Patches released for Open Enterprise Server 11 Support Pack 2 (OES11 SP2).
This document (7014420) is provided subject to the disclaimer at the end of this document.
This is an overview of the patches that have been released for Open Enterprise Server 11 (OES11) Support Pack 2.
- 25 Feb 2014 - February 2014 OES11SP2 eDirectory 8.8 SP8 Patch 1 Hot Patch - 8911
- 24 Mar 2014 - March 2014 OES11SP2 Scheduled Maintenance Update - 8934
- 21 Apr 2014 - April 2014 OES11SP2 Hot Patch - 9140
- 28 Apr 2014 - April 2014 OES11SP2 Hot Patch for NCL - 9163
- 29 May 2014 - May 2014 OES11SP2 Scheduled Maintenance for eDirectory 8.8 SP8 patch 2 - 9156
- 29 May 2014 - May 2014 OES11SP2 Scheduled Maintenance Update - 9157
- 24 Jun 2014 - OpenSSL - 9354
- 10 Jul 2014 - July 2014 OES11 SP2 Hot Patch for iPrint Client - 9479
- 07 Aug 2014 - August 2014 OES 11 SP2 Scheduled Maintenance Update - 9413
- 23 Sep 2014 - September 2014 OES11SP2 Scheduled Maintenance for eDirectory 8.8 SP8 patch 3 - 9593
- 23 Sep 2014 - September 2014 OES 11 SP2 Scheduled Maintenance Update - 9650
- 08 Dec 2014 - December 2014 OES11SP2 Scheduled Maintenance for eDirectory 8.8 SP8 patch 4 - 9923
- 08 Dec 2014 - December 2014 OES 11 SP2 Scheduled Maintenance Update - 9879
- 16 Dec 2014 - December 2014 OES11 SP2 Hot Patch - 10084
- 27 Jan 2015 - January 2015 OES 11 SP2 Scheduled Maintenance Update - 10105
- 31 Mar 2015 - March 2015 OES11 SP2 Scheduled Maintenance for eDirectory 8.8 SP8 patch 5 - 10291
- 31 Mar 2015 - March 2015 OES 11 SP2 Scheduled Maintenance Update - 10332
- 28 May 2015 - May 2015 OES 11 SP2 Scheduled Maintenance Update - 10648
- 06 Jul 2015 - July 2015 OES11 SP2 eDirectory 8.8 SP8 Patch 5 Hot Patch - 10828
- 14 Jul 2015 - July 2015 OES11 SP2 eDirectory 8.8 SP8 Patch 5 Hot Patch 2 - 10846
- 27 Jul 2015 - July 2015 OES 11 SP2 Scheduled Maintenance Update - 10820
- 28 Jul 2015 - OES11 SP2 Patch for Blocking Migration to SLES 11 SP4 - 10849
- 30 Sep 2015 - September 2015 OES11 SP2 Scheduled Maintenance Update - 10853
- 30 Sep 2015 - September 2015 OES11 SP2 Scheduled Maintenance for eDirectory 8.8 SP8 patch 6 - 10852
- 30 Nov 2015 - November 2015 OES 11 SP2 Scheduled Maintenance Update - 10857
- 05 Jan 2016 - January 2016 OES11 SP2 eDirectory 8.8 SP8 Patch 6 Hot Patch 1 - 10860
- 28 Jan 2016 - January 2016 OES 11 SP2 Scheduled Maintenance Update - 10861
- 11 Feb 2016 - February 2016 OES 11 SP2 Hot Patch for NCP - 10863
- 08 Mar 2016 - March 2016 OES 11 SP2 Hot Patch for NSS - 10865
- 08 Mar 2016 - SLES: openssl security update - 10870
- 16 Mar 2016 - SLES: java-1_6_0-ibm security update - 10873
- 16 Mar 2016 - SLES: timezone recommended update - 10875
- 21 Mar 2016 - SLES: Firefox security update - 10879
- 21 Mar 2016 - SLES: Bind security update - 10877
- 29 Mar 2016 - SLES: timezone recommended update - 10885
- 29 Mar 2016 - SLES: Timezone recommended update - 10889
- 31 Mar 2016 - March 2016 OES 11 SP2 Scheduled Maintenance Update - 10871
- 31 Mar 2016 - March 2016 OES11 SP2 eDirectory 8.8 SP8 Patch 7 - 10867
- 05 Apr 2016 - SLES: curl-openssl1 optional update - 10887
- 06 Apr 2016 - SLES: release-notes-sles recommended update - 10890
- 13 Apr 2016 - SLES: Samba security update - 10894
- 15 Apr 2016 - SLES: openssl-certs Recommended update - 10892
- 04 May 2016 - SLES: Linux Kernel security update - 10907
- 04 May 2016 - SLES: Timezone recommended update - 10899
- 09 May 2016 - SLES: libssh2_org recommended update - 10903
- 09 May 2016 - May 2016 OES 11 SP2 Hot Patch - 10897
- 13 May 2016 - ImageMagick security update - 10915
See TID 7008280 for a list of patches released for Open Enterprise Server 11 (OES11).
See TID 7010867 for a list of patches released for Open Enterprise Server 11 SP1 (OES11 SP1).
See TID 7016875 for a list of patches released for Open Enterprise Server 2015 (OES2015).
Disclaimer : The list above does not pretend to be a full list of down-loadable software as has been released for the OES11 platform. For that detail, please consult the official Novell download site.
Additional software may have been released, but not be listed here once it is considered to be beyond the scope of what this document tries to provide, being an overview of the bugs fixed with the various patch releases that have been released for OES11 SP2.
I tried to be as complete as possible by also adding the same list of patches and bug fixes for other released iPrint and eDir patches, and have verified accurateness of the same with the respective team members.
- February 2014 OES11 SP2 eDirectory 8.8 SP8 Patch 1 Hot Patch - 8911
For an overview of the bugs released with this patch, kindly refer to the documentation as maintained by the eDirectory team :
TID 3426981 - History of Issues Resolved in eDirectory 8.8.x
- March 2014 OES11 SP2 Scheduled Maintenance Update - 8934
Bug 827306 - Winbind crashes in dcerpc_lsa_lookup_sids () in ADC - TID 7014259.
Bug 838472 - Client trying to delete print job fails: Samba returns: WERR_INVALID_PRINTER_NAME.
Bug 844720 - VUL-0: CVE-2013-4408: samba: DCERPC frag_len not checked.
Bug 845531 - CIFS very slow in listing files in directory with 240000 files.
Bug 845999 - SMB client occasionally shows duplicate files when listing a subdirectory on an OES CIFS share.
Bug 848101 - VUL-0: CVE-2013-4475: samba: No access check verification on stream files.
Bug 848628 - pure-ftpd processes LIST command incorrectly when pathname argument contains a space character.
Bug 849226 - upstream fixes tracker bug for Oct/Nov 2013 update.
Bug 851118 - OES11 CIFS logging " Invalid Patth" instead of "Invalid Path".
Bug 851121 - OES11 CIFS Time to build trustees in micro-seconds is inaccurate.
Bug 852364 - iprintman is unable to delete Printer in eDir.
Bug 853021 - libsmbclient0 package description contains comments.
Bug 853347 - VUL-0: CVE-2012-6150: samba: winbind pam security problem.
Bug 853958 - oes pure-ftpd count.txt reached negative count.
Bug 854520 - upstream fixes tracker bug for Dec 2013 update.
Bug 855593 - ""AWT-EventQueue-0" java.lang.IllegalArgumentException: dash lengths all zero" Exception thrown while opening saved project in miggui.
Bug 856008 - NRM: NCP Inventory Reports Page and Help - Contains information about sending email based on Email Notification commands in the httpstkd.conf file.
Bug 857184 - NRM:Ganglia "Server health values" is not displaying the graph for the current server.
Bug 857595 - NRM: NCP Trustee Reports Page and Help - Contains information about sending email based on Email Notification commands in the httpstkd.conf file.
Bug 857665 - NDSD crashes in libxadsdk.so with empty SID in ldapsearch.
Bug 857825 - NRM: Group Operations Configuration page and Help - Contains information about sending email based on Email Notification commands in the httpstkd.conf file.
Bug 859134 - Default value for novcifs --csc option should be change to '0' in novcifs man page.
Bug 859839 - OES11SP2_LOC:GMC1:JA:Truncated string in DSFW Configuration screen.
Bug 861198 - Vlog: Man page of VLOG needs correction to read Modify event as "MODIFY" and not "MODIFYMETADATA ".
Bug 861245 - novcifs -h refers to 'sharepoint' and not 'share point'.
Bug 862283 - For March,2014 Patch - Merging sles11sp3 / sles11sp2 samba security patch to novell-oes-samba in oes11sp2 / oes11sp1.
Bug 862793 - AFP is dumping core when afptcpd service is restarted.
- April 2014 OES11SP2 Hot Patch - 9140
Bug 870298 - Placeholder bug regarding 3rd party vendor problems following tsands branding change - TID 7014933.
- April 2014 OES11SP2 Hot Patch - 9163
- May 2014 OES11SP2 Scheduled Maintenance for eDirectory 8.8 SP8 patch 2 - 9156
For an overview of the bugs released with this patch, kindly refer to the documentation as maintained by the eDirectory team :
TID 3426981 - History of Issues Resolved in eDirectory 8.8.x
- May 2014 OES11SP2 Scheduled Maintenance Update - 9157
Bug 823951 - Trustee assignments are constantly getting out of sync.
Bug 842213 - Clicking the IP/Cluster_name of the mapped CIFS server on MAC 10.9 would fail to access the mapped volume - TID 7005113.
Bug 843854 - For DST configured volumes, opening new directory is causing error.
Bug 845142 - Linux workstations/servers error out while trying to join a DSfW domain.
Bug 850529 - CIFS NMAS Authentication Method for Linux fails authentication when user password has expired, but user still has remaining grace logins.
Bug 852321 - bad status code (0x400) from iprintman when creating printer.
Bug 853391 - Old NetBIOS Name (nfapCIFSServerName) remains in NODE STATUS RESPONSE (NBSTAT) after having renamed the CIFS Server Name in iManager.
Bug 857388 - ndsd core GetVolumeFlags.
Bug 858886 - Can not specify full context in the apple login for user lookup and authentication.
Bug 859412 - Change_proxy_pwd.sh fails when ran via cron, "NDS error failed authentication -669".
Bug 860485 - Folder gets created in wrong case when volume mounted in long name space.
Bug 861618 - pure-ftpd processes LIST command with absolute path in pathname argument incorrectly when "ChrootEveryone" is "no".
Bug 861900 - iPrint Appliance fails to write all data to padbtxt.xml.
Bug 862261 - CIFS core on startup 1.3.1-126.96.36.199 core analysis.
Bug 863188 - syslog is getting filled with XTCOM pam authentication failure every half an hour - TID 7014798.
Bug 864018 - Novell Client for Linux order 4 page allocation failures - TID 7014973.
Bug 864421 - Calling the YaST module 'inst_oes_preconfig has failed - TID 7014597.
Bug 868625 - Placeholder bug regarding 3rd party vendor problems following tsands branding change - TID 7014933.
Bug 868796 - csmport -i fails with "Cluster ID doesn't match".
Bug 869970 - Security Vuln - iPrint Directory traversal Vulnerability.
Bug 869975 - Security Vuln - iPrint stored XSS Vulnerability.
Bug 870766 - "xtier seg faulting".
Bug 872182 - Short (DOS) names are not returned when queried.
Bug 872914 - Merging apr,2014 samba sles11sp3 patch to novell-oes-samba on oes11sp2 patch.
Bug 879413 - Post Patch build update Netstorage Server received internal error.
- OpenSSL - 9354
Please refer to TID 7015264 for details on the security vulnerabilities fixed with this patch release.
July 2014 OES11 SP2 Hot Patch for iPrint Client - 9479
Bug 857992 - printers installed to Mac auto delete with blank database - TID 7015048.
Bug 858272 - Dell Printer install with profile crashed the windows spooler in XP - TID 7014728.
Bug 858447 - PaperCut Direct Print Accounting failed.
Bug 859473 - Windows client -papercut:Accounting not working while installing printer through iprntcmd in standard windows user account.
Bug 859685 - (Random)Windows client for papercut:Printers not getting installed through icm settings.
Bug 860065 - iPrint Client 5.95: Copyright need to be updated.
Bug 860068 - (Random)Windows client 5.95 for papercut:Accounting not working after installing direct printer in windows 8.1.
Bug 861064 - Windows client 5.95:Installation of printer fails while reconnecting to remote desktop session.
Bug 863255 - iPrint Mac client 5.74:(Macintosh 10.9)Not able to print to printers having space in its name - TID 7014704.
Bug 863561 - The TraceLevel text under About | Configuration is incorrect.
Bug 865327 - iprint client 5.94 slow updating windows printer properties page.
Bug 867351 - LdapImport_AD_Realm:Secure Printer installation asks for authentication even after connecting Desktop to same Realm.
Bug 873926 - iPrint Mac client 5.76:Copyright need to be updated.
Bug 874560 - iPrint Mac client 5.74:Updating from 5.74 client to 5.76 client removes printers which has space in its name.
Bug 875127 - MSR Multi Driver: Auto driver update is failing for MSR drivers if multple drivers (of different Windows flavours) are associated with a PA.
Bug 881998 - iPrint windows client need to rebuild with new OpenSSL library i.e OpenSSL v0.9.8za.
Bug 883514 - Installation of latest iPrint client (5.98) fails with error saying "The Program can't start because SSLEAY32.dll is missing from your computer.
July 2014 OES11 SP2 eDirectory 8.8 SP8 Patch 2 Hot Patch - 9407
TID 3426981 - History of Issues Resolved in eDirectory 8.8.x
- August 2014 OES11 SP2 Scheduled Maintenance update - 9413
As part of the fix for Bug 885791, comprehensive checks are added to ensure that users with the right privilege can access _admin volume on OES using CIFS.
This fix addresses a security issue that might get exposed through _admin volume over CIFS protocol access.
This fix ensures that only LUM-enabled users can access _admin volume. Therefore, this might cause errors while using Archive and Version services by users that are not LUM-enabled. To address this issue, ensure that the users are LUM-enabled.
Bug 792583 - Get file or directory information verb from NCP returns a long name instead of a DOS name for directories when the target name space requested is DOS - TID 7015161.
Bug 818564 - Delete driver profile error message does not reflect the printer agents associated with the driver profile.
Bug 820645 - Missing help for 'iPrint Manager Accounting Status' page.
Bug 837155 - Removal of cache entry from NCP cache and failure to remove cache from the open file list leads to a crash.
Bug 842642 - Cluster resource fails to register with SLP.
Bug 844132 - When using shadow volumes and CIFS on Windows 7, files become inaccessible - TID 7015611.
Bug 847008 - Change in the OES 11 getfattr implementation results in backup errors while trying to access the /var/opt/novell/nclmnt/ folder - TID 7014386.
Bug 853700 - For the ncpcon commands executed, no validation is done against input data entered by the user which eventually resulted in core.
Bug 854672 - The rights command with -S option fails to work for broken softlinks.
Bug 863260 - The iprintman printer --info command does not prompt for a certificate.
Bug 868979 - The novcifs command manpage does not describe the --share-vols-default option adequately.
Bug 869184 - Filenames that are long and contain Cyrillic characters cannot be deleted from the volume.
Bug 870070 - Recovered directories become invisible after salvaging, unless touched by another API - TID 7015273.
Bug 870386 - Trust between an Active Directory domain and a DSfW domain is broken every 30 days - TID 7015252.
Bug 872108 - While using the iprintman --grant-access option, the printer FDN fails to resolve.
Bug 873058 - Cleanup of the modified system objects is not successful when the pool expansion fails.
Bug 873212 - Missing ACLs on Computer objects are causing secure channel to break - TID 7013205.
Bug 873283 - Managing user quotas using iManager 2.7.7 on a Volume that is hosted on a OES 2 SP3 server leads to error.
Bug 874287 - While migrating data between volumes, stopping the migration fails to terminate nbackup jobs.
Bug 875846 - The /var/log/messages file floods with buffer overflow messages - TID 7015651.
Bug 876738 - Modified retrive_proxy_cred to read as retrieve_proxy_cred.
Bug 878131 - Copying a file from Mac 10.9 to a volume shared using CIFS for a user without delete rights leads to a samba lock on the file that cannot be released.
Bug 879891 - Incomplete listing of sub directories on a DST shadow volume since shadow path is not generated properly if mount point is other than root volume.
Bug 881269 - New iPrintman option added to set auto-driver update during printer creation and Printer modification through iPrintman.
Bug 884695 - NSS volumes mounted in UNIX name space losing trustee assignments - TID 7015344.
Bug 885791 - Unprivileged users get privilege access over _ADMIN volume on OES using CIFS.
Bug 887128 - Unable to manage OES using iManager after applying tomcat 6.0.41 security patch.
Bug 889783 - iManager fails to launch after 'novell-tomcat6' goes to 'DEAD' state.
September 2014 OES11SP2 Scheduled Maintenance for eDirectory 8.8 SP8 patch 3 - 9593
TID 3426981 - History of Issues Resolved in eDirectory 8.8.x
- September 2014 OES 11 SP2 Scheduled Maintenance Update - 9650
Bug 810250 - Performance of NetStorage server gradually scales down.
Bug 847302 - IDM iManager plug-in stops responding after an upgrade from v10.7.20120601 to 10.7.20130307.
Bug 849216 - Remote Desktop Access to a workstation fails with lowercase characters in domain names - TID 7015592.
Bug 854834 - The NSS volume mount operation becomes very slow while processing purge log - TID 7015314..
Bug 865164 - iManager groups plug-in throws an error if there are unspecified addresses in the ldapInterfaces attribute of the LDAP server.
Bug 866556 - Software installation using GPO fails - TID 7015617.
Bug 872284 - iManager build version numbers has to be modified from 2.7.7 Patch1 to 2.7.7 Patch 2.
Bug 874117 - ncpcon man page updates in the scripting section.
Bug 876213 - NLVM fails to handle loop devices correctly.
Bug 876657 - Copying a folder fails in nautilus - Linux file browser, when it is mapped via SMB.
Bug 876890 - OES 2 SP3 to OES 11 SP2 DNS and DHCP proxy user migration using move_to_common_proxy.sh fails - TID 7015249.
Bug 877015 - The receive buffer becomes NULL unexpectedly causing NDSD to crash - TID 7015250..
Bug 880036 - The help icon on the Login page does not link to the iManager help.
Bug 880099 - Windows Explorer does not display a complete list of sub directories when browsing a large directory on a CIFS share.
Bug 880398 - Copying multiple files to an NSS volume is very slow when User Quota has been configured.
Bug 880970 - Zero byte packets cause CIFS server to go down.
Bug 881940 - In a different tree scenario, when a user maps a file or folder with no trustee rights, the migration GUI throws an exception.
Bug 882504 - Novell Remote Manager removes packages without performing a proper dependency check.
Bug 883301 - Users not able to access their home directories after a prolonged CIFS session.
Bug 883315 - Kernel core is seen in the node 2 when RAID5 restripe tests are done on node1.
Bug 884106 - The nagiosadmin user fails to log in using a password with special characters.
Bug 884412 - CIFS cores at random, terminates with signal 6.
Bug 886815 - Kernel OOPS in NSS cacheAllocBufferForUserData - TID 7015357.
Bug 887444 - Job gets canceled when accounting module changes the job size.
Bug 888007 - Moving or renaming a folder on an NSS volume causes NCP and NSS trustee files to get out of sync.
Bug 888539 - OES 11 SP2 NCS and clustered LDAP (no SBD and NSS) does not fence nodes - TID 7015426.
Bug 888696 - System with NCS, but without NSS installed reports nlvm Error 20897 when NCS is running.
Bug 888796 - The NRM File System Management page displays no data, if the NFS share is not mounted.
Bug 889413 - Default password policy not properly configured.
Bug 890686 - Using EAS 4.5, no event sources are connected for iManager, eDirectory, and NMAS.
December 2014 OES11SP2 Scheduled Maintenance for eDirectory 8.8 SP8 patch 4 - 9923
TID 3426981 - History of Issues Resolved in eDirectory 8.8.x
- December 2014 OES 11 SP2 Scheduled Maintenance Update - 9879
Bug 856749 - During a RAID operation (create/delete) using iManager, parallel access to the RAID device using NSSMU results in kernel core.
Bug 892365 - NLVM rescan of RAID devices hangs intermittently.
Bug 888099, 902892, 904630 - Enhance the NSSMU user experience by adding short-cut keys so that NSSMU is easy to work using popular Windows SSH clients.
Bug 895488 - Unable to create a pool snapshot that is greater than 2 TB.
Bug 897237 - 'nlvm expand pool' allows a pool to expand using the partition that is used by the same pool or other pools.
Bug 899518 - Deleting an NSS volume through NSSMU changes the permissions on /etc/fstab and /etc/mtab from 644 to 600.
Bug 900643 - Quota management using iManager results in “adminusd - page allocation failure - order:5” - TID 7015901.
Bug 894753 - Server crashes with out_of_memory when a snapshot is created for snapshot using NLVM.
Bug 865938 - The Object Selector and History buttons are missing after applying the iManager 188.8.131.52 patches.
Bug 894364 - Change the build version from iManager 2.7.7 Patch2 to iManager 2.7.7 Patch 3.
Bug 904669 - XML eXternal Entity Injection (XXE) vulnerability - Authenticated administrative users can download the arbitrary files from the Access Manager administration interface as "novlwww" user.
Bug 906293 - The java.lang.NumberFormatException :For input string - "7.3" error is printed in the catalina.out log file.
Bug 656527 - When installing a printer, you might see a message “Reading driver file failed with 0” despite the printer getting successfully installed.
Bug 819805 - Banner printing garbage with non English iprint clients.
Bug 889375 - Installing the OES 11 SP2 May 2014 patch causes high utilization of CPU when the print server handles non-English characters on audit-enabled printers - TID 7015475.
Bug 886150 - Redirection of the direct printer to any other IPP printer fails on the iPrint Mac client 5.76.
Bug 895034 - The iPrint Mac client fails to print jobs submitted to the secure printer on OS X 10.10 Yosemite.
Bug 901330 - Xclient: iPrint sends the authorization credentials in a Base64 encoded text for some non-https connection.
Bug 901412 - 5.76 iPrint Client for Mac abuses Apache.
Bug 903212 - Poodle Vulnerability , need to disable sslv3 on 631 port.
Bug 808199 - Remote file operations fail because of synchronization issue caused when the scripts use the same FTP user account to login or logout of the FTP server in a very quick succession.
Bug 838414 - Unable to add cifs share longer than 75 characters with novcifs.
Bug 848628 - pure-ftpd processes the LIST command incorrectly if the pathname argument contains a space character.
Bug 849659 - Server becomes unresponsive as the NCP threads are in busy loop.
Bug 867137 - AFP service crashes due to improper handling of queued requests.
Bug 867635 - AFP service cores due to improper lock sequence while removing the expired sessions.
Bug 870067 - Renaming file in a DOS only name space problem.
Bug 873552 - novcifs -sap fails with error number 2
Bug 876396, 876397 - AFP cores frequently due to improper handling of file Handle IDs.
Bug 877030 - CIFS incorrectly registers Work Group or Domain Name as NetBIOS service types 0x00 (Workstation Service) and 0x20 (Server Service) when it is configured to use a WINS server for registrations.
Bug 882418 - File operations on an .odt file fails if the share mount point is some folder inside a volume and if the file is moved to shadow volume.
Bug 882952 - Space restrictions are not reported correctly for quotas greater than 2 TB.
Bug 889387 - Novell CIFS server returns duplicate search identifier in SMB_COM_TRANS2_FIND_FIRST2 response causing the Windows Explorer to show files of another subdirectory.
Bug 893032 - NCPCON connection list shows wrong time as 12:00 AM when a user logs in at the noon hour.
Bug 895949 - When the file name does not exist, pure-ftpd does not handle the LIST FILENAME using ftp-tls.
Bug 896192 - Cat'ting through the /admin/Novell/Cluster/EventLog.xml file crashes the cluster node - TID 7015908.
Bug 899748 - CIFS service does not accept new connections after running for a while with September 2014 maintenance patch.
Bug 900400 - pure-ftpd processes the LIST command incorrectly if the pathname argument contains a space character.
Bug 897010 - Random number of items During sync of two Netfolder connected to same vol on the backend.
Bug 903956 - Padding Oracle On Downgraded Legacy Encryption attack through SSLv3 (CVE-2014-3566).
Bug 877492 - The smdrd daemon crashes with segmentation fault - TID 7015266.
Bug 902594 - Novell Remote Manager (NRM) vulnerable to POODLE security issue.
Bug 902839 - Storage Management Services (SMS) vulnerable to POODLE security issue.
Bug 878879 - Novell Remote Manager returns HTTP error 400 when checking the properties of a file in a subdirectory with more than 2000 files.
Bug 828600 - XTier is coring in Filr server.
Bug 849216 - Remote Desktop Login from a Windows workstation to a DSfW domain fails when domain credentials are specified in lower case - TID 7015592.
Bug 879530 - If the master DNS server is a Microsoft DNS server and the OES 11 SP2 DNS server is secondary, the zone represented by these servers will not load.
Bug 886467 - Memory leak fixes in novell-named.
Bug 890617 - Adding the "Domain Admins" group from an AD server to "cn=Administrators,cn=Builtin,dc=dsfwtrust,dc=edu" on a OES 11 SP2 DSfW server fails in a cross-forest trust environment - TID 7015507.
Bug 894284 - Domain Services for Windows Daemon crashes frequently.
Bug 895254 - VMware view 5.3.0 linked clone creation fails with error status_invalid_parameter.
Bug 903956 - Padding Oracle On Downgraded Legacy Encryption attack through SSLv3(CVE-2014-3566).
Bug 838320 - The "Nagios User Management" strings in the NRM help files are not localized.
- December 2014 OES11 SP2 Hot Patch - 10084
Bug 904669 - XML eXternal Entity Injection (XXE) vulnerability: Authenticated administrative users can download arbitrary files from the Access Manager administration interface as the user "novlwww"
Bug 907953 - VUL-0: CVE-2014-3566: OES-pure-ftpd: FTP susceptible to SSLV3 vulnerability (POODLE)
Bug 908355 - Conflict of command line option with suse:pure-ftpd and oes:pure-ftpd
Bug 908537 - IBM java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 (patch 9992) breaks SFCB SSL connections - TID 7015980.
Bug 908988 - 'ciphers' for SSL/TLS is been added by suse:ftp hence oes:ftp should present this switch during ftp upgrade.
- January 2015 OES 11 SP2 Scheduled Maintenance Update - 10105
Bug 747464 - Re-import of already exported DHCP configuration renames custom named pools.
Bug 788727 - Clicking Clear Password button under the iPrint Settings does not remove the saved passwords.
Bug 818535 - Clicking the Clear History button under the iPrint Document Status does not remove the history.
Bug 827902 - On OES 11 SP2, executing the iprntcmd -v command does not show the correct server version.
Bug 828646 - The Passwords tab under iPrint Settings incorrectly displays the LDAP User Name.
Bug 829459 - Provisioning of a DSfW user group with Solid works EPDM tool fails as DSfW is failing for "queryuseraliases domain/builtin" commands in smb.
Bug 845513 - Print spooler crashes when the IPP-enabled iPrint Direct printers are installed through the iprntcmd command - TID 845513.
Bug 871841 - Upgrade of DSfW servers from OES 2 SP1 to OES 11 SP2 fails as the server object is in a mapped container instead of ou=OESSystemObject inside mapped container.
Bug 879896 - iPrint client on OES 11 SP2 sometimes displays Interactive Services Detection dialog box.
Bug 882261 - iPrint client 5.96 and Novell Client 2 SP3 IR7a are not sharing the credentials, resulting in authentication failure.
Bug 883347 - NCP server is coring as NCP engine is closing the connection by one thread while another thread is in progress to reply on the same socket.
Bug 885817 - Managing large quotas results in iManager 2.7.7 storage error - TID 7015901.
Bug 886080 - After restarting the iPrint client, cores in iPrint gateway are reported.
Bug 887541 - With iPrint client 5.98 installed, after a print job is submitted, the values in the Handles column of iprntctl.exe increases significantly.
Bug 888099 - NSSMU user experience for popular Windows SSH clients needs improvement.
Bug 889080 - The OES server slows down due to memory pressure.
Bug 890147 - Transfer ID fails during preparation phase in the Migration Tool Utility.
Bug 892064 - /proc/nll/statistics NLS_KmallocSize reports erratic memory values intermittently.
Bug 894207 - Getting 20801 errors when accessing Volumes with DST configured.
Bug 894546 - LockCache Errors in the CIFS log while performing file I/O in the scale setup.
Bug 895572 - NCP segfaults in EnumConnectionInformation() function while a connection being enumerated and if the connection is removed at the same time - TID 7015704.
Bug 897052 - The OES server crashes due to the Watchdog timer overflow - TID 7015901.
Bug 897999 - Invalid Message - Failed to Delete Directory. CIFS does not log proper messages with proper log levels.
Bug 898634 - NCPCON output redirection is not working as expected.
Bug 898966 - Deleter Name "Not Available" with salvageable files deleted by CIFS users.
Bug 899008 - On Mac OS X, the iPrint client fails to print to secure printers after saving the iPrint credentials to the keychain.
Bug 899520 - While responding to the NCPCON request, the NCP server will overwrite the default reply buffer size of 64k if the response size is more than the default buffer size that causes ndsd to core.
Bug 900261 - cifsd does not respond with STATUS_DIRECTORY_NOT_EMPTY when client marks a subdirectory with entries for deletion per SMB_COM_TRANS2_SET_FILE_INFORMATION2 of InformationLevel SMB_SET_FILE_DISPOSITION_INFO.
Bug 900643 - Quota management using iManager results in Order 5 page allocation failures for adminusd.
Bug 900751 - Some NSSMU screens do not get resized properly.
Bug 900927 - Upgrading from OES 11 SP1 to OES 11 SP2 on a volume with DIR QUOTAS _disabled_ causes the nvm_quota_limit to change - TID 7015758.
Bug 900930 - Upgrading from OES 11 SP1 to OES 11 SP2 on a volume with DIR QUOTAS _disabled_ causes the nvm_quota_limit to change - TID 7015758.
Bug 901286 - CIFS strings need to be changed for command line error and success cases.
Bug 901445 - change_proxy_pwd.sh script causes 255 error if LUM is not configured to use proxy user - TID 7015775.
Bug 901978 - Allow users to select a specific size multiplier in lists using the nlvm utility.
Bug 902194 - Cannot copy files from a CIFS share if the directory structure is not DOS (8.3 filename regulations).
Bug 904193 - The iPrint Mac client 5.78 on Yosemite 10.9 and 10.10 fails to print to SSL-enabled printers with the error message "Backend failed".
Bug 904293 - The iPrint Mac client 5.78 on Yosemite fails to print to SSL-enabled Printer Agents whose names are longer than 20 characters.
Bug 904630 - The NSSMU man page must be updated to include the latest shortcut keys.
Bug 905094 - Remove the inappropriate error message "NLL::/usr/src/packages/BUILD/nss/modules-build/nsslnxlib/nssLnxLibLKM.c counts are (621,184)" that gets added to the messages file every time the statistics file is read.
Bug 905717 - Novell Remote Manager displays incorrect message when files are listed by using the "View File system > View File System Listing" option.
Bug 906115 - After an upgrade to OES 11 SP2, the system is unable to allocate memory and OOM killer is invoked.
Bug 906596 - Novell Remote Manager does not display partition size correctly when the volume size is greater than 2 TB.
Bug 908316 - Common proxy scripts return 255 or -1 instead of positive values for certain services.
- March 2015 OES11SP2 Scheduled Maintenance for eDirectory 8.8 SP8 patch 5 - 10291
TID 3426981 - History of Issues Resolved in eDirectory 8.8.x
- March 2015 OES 11 SP2 Scheduled Maintenance Update - 10332
Bug 841509 - When installing a secure printer, the iPrint client displays an error message if the Fully Qualified Distinguished Name that has been provided is wrong - TID 7013446.
Bug 917356 - On iPrint client 5.99, temporary user credentials are not getting removed from the Passwords tab under iPrint settings.
Bug 785315 - NCP combines unrelated directories and files that do not exist in primary and shadow volumes, and displays them as an entity.
Bug 888015 - NCPSERV.LOG is filling up with synchronous I/O multiplexing error:9 messages.
Bug 852793 - Cluster resources take minutes to mount. Due to long mount delays, the resources go into a comatose state on fail-over.
Bug 898634 - ncpcon output redirection does not work as expected.
Bug 866069 - Novell CIFS on an OES11 SP2 cluster node still shares volumes of resources, where CIFS protocol has not been enabled.
Bug 891987 - Novell CIFS (Novell-cifs-1.3.2-0.90.9) on an OES11 SP2 server consumes about 7 GB of memory after applying the May 2014 scheduled maintenance update.
Bug 905286 - Novell CIFS crashes while mounting or dismounting continuously from a Linux client.
Bug 907498 - Links created on CIFS shares from a Windows Client are hidden, because the Novell CIFS server was not setting the archive attribute while creating a new file using SMB_COM_NT_CREATE_ANDX.
Bug 872558 - The afp_create_proxy_user.sh script does not provide the log filename and its path. The script does not provide an example of the input and proxy _fdn and bind_fdn format.
Bug 910784 - When the IP address of a cluster resource is changed, it is not reflected in the nfapCIFSAttach attribute of the Virtual NCP Server object.
Bug 909927 - In NSSMU, the deleted volumes are not displayed when there is a faulty pool.
Bug 870053 - In NSSMU, the F9(Deleted Vols) option lists the deleted volumes from all pools.
Bug 908489 - Unable to activate the pool on RAID 5 devices.
Bug 917997 - Incorrect NSS header information is displayed in the create new volume window.
Bug 858107 - The file overwrite vulnerability: Using the schema plug-in, a user can overwrite any file that belongs to the novlwww user.
Bug 858132 - The XSS vulnerability exists in the schema plug-in for iManager.
Bug 865164 - The iManager group plug-in throws an error when there are unspecified addresses in the ldapInterfaces attribute of the LDAP server.
Bug 903969 - The RegEX validation on multivalued attributes is applied to the wrong attributes.
Bug 904674 - Reflected Cross Site Scripting (XSS) vulnerability: Multiple reflected cross-site scripting vulnerabilities allow effective attacks of administrative and SSLVPN sessions.
Bug 904679 - Cross-Site Request Forgery: The Admin Console password can be changed via URL.
Bug 907640 - A change in build version numbers from 2.7.7. 3 to 184.108.40.206.
Bug 918810 - naudit does not work on iManager 220.127.116.11.
Bug 864053 - The DNS/DHCP Java Management Console fails to set a pool's Range Type value to "Excluded" and defaults to "DHCP."
Bug 878375 - The DNS/DHCP Java Management Console fails to import Class Declarations from the dhcpd configuration file.
Bug 893246 - Having multiple zones and allow-recursion values leads to a DNS server crash.
Bug 904854 - The DNS server crashes with an Assertion Failure during dynamic reconfiguration when the Zone Type is toggled between Primary and Secondary servers.
Bug 913626 - The DNS/DHCP Java Management Console deletes the "option space" dhcpOption from the dhcpService object.
Bug 899196 - Logging in to a DSfW domain from Mac 10.10 prompts for a password reset.
Bug 896356 - After upgrading to OES 11 SP2 QuickFinder, the Document Index is causing Tomcat to crash.
Bug 911382 - Links in the Search Results page for a few non-English file names are not working.
Bug 920201 - QuickFinder Admin login fails after installing a patch.
Bug 891911 - Trustees are not syncing when the "Copy Trustees Only at the Directory Level" option is enabled for migrating data.
Bug 908968 - SMS fails to restore the user quota when the data backed up on the OES 2015 NSS-AD volume is restored to the OES 11 SP2 NSS volume.
Bug 901710 - DFS junctions stop working.
Bug 912706 - NRM is not using the ?secure? attribute for any cookies sent over an SSL connection.
Bug 922187 - The Novell CIFS service fails when NCS is installed and not configured.
- May 2015 OES 11 SP2 Scheduled Maintenance Update - 10648
Bug 918774 - Migration tool synchronizes all the data in a volume instead of the modified data.
Bug 924475 - Backing up user quota greater than 8 TB size on the OES 2015 volume and restoring it on the OES 11 SP2 volume does not work properly.
Bug 918306 - In the Manage Junctions page, the junction status displays as Broken.
Bug 872780 - NSS Audit populates the /var/log/message with “COMN_Open - 2925357760 Error initializing audit messages”.
Bug 907395 - Menu changes in NSSMU.
Bug 911963 & 923105 - Multiple issues related to resizing the NSSMU screens.
Bug 912631 - Creating RAID0 devices with more segments causes segmentation fault in NSSMU and NLVM.
Bug 916456 - The NFS client malfunctions when NSS volume is mounted using NFS mount.
Bug 916789 - Renaming a volume or volume mount point changes the permissions on /etc/fstab from 644 to 600.
Bug 918047 - The deleted volumes page does not get updated when the volumes are purged from NSSMU.
Bug 920872 - NSSMU and NLVM failed to dismount the volume when pool is deactivated.
Bug 925106 - Disable the unsupported file snapshot (File COW) feature in NSSCON.
Bug 910280 - Winsock 10060 error installing printer thru IE and iprntcmd if ipsmd is not restarted and printer has been created with iprintman.
Bug 915560 - iprntman fails to accept the certificate if there is a mismatch in the server name URL.
Bug 918269 - Printers having driver and driver profiles assigned to them display incorrect information when generating a report from the PsmStatus page.
Bug 923001 - Installing the printer agents fail with Windows Socket error if the driver store is not reachable.
Bug 923115 - Copying the driver profile from source to target causes reinstallation of the printers due to change in the timestamps.
Bug 926371 - New printer pool management capabilities with the iprntman command - adding a pool, deleting a pool, adding printers to a pool, and deleting printers from a pool.
Bug 926504 - While executing the iprntman command across the eDirectory tree, it displays the IPPTrustManager error if the certificate is not present in the iprntman keystore.
Bug 916021 - The McAfee Web Gateway Appliance fails to join the DSfW domain.
Bug 712498 - The "Options" column in the Available DHCP Options list of the Java Management Console is not expandable.
Bug 844026 - Unable to set the DHCP Option 121 using Java Console.
Bug 874529 - The DHCP option 121 does not accept duplicate values of IP address.
Bug 668859 - Incorrect free space is displayed for a sub directory - TID 7008199.
Bug 912794 - Occasionally, listing of directory never completes when browsed through Novell Client - TID 7016264.
Bug 914349 - The renamed subdirectory on a DST volume is temporarily listed twice in Windows Explorer.
Bug 915203 - Copying large files using Novell Client is slower than CIFS clients - TID 7016266.
Bug 918049 - NDSD crashes in NCP whenever the rename operation is performed - TID 7016196.
Bug 926998 - Files with filenames > 128 characters become invalid after applying recent patches - TID 7016443.
Bug 892956 - Non-root users have read, write permissions on CIFS configuration file.
Bug 921848 - User name mismatch errors appear in cifs.log file.
Bug 922187 - The CIFS service is stopped gracefully if NCS-SDK registration fails.
Bug 922528 - Users are not able to delete a read-only subdirectory from an SMB client.
Bug 909245 - Installation of OES 11 SP2 creates actual certificates in /etc/sfcb instead of softlinks pointing to the /etc/ssl/servercerts locations.
Bug 926799 - The NCS hashed queue could overwrite the messages in some rare conditions and that could lead to NCS killing the node with a message.
- July 2015 OES11 SP2 eDirectory 8.8 SP8 Patch 5 Hot Patch - 10828
TID 3426981 - History of Issues Resolved in eDirectory 8.8.x
Note : The 8.8 SP8 Patch 5 Hot Patch release does not list bug #932268 as fixed, whereas the rpm change log indicate this as fixed.
The solution to the following bug however is confirmed to be released with this patch :
Bug 932268 - Deleted servers come back as unknown objects and subordinate replicas report -618 errors.
- July 2015 OES11 SP2 eDirectory 8.8 SP8 Patch 5 Hot Patch 2 - 10846
TID 3426981 - History of Issues Resolved in eDirectory 8.8.x
- July 2015 OES 11 SP2 Scheduled Maintenance Update - 10820
Bug 911157 - Deadlock in Novell CIFS Opportunistic Locking leads to degrade in Windows client performance.
Bug 922090 - NCP write performance is slower on large files in comparison to CIFS **
(**Note : The fix for bug 922090 requires Novell Client 2.4 and newer to benefit from this improved performance.)
Bug 926697 - NCP server should display proper error messages to the client if reading and sending data to the client fails.
Bug 930223 - Using the "ncpcon quotas sync ALL NSSVOL d" command creates empty directories on the shadow volumes.
Bug 933038 - NCP server crashes when trying to de-reference the connection object - TID 7016549.
Bug 914408, 921671, 922185 - In iPrint Windows Client, the tabs "Terminal Services", "Passwords", and "About" of the "iPrint Client Settings" dialog boxes overlaps for the following languages - zh_CN, zh_TW, and JA.
Bug 917438 - On upgrading to 5.80 clients, printing fails.
Bug 919792 - iPrint Direct and User printers installed on Windows 2008 R2 displays the status as "Paper Out".
Bug 922673 - The last page fails to print when printed using iPrint direct and RAW.
Bug 923143 - Printing labels fail intermittently when printed using iPrint direct and RAW.
Bug 923886 - iPrint Client 6.0.0 fails to create driver profiles on Non-English Windows OS (64-bit only).
Bug 924863 - FAX Printer Status in Winword "Nicht bereit" (not ready).
Bug 924873 - Print jobs to direct iPrint printers are not part of the print queue on workstation when printer is powered of
Bug 925372 - Using Windows client 6.00, Mac drivers cannot be uploaded from Windows 64-bit machine.
Bug 926595 - Installation of iPrint client version 6.0.0 triggers "Unquoted Service Path Enumeration" detection.
Bug 926717 - Labels are printed out of order.
Bug 927403 - The iPrint client plugin is blocked by Chrome version 42.
Bug 929064 - Using iPrint Client 6.0, modification of printer driver profile fails.
Bug 929615 - Printer installation fails for a newly created Mac local user. It works only after the user logs off and logs in again.
Bug 929669 - For iPrint Mac Client 6.0, the printer installation after a client uninstallation is not handled properly in the same browser session.
Bug 931984 - Using the "iprintman" command, adding same printer to multiple pools should not be allowed.
Bug 932587 & 932588 & 932591 - The "iprintman" command must have the following options - "--list", "--info", and options to select the profile to be copied.
Bug 933505 - After installing the May patch for OES 11 SP2, the print manager is not accessible due to a certificate error.
Bug 933585 - In iPrint Windows client, garbage characters appear in EULA for the following languages :zh_CN and zh_TW.
Bug 933596 & 933600 & 933706 - In iPrint Windows client, the following dialog boxes of the "iPrint Client Settings" overlap - "About" tab for JA; "iCM" tab for JA and zh_CN; and "Tray Icon" tab for zh_CN.
Bug 933719 - In iPrint Windows client, over localized strings "ABOUT, PROXY,PASSWORD..." for the following languages - ES and zh_TW.
Bug 933729 - In the "iprintman" command, the profile copy feature should work with all the platform versions.
Bug 926925 - The sync operation hangs when the Migration tool is used.
Bug 929097 - The "smdrd.conf" is referring to a wrong path /etc/opt/novell/sms/smdrd.conf.
Bug 930989 - On renaming the junction target folder, the junction status displays as 'Available' instead of 'Broken' even after performing scan.
Bug 834305 - The metamig restore does not handle special characters.
Bug 857905 - The visibility right on the parent directories is preserved until the file or directory is purged.
Bug 890396 - Unable to change the "Times to shred data" attribute for a volume using NSSMU.
Bug 926931 - The VLOG filter file and output redirection to the CSV file do not work as expected for CIFS access.
Bug 930563 - Kernel core in VLOG "RIP - 0010:  strcmp+0xc/0x30".
Bug 931471 - Information related to the snapshot feature must be removed from the help and man pages.
Bug 896994 - User password change from the Kanaka client on Mac does not update the Universal Password.
Bug 904882 & 651268 - While migrating large number of pools and volumes, the adminusd may get hung due to race conditions between pool, volume and superblock locks.
- OES11 SP2 Patch for Blocking Migration to SLES 11 SP4 - 10849
- September 2015 OES 11 SP2 Scheduled Maintenance Update - 10853
Bug 690832 - To avoid issues related to large size driver uploads, iManager should use the functionality of iprntcmd -U.
Bug 909851 - Translation issue in clustering.
Bug 747586 - Installing printer on Windows 7 64-bit machine with a user in different context displays HTTP Error code-500.
Bug 771283 - Error uploading Canon iPF8100 and iPF9100 drivers to the Driver Store - TID 7008052.
Bug 909451 - User Printers are not supported for iPrint Client on Windows 8 and above platforms.
Bug 916122 - Uploading latest Xerox GPD and HP UPD driver fails from iManager.
Bug 931784 - Print jobs are lost if the printer is paused.
Bug 934009 - Ability to submit user name to the printer in CN format.
Bug 937840 - Client changes to handle Silent job response from the server.
Bug 938540 - iprintman throws an error javax.naming.NamingException - LDAP response read timed out, timeout used:500ms
Bug 938710 - Paused jobs are resumed after spooler restarts when third party application resumes the job.
Bug 938711 - Printer redirection fails on Windows 7 32-bit or 64-bit platforms if there are print jobs that are in paused state for that printer.
Bug 929659 - Restoring data to a NCP exported Linux volume results in SMDR crash.
Bug 756123 - The server status does not show as running on the DNS DHCP Java Console-> DHCP (OES Linux) Tab.
Bug 913741 - DNS Root domain should be added to the No-Forward List of DNS Server object in DNS/DHCP Management Console.
Bug 916930 - The ice ZONE handler configures incorrect ACLs with imported dNIPDNSZone objects.
Bug 919970 - Cannot expand a particular Zone object with DNS/DHCP Management Console.
Bug 937394 - The SLES 12 NFS client malfunctions when using NFS mount of an OES NSS volume.
Bug 938456 - The adminfsd causes server panic when trying to close the adminfsdrv device.
Bug 938614 - Unable to find matching freespace on the device when creating cluster resources (error 23312) - TID 7016857.
Bug 940441 - Resolve the module reference counting problems in NSS modules.
Bug 941070 - The TrusteeInfo.xml reports mangled results if the application requests read buffer size more than 128 KB and the result of a single file ACL data exceeds 128 KB.
Bug 914332 - The 2012 Remote Desktop license server does not update the license attributes.
Bug 922569 - Include CVE-2015-0240 with the OES Samba modules.
Bug 943081 - The novell-oes-samba packages do not obsolete and require correct packages.
Bug 894798 - Localization Tracking bug for Novell Client for Linux.
Bug 912276 - The Nagios disk space checking script hangs intermittently on /var/opt/novell/nclmnt.
Bug 914843 - The SLP lookup service in xtier must be changed to service:bindery.novell to get right server address.
Bug 941264 - The Common proxy is listed in dot format in pxylist.txt file and that causes miggui to detect it as service proxy.
Bug 848624 - Using a LUM user w/o sufficient rights to the posix filesystem to run the backup cause a segfaults in smdr.
Bug 874399 - NCP verb 22_32 (Scan Volume's User Disk Restrictions) doesn't return all the user quota details if some deleted user contains user quota set on to a volume.
Bug 910897 - Directory Quota free space reported incorrectly.
Bug 917887 - Trustee rights disappearing on home directories.
Bug 920302 - Server becomes unresponsive to client access - TID 7016471.
Bug 929658 - NCP is not able to distinguish the delete event if it is coming from unlink or purge.
Bug 930954 - Volumes are mounted in NSS with long namespace, but not NCP.
Bug 867059 - Unable to create two new folder on CIFS Share from a Linux browser without renaming the first one.
Bug 906465 - CIFS service going down due to SIGIO signal - TID 7016553.
Bug 928008 - CIFS daemon logs "SMB signature verification failed." and returns ERRDOS/ERRnoaccess (Access Denied) in response to any SMB request received after SMB_COM_NT_CANCEL.
Bug 935953 - MAC clients are unable to copy files larger than 4 GB to OES CIFS servers NSS volume.
Bug 757933 - Event log entries button is not setting properly at the end of the page while more log entries are listed.
Bug 851534 - Inconsistent text between the Resource Policies screen of New Resource page and the New Resources Policies help page.
Bug 854424 - Untranslated string "Stopped" appears in the "My Clusters" help page.
Bug 854604 - Inconsistent text in the "New resource-Help" "Resource Monitoring-Help" and "Resource Policies-Help" pages.
Bug 889229 - NCSStrings.java contains duplicate resource IDs.
Bug 898398 - Inconsistent tarnation between the “Monitoring” tab and the help page.
Bug 898422 - The CIFS server name is missing after trying to modify the cluster pool information.
Bug 898582 - Unexpected "." character appears in the "Cluster Administration Error" page.
Bug 903149 - The iManager cluster plugin is not allowing to modify the BCC load script.
Bug 903949 - Cluster repair option is not updated in the iManager help.
Bug 904184 - Inconsistent translations between the "Clusters > My Clusters > New Resource" and the help page.
Bug 904780 - String "Resource Mutual Exclusion (RME)" in the cluster reporting window is not localized.
Bug 908670 - The iManager cluster plugin allows to add more characters than supported - TID 7015954.
Bug 909870, 909871 - Incorrect translations used in clustering.
Bug 909925 - Incorrect translations in the My Clusters screen.
Bug 909946 - Inconsistent style in the My clusters screen.
Bug 909949 - Incorrect style for My Clusters screen instruction line.
Bug 909968 - Inconsistent terminology in clustering.
Bug 910015 - Minor grammar issues in the description text.
Bug 910050 - Inappropriate translation of string.
Bug 910062 - Inconsistent terminology.
Bug 910077 - Redundant periods after the error code.
Bug 910202 - Text incorrectly justified in the BCC Manager tab.
Bug 910304 - "Up Since" is inappropriately translated.
Bug 910305 - "Disabled" is inappropriately translated.
Bug 870937 - The identity manager tasks are greyed out after installing or reinstalling modules into RBS.
Bug 867631 - The Advanced Selection filter fails to find user objects with Polish characters in their name.
Bug 888728 - The iManager 277 Cluster plugin errors with “316009-16 (BROKER_ERROR_NSS_SCHEMA_NOT_FOUND)”.
Bug 907024 - The javax.servlet.ServletException - File "/fw/OV/TreeResultButtons.jsp" is not found.
Bug 912513 - In iManager, adding or removing a static member to a nested group removes the security equals to itself for existing users in the member nested group.
Bug 919285 - Editing or showing rbsMember (RBS) does not show the whole FQDN of the member.
Bug 925484 - Clicking "Next" on the Browse tab in "View Objects" causes IE to logout.
Bug 939782 - Change the build version from 2.7.7. 4 to 18.104.22.168
Bug 930031 - Provide links for the latest iPrint MAC client in the Welcome page.
Bug 944335 - Include support for the latest platforms under iPrint client software list of the Welcome page.
- September 2015 OES11SP2 Scheduled Maintenance for eDirectory 8.8 SP8 patch 6 - 10852
TID 3426981 - History of Issues Resolved in eDirectory 8.8.x
- November 2015 OES 11 SP2 Scheduled Maintenance Update - 10857
Bug 952796 - Editing a file from an OES CIFS share throws "modified by another user message/pending" error and fails to sync during the first sync cycle.
Bug 857966 - DNS/DHCP Management Console for Windows does not import a DNS root zone file correctly.
Bug 937291 - When joined to ESXi server, DSfW LDAP server does not respond every 2-3 days.
Bug 939597 - DHCP Java Console stalls when creating or accessing the host entry.
Bug 940226 - Netstorage - downloaded ZIP file is empty when subdirectory name has extended characters.
Bug 942217 - DHCP fails to load when Console allows a host name with a "!" character.
Bug 687335 - File compression is not getting started as per the value set to the CompressionDailyCheckStartingHour parameter.
Bug 927046 - With December 2014 patch, if "ChrootEveryone" option is set user is placed in POSSIX home directory rather than eDirectory based home directory.
Bug 940783 - NSS to provide an API to retrieve the Pool version or library version information to cluster.
Bug 943409 - Pool rename and delete NEB events are missing in the kernel.
Bug 953477 - NSS does not generate NEB events correctly when "Sharable for Clustering" flag changes.
Bug 914283 - Using Mac Client 5.80 when a print is given to an unauthorized printer no error message is displayed
Bug 943424 - The iPrint client tray displays the held jobs as 'in queue' even after the WalkUp printer is deleted.
Bug 943425 - Job size is not displayed in the iPrint client tray for the held jobs.
Bug 943956 - When a job is submitted to a WalkUp or secure printer, the job is available in the jobs queue even without authentication.
Bug 946050 - If the iPrint Client is not installed when uploading drivers, it displays an error message which includes a wrong link.
Bug 949279 - Provide a iPrint client that supports OS X 10.11 (El Capitan).
Bug 952344 - Miggui fails to migrate printers when the option "context same as the source printer context" is selected.
- January 2016 OES11 SP2 eDirectory 8.8 SP8 Patch 6 Hot Patch 1 - 10860
TID 3426981 - History of Issues Resolved in eDirectory 8.8.x
- January 2016 OES 11 SP2 Scheduled Maintenance Update - 10861
954896 - Remove the -n or --new-name option from the iPrint man page
886449 - The posix file open calls not available with NCP.
894209 - The nulluser session does not get closed when it tries to access a valid CIFS share. After 64K sessions, the CIFS server denies new user connections.
903453 - In DSFW, the workstation join fails due to corrupted defaultNamingContext.
915463 - AFP hangs while waiting for data from the client (forced core).
930527 - iprntman psm -l throws an IPP Error - 0x403 with non-admin users.
931841 - If vlog is activated while an anti-virus is running, the machine freezes.
934554 - NCS should automatically prevent NSS32 AD-media upgraded and NSS64 pools from loading on a server earlier than OES 2015.
939866, 945162 - Unable to exclude certain volumes in vigil filter.
940299 - Novell CIFS deletes a folder for a file delete command SMB_COM_DELETE.
940783 - NSS should provide an API to retrieve the pool version or library version information to cluster.
942749 - After upgrading from Novell Client 2 SP3 IR10 to Novell Client 2 SP4, the file open request takes long time.
943408 - The pool beast is not invalidated when the current node does not support the pool media that is upgraded by another node in the cluster.
943409 - Address the pool rename and delete NEB events produced in kernel.
947285 - iPrint Security Vulnerability:85582 - Web Application Potentially Vulnerable to Click jacking (CVE Number :CVE-2015-5971).
947338 - The DircacheMaintenanceEvent() thread takes longe time to release OpenFilesListLock.
950044 - OES FTP logins fail if /var/opt/novell/pure-ftpd has 700 permissions.
950781 - namcd crashed on prchsocls203 (segfault).
950840 - Server coring in ncpengine.
952330 - NCS should consume the NEB events once NSS can generate them correctly.
953477 - NSS should generate the NEB events correctly when "Sharable for Clustering" flag changes.
953710 - NLVM failed to clean a failed pool move.
957725 - 0x00000002 error while installing printers with the EFI Fiery driver.
958266 - Server crashes whenever vigil tests are run.
958457 - NSS reZID does not work.
962505 - The ravsui man page should be updated to reflect the correct rezid value.
963354 - The SENDFILE_SUPPORT default value must be changed from 0 to 1 in ncpcon set.
Security Issues :
- February 2016 OES 11 SP2 Hot Patch for NCP - 10863
This Hot-Patch resolves a problem that was introduced with the January 2016 Update. See TID 7017213 for a list of symptoms resolved after applying this hot patch.
- March 2016 OES 11 SP2 Hot Patch for NSS - 10865
Bug 965160 - OES-PTF: NSS Returns "NSS_NCS_UNKNOWN_MEDIA_VERSION" Erroneously - TID 7017290.
This Hot-Patch resolves a problem that was introduced with the January 2016 Update.
- SLES: openssl security update - 10870
Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle.
This update changes the openssl library to:
Disable SSLv2 protocol support by default.
This can be overridden by setting the environment variable "OPENSSL_ALLOW_SSL2" or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag.
Note that various services and clients had already disabled SSL protocol 2 by default previously.
Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable "OPENSSL_ALLOW_EXPORT".
CVE-2016-0705 (bnc#968047): A double free() bug in the DSA ASN1 parser code was fixed that could be abused to facilitate a denial-of-service attack.
CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well.
CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable.
CVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled ciphers.
Note that the March 1st 2016 release also references following CVEs that were fixed by us with CVE-2015-0293 in 2015:
- CVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above "DROWN" attack much easier.
- CVE-2016-0704 (bsc#968053): "Bleichenbacher oracle in SSLv2" This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above "DROWN" attack much easier.
Also fixes the following bug: - Avoid running OPENSSL_config twice. This avoids breaking engine loading and also fixes a memory leak in libssl. (bsc#952871 bsc#967787)
- SLES: java-1_6_0-ibm security update - 10873
This update for java-1_6_0-ibm fixes the following issues by updating to 6.0-16.20 (bsc#963937)
- CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances
- CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials
- CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information
- CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions
- CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions
- CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
- CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact
- CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information
- CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service
- CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact
- CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact
The following bugs were fixed:
- bsc#960402: resolve package conflicts in devel package
- bsc#960286: resolve package conflicts in the fonts subpackage
- SLES: timezone recommended update - 10875
- America/Cayman will not observe daylight saving this year.
- Asia/Chita switches from +0800 to +0900 on 2016-03-27 at 02:00.
- Asia/Tehran now has DST predictions for the year 2038 and later.
- America/Metlakatla switched from PST all year to AKST/AKDT on 2015-11-01 at 02:00.
- America/Santa_Isabel has been removed, and replaced with a backward compatibility link to America/Tijuana.
- Asia/Karachi's two transition times in 2002 were off by a minute.
This release also includes changes affecting past time stamps, documentation and some minor code fixes. For a comprehensive list, refer to the release announcement from ICANN:
- SLES: Firefox security update - 10879
Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894) * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) * MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential privilege escalation through CSP reports * MFSA 2016-20/CVE-2016-1957 A memory leak in libstagefright when deleting an array during MP4 processing was fixed. * MFSA 2016-21/CVE-2016-1958 The displayed page address can be overridden * MFSA 2016-23/CVE-2016-1960 A use-after-free in HTML5 string parser was fixed. * MFSA 2016-24/CVE-2016-1961 A use-after-free in SetBody was fixed. * MFSA 2016-25/CVE-2016-1962 A use-after-free when using multiple WebRTC data channels was fixed. * MFSA 2016-27/CVE-2016-1964 A use-after-free during XML transformations was fixed. * MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation and Location protocol property was fixed. * MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin was fixed. * MFSA 2016-34/CVE-2016-1974 A out-of-bounds read in the HTML parser following a failed allocation was fixed. * MFSA 2016-35/CVE-2016-1950 A buffer overflow during ASN.1 decoding in NSS was fixed. * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Various font vulnerabilities were fixed in the embedded Graphite 2 library
Mozilla NSS was updated to fix: * MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections in low memory * MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS * MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER encoded keys in NSS
Mozilla NSPR was updated to version 4.12 (bsc#969894) * added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. * fixed a memory allocation bug related to the PR_*printf functions * exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 * added support for FreeBSD aarch64 * several minor correctness and compatibility fixes * Enable atomic instructions on mips (bmo#1129878) * Fix mips assertion failure when creating thread with custom stack size (bmo#1129968)
- SLES: Bind security update - 10877
Fix two assertion failures that can lead to a remote denial of service attack: * CVE-2016-1285: An error when parsing signature records for DNAME can lead to named exiting due to an assertion failure. (bsc#970072) * CVE-2016-1286: An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c. (bsc#970073)
- SLES: Timezone recommended update - 10885
- New zones Europe/Astrakhan and Europe/Ulyanovsk for Astrakhan and Ulyanovsk Oblasts, Russia, both of which will switch from +03 to +04 on 2016-03-27 at 02:00 local time.
- New zone Asia/Barnaul for Altai Krai and Altai Republic, Russia, which will switch from +06 to +07 on the same date and local time.
- Asia/Sakhalin moves from +10 to +11 on 2016-03-27 at 02:00.
- As a trial of a new system that needs less information to be made up, the new zones use numeric time zone abbreviations like "+04" instead of invented abbreviations like "ASTT".
- Haiti will not observe DST in 2016.
- Palestine's spring-forward transition on 2016-03-26 is at 01:00, not 00:00.
- tzselect's diagnostics and checking, and checktab.awk's checking, have been improved.
- tzselect now tests Julian-date TZ settings more accurately.
- SLES: Timezone recommended update - 10889
- Azerbaijan no longer observes DST (Asia/Baku)
- Chile reverts from permanent to seasonal DST
This release also includes changes affecting past time stamps and documentation. For a comprehensive list, please refer to the release announcement from ICANN:
- March 2016 OES 11 SP2 Scheduled Maintenance Update - 10871
750144 - iPrint client does not work when the user is using grace logins.
833708 - Printer status does not change to "Error Printing" state when printer is not available.
881229 - iPrint client fails to install printers with extended characters.
913013 - nlvm man page needs to be updated for '-p' option.
918627 - ncpcon NCP_TCP_KEEPALIVE_INTERVAL is not working.
921821 - iPrint Client iCM functionality needs to include mixed environments of OES and the iPrint Appliance.
928560 - Move the "Set printer as default" option to the upper left of the iPrint printer install dialog.
931113 - Mac drivers cached in mod_ipp do not get updated if the driver is updated in the driver store.
931784 - Print jobs are lost if printer gets paused.
932195 - nssmu man page update for the option '?' in nssmu.
941067 - Job submission fails if the user submits the jobs continuously to the direct printer which is not reachable.
943409 - Pool Rename and Delete NEB events produced in kernel.
944926 - OES:QuickFinder showing invalid characters when using the Portuguese Brasil language.
945655 - Unable to exclude certain volume in vigil filter.
952776 - Custom iPrint page returns user to the iPrint default IPP page after printer install if custom map is on iframe.
953218 - Unable to install printer on Windows 10 when part of Azure AD.
953802 - Unable to authenticate to secure printers with mixed case user ID.
956289 - Backend failed with Yosemite + 6.00 + SSL printers.
956291 - No printing with iPrint Client for Mac 6.00 + Yosemite + SSL printers.
956536 - CIFS - ERROR - AUTH - SEV maintenance - Failed to get effective privileges of user - 000143105, error - -625.
956589 - Copyright string Says " © 2011-2015 Micro Focus Inc. All rights reserved".
956790 - Mac_Client - The iPrint listener is not started automatically after logout/login.
956937 - Secure printer is not installed on Windows client after rebranding changes in iPrint client.
957129 - Two entries are displayed for Micro Focus iPrint client after installing the rebranded client over existing client of the same version.
957270 - Mac_Client - Should notify user when the printer redirection happens in Mac client.
957271 - Mac_Client - Should notify user when the driver update happens in Mac client.
957511 - [Random]iManager plugin does not detect the iPrint desktop client while trying to upload a driver.
957514 - Download link for Windows 10 iPrint client is not available on welcome page if the server is installed on localized language.
957515 - iPrint2.0:Error message about iPrint Client not installed appears when trying to add drivers even though iPrint Client is installed.
958387 - 'filter', destination' and 'log' statements for CIFS are changed from syslog-ng.conf after patching.
958702 - iPrint Windows Client - Need to fix the server backward compatibility issue with the latest iPrint Windows client.
959529 - iPrint 6.01 client fails with "iPrint internal error - iPrint encountered an error -1" on OSX 10.11 (el capitan).
960038 - Status of the paused print jobs to the direct printers are not displayed in the iPrint document status.
960072 - NCP server incorrectly responds with ERR_NO_CREATE_PRIVILEGE to NCP 89,32 and NCP 89,1 during OpLock Break procedure.
960533 - Unable to rename the folder on a regular basis.
960705 - NSS is not updating NSS pools eDirectory attribute "nssfsShared" while marking the device as "Shareable for Clustering".
962317 - USERNAME_CN not working with Equitrac.
962967 - Localization :Changes for Windows 10 in iManager is not included in the January 2016 OES 2015 and OES 11SP2 patch - (Bug957481).
963255 - NCS/NSS - Under certain situations /etc/fstab can be corrupted - 0 bytes.
963718 - nsscon man page update to remove the option /(no)rezid.
964141 - CIFS generates VIGIL events for directory opens.
964583 - Merging latest samba 3.6.3 code patches to novell-oes-samba.
964984 - iPrint map breaks if it is embedded in an iframe.
965270 - OES2015SP1:Unable to delete files and folders using the CIFS client.
967235 - Cluster pool deletion is allowed while the pool is in running state.
967587 - NSSMU is allowing to activate the pools marked with errors by 'ravsui verify'.
96802 - ndsd dumped core while running sparse replica test (XPOZ).
968168 - Cluster pool deletion is allowed while the pool is in running state.
968240 - NSS is not coming up when upgrading from OES 11 SP2 (fully patched) to OES 2015.
968628 - nssmu is generating a core when a partition label is modified to a length of 127 characters.
971346 - Unable to delete a shared pool using iManager.
971422 - Getting signature error when downloading the iPrint client in IE.
- March 2016 OES11 SP2 eDirectory 8.8 SP8 Patch 7 - 10867
TID 3426981 - History of Issues Resolved in eDirectory 8.8.x
- SLES: Curl-openssl1 optional update - 10887
To switch /usr/bin/curl to use openssl 1.0.1 and so support TLS 1.2 in https connections use:
update-alternatives --set curl /usr/bin/curl.openssl1
to switch back to the old version, use:
update-alternatives --set curl /usr/bin/curl.openssl0
to display the current state use:
update-alternatives --display curl
- SLES: Release-notes-sles recommended update - 10890
New: Support for OpenSSH in the SLE 11 Security Module. (fate#318862)
- SLES: Samba security update - 10894
These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036). - CVE-2016-2118: "Badlock" DCERPC impersonation of authenticated account were possible (bsc#971965).
These non-security issues were fixed: - bsc#967017: Fix leaking memory in libsmbclient in cli_set_mntpoint function - Getting and setting Windows ACLs on symlinks can change permissions on link
- SLES: openssl-certs Recommended update - 10892
Newly added CAs:
- CA WoSign ECC Root
- Certification Authority of WoSign
- Certification Authority of WoSign G2
- Certinomis - Root CA
- Certum Trusted Network CA 2
- CFCA EV ROOT
- COMODO RSA Certification Authority
- DigiCert Assured ID Root G2
- DigiCert Assured ID Root G3
- DigiCert Global Root G2
- DigiCert Global Root G3
- DigiCert Trusted Root G4
- Entrust Root Certification Authority - EC1
- Entrust Root Certification Authority - G2
- IdenTrust Commercial Root CA 1
- IdenTrust Public Sector Root CA 1
- OISTE WISeKey Global Root GB CA
- QuoVadis Root CA 1 G3
- QuoVadis Root CA 2 G3
- QuoVadis Root CA 3 G3
- Staat der Nederlanden EV Root CA
- Staat der Nederlanden Root CA - G3
- S-TRUST Universal Root CA
- SZAFIR ROOT CA2
- USERTrust ECC Certification Authority
- USERTrust RSA Certification Authority
- AOL CA
- A Trust nQual 03
- Buypass Class 3 CA 1
- CA Disig
- Digital Signature Trust Co Global CA 1
- Digital Signature Trust Co Global CA 3
- E Guven Kok Elektronik Sertifika Hizmet Saglayicisi
- NetLock Expressz (Class C) Tanusitvanykiado
- NetLock Kozjegyzoi (Class A) Tanusitvanykiado
- NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado
- NetLock Uzleti (Class B) Tanusitvanykiado
- SG TRUST SERVICES RACINE
- Staat der Nederlanden Root CA
- TC TrustCenter Class 2 CA II
- TC TrustCenter Universal CA I
- TDC Internet Root CA
- UTN DATACorp SGC Root CA
- Verisign Class 1 Public Primary Certification Authority - G2
- Verisign Class 3 Public Primary Certification Authority
- Verisign Class 3 Public Primary Certification Authority - G2
Removed server trust from:
- ComSign Secured CA
- NetLock Uzleti (Class B) Tanusitvanykiado
- NetLock Business (Class B) Root
- NetLock Expressz (Class C) Tanusitvanykiado
- TC TrustCenter Class 3 CA II
- TURKTRUST Certificate Services Provider Root 1
- TURKTRUST Certificate Services Provider Root 2
- Equifax Secure Global eBusiness CA-1
- Verisign Class 4 Public Primary Certification Authority G3
- Enable server trust for:
- Actalis Authentication Root CA
- SLES: Linux Kernel security update - 10907
- CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654).
- CVE-2015-7509: fs/ext4/namei.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015 (bnc#956707).
- CVE-2015-7515: An out of bounds memory access in the aiptek USB driver could be used by physical local attackers to crash the kernel (bnc#956708).
- CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951).
- CVE-2015-7566: A malicious USB device could cause kernel crashes in the visor device driver (bnc#961512).
- CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936).
- CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product (bnc#955354).
- CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463).
- CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886).
- CVE-2015-8550: Optimizations introduced by the compiler could have lead to double fetch vulnerabilities, potentially possibly leading to arbitrary code execution in backend (bsc#957988). (bsc#957988 XSA-155).
- CVE-2015-8551: The PCI backend driver in Xen, when running on an x86 system and using Linux as the driver domain, allowed local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks (bnc#957990).
- CVE-2015-8552: The PCI backend driver in Xen, when running on an x86 system and using Linux as the driver domain, allowed local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks (bnc#957990).
- CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel do not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190).
- CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959399).
- CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509).
- CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765).
- CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kernel would incorrectly misinterpret the congestion as an error condition and incorrectly free/clean up the skb. When the device would then send the skb's queued, these structures would be referenced and may panic the system or allow an attacker to escalate privileges in a use-after-free scenario.(bsc#966437).
- CVE-2015-8816: A malicious USB device could cause kernel crashes in the in hub_activate() function (bnc#968010).
- CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500).
- CVE-2016-2069: A race in invalidating paging structures that were not in use locally could have lead to disclosoure of information or arbitrary code exectution (bnc#963767).
- CVE-2016-2143: On zSeries a fork of a large process could have caused memory corruption due to incorrect page table handling. (bnc#970504, LTC#138810).
- CVE-2016-2184: A malicious USB device could cause kernel crashes in the alsa usb-audio device driver (bsc#971125). - CVE-2016-2185: A malicious USB device could cause kernel crashes in the usb_driver_claim_interface function (bnc#971124).
- CVE-2016-2186: A malicious USB device could cause kernel crashes in the powermate device driver (bnc#970958).
- CVE-2016-2384: A double free on the ALSA umidi object was fixed. (bsc#966693).
- CVE-2016-2543: A missing NULL check at remove_events ioctl in the ALSA seq driver was fixed. (bsc#967972).
- CVE-2016-2544: Fix race at timer setup and close in the ALSA seq driver was fixed. (bsc#967973).
- CVE-2016-2545: A double unlink of active_list in the ALSA timer driver was fixed. (bsc#967974).
- CVE-2016-2546: A race among ALSA timer ioctls was fixed (bsc#967975).
- CVE-2016-2547, CVE-2016-2548: The ALSA slave timer list handling was hardened against hangs and races. (CVE-2016-2547, CVE-2016-2548, bsc#968011, bsc#968012).
- CVE-2016-2549: A stall in ALSA hrtimer handling was fixed (bsc#968013).
- CVE-2016-2782: A malicious USB device could cause kernel crashes in the visor device driver (bnc#968670).
- CVE-2016-3137: A malicious USB device could cause kernel crashes in the cypress_m8 device driver (bnc#970970).
- CVE-2016-3139: A malicious USB device could cause kernel crashes in the wacom device driver (bnc#970909).
- CVE-2016-3140: A malicious USB device could cause kernel crashes in the digi_acceleport device driver (bnc#970892).
- CVE-2016-3156: A quadratic algorithm could lead to long kernel ipv4 hangs when removing a device with a large number of addresses. (bsc#971360).
- CVE-2016-3955: A remote buffer overflow in the usbip driver could be used by authenticated attackers to crash the kernel. (bsc#975945)
- CVE-2016-2847: A local user could exhaust kernel memory by pushing lots of data into pipes. (bsc#970948).
- CVE-2016-2188: A malicious USB device could cause kernel crashes in the iowarrior device driver (bnc#970956).
- CVE-2016-3138: A malicious USB device could cause kernel crashes in the cdc-acm device driver (bnc#970911).
The following non-security bugs were fixed:
- af_unix: Guard against other == sk in unix_dgram_sendmsg (bsc#973570).
- blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976).
- blktap: refine mm tracking (bsc#952976). - cachefiles: Avoid deadlocks with fs freezing (bsc#935123).
- cifs: Schedule on hard mount retry (bsc#941514).
- cpuset: Fix potential deadlock w/ set_mems_allowed (bsc#960857, bsc#974646).
- dcache: use IS_ROOT to decide where dentry is hashed (bsc#949752).
- driver: Vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750).
- drm/i915: Change semantics of hw_contexts_disabled (bsc#963276).
- drm/i915: Evict CS TLBs between batches (bsc#758040).
- drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040).
- e1000e: Do not read ICR in Other interrupt (bsc#924919).
- e1000e: Do not write lsc to ics in msi-x mode (bsc#924919).
- e1000e: Fix msi-x interrupt automask (bsc#924919). - e1000e: Remove unreachable code (bsc#924919).
- ext3: fix data=journal fast mount/umount hang (bsc#942082).
- ext3: NULL dereference in ext3_evict_inode() (bsc#942082).
- firmware: Create directories for external firmware (bsc#959312).
- firmware: Simplify directory creation (bsc#959312).
- fs: Avoid deadlocks of fsync_bdev() and fs freezing (bsc#935123).
- fs: Fix deadlocks between sync and fs freezing (bsc#935123).
- ftdi_sio: private backport of TIOCMIWAIT (bnc#956375).
- ipr: Fix incorrect trace indexing (bsc#940913).
- ipr: Fix invalid array indexing for HRRQ (bsc#940913).
- ipv6: make fib6 serial number per namespace (bsc#965319).
- ipv6: mld: fix add_grhead skb_over_panic for devs with large MTUs (bsc#956852).
- ipv6: per netns fib6 walkers (bsc#965319).
- ipv6: per netns FIB garbage collection (bsc#965319).
- ipv6: replace global gc_args with local variable (bsc#965319).
- jbd: Fix unreclaimed pages after truncate in data=journal mode (bsc#961516).
- kabi: protect struct netns_ipv6 after FIB6 GC series (bsc#965319).
- kbuild: create directory for dir/file.o (bsc#959312).
- kexec: Fix race between panic() and crash_kexec() called directly (bnc#937444).
- lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392).
- mld, igmp: Fix reserved tailroom calculation (bsc#956852).
- mm-memcg-print-statistics-from-live-counters-fix (bnc#969307).
- netfilter: xt_recent: fix namespace destroy path (bsc#879378).
- nfs4: treat lock owners as opaque values (bnc#968141).
- nfs: Fix handling of re-write-before-commit for mmapped NFS pages (bsc#964201).
- nfs: use smaller allocations for 'struct id_map' (bsc#965923).
- nfsv4: Fix two infinite loops in the mount code (bsc#954628).
- nfsv4: Recovery of recalled read delegations is broken (bsc#956514).
- panic/x86: Allow cpus to save registers even if they (bnc#940946).
- panic/x86: Fix re-entrance problem due to panic on (bnc#937444).
- pciback: do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set.
- pciback: for XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled.
- pciback: return error on XEN_PCI_OP_enable_msi when device has MSI or MSI-X enabled.
- pciback: return error on XEN_PCI_OP_enable_msix when device has MSI or MSI-X enabled.
- pci: Update VPD size with correct length (bsc#958906).
- quota: Fix deadlock with suspend and quotas (bsc#935123).
- rdma/ucma: Fix AB-BA deadlock (bsc#963998).
- README.BRANCH: Switch to LTSS mode - Refresh patches.xen/xen3-08-x86-ldt-make-modify_ldt-synchronous.patch (bsc#959705).
- Restore kabi after lock-owner change (bnc#968141).
- s390/pageattr: Do a single TLB flush for change_page_attr (bsc#940413).
- scsi_dh_rdac: always retry MODE SELECT on command lock violation (bsc#956949).
- scsi: mpt2sas: Rearrange the the code so that the completion queues are initialized prior to sending the request to controller firmware (bsc#967863).
- skb: Add inline helper for getting the skb end offset from head (bsc#956852).
- sunrcp: restore fair scheduling to priority queues (bsc#955308).
- sunrpc: refactor rpcauth_checkverf error returns (bsc#955673).
- tcp: avoid order-1 allocations on wifi and tx path (bsc#956852).
- tcp: fix skb_availroom() (bsc#956852).
- tg3: 5715 does not link up when autoneg off (bsc#904035).
- Update patches.fixes/mm-exclude-reserved-pages-from-dirtyable-memory-fix.patch (bnc#940017, bnc#949298, bnc#947128).
- usb: ftdi_sio: fix race condition in TIOCMIWAIT, and abort of TIOCMIWAIT when the device is removed (bnc#956375).
- usb: ftdi_sio: fix status line change handling for TIOCMIWAIT and TIOCGICOUNT (bnc#956375).
- usb: ftdi_sio: fix tiocmget and tiocmset return values (bnc#956375).
- usb: ftdi_sio: fix tiocmget indentation (bnc#956375).
- usb: ftdi_sio: optimise chars_in_buffer (bnc#956375).
- usb: ftdi_sio: refactor modem-control status retrieval (bnc#956375).
- usb: ftdi_sio: remove unnecessary memset (bnc#956375).
- usb: ftdi_sio: use ftdi_get_modem_status in chars_in_buffer (bnc#956375).
- usb: ftdi_sio: use generic chars_in_buffer (bnc#956375).
- usb: serial: export usb_serial_generic_chars_in_buffer (bnc#956375).
- usb: serial: ftdi_sio: Add missing chars_in_buffer function (bnc#956375).
- usbvision fix overflow of interfaces array (bnc#950998).
- veth: extend device features (bsc#879381).
- vfs: Provide function to get superblock and wait for it to thaw (bsc#935123).
- vmxnet3: adjust ring sizes when interface is down (bsc#950750).
- vmxnet3: fix building without CONFIG_PCI_MSI (bsc#958912).
- vmxnet3: fix ethtool ring buffer size setting (bsc#950750).
- vmxnet3: fix netpoll race condition (bsc#958912).
- writeback: Skip writeback for frozen filesystem (bsc#935123).
- x86/evtchn: make use of PHYSDEVOP_map_pirq.
- x86, kvm: fix kvm's usage of kernel_fpu_begin/end() (bsc#961518).
- x86, kvm: fix maintenance of guest/host xcr0 state (bsc#961518).
- x86, kvm: use kernel_fpu_begin/end() in kvm_load/put_guest_fpu() (bsc#961518).
- x86/mce: Fix return value of mce_chrdev_read() when erst is disabled (bsc#934787).
- xen/panic/x86: Allow cpus to save registers even if they (bnc#940946).
- xen/panic/x86: Fix re-entrance problem due to panic on (bnc#937444).
- xen: x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330).
- xen: x86: mm: only do a local tlb flush in ptep_set_access_flags() (bsc#948330).
- xfrm: do not segment UFO packets (bsc#946122).
- xhci: silence TD warning (bnc#939955).
- SLES: Timezone recommended update - 10899
- Venezuela (America/Caracas) switches from -0430 to -04 on 2016-05-01 at 02:30.
- Asia/Magadan switches from +10 to +11 on 2016-04-24 at 02:00.
- New zone Asia/Tomsk, split off from Asia/Novosibirsk. It covers Tomsk Oblast, Russia, which switches from +06 to +07 on 2016-05-29 at 02:00.
This release also includes changes affecting past time stamps. For a comprehensive list, please refer to the release announcement from ICANN:
- SLES: libssh2_org recommended update - 10903
- May 2016 OES 11 SP2 Hot Patch - 10897
- 967750: NTP 4.2.8 in sles11sp4 fails for w32tm command in DSfW workstation
- 975111: Merging badlock fixes for samba 3.6.3 code to novell-oes-samba
- 975927: wbinfo command failed to get sid value from name of Administrator with April '16 hot patch for samba
- 977661: wbinfo command failed to get sid value from name of Administrator in ADC to FRD
- ImageMagick security update - 10915
Security issues fixed:
- Several coders were vulnerable to remote code execution attacks,
these coders have now been disabled. They can be re-enabled by
exporting the following environment variable
- CVE-2016-3714: Insufficient shell characters filtering leads to
(potentially remote) code execution
- CVE-2016-3715: Possible file deletion by using ImageMagick's
'ephemeral' pseudo protocol which deletes files after reading.
- CVE-2016-3716: Possible file moving by using ImageMagick's 'msl'
pseudo protocol with any extension in any folder.
- CVE-2016-3717: Possible local file read by using ImageMagick's
'label' pseudo protocol to get content of the files from the server. - CVE-2016-3718: Possible Server Side Request Forgery (SSRF) to make HTTP GET or FTP request.
Bugs fixed: - Use external svg loader (rsvg)
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7014420
- Creation Date:16-JAN-14
- Modified Date:18-MAY-16
- NovellCluster ServicesiPrintOpen Enterprise Server
Did this document solve your problem? Provide Feedback