Recommended update for SuSEfirewall2

Announcement ID:	SUSE-RU-2017:1227-1
Rating:	low
References:	bsc#785299 bsc#798468 bsc#906136
Affected Products:	SLES for SAP Applications 11-SP4 SUSE Linux Enterprise Server 11 SP4

An update that has three fixes can now be installed.

Description:

This update for SuSEfirewall2 provides the following fixes:

• No longer call fillup during postinstall to prevent multiline configuration values being broken. (bsc#798468)
• Ignore the bootlock when incremental updates for hotplugged or virtual devices are coming in during boot. This prevents lockups for example when drbd is used with FB_BOOT_FULL_INIT. (bsc#785299)
• Only apply FW_KERNEL_SECURITY proc settings, if not overriden by the administrator in /etc/sysctl.conf. This allows you to benefit from some of the kernel security settings, while overwriting others. (bsc#906136)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server 11 SP4
  zypper in -t patch slessp4-SuSEfirewall2-13097=1
• SLES for SAP Applications 11-SP4
  zypper in -t patch slessp4-SuSEfirewall2-13097=1

Package List:

• SUSE Linux Enterprise Server 11 SP4 (noarch)
  • SuSEfirewall2-3.6_SVNr208-2.14.1
• SLES for SAP Applications 11-SP4 (noarch)
  • SuSEfirewall2-3.6_SVNr208-2.14.1

References:

• https://bugzilla.suse.com/show_bug.cgi?id=785299
• https://bugzilla.suse.com/show_bug.cgi?id=798468
• https://bugzilla.suse.com/show_bug.cgi?id=906136