.6.32-696.13.2.el6.noarch.rpm
c29d4c8d691d0e7dea47beeabba025e1e6dbacf03777e01859365c0a363e7ed8 kernel-debug-2.6.32-696.13.2.el6.i686.rpm
22e5ff5d05ef0c4527aaa3fdad61c6ca0bc7e71dbbc2c8574ac904bc5359ed26 kernel-debug-devel-2.6.32-696.13.2.el6.i686.rpm
81d7ac3ef8a4281f36d89db8476b891bbc645ba008976ceed011f33cae441bc5 kernel-devel-2.6.32-696.13.2.el6.i686.rpm
6c2d32bc2e8c9a3fa45fd9ad75487460fe68d379d5d505fb632e750e271912ce kernel-doc-2.6.32-696.13.2.el6.noarch.rpm
14d7950349061ce64a544879e2aefae16dd393f4b39f7485a9a0f904a3af7270 kernel-firmware-2.6.32-696.13.2.el6.noarch.rpm
108b88d25312495470eca583fc0faa2636d1d4d4e6bef1b41f8875cbf9f9dba2 kernel-headers-2.6.32-696.13.2.el6.i686.rpm
24353c78854e3deee2b827a66eb778480b40d9eb30d4bd4f54dbe6339fda3375 perf-2.6.32-696.13.2.el6.i686.rpm
60ef719c1ca0e982ce841d16d39378eb44f40ff4b6313d61cdd51ed2b372596b python-perf-2.6.32-696.13.2.el6.i686.rpm

x86_64:
a7cc641a5c25aa0c4e941d71a3f2922334d6b983cf159aced75d20a34a360804 kernel-2.6.32-696.13.2.el6.x86_64.rpm
e504863f5d383083501f9857d958562a4c9be4900c2e1d64b3cac99234b0773f kernel-abi-whitelists-2.6.32-696.13.2.el6.noarch.rpm
0a261cb6a266e4758c9e758ba16f86bae71a4cb79563905f6959870163195b6d kernel-debug-2.6.32-696.13.2.el6.x86_64.rpm
22e5ff5d05ef0c4527aaa3fdad61c6ca0bc7e71dbbc2c8574ac904bc5359ed26 kernel-debug-devel-2.6.32-696.13.2.el6.i686.rpm
494cf193e2e344e0025e04ee64a5008d45734fc9a1ad522143359d99a9bbd2da kernel-debug-devel-2.6.32-696.13.2.el6.x86_64.rpm
5a4ad9b4a4c839043e6206f81603583aac5cacd9a099e8d0dce9d50c6de6624d kernel-devel-2.6.32-696.13.2.el6.x86_64.rpm
6c2d32bc2e8c9a3fa45fd9ad75487460fe68d379d5d505fb632e750e271912ce kernel-doc-2.6.32-696.13.2.el6.noarch.rpm
14d7950349061ce64a544879e2aefae16dd393f4b39f7485a9a0f904a3af7270 kernel-firmware-2.6.32-696.13.2.el6.noarch.rpm
9fe0d82754b6d94574a47c56dd6b2a06cda59d41fe86dc16ef86e17f7970578e kernel-headers-2.6.32-696.13.2.el6.x86_64.rpm
b740603e24f3a7610e4ebc59910cc4fa0a750b90f6600c86edf118a879a00969 perf-2.6.32-696.13.2.el6.x86_64.rpm
6ab0f3a9bd23d658836462a4380865a8b43518a18203bcb071928ea8e9e1f9e7 python-perf-2.6.32-696.13.2.el6.x86_64.rpm

Source:
83c3adc56d5967741a73085c049b5cdb876de1dfb4cb4fb8a88d73b5ddad7b4a kernel-2.6.32-696.13.2.el6.src.rpm


Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

CESA-2017:2860 Moderate CentOS 6 postgresql Security Update

CentOS Errata and Security Advisory 2017:2860 Moderate

Upstream details at : https://access.redhat.com/errata/RHSA-2017:2860

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
8ce524d7594d44842dbf2c6a918fba0df6eb4aba61456a1afac2956b49cea425 postgresql-8.4.20-8.el6_9.i686.rpm
8c7e2ce2e6675384b6d956d35b4728a0121b4083e903c0c6a77517a44ba4db27 postgresql-contrib-8.4.20-8.el6_9.i686.rpm
c042b88e603be8a8ae99a6e7907e4f4e63f06662050190e244b611b5d1e99606 postgresql-devel-8.4.20-8.el6_9.i686.rpm
b844f907373eaca72848348cb2e963b10e4943679e4ade53577ad9ada098e257 postgresql-docs-8.4.20-8.el6_9.i686.rpm
a5c1706f6612fe59990fea062966a84e332de1b2d2b7dda7af419bca7c91c2c6 postgresql-libs-8.4.20-8.el6_9.i686.rpm
8d918cdb4dd0897195233e773d22a87678422f579e18c1f2f91b1d15593fcfff postgresql-plperl-8.4.20-8.el6_9.i686.rpm
884286c1308c821035257bdaf49dd2e0500b2257a7e75a0396a39809026b205a postgresql-plpython-8.4.20-8.el6_9.i686.rpm
baf83a6c4b6385021d71cb554ed2ac12dd8c6fc81ed58375ca01bd9ff966a901 postgresql-pltcl-8.4.20-8.el6_9.i686.rpm
44247e758c63bbca45ae553ad9638a9683fdcce537a3fae8ee2eaf2bb369e113 postgresql-server-8.4.20-8.el6_9.i686.rpm
eb054e4c49dc685efcc79b539864ddadd79e01c9124980d9384d01fc3d02f319 postgresql-test-8.4.20-8.el6_9.i686.rpm

x86_64:
8ce524d7594d44842dbf2c6a918fba0df6eb4aba61456a1afac2956b49cea425 postgresql-8.4.20-8.el6_9.i686.rpm
e8edd19f1c1933915dca670a83fed033ddb6b5477526403600ace511db54cf34 postgresql-8.4.20-8.el6_9.x86_64.rpm
53c6b606ea888a80acedecd905475d9ce6c5a6c5802f176e93e65c55cfc3fc61 postgresql-contrib-8.4.20-8.el6_9.x86_64.rpm
c042b88e603be8a8ae99a6e7907e4f4e63f06662050190e244b611b5d1e99606 postgresql-devel-8.4.20-8.el6_9.i686.rpm
df1b83944c4f26d6fda923214143c4a79693ee2bab175e19a548c69c8727e2f2 postgresql-devel-8.4.20-8.el6_9.x86_64.rpm
d7e6dd950b9f460a4925e5c5ae0e9ec8e026c069566c4fc49b788c630bcbc3e1 postgresql-docs-8.4.20-8.el6_9.x86_64.rpm
a5c1706f6612fe59990fea062966a84e332de1b2d2b7dda7af419bca7c91c2c6 postgresql-libs-8.4.20-8.el6_9.i686.rpm
5328bfa0d6716b342cb63c3399a05bcf98f9b3becab22808173228c6cbc5cc33 postgresql-libs-8.4.20-8.el6_9.x86_64.rpm
37265b681d255e811a18f10492ac561fb53c972a057aaa18072627a4d7d194c7 postgresql-plperl-8.4.20-8.el6_9.x86_64.rpm
0b287aaf1379d4a4a52dc277c3ae00865741bb925ccf263ba5b7bcacceafea62 postgresql-plpython-8.4.20-8.el6_9.x86_64.rpm
b6db989f8f62f398245327f23ee4e7e40aee863a0128e38cf75375cdff534624 postgresql-pltcl-8.4.20-8.el6_9.x86_64.rpm
48953d6e0660015f54c206bc03886289ed40ab3753e313309bbc2a82bd562e1c postgresql-server-8.4.20-8.el6_9.x86_64.rpm
ef618101d88d7cc74e147788928640fc6b3435bb583ba05ad8007f414d307215 postgresql-test-8.4.20-8.el6_9.x86_64.rpm

Source:
3c04d99dc0fdc81ddce150b0fea603ff006c630ed33e8fb726d775df61752a08 postgresql-8.4.20-8.el6_9.src.rpm


Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

SUSE-SU-2017:2655-1: important: Security update for portus

SUSE Security Update: Security update for portus
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2655-1
Rating: important
References: #1059664
Cross-References: CVE-2017-14621
Affected Products:
SUSE Linux Enterprise Module for Containers 12
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for portus fixes the following issues:

– CVE-2017-14621: Fixed a XSS attack via the Team field, related to
typeahead. (bsc#1059664)

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Module for Containers 12:

zypper in -t patch SUSE-SLE-Module-Containers-12-2017-1642=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Module for Containers 12 (x86_64):

portus-2.2.0-20.3.1
portus-debuginfo-2.2.0-20.3.1
portus-debugsource-2.2.0-20.3.1

References:

https://www.suse.com/security/cve/CVE-2017-14621.html
https://bugzilla.suse.com/1059664


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

New Check_MK stable release 1.4.0p14

Dear friends of Check_MK,

the new stable release 1.4.0p14 of Check_MK is ready for download.

This maintenance release ships with 14 changes affecing all editions of Che=
ck_MK,
4 Enterprise Edition specific changes and 0 Managed Service Edition specifi=
c changes.

Changes in all Check_MK Editions:

WATO:
* 5231 Distributed WATO: Improved site snapshot generation speed, reduces “=
Activate changes” duration
* 5313 FIX: Service discovery: Fixed ‘Fix all missing/vanished’ action: Dis=
abled services were listed below ‘Monitored services’ after that button cli=
ck.
* 5217 FIX: BI: Improved error handling in case of not existing but referen=
ced rule

User interface:
* 5210 FIX: LDAP: Fixed equal default value for custom variable sync plugins
* 5215 FIX: Fixed broken nested contact group synchronization (regression i=
n 1.4.0p10)
* 5216 FIX: Failed notification checking is now limited to 7 days
* 5214 FIX: Events in tactical overview can now be disabled

Event console:
* 5212 FIX: check_mkevents: Improved performance
* 5361 FIX: Fixed cancelling events by “text” (regression #5057, since 1.4.=
0p11)

Checks & agents:
* 5233 agent_ucs_bladecenter: Now uses python requests to fetch the data
* 5339 FIX: postfix_mailq_status: Now reports if PID file is not readable
* 5316 FIX: cmciii.access: Fixed error state handling
* 5312 FIX: citrix_sessions: Fixed crash if not all session values ‘total’,=
‘active’ or ‘inactive’ are available
* 5232 FIX: Agent version check: fixed exception when an offcial release is=
expected and the agents version is a daily build

Changes in the Check_MK Enterprise Edition:

Reporting & availability:
* 5359 FIX: Reduced size of PDF exports containing graphs

Checks & agents:
* 5378 FIX: Windows agent: Ensure backwards compatibility of section webser=
vices

Agent bakery:
* 5315 FIX: win_printers: Added missing bakery rule
* 5211 FIX: Agent bakery: Reduced agent baking time when monitoring 0 hosts=
from central site

Changes in the Check_MK Managed Service Edition:

NO CHANGES

You can download Check_MK from our download page:
* http://mathias-kettner.de/check_mk_download.html

Please mail bug reports and qualified feedback to feedback@check-mk.org.
We greatly thank you for using Check_MK and wish you a successful monitorin=
g,

Your Check_MK Team

— =

Mathias Kettner GmbH
Kellerstra=DFe 29, 81667 M=FCnchen, Germany
Registergericht: Amtsgericht M=FCnchen, HRB 165902
Gesch=E4ftsf=FChrer: Mathias Kettner
http://mathias-kettner.de
Tel. +49 89 1890 435-0
Fax. +49 89 1890 435-29

_______________________________________________
Checkmk-announce mailing list
Checkmk-announce@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-announce

[Dovecot-news] v2.2.33 release candidate released

https://dovecot.org/releases/2.2/rc/dovecot-2.2.33.rc1.tar.gz
https://dovecot.org/releases/2.2/rc/dovecot-2.2.33.rc1.tar.gz.sig

There are a couple more small changes still coming, but this should be very close to the final release. I’m especially interested in hearing if there are any problems with doveadm log proxying or with director. We’ve improved our automated director tests quite a lot now, and fixed some rarely occurring bugs.

* doveadm director commands wait for the changes to be visible in the
whole ring before they return. This is especially useful in testing.
* Environments listed in import_environment setting are now set or
preserved when executing standalone commands (e.g. doveadm)

+ doveadm proxy: Support proxying logs. Previously the logs were
visible only in the backend’s logs.
+ Added %{if}, see https://wiki2.dovecot.org/Variables#Conditionals
+ Added a new notify_status plugin, which can be used to update dict
with current status of a mailbox when it changes. See
https://wiki2.dovecot.org/Plugins/NotifyStatus
+ Mailbox list index can be disabled for a namespace by appending
“:LISTINDEX=” to location setting.
+ dsync/imapc: Added dsync_hashed_headers setting to specify which
headers are used to match emails.
+ pop3-migration: Add pop3_migration_ignore_extra_uidls=yes to ignore
mails that are visible in POP3 but not IMAP. This could happen if
new mails were delivered during the migration run.
+ pop3-migration: Further improvements to help with Zimbra
+ pop3-migration: Cache POP3 UIDLs in imapc’s dovecot.index.cache
if indexes are enabled. These are used to optimize incremental syncs.
+ cassandra, dict-sql: Use prepared statements if protocol version>3.
– sdbox: Mails were always opened when expunging, unless
mail_attachment_fs was explicitly set to empty.
– lmtp/doveadm proxy: hostip passdb field was ignored, which caused
unnecessary DNS lookups if host field wasn’t an IP
– lmtp proxy: Fix crash when receiving unexpected reply in RCPT TO
– quota_clone: Update also when quota is unlimited (broken in v2.2.31)
– mbox, zlib: Fix assert-crash when accessing compressed mbox
– doveadm director kick -f parameter didn’t work
– doveadm director flush resulted flushing all hosts, if
wasn’t an IP address.
– director: Various fixes to handling backend/director changes at
abnormal times, especially while ring was unsynced. These could have
resulted in crashes, non-optimal behavior or ignoring some of the
changes.
– director: Use less CPU in imap-login processes when moving/kicking
many users.
– lmtp: Session IDs were duplicated/confusing with multiple RCPT TOs
when lmtp_rcpt_check_quota=yes
– doveadm sync -1 fails when local mailboxes exist that do not exist
remotely. This commonly happened when lazy_expunge mailbox was
autocreated when incremental sync expunged mails.

_______________________________________________
Dovecot-news mailing list
Dovecot-news@dovecot.org
https://dovecot.org/mailman/listinfo/dovecot-news

OPNsense 17.7.5 released

SGVsbG8sCgpUaGlzIHVwZGF0ZSBpbmNsdWRlcyBhIGxhcmdlciBudW1iZXIgb2Ygc2VjdXJpdHkt
cmVsYXRlZCB1cGRhdGVzIGluIHRoaXJkCnBhcnR5IHNvZnR3YXJlIHJlY2VudGx5IHB1Ymxpc2hl
ZC4gIFdlIGRvIHJlY29tbWVuZCBhIHJlYm9vdCB0byBlbnN1cmUKYWxsIHNlcnZpY2VzIGFyZSBy
ZXN0YXJ0ZWQgY29ycmVjdGx5LgoKSGVyZSBhcmUgdGhlIGZ1bGwgcGF0Y2ggbm90ZXM6CgpvIHN5
c3RlbTogYWx3YXlzIHJldHVybiB1bmlxdWUgbGlzdCBvZiBhY3RpdmUgRE5TIHNlcnZlcnMKbyBz
eXN0ZW06IHJlbW92ZSBvYnNvbGV0ZSBmYXN0IGZvcndhcmRpbmcgc3lzY3RsIHVzYWdlCm8gZ2F0
ZXdheXM6IGFwcHJvcHJpYXRlIHVzZSBvZiBsaW5rIGxvY2FsIHNjb3BlIGdhdGV3YXkgdGFyZ2V0
cwpvIGludGVyZmFjZXM6IHN0YXJ0IHJ0c29sZCBpbiBkaXJlY3RseSBzZW5kIFNPTElDSVQgY2Fz
ZSBhcyB3ZWxsCm8gZmlyZXdhbGw6IGltcHJvdmUgdmlydHVhbCBJUCBWSElEIGVkaXQgaGFuZGxp
bmcKbyBmaXJtd2FyZTogcHJldmVudCBzdWJtaXQgb2YgZW1wdHkgY3Jhc2ggcmVwb3J0cwpvIHdl
YiBwcm94eTogZml4IElDQVAgdXNlcm5hbWUgaGVhZGVyIHVzYWdlIChjb250cmlidXRlZCBieSBB
bGV4YW5kZXIgU2h1cnNoYSkKbyBwbHVnaW5zOiBvcy1jLWljYXAgMS4yIGxvY2FsIHNxdWlkIGF1
dGhlbnRpY2F0aW9uIChjb250cmlidXRlZCBieSBBbGV4YW5kZXIgU2h1cnNoYSkKbyBwbHVnaW5z
OiBvcy1jb2xsZWN0ZCAxLjEgZ3JhcGhpdGUgcG9zdCBhbmQgcHJlZml4IChjb250cmlidXRlZCBi
eSBNaWNoYWVsIE11ZW56KQpvIHBsdWdpbnM6IG9zLWludHJ1c2lvbi1kZXRlY3Rpb24tY29udGVu
dC1ldC1wcm8gMS4wCm8gcGx1Z2luczogb3MtcXVhZ2dhIDEuNC4yIE9TUEYgcm91dGVyIElEIHN1
cHBvcnQgKGNvbnRyaWJ1dGVkIGJ5IEZhYmlhbiBGcmFueikKbyBwb3J0czogZG5zbWFzcSAyLjc4
WzFdCm8gcG9ydHM6IGtlcmJlcm9zIDEuMTUuMlsyXQpvIHBvcnRzOiBvcGVudnBuIDIuNC40WzNd
Cm8gcG9ydHM6IHBlcmwgNS4yNC4zWzRdCm8gcG9ydHM6IHBocCA3LjAuMjRbNV0KbyBwb3J0czog
cHl0aG9uIDIuNy4xNFs2XQoKClN0YXkgc2FmZSwKWW91ciBPUE5zZW5zZSB0ZWFtCgotLQpbMV0g
aHR0cDovL3d3dy50aGVrZWxsZXlzLm9yZy51ay9kbnNtYXNxL0NIQU5HRUxPRwpbMl0gaHR0cHM6
Ly93ZWIubWl0LmVkdS9rZXJiZXJvcy9rcmI1LTEuMTUvI2Fubm91bmNlbWVudApbM10gaHR0cHM6
Ly9jb21tdW5pdHkub3BlbnZwbi5uZXQvb3BlbnZwbi93aWtpL0NoYW5nZXNJbk9wZW52cG4yNApb
NF0gaHR0cDovL3NlYXJjaC5jcGFuLm9yZy9kaXN0L3BlcmwtNS4yNC4zL3BvZC9wZXJsZGVsdGEu
cG9kCls1XSBodHRwOi8vcGhwLm5ldC9DaGFuZ2VMb2ctNy5waHAjNy4wLjI0Cls2XSBodHRwczov
L3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20vcHl0aG9uL2NweXRob24vODQ0NzE5MzVlL01pc2Mv
TkVXUwpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwphbm5v
dW5jZSBtYWlsaW5nIGxpc3QKYW5ub3VuY2VAbGlzdHMub3Buc2Vuc2Uub3JnCmh0dHA6Ly9saXN0
cy5vcG5zZW5zZS5vcmcvbGlzdGluZm8vYW5ub3VuY2UK

CEBA-2017:2850 CentOS 6 java-1.8.0-openjdk BugFix Update

CentOS Errata and Bugfix Advisory 2017:2850

Upstream details at : https://access.redhat.com/errata/RHBA-2017:2850

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
5303fe598305626b4e1f98636ef06ae4f6e3eaa3f5d046c3219eaf7c640716be java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.i686.rpm
aec3eecb28e79693c544b79cf6a654f6cdca526b9afd9b78d6e64a749187059c java-1.8.0-openjdk-debug-1.8.0.144-0.b01.el6_9.i686.rpm
ffdf636ebbd681e06c4e2be8c18c6c99d24cabb83b8fd39aaa1dafcdbea72e5c java-1.8.0-openjdk-demo-1.8.0.144-0.b01.el6_9.i686.rpm
aa4a07574ff0f4bee47d1ad3f647e678101e9c31af5b4b5fc0bf58a5ca40c8c4 java-1.8.0-openjdk-demo-debug-1.8.0.144-0.b01.el6_9.i686.rpm
6df7f63b9fa02b8154a43bf3f024b3ceedc749d2fb1201c7a81006a621f7045c java-1.8.0-openjdk-devel-1.8.0.144-0.b01.el6_9.i686.rpm
d4c74dba6448d458d92975076449a2fbaf9952c79ba479516eade196c46e2bb6 java-1.8.0-openjdk-devel-debug-1.8.0.144-0.b01.el6_9.i686.rpm
9e9052c86ea5d9accd203cba2adb29154116977ad3c7d951dd28561cc46e402d java-1.8.0-openjdk-headless-1.8.0.144-0.b01.el6_9.i686.rpm
423c5695bac8e6e0c23d49b388b39a6c19d8225f94eafff83746dfb98064732e java-1.8.0-openjdk-headless-debug-1.8.0.144-0.b01.el6_9.i686.rpm
969b7348ba643fb462b0726ff23a53b479ae805ad90d2a44ee87f94bd6259414 java-1.8.0-openjdk-javadoc-1.8.0.144-0.b01.el6_9.noarch.rpm
62bda711d88a41f6d7730b204b5cfe5e1bf38e40bae39b3107ca274231799f5a java-1.8.0-openjdk-javadoc-debug-1.8.0.144-0.b01.el6_9.noarch.rpm
f510d6c39c9e9e9328629a01c31ed6bead1cab279b8c8032580966662ae9729a java-1.8.0-openjdk-src-1.8.0.144-0.b01.el6_9.i686.rpm
52661377a86d393182046005380155efdbf76738df8a1e8e69e3b89d15d1ba2d java-1.8.0-openjdk-src-debug-1.8.0.144-0.b01.el6_9.i686.rpm

x86_64:
f7056eb75f24a1ec072a771f1d5b876b25e168fed5072ddc19c3cfc6f36a40e4 java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64.rpm
1f0678f8912ee1335437cf02a5a0e77026194dd49a4e2f0735d225c3b7a6fa3d java-1.8.0-openjdk-debug-1.8.0.144-0.b01.el6_9.x86_64.rpm
dee0793cfbff15c0ab1a97f27124ef1ee4d808bc266e6ef80832b7bc7c82fba2 java-1.8.0-openjdk-demo-1.8.0.144-0.b01.el6_9.x86_64.rpm
2c9ecf2a4d8a7cb2a4de752786167f153c8d403ec47f993f0e3d0a9d7c850302 java-1.8.0-openjdk-demo-debug-1.8.0.144-0.b01.el6_9.x86_64.rpm
417354eb178a74a459433371683eb3fd951a6711379587a74a6c7b7de775f992 java-1.8.0-openjdk-devel-1.8.0.144-0.b01.el6_9.x86_64.rpm
b5e87c913798af1fc6509820e49bf3d03f74d99da4a3b886c9961412135707ba java-1.8.0-openjdk-devel-debug-1.8.0.144-0.b01.el6_9.x86_64.rpm
870b675e4f6ca79d20ab2b8552419e044ef6604098d53d8aa33f30eb24eea250 java-1.8.0-openjdk-headless-1.8.0.144-0.b01.el6_9.x86_64.rpm
2689bc0d7ad6ed61ef05589dffc1d7b81d8b74ad5aa7f5fe6f784c5aa510d3cf java-1.8.0-openjdk-headless-debug-1.8.0.144-0.b01.el6_9.x86_64.rpm
969b7348ba643fb462b0726ff23a53b479ae805ad90d2a44ee87f94bd6259414 java-1.8.0-openjdk-javadoc-1.8.0.144-0.b01.el6_9.noarch.rpm
62bda711d88a41f6d7730b204b5cfe5e1bf38e40bae39b3107ca274231799f5a java-1.8.0-openjdk-javadoc-debug-1.8.0.144-0.b01.el6_9.noarch.rpm
cc2cb95151aff9dfe8ffc4772b5f4d355b1c2c506ac2c786feb0842a7b4de041 java-1.8.0-openjdk-src-1.8.0.144-0.b01.el6_9.x86_64.rpm
66a8a2fc08912c3e5249074e3f068a5a4da01ff70b05b542a0b8e987617060ed java-1.8.0-openjdk-src-debug-1.8.0.144-0.b01.el6_9.x86_64.rpm

Source:
8f89669512108b21bb7f1b4de3c6d3ca754f89972ebfe8d79fda63748a9753a4 java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.src.rpm


Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

CEEA-2017:2848 CentOS 6 gcc-libraries Enhancement Update

CentOS Errata and Enhancement Advisory 2017:2848

Upstream details at : https://access.redhat.com/errata/RHEA-2017:2848

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
958f6406a183678e59a9062ffb11f4f343ea4c6b72711ee24ff3b8c219f3793c libatomic-7.1.1-2.3.1.el6_9.i686.rpm
2ffab6a8f704d18a5af1aa31d373a08f78d39523223378fbc745ae01ade02a8a libcilkrts-7.1.1-2.3.1.el6_9.i686.rpm
d354ef0dd5200833aded9867772cb16a3e93d4865d9104c63d7a321df0afb19c libgfortran4-7.1.1-2.3.1.el6_9.i686.rpm
908d15646f9a5c38f3383ef953cbc51d46aebea595be5bd42cbc17ac11d6a99d libitm-7.1.1-2.3.1.el6_9.i686.rpm
085e0bca34e292a5f475db10394e7aaedf1587a71fd081f40626a620e53b6172 libquadmath-7.1.1-2.3.1.el6_9.i686.rpm

x86_64:
958f6406a183678e59a9062ffb11f4f343ea4c6b72711ee24ff3b8c219f3793c libatomic-7.1.1-2.3.1.el6_9.i686.rpm
69947d10ca8513e352f806371302ae18f3dd9efac7fe51e521218952ac1c3513 libatomic-7.1.1-2.3.1.el6_9.x86_64.rpm
2ffab6a8f704d18a5af1aa31d373a08f78d39523223378fbc745ae01ade02a8a libcilkrts-7.1.1-2.3.1.el6_9.i686.rpm
db111ecffa9fc59148811dabf63c35a403dd307674f00f9166296e584388a857 libcilkrts-7.1.1-2.3.1.el6_9.x86_64.rpm
e0309378f5bcbf6a026c9483a35fc93511617487dcd2335161437b4304c3653a libgfortran4-7.1.1-2.3.1.el6_9.x86_64.rpm
908d15646f9a5c38f3383ef953cbc51d46aebea595be5bd42cbc17ac11d6a99d libitm-7.1.1-2.3.1.el6_9.i686.rpm
0be36d46c1aa13b13afac777447c456ada71d4498c87d18da08256dd63daba6d libitm-7.1.1-2.3.1.el6_9.x86_64.rpm
c3c6ef85d79e801b58ecc600d3b58d03bcf310e40617021b68e7bac147c31e9e libquadmath-7.1.1-2.3.1.el6_9.x86_64.rpm

Source:
713a19876860f4fae43ba8fbca924be62388ad7a7ead687c067305c10c56da2e gcc-libraries-7.1.1-2.3.1.el6_9.src.rpm


Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

CEBA-2017:2854 CentOS 6 libcgroup BugFix Update

CentOS Errata and Bugfix Advisory 2017:2854

Upstream details at : https://access.redhat.com/errata/RHBA-2017:2854

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
9b58a5eb510e3c7664ccae92a1c12c1679593efe3041f5c5d0733bbad0884949 libcgroup-0.40.rc1-24.el6_9.i686.rpm
1a02d2f4cac34e6a3eda6d0d436f99f793975073d91b562b16d62eb46e4063fb libcgroup-devel-0.40.rc1-24.el6_9.i686.rpm
e4df67a49479f6f07941dcdce51c80b1ac755ad708ce41a7ecd2133d2e88407c libcgroup-pam-0.40.rc1-24.el6_9.i686.rpm

x86_64:
9b58a5eb510e3c7664ccae92a1c12c1679593efe3041f5c5d0733bbad0884949 libcgroup-0.40.rc1-24.el6_9.i686.rpm
6e9b5dd6ea3c3aab11d5b93e66f0e55a8e070aa72727f4e46513ca4a9912d84c libcgroup-0.40.rc1-24.el6_9.x86_64.rpm
1a02d2f4cac34e6a3eda6d0d436f99f793975073d91b562b16d62eb46e4063fb libcgroup-devel-0.40.rc1-24.el6_9.i686.rpm
c1e4d307868bfa87fb39c4e62b471314c2e5890d3c7a826075557cfbff44678a libcgroup-devel-0.40.rc1-24.el6_9.x86_64.rpm
e4df67a49479f6f07941dcdce51c80b1ac755ad708ce41a7ecd2133d2e88407c libcgroup-pam-0.40.rc1-24.el6_9.i686.rpm
5bf3c05bad19d740a749767fcffc87f9d9b11ddd7f83fc9e8b26589966d8a0f6 libcgroup-pam-0.40.rc1-24.el6_9.x86_64.rpm

Source:
3f008b8c8257cc98dd406a9caab8a7c186d0b064e40e33d85d3438b42503f82d libcgroup-0.40.rc1-24.el6_9.src.rpm


Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

CEEA-2017:2849 CentOS 6 libreswan Enhancement Update

CentOS Errata and Enhancement Advisory 2017:2849

Upstream details at : https://access.redhat.com/errata/RHEA-2017:2849

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
a4fc9c97031fbee44bcd5858e64f68c74654857947b9162e891ac2109071c2f4 scl-utils-20120927-29.el6_9.i686.rpm
a2de8723a0db80244345a3436deb4487c3a8f311ae776ed947544921998187fc scl-utils-build-20120927-29.el6_9.i686.rpm

x86_64:
f50b86c4b4b1238544daee21b2c1db3f1e78b4e2d180154e2d1bfb7ac56c7ab6 scl-utils-20120927-29.el6_9.x86_64.rpm
0ce7e120e8158d726abbc1255ce6d1353f740f21c46752972d9f6c1745e794ff scl-utils-build-20120927-29.el6_9.x86_64.rpm

Source:
3e6c77267551bbaa80399830c2b7ca23772aa309a25d158029dc5dac18eff879 scl-utils-20120927-29.el6_9.src.rpm


Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

CEEA-2017:2853 CentOS 6 libreswan Enhancement Update

CentOS Errata and Enhancement Advisory 2017:2853

Upstream details at : https://access.redhat.com/errata/RHEA-2017:2853

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
224ddd511fbecde1a433fc0ae0ca1d8154491236a294363795a48e7162f8b4af libreswan-3.15-7.5.el6_9.i686.rpm

x86_64:
c3ed7c84c388e10f2aa155ef609a6a6489e9871cfddc49a866d7a43d287b6dec libreswan-3.15-7.5.el6_9.x86_64.rpm

Source:
7d099dc22136f8f05a045983effc874788917a74d0a769a53c4dfe936ab3cd43 libreswan-3.15-7.5.el6_9.src.rpm


Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

CEBA-2017:2852 CentOS 6 initscripts BugFix Update

CentOS Errata and Bugfix Advisory 2017:2852

Upstream details at : https://access.redhat.com/errata/RHBA-2017:2852

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
d29ac28a6d6959c2cc904532ec16802fb9d5935ccb8be6d523a613d38f0a32a0 debugmode-9.03.58-1.el6.centos.2.i686.rpm
3c67206cbdcba0fe6a9d87e77b9f97ab1f6e4741a5db771e2bf0781c5ff08c5b initscripts-9.03.58-1.el6.centos.2.i686.rpm

x86_64:
ec4409ae14792ab1d2d92cabb8962198a41e54fac524e956d0dd93242ac4e855 debugmode-9.03.58-1.el6.centos.2.x86_64.rpm
50ac9c39c6f6234e0ea6685a33881889b23a3006eaab57056db2433e652c7ba8 initscripts-9.03.58-1.el6.centos.2.x86_64.rpm

Source:
1de999d18d27f620160374ab045b38f0a139b5466fe623cd57cd5913286041ed initscripts-9.03.58-1.el6.centos.2.src.rpm


Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

CEBA-2017:2851 CentOS 6 dstat BugFix Update

CentOS Errata and Bugfix Advisory 2017:2851

Upstream details at : https://access.redhat.com/errata/RHBA-2017:2851

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
b7c5bba1a3367d397bdb7616b7c7779179a1b28aff14c26cf1812f7ad7164e71 dstat-0.7.0-3.el6_9.1.noarch.rpm

x86_64:
b7c5bba1a3367d397bdb7616b7c7779179a1b28aff14c26cf1812f7ad7164e71 dstat-0.7.0-3.el6_9.1.noarch.rpm

Source:
e7d4614b010617423c3ee124da80de59b78917ed8c1acd9730095e77eccbab2e dstat-0.7.0-3.el6_9.1.src.rpm


Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

openSUSE-SU-2017:2633-1: important: Security update for dnsmasq

openSUSE Security Update: Security update for dnsmasq
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2633-1
Rating: important
References: #1060354 #1060355 #1060360 #1060361 #1060362
#1060364
Cross-References: CVE-2017-14491 CVE-2017-14492 CVE-2017-14493
CVE-2017-14494 CVE-2017-14495 CVE-2017-14496

Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________

An update that fixes 6 vulnerabilities is now available.

Description:

This update for dnsmasq fixes the following security issues:

– CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354]
– CVE-2017-14492: heap based overflow. [bsc#1060355]
– CVE-2017-14493: stack based overflow. [bsc#1060360]
– CVE-2017-14494: DHCP – info leak. [bsc#1060361]
– CVE-2017-14495: DNS – OOM DoS. [bsc#1060362]
– CVE-2017-14496: DNS – DoS Integer underflow. [bsc#1060364]

This update was imported from the SUSE:SLE-12-SP1:Update update project.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-1116=1

– openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-1116=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.3 (i586 x86_64):

dnsmasq-2.78-13.1
dnsmasq-debuginfo-2.78-13.1
dnsmasq-debugsource-2.78-13.1
dnsmasq-utils-2.78-13.1
dnsmasq-utils-debuginfo-2.78-13.1

– openSUSE Leap 42.2 (i586 x86_64):

dnsmasq-2.78-10.6.1
dnsmasq-debuginfo-2.78-10.6.1
dnsmasq-debugsource-2.78-10.6.1
dnsmasq-utils-2.78-10.6.1
dnsmasq-utils-debuginfo-2.78-10.6.1

References:

https://www.suse.com/security/cve/CVE-2017-14491.html
https://www.suse.com/security/cve/CVE-2017-14492.html
https://www.suse.com/security/cve/CVE-2017-14493.html
https://www.suse.com/security/cve/CVE-2017-14494.html
https://www.suse.com/security/cve/CVE-2017-14495.html
https://www.suse.com/security/cve/CVE-2017-14496.html
https://bugzilla.suse.com/1060354
https://bugzilla.suse.com/1060355
https://bugzilla.suse.com/1060360
https://bugzilla.suse.com/1060361
https://bugzilla.suse.com/1060362
https://bugzilla.suse.com/1060364


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

CESA-2017:2836 Critical CentOS 7 dnsmasq Security Update

CentOS Errata and Security Advisory 2017:2836 Critical

Upstream details at : https://access.redhat.com/errata/RHSA-2017:2836

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
4116649e1e436cbc3a5cb3f63fab5b4ddd060a3eec2677ef86319abac5fc39a0 dnsmasq-2.76-2.el7_4.2.x86_64.rpm
e6021c48d7461251abf4a6bdbadc493ec435150bc63e57c255196e267fb3e7e1 dnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm

Source:
41f44e7d21c87685a8cfe3558f6cb37f1e87d998e7f5e8bc383e6c3471826443 dnsmasq-2.76-2.el7_4.2.src.rpm


Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

CESA-2017:2838 Critical CentOS 6 dnsmasq Security Update

CentOS Errata and Security Advisory 2017:2838 Critical

Upstream details at : https://access.redhat.com/errata/RHSA-2017:2838

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
973d0342cc189e8a76a86645b13dddf1582019cb96446f85b68611d8b69249c3 dnsmasq-2.48-18.el6_9.i686.rpm
d97113cf1641a9c46aedd5c4b0d1091ae07ac179e3261334d4bd256186bfbd34 dnsmasq-utils-2.48-18.el6_9.i686.rpm

x86_64:
15647fdea6bbf90bce5b5127dc2da0a0d0b338381dbb73fd1193b7f061986e97 dnsmasq-2.48-18.el6_9.x86_64.rpm
5e62a539a1ab5635ef908109dddb971f68cf476d0efe0475928274f16f207df7 dnsmasq-utils-2.48-18.el6_9.x86_64.rpm

Source:
ddc31b1822ac164af8bdc2f4947f2a760644b1e6c797e6403ef381949ae68109 dnsmasq-2.48-18.el6_9.src.rpm


Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

SUSE-SU-2017:2616-1: important: Security update for dnsmasq

SUSE Security Update: Security update for dnsmasq
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2616-1
Rating: important
References: #1035227 #1060354 #1060355 #1060360 #1060361
#1060362 #1060364 #902511 #904537 #908137
#972164
Cross-References: CVE-2015-3294 CVE-2015-8899 CVE-2017-14491
CVE-2017-14492 CVE-2017-14493 CVE-2017-14494
CVE-2017-14495 CVE-2017-14496
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

An update that solves 8 vulnerabilities and has three fixes
is now available.

Description:

This update for dnsmasq fixes the following issues.

Remedy the following security issues:

– CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354]
– CVE-2017-14492: heap based overflow. [bsc#1060355]
– CVE-2017-14493: stack based overflow. [bsc#1060360]
– CVE-2017-14494: DHCP – info leak. [bsc#1060361]
– CVE-2017-14495: DNS – OOM DoS. [bsc#1060362]
– CVE-2017-14496: DNS – DoS Integer underflow. [bsc#1060364]
– Prevent a man-in-the-middle attack (bsc#972164, fate#321175).

Furthermore, the following issues have been fixed:

– Fix DHCP relaying, broken in 2.76 and 2.77.
– Update to version 2.78 (fate#321175, fate#322030, bsc#1035227).
– Fix PXE booting for UEFI architectures (fate#322030).
– Drop PrivateDevices=yes which breaks logging (bsc#902511, bsc#904537)
– Build with support for DNSSEC (fate#318323, bsc#908137).

Please note that this update brings a (small) potential incompatibility in
the handling of “basename” in –pxe-service. Please read the CHANGELOG and
the documentation if you are using this option.

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1616=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):

dnsmasq-2.78-6.6.1
dnsmasq-debuginfo-2.78-6.6.1
dnsmasq-debugsource-2.78-6.6.1

References:

https://www.suse.com/security/cve/CVE-2015-3294.html
https://www.suse.com/security/cve/CVE-2015-8899.html
https://www.suse.com/security/cve/CVE-2017-14491.html
https://www.suse.com/security/cve/CVE-2017-14492.html
https://www.suse.com/security/cve/CVE-2017-14493.html
https://www.suse.com/security/cve/CVE-2017-14494.html
https://www.suse.com/security/cve/CVE-2017-14495.html
https://www.suse.com/security/cve/CVE-2017-14496.html
https://bugzilla.suse.com/1035227
https://bugzilla.suse.com/1060354
https://bugzilla.suse.com/1060355
https://bugzilla.suse.com/1060360
https://bugzilla.suse.com/1060361
https://bugzilla.suse.com/1060362
https://bugzilla.suse.com/1060364
https://bugzilla.suse.com/902511
https://bugzilla.suse.com/904537
https://bugzilla.suse.com/908137
https://bugzilla.suse.com/972164


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2619-1: important: Security update for dnsmasq

SUSE Security Update: Security update for dnsmasq
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2619-1
Rating: important
References: #1060354 #1060355 #1060360 #1060361 #1060362
#1060364
Cross-References: CVE-2015-3294 CVE-2015-8899 CVE-2017-14491
CVE-2017-14492 CVE-2017-14493 CVE-2017-14494
CVE-2017-14495 CVE-2017-14496
Affected Products:
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

An update that fixes 8 vulnerabilities is now available.

Description:

This update for dnsmasq fixes the following security issues:

– CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354]
– CVE-2017-14492: heap based overflow. [bsc#1060355]
– CVE-2017-14493: stack based overflow. [bsc#1060360]
– CVE-2017-14494: DHCP – info leak. [bsc#1060361]
– CVE-2017-14495: DNS – OOM DoS. [bsc#1060362]
– CVE-2017-14496: DNS – DoS Integer underflow. [bsc#1060364]

This update brings a (small) potential incompatibility in the handling of
“basename” in –pxe-service. Please read the CHANGELOG and the
documentation if you are using this option.

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 11-SP4:

zypper in -t patch slessp4-dnsmasq-13294=1

– SUSE Linux Enterprise Debuginfo 11-SP4:

zypper in -t patch dbgsp4-dnsmasq-13294=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

dnsmasq-2.78-0.17.5.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

dnsmasq-debuginfo-2.78-0.17.5.1
dnsmasq-debugsource-2.78-0.17.5.1

References:

https://www.suse.com/security/cve/CVE-2015-3294.html
https://www.suse.com/security/cve/CVE-2015-8899.html
https://www.suse.com/security/cve/CVE-2017-14491.html
https://www.suse.com/security/cve/CVE-2017-14492.html
https://www.suse.com/security/cve/CVE-2017-14493.html
https://www.suse.com/security/cve/CVE-2017-14494.html
https://www.suse.com/security/cve/CVE-2017-14495.html
https://www.suse.com/security/cve/CVE-2017-14496.html
https://bugzilla.suse.com/1060354
https://bugzilla.suse.com/1060355
https://bugzilla.suse.com/1060360
https://bugzilla.suse.com/1060361
https://bugzilla.suse.com/1060362
https://bugzilla.suse.com/1060364


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org