MESSAGE
DATE | 2017-11-16 |
FROM | opensuse-security@opensuse.org
|
SUBJECT | Subject: [Hangout - NYLXS] [security-announce] SUSE-SU-2017:2871-2:
|
From hangout-bounces-at-nylxs.com Thu Nov 16 13:56:46 2017 Return-Path: X-Original-To: archive-at-nylxs.com Delivered-To: archive-at-nylxs.com Received: from www.mrbrklyn.com (www.mrbrklyn.com [96.57.23.82]) by mrbrklyn.com (Postfix) with ESMTP id 93F98163F54; Thu, 16 Nov 2017 13:56:44 -0500 (EST) X-Original-To: hangout-at-www.mrbrklyn.com Delivered-To: hangout-at-www.mrbrklyn.com Received: by mrbrklyn.com (Postfix, from userid 1000) id 51A1A163F56; Thu, 16 Nov 2017 13:56:40 -0500 (EST) Resent-From: Ruben Safir Resent-Date: Thu, 16 Nov 2017 13:56:40 -0500 Resent-Message-ID: <20171116185640.GA13575-at-www.mrbrklyn.com> Resent-To: hangout-at-mrbrklyn.com X-Original-To: ruben-at-mrbrklyn.com Delivered-To: ruben-at-mrbrklyn.com Received: from hydra.opensuse.org (proxy-nue1.opensuse.org [195.135.221.145]) by mrbrklyn.com (Postfix) with ESMTP id 86200160876 for ; Thu, 16 Nov 2017 09:10:10 -0500 (EST) Received: from lists5.opensuse.org (baloo.infra.opensuse.org [192.168.47.38]) by hydra.opensuse.org (Postfix) with ESMTP id 338C623661 for ; Thu, 16 Nov 2017 14:09:03 +0000 (UTC) Received: from baloo.infra.opensuse.org (localhost [127.0.0.1]) by lists5.opensuse.org (Postfix) with ESMTP id B6D9A1101F; Thu, 16 Nov 2017 14:08:59 +0000 (UTC) X-Original-To: opensuse-security-announce-at-lists5-opensuse.suse.de Delivered-To: opensuse-security-announce-at-lists5-opensuse.suse.de Received: from relay1.suse.de (unknown [149.44.160.133]) by lists5.opensuse.org (Postfix) with ESMTP id 2D40811012 for ; Thu, 16 Nov 2017 14:08:57 +0000 (UTC) Received: from maintenance.suse.de (maintenance.nue.suse.com [149.44.176.14]) by relay1.suse.de (Postfix) with ESMTP id 205E825C96 for ; Thu, 16 Nov 2017 14:08:57 +0000 (UTC) Received: by maintenance.suse.de (Postfix, from userid 32005) id 1E3E9FD05; Thu, 16 Nov 2017 15:08:57 +0100 (CET) From: opensuse-security-at-opensuse.org To: opensuse-security-announce-at-opensuse.org Message-Id: <20171116140857.1E3E9FD05-at-maintenance.suse.de> Date: Thu, 16 Nov 2017 15:08:57 +0100 (CET) Precedence: bulk Mailing-List: contact opensuse-security-announce+help-at-opensuse.org; run by mlmmj X-Mailinglist: opensuse-security-announce List-Owner: List-Archive: X-MIME-Notice: attachments may have been removed from this message Subject: [Hangout - NYLXS] [security-announce] SUSE-SU-2017:2871-2: important: Security update for wget X-BeenThere: hangout-at-nylxs.com X-Mailman-Version: 2.1.17 List-Id: NYLXS Tech Talk and Politics List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: hangout-bounces-at-nylxs.com Sender: "Hangout"
SUSE Security Update: Security update for wget ______________________________________________________________________________
Announcement ID: SUSE-SU-2017:2871-2 Rating: important References: #1064715 #1064716 Cross-References: CVE-2017-13089 CVE-2017-13090 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for wget fixes the following security issues:
- CVE-2017-13089,CVE-2017-13090: Missing checks for negative remaining_chunk_size in skip_short_body and fd_read_body could cause stack buffer overflows, which could have been exploited by malicious servers. (bsc#1064715,bsc#1064716)
Patch Instructions:
To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud 6:
zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1794=1
- SUSE Linux Enterprise Server for SAP 12-SP1:
zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1794=1
- SUSE Linux Enterprise Server 12-SP3:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1794=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1794=1
- SUSE Linux Enterprise Server 12-SP1-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1794=1
- SUSE Linux Enterprise Server 12-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-2017-1794=1
- SUSE Linux Enterprise Desktop 12-SP3:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1794=1
- SUSE Linux Enterprise Desktop 12-SP2:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1794=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE OpenStack Cloud 6 (x86_64):
wget-1.14-21.3.1 wget-debuginfo-1.14-21.3.1 wget-debugsource-1.14-21.3.1
- SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):
wget-1.14-21.3.1 wget-debuginfo-1.14-21.3.1 wget-debugsource-1.14-21.3.1
- SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
wget-1.14-21.3.1 wget-debuginfo-1.14-21.3.1 wget-debugsource-1.14-21.3.1
- SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):
wget-1.14-21.3.1 wget-debuginfo-1.14-21.3.1 wget-debugsource-1.14-21.3.1
- SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):
wget-1.14-21.3.1 wget-debuginfo-1.14-21.3.1 wget-debugsource-1.14-21.3.1
- SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):
wget-1.14-21.3.1 wget-debuginfo-1.14-21.3.1 wget-debugsource-1.14-21.3.1
- SUSE Linux Enterprise Desktop 12-SP3 (x86_64):
wget-1.14-21.3.1 wget-debuginfo-1.14-21.3.1 wget-debugsource-1.14-21.3.1
- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
wget-1.14-21.3.1 wget-debuginfo-1.14-21.3.1 wget-debugsource-1.14-21.3.1
References:
https://www.suse.com/security/cve/CVE-2017-13089.html https://www.suse.com/security/cve/CVE-2017-13090.html https://bugzilla.suse.com/1064715 https://bugzilla.suse.com/1064716
-- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe-at-opensuse.org For additional commands, e-mail: opensuse-security-announce+help-at-opensuse.org _______________________________________________ Hangout mailing list Hangout-at-nylxs.com http://lists.mrbrklyn.com/mailman/listinfo/hangout
|
|