SUSE-SU-2017:2176-1: important: Security update for ImageMagick

SUSE Security Update: Security update for ImageMagick
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2176-1
Rating: important
References: #1042826 #1043289 #1049072
Cross-References: CVE-2017-11403 CVE-2017-9439 CVE-2017-9501

Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for ImageMagick fixes the following issues:

Security issues fixed:
– CVE-2017-9439: A memory leak was found in the function ReadPDBImage
incoders/pdb.c (bsc#1042826)
– CVE-2017-9501: An assertion failure could cause a denial of service via
a crafted file (bsc#1043289)
– CVE-2017-11403: ReadMNGImage function in coders/png.c has an
out-of-order CloseBlob call, resulting in a use-after-free via acrafted
file (bsc#1049072)

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Software Development Kit 11-SP4:

zypper in -t patch sdksp4-ImageMagick-13232=1

– SUSE Linux Enterprise Server 11-SP4:

zypper in -t patch slessp4-ImageMagick-13232=1

– SUSE Linux Enterprise Debuginfo 11-SP4:

zypper in -t patch dbgsp4-ImageMagick-13232=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):

ImageMagick-6.4.3.6-7.78.5.2
ImageMagick-devel-6.4.3.6-7.78.5.2
libMagick++-devel-6.4.3.6-7.78.5.2
libMagick++1-6.4.3.6-7.78.5.2
libMagickWand1-6.4.3.6-7.78.5.2
perl-PerlMagick-6.4.3.6-7.78.5.2

– SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64):

libMagickWand1-32bit-6.4.3.6-7.78.5.2

– SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

libMagickCore1-6.4.3.6-7.78.5.2

– SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64):

libMagickCore1-32bit-6.4.3.6-7.78.5.2

– SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

ImageMagick-debuginfo-6.4.3.6-7.78.5.2
ImageMagick-debugsource-6.4.3.6-7.78.5.2

References:

https://www.suse.com/security/cve/CVE-2017-11403.html
https://www.suse.com/security/cve/CVE-2017-9439.html
https://www.suse.com/security/cve/CVE-2017-9501.html
https://bugzilla.suse.com/1042826
https://bugzilla.suse.com/1043289
https://bugzilla.suse.com/1049072


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE-SU-2017:2182-1: important: Security update for git

openSUSE Security Update: Security update for git
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2182-1
Rating: important
References: #1052481
Cross-References: CVE-2017-1000117
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for git fixes the following security issues:

– CVE-2017-1000117: A malicious third-party could have caused a git client
to execute arbitrary commands via crafted “ssh://…” URLs, including
submodules (boo#1052481)

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-939=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.3 (i586 x86_64):

git-2.13.5-3.1
git-arch-2.13.5-3.1
git-core-2.13.5-3.1
git-core-debuginfo-2.13.5-3.1
git-credential-gnome-keyring-2.13.5-3.1
git-credential-gnome-keyring-debuginfo-2.13.5-3.1
git-cvs-2.13.5-3.1
git-daemon-2.13.5-3.1
git-daemon-debuginfo-2.13.5-3.1
git-debugsource-2.13.5-3.1
git-email-2.13.5-3.1
git-gui-2.13.5-3.1
git-svn-2.13.5-3.1
git-svn-debuginfo-2.13.5-3.1
git-web-2.13.5-3.1
gitk-2.13.5-3.1

– openSUSE Leap 42.3 (noarch):

git-doc-2.13.5-3.1

References:

https://www.suse.com/security/cve/CVE-2017-1000117.html
https://bugzilla.suse.com/1052481


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE-SU-2017:2183-1: important: Security update for subversion

openSUSE Security Update: Security update for subversion
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2183-1
Rating: important
References: #1026936 #1049448 #1051362
Cross-References: CVE-2017-9800
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________

An update that solves one vulnerability and has two fixes
is now available.

Description:

This update for subversion to 1.9.7 fixes security issues and bugs.

The following vulnerabilities were fixed:

– CVE-2017-9800: A remote attacker could have caused svn clients to
execute arbitrary code via specially crafted URLs in svn:externals and
svn:sync-from-url properties. (boo#1051362)
– CVE-2005-4900: SHA-1 collisions may cause repository inconsistencies
(boo#1026936)

The following bugfix changes are included:

– Add instructions for running svnserve as a user different from “svn”,
and remove sysconfig variables that are no longer effective with the
systemd unit. (boo#1049448)

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-940=1

– openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-940=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.3 (i586 x86_64):

libsvn_auth_gnome_keyring-1-0-1.9.7-8.1
libsvn_auth_gnome_keyring-1-0-debuginfo-1.9.7-8.1
libsvn_auth_kwallet-1-0-1.9.7-8.1
libsvn_auth_kwallet-1-0-debuginfo-1.9.7-8.1
subversion-1.9.7-8.1
subversion-debuginfo-1.9.7-8.1
subversion-debugsource-1.9.7-8.1
subversion-devel-1.9.7-8.1
subversion-perl-1.9.7-8.1
subversion-perl-debuginfo-1.9.7-8.1
subversion-python-1.9.7-8.1
subversion-python-ctypes-1.9.7-8.1
subversion-python-debuginfo-1.9.7-8.1
subversion-ruby-1.9.7-8.1
subversion-ruby-debuginfo-1.9.7-8.1
subversion-server-1.9.7-8.1
subversion-server-debuginfo-1.9.7-8.1
subversion-tools-1.9.7-8.1
subversion-tools-debuginfo-1.9.7-8.1

– openSUSE Leap 42.3 (noarch):

subversion-bash-completion-1.9.7-8.1

– openSUSE Leap 42.2 (x86_64):

libsvn_auth_gnome_keyring-1-0-1.9.7-5.3.1
libsvn_auth_gnome_keyring-1-0-debuginfo-1.9.7-5.3.1
libsvn_auth_kwallet-1-0-1.9.7-5.3.1
libsvn_auth_kwallet-1-0-debuginfo-1.9.7-5.3.1
subversion-1.9.7-5.3.1
subversion-debuginfo-1.9.7-5.3.1
subversion-debugsource-1.9.7-5.3.1
subversion-devel-1.9.7-5.3.1
subversion-perl-1.9.7-5.3.1
subversion-perl-debuginfo-1.9.7-5.3.1
subversion-python-1.9.7-5.3.1
subversion-python-ctypes-1.9.7-5.3.1
subversion-python-debuginfo-1.9.7-5.3.1
subversion-ruby-1.9.7-5.3.1
subversion-ruby-debuginfo-1.9.7-5.3.1
subversion-server-1.9.7-5.3.1
subversion-server-debuginfo-1.9.7-5.3.1
subversion-tools-1.9.7-5.3.1
subversion-tools-debuginfo-1.9.7-5.3.1

– openSUSE Leap 42.2 (noarch):

subversion-bash-completion-1.9.7-5.3.1

References:

https://www.suse.com/security/cve/CVE-2017-9800.html
https://bugzilla.suse.com/1026936
https://bugzilla.suse.com/1049448
https://bugzilla.suse.com/1051362


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE-SU-2017:2186-1: important: Security update for openjpeg2

openSUSE Security Update: Security update for openjpeg2
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2186-1
Rating: important
References: #979907 #997857
Cross-References: CVE-2015-8871 CVE-2016-7163
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for openjpeg2 fixes the following issues:

– CVE 2016-7163: Integer Overflow could lead to remote code execution
(bsc#997857)
– CVE 2015-8871: Use-after-free in opj_j2k_write_mco function could lead
to denial of service (bsc#979907)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-943=1

– openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-943=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.3 (i586 x86_64):

libopenjp2-7-2.1.0-16.1
libopenjp2-7-debuginfo-2.1.0-16.1
openjpeg2-2.1.0-16.1
openjpeg2-debuginfo-2.1.0-16.1
openjpeg2-debugsource-2.1.0-16.1
openjpeg2-devel-2.1.0-16.1

– openSUSE Leap 42.3 (x86_64):

libopenjp2-7-32bit-2.1.0-16.1
libopenjp2-7-debuginfo-32bit-2.1.0-16.1

– openSUSE Leap 42.2 (i586 x86_64):

libopenjp2-7-2.1.0-13.3.1
libopenjp2-7-debuginfo-2.1.0-13.3.1
openjpeg2-2.1.0-13.3.1
openjpeg2-debuginfo-2.1.0-13.3.1
openjpeg2-debugsource-2.1.0-13.3.1
openjpeg2-devel-2.1.0-13.3.1

– openSUSE Leap 42.2 (x86_64):

libopenjp2-7-32bit-2.1.0-13.3.1
libopenjp2-7-debuginfo-32bit-2.1.0-13.3.1

References:

https://www.suse.com/security/cve/CVE-2015-8871.html
https://www.suse.com/security/cve/CVE-2016-7163.html
https://bugzilla.suse.com/979907
https://bugzilla.suse.com/997857


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2202-1: important: Security update for freeradius-server

SUSE Security Update: Security update for freeradius-server
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2202-1
Rating: important
References: #1049086
Cross-References: CVE-2017-10978 CVE-2017-10983 CVE-2017-10984
CVE-2017-10985 CVE-2017-10986 CVE-2017-10987
CVE-2017-10988
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Server 12-SP3
______________________________________________________________________________

An update that fixes 7 vulnerabilities is now available.

Description:

This update for freeradius-server fixes the following issues:

– update to 3.0.15 (bsc#1049086)
* Bind the lifetime of program name and python path to the module
* CVE-2017-10978: FR-GV-201: Check input / output length in
make_secret() (bsc#1049086)
* CVE-2017-10983: FR-GV-206: Fix read overflow when decoding DHCP option
63 (bsc#1049086)
* CVE-2017-10984: FR-GV-301: Fix write overflow in data2vp_wimax()
(bsc#1049086)
* CVE-2017-10985: FR-GV-302: Fix infinite loop and memory exhaustion
with ‘concat’ attributes (bsc#1049086)
* CVE-2017-10986: FR-GV-303: Fix infinite read in dhcp_attr2vp()
(bsc#1049086)
* CVE-2017-10987: FR-GV-304: Fix buffer over-read in
fr_dhcp_decode_suboptions() (bsc#1049086)
* CVE-2017-10988: FR-GV-305: Decode ‘signed’ attributes correctly.
(bsc#1049086)
* FR-AD-001: use strncmp() instead of memcmp() for bounded data
* Print messages when we see deprecated configuration items
* Show reasons why we couldn’t parse a certificate expiry time
* Be more accepting about truncated ASN1 times.
* Fix OpenSSL API issue which could leak small amounts of memory.
* For Access-Reject, call rad_authlog() after running the post-auth
section, just like for Access-Accept.
* Don’t crash when reading corrupted data from session resumption cache.
* Parse port in dhcpclient.
* Don’t leak memory for OpenSSL.
* Portability fixes taken from OpenBSD port collection.
* run rad_authlog after post-auth for Access-Reject.
* Don’t process VMPS packets twice.
* Fix attribute truncation in rlm_perl
* Fix bug when processing huntgroups.
* FR-AD-002 – Bind the lifetime of program name and python path to the
module
* FR-AD-003 – Pass correct statement length into sqlite3_prepare[_v2]

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Software Development Kit 12-SP3:

zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1341=1

– SUSE Linux Enterprise Server 12-SP3:

zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1341=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):

freeradius-server-debuginfo-3.0.15-2.3.1
freeradius-server-debugsource-3.0.15-2.3.1
freeradius-server-devel-3.0.15-2.3.1

– SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

freeradius-server-3.0.15-2.3.1
freeradius-server-debuginfo-3.0.15-2.3.1
freeradius-server-debugsource-3.0.15-2.3.1
freeradius-server-doc-3.0.15-2.3.1
freeradius-server-krb5-3.0.15-2.3.1
freeradius-server-krb5-debuginfo-3.0.15-2.3.1
freeradius-server-ldap-3.0.15-2.3.1
freeradius-server-ldap-debuginfo-3.0.15-2.3.1
freeradius-server-libs-3.0.15-2.3.1
freeradius-server-libs-debuginfo-3.0.15-2.3.1
freeradius-server-mysql-3.0.15-2.3.1
freeradius-server-mysql-debuginfo-3.0.15-2.3.1
freeradius-server-perl-3.0.15-2.3.1
freeradius-server-perl-debuginfo-3.0.15-2.3.1
freeradius-server-postgresql-3.0.15-2.3.1
freeradius-server-postgresql-debuginfo-3.0.15-2.3.1
freeradius-server-python-3.0.15-2.3.1
freeradius-server-python-debuginfo-3.0.15-2.3.1
freeradius-server-sqlite-3.0.15-2.3.1
freeradius-server-sqlite-debuginfo-3.0.15-2.3.1
freeradius-server-utils-3.0.15-2.3.1
freeradius-server-utils-debuginfo-3.0.15-2.3.1

References:

https://www.suse.com/security/cve/CVE-2017-10978.html
https://www.suse.com/security/cve/CVE-2017-10983.html
https://www.suse.com/security/cve/CVE-2017-10984.html
https://www.suse.com/security/cve/CVE-2017-10985.html
https://www.suse.com/security/cve/CVE-2017-10986.html
https://www.suse.com/security/cve/CVE-2017-10987.html
https://www.suse.com/security/cve/CVE-2017-10988.html
https://bugzilla.suse.com/1049086


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

CESA-2017:2485 Important CentOS 6 git Security Update

CentOS Errata and Security Advisory 2017:2485 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2017:2485

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
c3d50bf1e6327e69adee222ded15d4416e6a45a0f5eef9a7338cda96c6a97f4f emacs-git-1.7.1-9.el6_9.noarch.rpm
7ec4e9e29cace79b9a1d8d6320817319aac603af77b8aad38c8c850e9a9d118b emacs-git-el-1.7.1-9.el6_9.noarch.rpm
91e909b4dbcc937198226d9664a7c9170f987f8c0d620e4cdeb8297202a745af git-1.7.1-9.el6_9.i686.rpm
77ca5f9cf10f412ba72e2ee6fc6be083b0281cfb4ad948523a79ae7a6c3a3955 git-all-1.7.1-9.el6_9.noarch.rpm
885ba5d4abd9b8d2f6a6cb860d3d1e724153048558e5f2fc8d58a5848e7f89bc git-cvs-1.7.1-9.el6_9.noarch.rpm
78bdf784c49d83d6a84406de5ff4c952646c15ed497a417f3a7e776b60aadd47 git-daemon-1.7.1-9.el6_9.i686.rpm
d5279c2b49e038f68a837de3b3e3f7876e7ff4e9d36bc0f0b9b6ec22a6c723ff git-email-1.7.1-9.el6_9.noarch.rpm
2f20e5ca6af534075d080bb629a82774f6f6d2981380ab68e5771d6a8daf5d1d git-gui-1.7.1-9.el6_9.noarch.rpm
f041ee76b09bf85c93f150e633b0f457a712ad9edacb0d3d9010e9b8767e3770 gitk-1.7.1-9.el6_9.noarch.rpm
ee5f9f0e3bc5d579bccf2708b84d07f54cee955efe9f8da0a32f187c9ffbb836 git-svn-1.7.1-9.el6_9.noarch.rpm
ed48d84b39f9c74b6e16434c28ad2e93333c9743a29a8a7712de3eba78accd84 gitweb-1.7.1-9.el6_9.noarch.rpm
db23d3712122cd544b0e33deab5bd654c1558906889ebc6ae8c44629e1cd2efa perl-Git-1.7.1-9.el6_9.noarch.rpm

x86_64:
c3d50bf1e6327e69adee222ded15d4416e6a45a0f5eef9a7338cda96c6a97f4f emacs-git-1.7.1-9.el6_9.noarch.rpm
7ec4e9e29cace79b9a1d8d6320817319aac603af77b8aad38c8c850e9a9d118b emacs-git-el-1.7.1-9.el6_9.noarch.rpm
fd0f5ec88f14342c35ac1b255a85a4676a498bf73e39142028970e157eea58a9 git-1.7.1-9.el6_9.x86_64.rpm
77ca5f9cf10f412ba72e2ee6fc6be083b0281cfb4ad948523a79ae7a6c3a3955 git-all-1.7.1-9.el6_9.noarch.rpm
885ba5d4abd9b8d2f6a6cb860d3d1e724153048558e5f2fc8d58a5848e7f89bc git-cvs-1.7.1-9.el6_9.noarch.rpm
146ed31a8e45fb06a546c0483dfe144dac5c5c3971d793c6570ed3599663dba5 git-daemon-1.7.1-9.el6_9.x86_64.rpm
d5279c2b49e038f68a837de3b3e3f7876e7ff4e9d36bc0f0b9b6ec22a6c723ff git-email-1.7.1-9.el6_9.noarch.rpm
2f20e5ca6af534075d080bb629a82774f6f6d2981380ab68e5771d6a8daf5d1d git-gui-1.7.1-9.el6_9.noarch.rpm
f041ee76b09bf85c93f150e633b0f457a712ad9edacb0d3d9010e9b8767e3770 gitk-1.7.1-9.el6_9.noarch.rpm
ee5f9f0e3bc5d579bccf2708b84d07f54cee955efe9f8da0a32f187c9ffbb836 git-svn-1.7.1-9.el6_9.noarch.rpm
ed48d84b39f9c74b6e16434c28ad2e93333c9743a29a8a7712de3eba78accd84 gitweb-1.7.1-9.el6_9.noarch.rpm
db23d3712122cd544b0e33deab5bd654c1558906889ebc6ae8c44629e1cd2efa perl-Git-1.7.1-9.el6_9.noarch.rpm

Source:
74f8d2e2bf749caf808e0246164c0c453aa7a09a917ce439764b8588d767c69b git-1.7.1-9.el6_9.src.rpm


Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

SUSE-SU-2017:2199-1: important: Security update for ImageMagick

SUSE Security Update: Security update for ImageMagick
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2199-1
Rating: important
References: #1042812 #1042826 #1043289 #1049072
Cross-References: CVE-2017-11403 CVE-2017-9439 CVE-2017-9440
CVE-2017-9501
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP3
SUSE Linux Enterprise Workstation Extension 12-SP2
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for ImageMagick fixes the following issues:

Security issues fixed:
– CVE-2017-9439: A memory leak was found in the function ReadPDBImage
incoders/pdb.c (bsc#1042826)
– CVE-2017-9440: A memory leak was found in the function ReadPSDChannelin
coders/psd.c (bsc#1042812)
– CVE-2017-9501: An assertion failure could cause a denial of service via
a crafted file (bsc#1043289)
– CVE-2017-11403: ReadMNGImage function in coders/png.c has an
out-of-order CloseBlob call, resulting in a use-after-free via acrafted
file (bsc#1049072)

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Workstation Extension 12-SP3:

zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1343=1

– SUSE Linux Enterprise Workstation Extension 12-SP2:

zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1343=1

– SUSE Linux Enterprise Software Development Kit 12-SP3:

zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1343=1

– SUSE Linux Enterprise Software Development Kit 12-SP2:

zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1343=1

– SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:

zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1343=1

– SUSE Linux Enterprise Server 12-SP3:

zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1343=1

– SUSE Linux Enterprise Server 12-SP2:

zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1343=1

– SUSE Linux Enterprise Desktop 12-SP3:

zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1343=1

– SUSE Linux Enterprise Desktop 12-SP2:

zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1343=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64):

ImageMagick-6.8.8.1-71.5.3
ImageMagick-debuginfo-6.8.8.1-71.5.3
ImageMagick-debugsource-6.8.8.1-71.5.3
libMagick++-6_Q16-3-6.8.8.1-71.5.3
libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.5.3
libMagickCore-6_Q16-1-32bit-6.8.8.1-71.5.3
libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.5.3

– SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64):

ImageMagick-6.8.8.1-71.5.3
ImageMagick-debuginfo-6.8.8.1-71.5.3
ImageMagick-debugsource-6.8.8.1-71.5.3
libMagick++-6_Q16-3-6.8.8.1-71.5.3
libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.5.3
libMagickCore-6_Q16-1-32bit-6.8.8.1-71.5.3
libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.5.3

– SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):

ImageMagick-6.8.8.1-71.5.3
ImageMagick-debuginfo-6.8.8.1-71.5.3
ImageMagick-debugsource-6.8.8.1-71.5.3
ImageMagick-devel-6.8.8.1-71.5.3
libMagick++-6_Q16-3-6.8.8.1-71.5.3
libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.5.3
libMagick++-devel-6.8.8.1-71.5.3
perl-PerlMagick-6.8.8.1-71.5.3
perl-PerlMagick-debuginfo-6.8.8.1-71.5.3

– SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):

ImageMagick-6.8.8.1-71.5.3
ImageMagick-debuginfo-6.8.8.1-71.5.3
ImageMagick-debugsource-6.8.8.1-71.5.3
ImageMagick-devel-6.8.8.1-71.5.3
libMagick++-6_Q16-3-6.8.8.1-71.5.3
libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.5.3
libMagick++-devel-6.8.8.1-71.5.3
perl-PerlMagick-6.8.8.1-71.5.3
perl-PerlMagick-debuginfo-6.8.8.1-71.5.3

– SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):

ImageMagick-debuginfo-6.8.8.1-71.5.3
ImageMagick-debugsource-6.8.8.1-71.5.3
libMagickCore-6_Q16-1-6.8.8.1-71.5.3
libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.5.3
libMagickWand-6_Q16-1-6.8.8.1-71.5.3
libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.5.3

– SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

ImageMagick-debuginfo-6.8.8.1-71.5.3
ImageMagick-debugsource-6.8.8.1-71.5.3
libMagickCore-6_Q16-1-6.8.8.1-71.5.3
libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.5.3
libMagickWand-6_Q16-1-6.8.8.1-71.5.3
libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.5.3

– SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):

ImageMagick-debuginfo-6.8.8.1-71.5.3
ImageMagick-debugsource-6.8.8.1-71.5.3
libMagickCore-6_Q16-1-6.8.8.1-71.5.3
libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.5.3
libMagickWand-6_Q16-1-6.8.8.1-71.5.3
libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.5.3

– SUSE Linux Enterprise Desktop 12-SP3 (x86_64):

ImageMagick-6.8.8.1-71.5.3
ImageMagick-debuginfo-6.8.8.1-71.5.3
ImageMagick-debugsource-6.8.8.1-71.5.3
libMagick++-6_Q16-3-6.8.8.1-71.5.3
libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.5.3
libMagickCore-6_Q16-1-32bit-6.8.8.1-71.5.3
libMagickCore-6_Q16-1-6.8.8.1-71.5.3
libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.5.3
libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.5.3
libMagickWand-6_Q16-1-6.8.8.1-71.5.3
libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.5.3

– SUSE Linux Enterprise Desktop 12-SP2 (x86_64):

ImageMagick-6.8.8.1-71.5.3
ImageMagick-debuginfo-6.8.8.1-71.5.3
ImageMagick-debugsource-6.8.8.1-71.5.3
libMagick++-6_Q16-3-6.8.8.1-71.5.3
libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.5.3
libMagickCore-6_Q16-1-32bit-6.8.8.1-71.5.3
libMagickCore-6_Q16-1-6.8.8.1-71.5.3
libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.5.3
libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.5.3
libMagickWand-6_Q16-1-6.8.8.1-71.5.3
libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.5.3

References:

https://www.suse.com/security/cve/CVE-2017-11403.html
https://www.suse.com/security/cve/CVE-2017-9439.html
https://www.suse.com/security/cve/CVE-2017-9440.html
https://www.suse.com/security/cve/CVE-2017-9501.html
https://bugzilla.suse.com/1042812
https://bugzilla.suse.com/1042826
https://bugzilla.suse.com/1043289
https://bugzilla.suse.com/1049072


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2175-1: important: Security update for java-1_8_0-openjdk

SUSE Security Update: Security update for java-1_8_0-openjdk
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2175-1
Rating: important
References: #1049302 #1049305 #1049306 #1049307 #1049308
#1049309 #1049310 #1049311 #1049312 #1049313
#1049314 #1049315 #1049316 #1049317 #1049318
#1049319 #1049320 #1049321 #1049322 #1049323
#1049324 #1049325 #1049326 #1049327 #1049328
#1049329 #1049330 #1049331 #1049332
Cross-References: CVE-2017-10053 CVE-2017-10067 CVE-2017-10074
CVE-2017-10078 CVE-2017-10081 CVE-2017-10086
CVE-2017-10087 CVE-2017-10089 CVE-2017-10090
CVE-2017-10096 CVE-2017-10101 CVE-2017-10102
CVE-2017-10105 CVE-2017-10107 CVE-2017-10108
CVE-2017-10109 CVE-2017-10110 CVE-2017-10111
CVE-2017-10114 CVE-2017-10115 CVE-2017-10116
CVE-2017-10118 CVE-2017-10125 CVE-2017-10135
CVE-2017-10176 CVE-2017-10193 CVE-2017-10198
CVE-2017-10243
Affected Products:
SUSE OpenStack Cloud 6
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Server 12-SP1-LTSS
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________

An update that solves 28 vulnerabilities and has one errata
is now available.

Description:

This java-1_8_0-openjdk update to version jdk8u141 (icedtea 3.5.0) fixes
the following issues:

Security issues fixed:
– CVE-2017-10053: Improved image post-processing steps (bsc#1049305)
– CVE-2017-10067: Additional jar validation steps (bsc#1049306)
– CVE-2017-10074: Image conversion improvements (bsc#1049307)
– CVE-2017-10078: Better script accessibility for JavaScript (bsc#1049308)
– CVE-2017-10081: Right parenthesis issue (bsc#1049309)
– CVE-2017-10086: Unspecified vulnerability in subcomponent JavaFX
(bsc#1049310)
– CVE-2017-10087: Better Thread Pool execution (bsc#1049311)
– CVE-2017-10089: Service Registration Lifecycle (bsc#1049312)
– CVE-2017-10090: Better handling of channel groups (bsc#1049313)
– CVE-2017-10096: Transform Transformer Exceptions (bsc#1049314)
– CVE-2017-10101: Better reading of text catalogs (bsc#1049315)
– CVE-2017-10102: Improved garbage collection (bsc#1049316)
– CVE-2017-10105: Unspecified vulnerability in subcomponent deployment
(bsc#1049317)
– CVE-2017-10107: Less Active Activations (bsc#1049318)
– CVE-2017-10108: Better naming attribution (bsc#1049319)
– CVE-2017-10109: Better sourcing of code (bsc#1049320)
– CVE-2017-10110: Better image fetching (bsc#1049321)
– CVE-2017-10111: Rearrange MethodHandle arrangements (bsc#1049322)
– CVE-2017-10114: Unspecified vulnerability in subcomponent JavaFX
(bsc#1049323)
– CVE-2017-10115: Higher quality DSA operations (bsc#1049324)
– CVE-2017-10116: Proper directory lookup processing (bsc#1049325)
– CVE-2017-10118: Higher quality ECDSA operations (bsc#1049326)
– CVE-2017-10125: Unspecified vulnerability in subcomponent deployment
(bsc#1049327)
– CVE-2017-10135: Better handling of PKCS8 material (bsc#1049328)
– CVE-2017-10176: Additional elliptic curve support (bsc#1049329)
– CVE-2017-10193: Improve algorithm constraints implementation
(bsc#1049330)
– CVE-2017-10198: Clear certificate chain connections (bsc#1049331)
– CVE-2017-10243: Unspecified vulnerability in subcomponent JAX-WS
(bsc#1049332)

Bug fixes:
– Check registry registration location
– Improved certificate processing
– JMX diagnostic improvements
– Update to libpng 1.6.28
– Import of OpenJDK 8 u141 build 15 (bsc#1049302)

New features:
– Support using RSAandMGF1 with the SHA hash algorithms in the PKCS11
provider

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE OpenStack Cloud 6:

zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1337=1

– SUSE Linux Enterprise Server for SAP 12-SP1:

zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1337=1

– SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:

zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1337=1

– SUSE Linux Enterprise Server 12-SP3:

zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1337=1

– SUSE Linux Enterprise Server 12-SP2:

zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1337=1

– SUSE Linux Enterprise Server 12-SP1-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1337=1

– SUSE Linux Enterprise Desktop 12-SP3:

zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1337=1

– SUSE Linux Enterprise Desktop 12-SP2:

zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1337=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE OpenStack Cloud 6 (x86_64):

java-1_8_0-openjdk-1.8.0.144-27.5.3
java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3
java-1_8_0-openjdk-demo-1.8.0.144-27.5.3
java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-devel-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

– SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):

java-1_8_0-openjdk-1.8.0.144-27.5.3
java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3
java-1_8_0-openjdk-demo-1.8.0.144-27.5.3
java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-devel-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

– SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):

java-1_8_0-openjdk-1.8.0.144-27.5.3
java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3
java-1_8_0-openjdk-demo-1.8.0.144-27.5.3
java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-devel-1.8.0.144-27.5.3
java-1_8_0-openjdk-devel-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

– SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

java-1_8_0-openjdk-1.8.0.144-27.5.3
java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3
java-1_8_0-openjdk-demo-1.8.0.144-27.5.3
java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-devel-1.8.0.144-27.5.3
java-1_8_0-openjdk-devel-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

– SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):

java-1_8_0-openjdk-1.8.0.144-27.5.3
java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3
java-1_8_0-openjdk-demo-1.8.0.144-27.5.3
java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-devel-1.8.0.144-27.5.3
java-1_8_0-openjdk-devel-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

– SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):

java-1_8_0-openjdk-1.8.0.144-27.5.3
java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3
java-1_8_0-openjdk-demo-1.8.0.144-27.5.3
java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-devel-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

– SUSE Linux Enterprise Desktop 12-SP3 (x86_64):

java-1_8_0-openjdk-1.8.0.144-27.5.3
java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

– SUSE Linux Enterprise Desktop 12-SP2 (x86_64):

java-1_8_0-openjdk-1.8.0.144-27.5.3
java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

References:

https://www.suse.com/security/cve/CVE-2017-10053.html
https://www.suse.com/security/cve/CVE-2017-10067.html
https://www.suse.com/security/cve/CVE-2017-10074.html
https://www.suse.com/security/cve/CVE-2017-10078.html
https://www.suse.com/security/cve/CVE-2017-10081.html
https://www.suse.com/security/cve/CVE-2017-10086.html
https://www.suse.com/security/cve/CVE-2017-10087.html
https://www.suse.com/security/cve/CVE-2017-10089.html
https://www.suse.com/security/cve/CVE-2017-10090.html
https://www.suse.com/security/cve/CVE-2017-10096.html
https://www.suse.com/security/cve/CVE-2017-10101.html
https://www.suse.com/security/cve/CVE-2017-10102.html
https://www.suse.com/security/cve/CVE-2017-10105.html
https://www.suse.com/security/cve/CVE-2017-10107.html
https://www.suse.com/security/cve/CVE-2017-10108.html
https://www.suse.com/security/cve/CVE-2017-10109.html
https://www.suse.com/security/cve/CVE-2017-10110.html
https://www.suse.com/security/cve/CVE-2017-10111.html
https://www.suse.com/security/cve/CVE-2017-10114.html
https://www.suse.com/security/cve/CVE-2017-10115.html
https://www.suse.com/security/cve/CVE-2017-10116.html
https://www.suse.com/security/cve/CVE-2017-10118.html
https://www.suse.com/security/cve/CVE-2017-10125.html
https://www.suse.com/security/cve/CVE-2017-10135.html
https://www.suse.com/security/cve/CVE-2017-10176.html
https://www.suse.com/security/cve/CVE-2017-10193.html
https://www.suse.com/security/cve/CVE-2017-10198.html
https://www.suse.com/security/cve/CVE-2017-10243.html
https://bugzilla.suse.com/1049302
https://bugzilla.suse.com/1049305
https://bugzilla.suse.com/1049306
https://bugzilla.suse.com/1049307
https://bugzilla.suse.com/1049308
https://bugzilla.suse.com/1049309
https://bugzilla.suse.com/1049310
https://bugzilla.suse.com/1049311
https://bugzilla.suse.com/1049312
https://bugzilla.suse.com/1049313
https://bugzilla.suse.com/1049314
https://bugzilla.suse.com/1049315
https://bugzilla.suse.com/1049316
https://bugzilla.suse.com/1049317
https://bugzilla.suse.com/1049318
https://bugzilla.suse.com/1049319
https://bugzilla.suse.com/1049320
https://bugzilla.suse.com/1049321
https://bugzilla.suse.com/1049322
https://bugzilla.suse.com/1049323
https://bugzilla.suse.com/1049324
https://bugzilla.suse.com/1049325
https://bugzilla.suse.com/1049326
https://bugzilla.suse.com/1049327
https://bugzilla.suse.com/1049328
https://bugzilla.suse.com/1049329
https://bugzilla.suse.com/1049330
https://bugzilla.suse.com/1049331
https://bugzilla.suse.com/1049332


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Zabbix 3.4.0rc1 released

The following information has been provided by the zabbix announce mailing list.
Greetings!

Zabbix Team is pleased to announce the availability of Zabbix 3.4.0rc1, first release candidate of Zabbix 3.4.

Complete Release Notes: https://www.zabbix.com/rn3.4.0rc1

Download: https://www.zabbix.com/download

Kind regards,
Alexei Vladishev,
Zabbix Product Manager, CEO

——————————————————————————
Check out the vibrant tech community on one of the world’s most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Zabbix-announce mailing list
Zabbix-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/zabbix-announce

CESA-2017:2478 Critical CentOS 6 httpd Security Update

The following information has been provided by the CENTOS announce mailing list.

CentOS Errata and Security Advisory 2017:2478 Critical

Upstream details at : https://access.redhat.com/errata/RHSA-2017:2478

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
68b712bfb3b1a08748f4bdac924dc30fa5683977333c9ff052a525d2e9347259  httpd-2.2.15-60.el6.centos.5.i686.rpm
aeff46346d66dcb687524a05882f21b6c7596f433859c2a443354af33bc3deed  httpd-devel-2.2.15-60.el6.centos.5.i686.rpm
ae7886ff13fef00ae7272ccced1ec6e3d4cdd0db02a3e9ba37a37d7b7548d087  httpd-manual-2.2.15-60.el6.centos.5.noarch.rpm
30d1a73a78e580d5314b7140799e23af42c0023560c863ceab681eae175e815b  httpd-tools-2.2.15-60.el6.centos.5.i686.rpm
c6ee5b709d021faaa9abd61f8316948ed2043ce53d935b9063285bf3d41994f8  mod_ssl-2.2.15-60.el6.centos.5.i686.rpm

x86_64:
6c4577f55b8b3f40a1223be39a61ee1185ce7b9a0588ef4ad60fbf45d5e431e7  httpd-2.2.15-60.el6.centos.5.x86_64.rpm
aeff46346d66dcb687524a05882f21b6c7596f433859c2a443354af33bc3deed  httpd-devel-2.2.15-60.el6.centos.5.i686.rpm
4c9cc089ac1d30b9b50bd1ff2a2a3eaf0c09cc969b0b543f6a7d9ffd01f5cf4f  httpd-devel-2.2.15-60.el6.centos.5.x86_64.rpm
ae7886ff13fef00ae7272ccced1ec6e3d4cdd0db02a3e9ba37a37d7b7548d087  httpd-manual-2.2.15-60.el6.centos.5.noarch.rpm
5cc5dfdd78d76f2c020cfab998363aa8345cdc477d48af3a1c1cd48dd364098f  httpd-tools-2.2.15-60.el6.centos.5.x86_64.rpm
b2f9c90fc09cb85894f20ead9cbf4405cf92ac1748860aa280e7af96c21e17fb  mod_ssl-2.2.15-60.el6.centos.5.x86_64.rpm

Source:
ee426ab362997f52fcfd19d7e5610359d47a3a5439cbba2ecff7455c35bd9b85  httpd-2.2.15-60.el6.centos.5.src.rpm

CESA-2017:2424 Critical CentOS 6 java-1.7.0-openjdk Security Update

The following information has been provided by the CENTOS announce mailing list.

CentOS Errata and Security Advisory 2017:2424 Critical

Upstream details at : https://access.redhat.com/errata/RHSA-2017:2424

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
53a24f4fed4dffa5d60f5f6f5aae09cae0d5aa675aae5c89bc89568f150c375b  java-1.7.0-openjdk-1.7.0.151-2.6.11.0.el6_9.i686.rpm
87ed44696e8f5d9f3a409e48e8e45c9963ee8bd5d66d85432f99fde5fe700fc6  java-1.7.0-openjdk-demo-1.7.0.151-2.6.11.0.el6_9.i686.rpm
a22a1605fd7fd61c1edff42b837d048263c9ed3d62ddc6cb057df9db9b8488d3  java-1.7.0-openjdk-devel-1.7.0.151-2.6.11.0.el6_9.i686.rpm
ab1fa5c00fc66e895c699909ba6f7a033359a2cb6c853b45db77bac414f83faa  java-1.7.0-openjdk-javadoc-1.7.0.151-2.6.11.0.el6_9.noarch.rpm
ddc41007c6b80e937826f9b08adb8529537e45224b7d9c77e88a5137333dec08  java-1.7.0-openjdk-src-1.7.0.151-2.6.11.0.el6_9.i686.rpm

x86_64:
bd3d2e33f5f05c97acdb4463ee838e1ac990de77704401a13cbee82d6359c93b  java-1.7.0-openjdk-1.7.0.151-2.6.11.0.el6_9.x86_64.rpm
077188b99553fa5323ce61ae133048b4a3fbf12bb6feeb494734af627cf5fb62  java-1.7.0-openjdk-demo-1.7.0.151-2.6.11.0.el6_9.x86_64.rpm
aa5efd1300c3240590bf4ecaaf00040eb1a3ae3674279de2c768c734921eef85  java-1.7.0-openjdk-devel-1.7.0.151-2.6.11.0.el6_9.x86_64.rpm
ab1fa5c00fc66e895c699909ba6f7a033359a2cb6c853b45db77bac414f83faa  java-1.7.0-openjdk-javadoc-1.7.0.151-2.6.11.0.el6_9.noarch.rpm
51f85429d7fb4aebb500b6ba73e717f7dbc6597191db9dd8c0b108d9f1e7aac4  java-1.7.0-openjdk-src-1.7.0.151-2.6.11.0.el6_9.x86_64.rpm

Source:
f7fea14d8c97e7251cb3129c2c0bc23485ed534d36f80a9e1feb6d301abbe207  java-1.7.0-openjdk-1.7.0.151-2.6.11.0.el6_9.src.rpm

CESA-2017:2456 Critical CentOS 6 firefox Security Update

The following information has been provided by the CENTOS announce mailing list.

CentOS Errata and Security Advisory 2017:2456 Critical

Upstream details at : https://access.redhat.com/errata/RHSA-2017:2456

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
f29636840b84fd6d5a4a102d02a19c569a3c8e5bb122fffab931a57fdaf87ae8  firefox-52.3.0-3.el6.centos.i686.rpm

x86_64:
f29636840b84fd6d5a4a102d02a19c569a3c8e5bb122fffab931a57fdaf87ae8  firefox-52.3.0-3.el6.centos.i686.rpm
fa94722eb61a41e0c0c12c31dab803aeb3387e9ba83ad52a305dc1880d5764b8  firefox-52.3.0-3.el6.centos.x86_64.rpm

Source:
85eb85c49ccac809e5eb899b3680735e5ba1521c378866ccfa98982462801152  firefox-52.3.0-3.el6.centos.src.rpm

Dovecot v2.2.32 release candidate released

The following information has been provided by the Dovecot-news mailing list.

https://dovecot.org/releases/2.2/rc/dovecot-2.2.32.rc1.tar.gz
https://dovecot.org/releases/2.2/rc/dovecot-2.2.32.rc1.tar.gz.sig

There are various changes in this release that can be used to significantly reduce disk IO with:
1) NFS storage especially, but I guess also other remote filesystems and even some with local disks

Continue reading “Dovecot v2.2.32 release candidate released”

New CentOS Atomic Release and Kubernetes System Containers Now Available

The following information has been provided by the CENTOS announce mailing list.

Last week, the CentOS Atomic SIG released an updated version
(https://wiki.centos.org/SpecialInterestGroup/Atomic/Download) of
CentOS Atomic Host (7.1707), a lean operating system designed to run
Docker containers, built from standard CentOS 7 RPMs, and tracking the
component versions included in Red Hat Enterprise Linux Atomic Host.
Continue reading “New CentOS Atomic Release and Kubernetes System Containers Now Available”

SUSE-SU-2017:2142-1: important: Security update for the Linux Kernel

SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2142-1
Rating: important
References: #1052311 #1052365
Cross-References: CVE-2017-1000111 CVE-2017-1000112
Affected Products:
SUSE Linux Enterprise Server for SAP 12
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

The SUSE Linux Enterprise 12 kernel was updated to 3.12.61 to the
following security updates:

– CVE-2017-1000111: fix race condition in net-packet code that could be
exploited to cause out-of-bounds memory access (bsc#1052365).
– CVE-2017-1000112: fix race condition in net-packet code that could have
been exploited by unprivileged users to gain root access. (bsc#1052311).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server for SAP 12:

zypper in -t patch SUSE-SLE-SAP-12-2017-1327=1

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1327=1

– SUSE Linux Enterprise Module for Public Cloud 12:

zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1327=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server for SAP 12 (x86_64):

kernel-default-3.12.61-52.86.1
kernel-default-base-3.12.61-52.86.1
kernel-default-base-debuginfo-3.12.61-52.86.1
kernel-default-debuginfo-3.12.61-52.86.1
kernel-default-debugsource-3.12.61-52.86.1
kernel-default-devel-3.12.61-52.86.1
kernel-syms-3.12.61-52.86.1
kernel-xen-3.12.61-52.86.1
kernel-xen-base-3.12.61-52.86.1
kernel-xen-base-debuginfo-3.12.61-52.86.1
kernel-xen-debuginfo-3.12.61-52.86.1
kernel-xen-debugsource-3.12.61-52.86.1
kernel-xen-devel-3.12.61-52.86.1
kgraft-patch-3_12_61-52_86-default-1-2.1
kgraft-patch-3_12_61-52_86-xen-1-2.1

– SUSE Linux Enterprise Server for SAP 12 (noarch):

kernel-devel-3.12.61-52.86.1
kernel-macros-3.12.61-52.86.1
kernel-source-3.12.61-52.86.1

– SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):

kernel-default-3.12.61-52.86.1
kernel-default-base-3.12.61-52.86.1
kernel-default-base-debuginfo-3.12.61-52.86.1
kernel-default-debuginfo-3.12.61-52.86.1
kernel-default-debugsource-3.12.61-52.86.1
kernel-default-devel-3.12.61-52.86.1
kernel-syms-3.12.61-52.86.1

– SUSE Linux Enterprise Server 12-LTSS (noarch):

kernel-devel-3.12.61-52.86.1
kernel-macros-3.12.61-52.86.1
kernel-source-3.12.61-52.86.1

– SUSE Linux Enterprise Server 12-LTSS (x86_64):

kernel-xen-3.12.61-52.86.1
kernel-xen-base-3.12.61-52.86.1
kernel-xen-base-debuginfo-3.12.61-52.86.1
kernel-xen-debuginfo-3.12.61-52.86.1
kernel-xen-debugsource-3.12.61-52.86.1
kernel-xen-devel-3.12.61-52.86.1
kgraft-patch-3_12_61-52_86-default-1-2.1
kgraft-patch-3_12_61-52_86-xen-1-2.1

– SUSE Linux Enterprise Server 12-LTSS (s390x):

kernel-default-man-3.12.61-52.86.1

– SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):

kernel-ec2-3.12.61-52.86.1
kernel-ec2-debuginfo-3.12.61-52.86.1
kernel-ec2-debugsource-3.12.61-52.86.1
kernel-ec2-devel-3.12.61-52.86.1
kernel-ec2-extra-3.12.61-52.86.1
kernel-ec2-extra-debuginfo-3.12.61-52.86.1

References:

https://www.suse.com/security/cve/CVE-2017-1000111.html
https://www.suse.com/security/cve/CVE-2017-1000112.html
https://bugzilla.suse.com/1052311
https://bugzilla.suse.com/1052365


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2150-1: important: Security update for the Linux Kernel

SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2150-1
Rating: important
References: #1052311 #1052365
Cross-References: CVE-2017-1000111 CVE-2017-1000112
Affected Products:
SUSE OpenStack Cloud 6
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server 12-SP1-LTSS
SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.74 to the
following security updates:

– CVE-2017-1000111: fix race condition in net-packet code that could be
exploited to cause out-of-bounds memory access (bsc#1052365).
– CVE-2017-1000112: fix race condition in net-packet code that could have
been exploited by unprivileged users to gain root access. (bsc#1052311).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE OpenStack Cloud 6:

zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1328=1

– SUSE Linux Enterprise Server for SAP 12-SP1:

zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1328=1

– SUSE Linux Enterprise Server 12-SP1-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1328=1

– SUSE Linux Enterprise Module for Public Cloud 12:

zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1328=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE OpenStack Cloud 6 (noarch):

kernel-devel-3.12.74-60.64.54.1
kernel-macros-3.12.74-60.64.54.1
kernel-source-3.12.74-60.64.54.1

– SUSE OpenStack Cloud 6 (x86_64):

kernel-default-3.12.74-60.64.54.1
kernel-default-base-3.12.74-60.64.54.1
kernel-default-base-debuginfo-3.12.74-60.64.54.1
kernel-default-debuginfo-3.12.74-60.64.54.1
kernel-default-debugsource-3.12.74-60.64.54.1
kernel-default-devel-3.12.74-60.64.54.1
kernel-syms-3.12.74-60.64.54.1
kernel-xen-3.12.74-60.64.54.1
kernel-xen-base-3.12.74-60.64.54.1
kernel-xen-base-debuginfo-3.12.74-60.64.54.1
kernel-xen-debuginfo-3.12.74-60.64.54.1
kernel-xen-debugsource-3.12.74-60.64.54.1
kernel-xen-devel-3.12.74-60.64.54.1
kgraft-patch-3_12_74-60_64_54-default-1-2.1
kgraft-patch-3_12_74-60_64_54-xen-1-2.1

– SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):

kernel-default-3.12.74-60.64.54.1
kernel-default-base-3.12.74-60.64.54.1
kernel-default-base-debuginfo-3.12.74-60.64.54.1
kernel-default-debuginfo-3.12.74-60.64.54.1
kernel-default-debugsource-3.12.74-60.64.54.1
kernel-default-devel-3.12.74-60.64.54.1
kernel-syms-3.12.74-60.64.54.1

– SUSE Linux Enterprise Server for SAP 12-SP1 (noarch):

kernel-devel-3.12.74-60.64.54.1
kernel-macros-3.12.74-60.64.54.1
kernel-source-3.12.74-60.64.54.1

– SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):

kernel-xen-3.12.74-60.64.54.1
kernel-xen-base-3.12.74-60.64.54.1
kernel-xen-base-debuginfo-3.12.74-60.64.54.1
kernel-xen-debuginfo-3.12.74-60.64.54.1
kernel-xen-debugsource-3.12.74-60.64.54.1
kernel-xen-devel-3.12.74-60.64.54.1
kgraft-patch-3_12_74-60_64_54-default-1-2.1
kgraft-patch-3_12_74-60_64_54-xen-1-2.1

– SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):

kernel-default-3.12.74-60.64.54.1
kernel-default-base-3.12.74-60.64.54.1
kernel-default-base-debuginfo-3.12.74-60.64.54.1
kernel-default-debuginfo-3.12.74-60.64.54.1
kernel-default-debugsource-3.12.74-60.64.54.1
kernel-default-devel-3.12.74-60.64.54.1
kernel-syms-3.12.74-60.64.54.1

– SUSE Linux Enterprise Server 12-SP1-LTSS (noarch):

kernel-devel-3.12.74-60.64.54.1
kernel-macros-3.12.74-60.64.54.1
kernel-source-3.12.74-60.64.54.1

– SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64):

kernel-xen-3.12.74-60.64.54.1
kernel-xen-base-3.12.74-60.64.54.1
kernel-xen-base-debuginfo-3.12.74-60.64.54.1
kernel-xen-debuginfo-3.12.74-60.64.54.1
kernel-xen-debugsource-3.12.74-60.64.54.1
kernel-xen-devel-3.12.74-60.64.54.1
kgraft-patch-3_12_74-60_64_54-default-1-2.1
kgraft-patch-3_12_74-60_64_54-xen-1-2.1

– SUSE Linux Enterprise Server 12-SP1-LTSS (s390x):

kernel-default-man-3.12.74-60.64.54.1

– SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):

kernel-ec2-3.12.74-60.64.54.1
kernel-ec2-debuginfo-3.12.74-60.64.54.1
kernel-ec2-debugsource-3.12.74-60.64.54.1
kernel-ec2-devel-3.12.74-60.64.54.1
kernel-ec2-extra-3.12.74-60.64.54.1
kernel-ec2-extra-debuginfo-3.12.74-60.64.54.1

References:

https://www.suse.com/security/cve/CVE-2017-1000111.html
https://www.suse.com/security/cve/CVE-2017-1000112.html
https://bugzilla.suse.com/1052311
https://bugzilla.suse.com/1052365


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE-SU-2017:2153-1: important: Security update for libsoup

openSUSE Security Update: Security update for libsoup
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2153-1
Rating: important
References: #1052916
Cross-References: CVE-2017-2885
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for libsoup fixes the following issues:

– A bug in the HTTP Chunked Encoding code has been fixed that could have
been exploited by attackers to cause a stack-based buffer overflow in
client or server code running libsoup (bsc#1052916, CVE-2017-2885).

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-914=1

– openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-914=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.3 (i586 x86_64):

libsoup-2_4-1-2.54.1-5.1
libsoup-2_4-1-debuginfo-2.54.1-5.1
libsoup-debugsource-2.54.1-5.1
libsoup-devel-2.54.1-5.1
typelib-1_0-Soup-2_4-2.54.1-5.1

– openSUSE Leap 42.3 (noarch):

libsoup-lang-2.54.1-5.1

– openSUSE Leap 42.3 (x86_64):

libsoup-2_4-1-32bit-2.54.1-5.1
libsoup-2_4-1-debuginfo-32bit-2.54.1-5.1
libsoup-devel-32bit-2.54.1-5.1

– openSUSE Leap 42.2 (i586 x86_64):

libsoup-2_4-1-2.54.1-2.3.1
libsoup-2_4-1-debuginfo-2.54.1-2.3.1
libsoup-debugsource-2.54.1-2.3.1
libsoup-devel-2.54.1-2.3.1
typelib-1_0-Soup-2_4-2.54.1-2.3.1

– openSUSE Leap 42.2 (x86_64):

libsoup-2_4-1-32bit-2.54.1-2.3.1
libsoup-2_4-1-debuginfo-32bit-2.54.1-2.3.1
libsoup-devel-32bit-2.54.1-2.3.1

– openSUSE Leap 42.2 (noarch):

libsoup-lang-2.54.1-2.3.1

References:

https://www.suse.com/security/cve/CVE-2017-2885.html
https://bugzilla.suse.com/1052916


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE-SU-2017:2163-1: important: Security update for subversion

SUSE Security Update: Security update for subversion
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2163-1
Rating: important
References: #1011552 #1051362
Cross-References: CVE-2016-8734 CVE-2017-9800
Affected Products:
SUSE Studio Onsite 1.3
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for subversion fixes the following issue:

– CVE-2016-8734: Unrestricted XML entity expansion in mod_dontdothat and
Subversion clients using http(s):// (bsc#1011552).

– CVE-2017-9800: client code execution via argument injection in SSH URL
(bnc#1051362)

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Studio Onsite 1.3:

zypper in -t patch slestso13-subversion-13230=1

– SUSE Linux Enterprise Software Development Kit 11-SP4:

zypper in -t patch sdksp4-subversion-13230=1

– SUSE Linux Enterprise Debuginfo 11-SP4:

zypper in -t patch dbgsp4-subversion-13230=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Studio Onsite 1.3 (x86_64):

subversion-1.6.17-1.36.9.1

– SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):

subversion-1.6.17-1.36.9.1
subversion-devel-1.6.17-1.36.9.1
subversion-perl-1.6.17-1.36.9.1
subversion-python-1.6.17-1.36.9.1
subversion-server-1.6.17-1.36.9.1
subversion-tools-1.6.17-1.36.9.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

subversion-debuginfo-1.6.17-1.36.9.1
subversion-debugsource-1.6.17-1.36.9.1

References:

https://www.suse.com/security/cve/CVE-2016-8734.html
https://www.suse.com/security/cve/CVE-2017-9800.html
https://bugzilla.suse.com/1011552
https://bugzilla.suse.com/1051362


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE-SU-2017:2169-1: important: Security update for the Linux Kernel

openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2169-1
Rating: important
References: #1019151 #1023175 #1037404 #1037994 #1038078
#1038792 #1043652 #1047027 #1051399 #1051556
#1052049 #1052223 #1052311 #1052365 #1052533
#1052709 #1052773 #1052794
Cross-References: CVE-2017-1000111 CVE-2017-1000112 CVE-2017-8831

Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________

An update that solves three vulnerabilities and has 15
fixes is now available.

Description:

The openSUSE Leap 42.2 kernel was updated to receive various security and
bugfixes.

The following security bugs were fixed:

– CVE-2017-1000111: Fixed a race condition in net-packet code that could
be exploited to cause out-of-bounds memory access (bsc#1052365).
– CVE-2017-1000112: Fixed a race condition in net-packet code that could
have been exploited by unprivileged users to gain root access.
(bsc#1052311).
– CVE-2017-8831: The saa7164_bus_get function in
drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed
local users to cause a denial of service (out-of-bounds array access) or
possibly have unspecified other impact by changing a certain
sequence-number value, aka a “double fetch” vulnerability (bnc#1037994).

The following non-security bugs were fixed:

– IB/hfi1: Wait for QSFP modules to initialize (bsc#1019151).
– bcache: force trigger gc (bsc#1038078).
– bcache: only recovery I/O error for writethrough mode (bsc#1043652).
– block: do not allow updates through sysfs until registration completes
(bsc#1047027).
– ibmvnic: Check for transport event on driver resume (bsc#1051556,
bsc#1052709).
– ibmvnic: Initialize SCRQ’s during login renegotiation (bsc#1052223).
– ibmvnic: Report rx buffer return codes as netdev_dbg (bsc#1052794).
– iommu/amd: Fix schedule-while-atomic BUG in initialization code
(bsc1052533).
– libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1023175).
– libnvdimm: fix badblock range handling of ARS range (bsc#1023175).
– qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773, LTC#157374).
– scsi_devinfo: fixup string compare (bsc#1037404).
– scsi_dh_alua: suppress errors from unsupported devices (bsc#1038792).
– vfs: fix missing inode_get_dev sites (bsc#1052049).
– x86/dmi: Switch dmi_remap() from ioremap() to ioremap_cache()
(bsc#1051399).

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-929=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.2 (x86_64):

kernel-debug-4.4.79-18.26.2
kernel-debug-base-4.4.79-18.26.2
kernel-debug-base-debuginfo-4.4.79-18.26.2
kernel-debug-debuginfo-4.4.79-18.26.2
kernel-debug-debugsource-4.4.79-18.26.2
kernel-debug-devel-4.4.79-18.26.2
kernel-debug-devel-debuginfo-4.4.79-18.26.2
kernel-default-4.4.79-18.26.2
kernel-default-base-4.4.79-18.26.2
kernel-default-base-debuginfo-4.4.79-18.26.2
kernel-default-debuginfo-4.4.79-18.26.2
kernel-default-debugsource-4.4.79-18.26.2
kernel-default-devel-4.4.79-18.26.2
kernel-obs-build-4.4.79-18.26.2
kernel-obs-build-debugsource-4.4.79-18.26.2
kernel-obs-qa-4.4.79-18.26.1
kernel-syms-4.4.79-18.26.1
kernel-vanilla-4.4.79-18.26.2
kernel-vanilla-base-4.4.79-18.26.2
kernel-vanilla-base-debuginfo-4.4.79-18.26.2
kernel-vanilla-debuginfo-4.4.79-18.26.2
kernel-vanilla-debugsource-4.4.79-18.26.2
kernel-vanilla-devel-4.4.79-18.26.2

– openSUSE Leap 42.2 (noarch):

kernel-devel-4.4.79-18.26.1
kernel-docs-4.4.79-18.26.3
kernel-docs-html-4.4.79-18.26.3
kernel-docs-pdf-4.4.79-18.26.3
kernel-macros-4.4.79-18.26.1
kernel-source-4.4.79-18.26.1
kernel-source-vanilla-4.4.79-18.26.1

References:

https://www.suse.com/security/cve/CVE-2017-1000111.html
https://www.suse.com/security/cve/CVE-2017-1000112.html
https://www.suse.com/security/cve/CVE-2017-8831.html
https://bugzilla.suse.com/1019151
https://bugzilla.suse.com/1023175
https://bugzilla.suse.com/1037404
https://bugzilla.suse.com/1037994
https://bugzilla.suse.com/1038078
https://bugzilla.suse.com/1038792
https://bugzilla.suse.com/1043652
https://bugzilla.suse.com/1047027
https://bugzilla.suse.com/1051399
https://bugzilla.suse.com/1051556
https://bugzilla.suse.com/1052049
https://bugzilla.suse.com/1052223
https://bugzilla.suse.com/1052311
https://bugzilla.suse.com/1052365
https://bugzilla.suse.com/1052533
https://bugzilla.suse.com/1052709
https://bugzilla.suse.com/1052773
https://bugzilla.suse.com/1052794


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE-SU-2017:2151-1: important: Security update for MozillaFirefox

openSUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2151-1
Rating: important
References: #1052829
Cross-References: CVE-2017-7753 CVE-2017-7779 CVE-2017-7782
CVE-2017-7784 CVE-2017-7785 CVE-2017-7786
CVE-2017-7787 CVE-2017-7791 CVE-2017-7792
CVE-2017-7798 CVE-2017-7800 CVE-2017-7801
CVE-2017-7802 CVE-2017-7803 CVE-2017-7804
CVE-2017-7807
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________

An update that fixes 16 vulnerabilities is now available.

Description:

This update to Mozilla Firefox 52.3esr fixes a number of security issues.

The following vulnerabilities were advised upstream under MFSA 2017-19
(boo#1052829):

– CVE-2017-7798: XUL injection in the style editor in devtools
– CVE-2017-7800: Use-after-free in WebSockets during disconnection
– CVE-2017-7801: Use-after-free with marquee during window resizing
– CVE-2017-7784: Use-after-free with image observers
– CVE-2017-7802: Use-after-free resizing image elements
– CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
– CVE-2017-7786: Buffer overflow while painting non-displayable SVG
– CVE-2017-7753: Out-of-bounds read with cached style data and
pseudo-elements#
– CVE-2017-7787: Same-origin policy bypass with iframes through page
reloads
– CVE-2017-7807: Domain hijacking through AppCache fallback
– CVE-2017-7792: Buffer overflow viewing certificates with an extremely
long OID
– CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
– CVE-2017-7791: Spoofing following page navigation with data: protocol
and modal alerts
– CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP
protections
– CVE-2017-7803: CSP containing ‘sandbox’ improperly applied
– CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR
52.3

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-921=1

– openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-921=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.3 (x86_64):

MozillaFirefox-52.3.0-60.1
MozillaFirefox-branding-upstream-52.3.0-60.1
MozillaFirefox-buildsymbols-52.3.0-60.1
MozillaFirefox-debuginfo-52.3.0-60.1
MozillaFirefox-debugsource-52.3.0-60.1
MozillaFirefox-devel-52.3.0-60.1
MozillaFirefox-translations-common-52.3.0-60.1
MozillaFirefox-translations-other-52.3.0-60.1

– openSUSE Leap 42.2 (x86_64):

MozillaFirefox-52.3.0-57.15.1
MozillaFirefox-branding-upstream-52.3.0-57.15.1
MozillaFirefox-buildsymbols-52.3.0-57.15.1
MozillaFirefox-debuginfo-52.3.0-57.15.1
MozillaFirefox-debugsource-52.3.0-57.15.1
MozillaFirefox-devel-52.3.0-57.15.1
MozillaFirefox-translations-common-52.3.0-57.15.1
MozillaFirefox-translations-other-52.3.0-57.15.1

References:

https://www.suse.com/security/cve/CVE-2017-7753.html
https://www.suse.com/security/cve/CVE-2017-7779.html
https://www.suse.com/security/cve/CVE-2017-7782.html
https://www.suse.com/security/cve/CVE-2017-7784.html
https://www.suse.com/security/cve/CVE-2017-7785.html
https://www.suse.com/security/cve/CVE-2017-7786.html
https://www.suse.com/security/cve/CVE-2017-7787.html
https://www.suse.com/security/cve/CVE-2017-7791.html
https://www.suse.com/security/cve/CVE-2017-7792.html
https://www.suse.com/security/cve/CVE-2017-7798.html
https://www.suse.com/security/cve/CVE-2017-7800.html
https://www.suse.com/security/cve/CVE-2017-7801.html
https://www.suse.com/security/cve/CVE-2017-7802.html
https://www.suse.com/security/cve/CVE-2017-7803.html
https://www.suse.com/security/cve/CVE-2017-7804.html
https://www.suse.com/security/cve/CVE-2017-7807.html
https://bugzilla.suse.com/1052829


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org