SUSE-RU-2019:2505-1 Recommended update for python-jmespath, python-jsonschema, python-paramiko, python-pexpect, python-pip, python-ply, python-pretend, python-process-tests, python-pycodestyle, python-pyflakes, python-pyxdg, python-tabulate, python-vcversioner

This update for python-jmespath, python-jsonschema, python-paramiko, python-pexpect, python-pip, python-ply, python-pretend, python-process-tests, python-pycodestyle, python-pyflakes, python-pyxdg, python-tabulate, python-vcversioner fixes the following issues: python-pip was updated to 10.0.1...

SUSE-SU-2019:1450-1 Security update for Cloud7 packages

This update provides fixes for the following packages issues: caasp-openstack-heat-templates: - Update to version 1.0+git.1553079189.3bf8922: SCRD-2813 Add support for CPI parameters - Update to version 1.0+git.1547562889.43707e7: Switch LB protocol from HTTP to HTTPS crowbar: - Update to version...

MGASA-2019-0154 Updated libsolv packages fix security vulnerability

It was discovered that libsolv incorrectly handled certain malformed input. If a user or automated system were tricked into opening a specially crafted file, applications that rely on libsolv could be made to crash, resulting in a denial of service CVE-2018-20532-4...

MGASA-2019-0080 Updated gvfs packages fix security vulnerability

The backend currently allows to access and modify files without prompting for password if any polkit authentication agent isn't available. This affects only users which belong to wheel group i.e. those who are already allowed to use sudo. It doesn't allow privilege escalation for users, who don't...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0085

An update of 'procps-ng', 'openssl', 'perl' packages of Photon OS has been released...

MGASA-2018-0303 Updated ansible packages fix security vulnerability

Ansible prior to 2.4.5 does not honor the nolog task flag for failed tasks. When the nolog flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0064

An update of 'glibc', 'binutils' packages of Photon OS has been released...

MGASA-2018-0229 Updated imagemagick packages fix security vulnerabilities

The imagemagick package has been updated to version 6.9.9.41 which fixes several unspecified security vulnerabilities. This update fixes several vulnerabilities in imagemagick, including: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of...

MGASA-2018-0196 Updated nmap packages fix security vulnerability

Nmap developer nnposter found a security flaw directory traversal vulnerability in the way the non-default http-fetch script sanitized URLs. If a user manualy ran this NSE script against a malicious web server, the server could potentially depending on NSE arguments used cause files to be saved...

MGASA-2018-0149 Updated tomcat packages fix security vulnerabilities

In Tomcat 8.0.45, the description of the search algorithm used by the CGI Servlet to identify which script to execute was updated. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the...

MGASA-2018-0132 Updated irssi packages fix security vulnerability

Null pointer dereference when an "empty" nick has been observed by Irssi CVE-2018-7050. Certain nick names could result in out of bounds access when printing theme strings CVE-2018-7051. When the number of windows exceed the available space, Irssi would crash due to Null pointer dereference...

MGASA-2018-0124 Updated gcc packages fix security vulnerability

This update provides and update to 5.5.0 maintenance release and adds support for retpoline, a mitigation technique for CVE-2017-5715 branch target injection aka 'Spectre Variant 2' that is needed at least for the kernels...

MGASA-2018-0054 Updated curl packages fix security vulnerability

libcurl contains a buffer overrun flaw in the NTLM authentication code CVE-2017-8816. libcurl contains a read out of bounds flaw in the FTP wildcard function CVE-2017-8817. libcurl may read outside of a heap allocated buffer when doing FTP CVE-2017-1000254. libcurl contains a buffer overrun flaw ...

MGASA-2018-0032 Updated OpenEXR packages fix security vulnerability

In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash CVE-2017-9110. In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash CVE-2017-9112. In OpenEXR 2.2.0, an invali...

MGASA-2017-0485 Updated heimdal packages fix security vulnerability

Michael Eder and Thomas Kittel discovered that Heimdal did not correctly handle ASN.1 data. This would allow an unauthenticated remote attacker to cause a denial of service crash of the KDC daemon by sending maliciously crafted packets CVE-2017-17439...

MGASA-2017-0237 Updated qpdf packages fix security vulnerabilities

This snapshot of the upstream development branch 6.0 of qpdf fixes several infinite loop vulnerabilities: CVE-2017-9208, CVE-2017-9209, CVE-2017-9210, CVE-2017-11624, CVE-2017-11625, CVE-2017-11626, CVE-2017-11627. For Mageia 5, the cups-filters package was also rebuilt against this new major...

MGASA-2017-0164 Updated ansible packages fix security vulnerability

It was found that aptkey module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key CVE-2016-8614. It is reported that in Ansible, under some circumstances the mysqluser module...

MGASA-2017-0052 Updated lynx packages fix security vulnerability

Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host. CVE-2016-9179...

MGASA-2017-0040 Updated php packages fix security vulnerabilities

Floating-point exception in php-exif when parsing a tag format CVE-2016-10158. Crash in php-phar while loading hostile phar archive CVE-2016-10159. Memory corruption in php-phar when loading hostile phar CVE-2016-10160. Heap out of bounds read on unserialize in finishnesteddata CVE-2016-10161...

MGASA-2016-0423 Updated squid packages fix security vulnerabilities

Incorrect processing of responses to If-None-Modified HTTP conditional requests leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information CVE-2016-10002. Incorrect HTTP Request header comparison...