openSUSE Security Update : clamav (openSUSE-2021-555)

This update for clamav fixes the following issues : - CVE-2021-1252: Fix for Excel XLM parser infinite loop. bsc1184532 - CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. bsc1184533 - CVE-2021-1405: Fix for mail parser NULL-dereference crash. bsc1184534 - Fix errors when scanni...

openSUSE Security Update : nghttp2 (openSUSE-2021-468)

This update for nghttp2 fixes the following issues : - CVE-2020-11080: HTTP/2 Large Settings Frame DoS bsc1181358 This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSU...

openSUSE Security Update : velocity (openSUSE-2021-447)

This update for velocity fixes the following issues : - CVE-2020-13936: Fixed an arbitrary code execution when attacker is able to modify templates bsc1183360. This update was imported from the SUSE:SLE-15-SP2:Update update project. C Tenable Network Security, Inc. The descriptive text and packag...

openSUSE Security Update : bind (openSUSE-2021-386)

This update for bind fixes the following issues : - dnssec-keygen can no longer generate HMAC keys. Use tsig-keygen instead. bsc1180933 This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

openSUSE Security Update : bind (openSUSE-2021-375)

This update for bind fixes the following issues : - CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack bsc1182246 This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The...

openSUSE Security Update : segv_handler (openSUSE-2021-198)

This update for segvhandler fixes the following issues : - Replace by empty package with README explaining the removal for security reasons boo1180665. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE Security Update : MozillaFirefox (openSUSE-2021-63)

This update for MozillaFirefox fixes the following issues : - Firefox Extended Support Release 78.6.1 ESR - Fixed: Critical security issue MFSA 2021-01 bsc1180623 - CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk This update was imported from the...

openSUSE Security Update : hawk2 (openSUSE-2021-54)

This update for hawk2 fixes the following security issue : - CVE-2020-35458: Fixed an insufficient input handler that could have led to remote code execution bsc1179998. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and...

openSUSE Security Update : slurm_18_08 (openSUSE-2020-2286)

This update for slurm1808 fixes the following issues : Security issues fixed : - CVE-2020-27745: Fixed a potential buffer overflow from use of unpackmem bsc1178890. - CVE-2020-27746: Fixed a potential leak of the magic cookie when sent as an argument to the xauth command bsc1178891. This update w...

openSUSE Security Update : libqt5-qtbase (openSUSE-2020-2142)

This update for libqt5-qtbase fixes the following issues : - CVE-2020-17507: Fixed a buffer overflow in XBM parser bsc1176315 - Fixed various issues discovered by fuzzing : - Made handling of XDGRUNTIMEDIR more secure bsc1172515 : This update was imported from the SUSE:SLE-15-SP2:Update update...

openSUSE Security Update : wireshark (openSUSE-2020-1882)

This update for wireshark fixes the following issues : - Update to wireshark 3.2.7 : - CVE-2020-25863: MIME Multipart dissector crash bsc1176908 - CVE-2020-25862: TCP dissector crash bsc1176909 - CVE-2020-25866: BLIP dissector crash bsc1176910 - CVE-2020-17498: Kafka dissector crash bsc1175204 Th...

openSUSE Security Update : tiff (openSUSE-2020-1840)

This update for tiff fixes the following issues : - CVE-2019-14973: Fixed an improper check which was depended on the compiler which could have led to integer overflow bsc1146608. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive...

openSUSE Security Update : spice-gtk (openSUSE-2020-1803)

This update for spice-gtk fixes the following issues : - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC image decoding bsc1177158. This update was imported from the SUSE:SLE-15-SP2:Update update project. C Tenable Network Security, Inc. The descriptive text and package...

openSUSE Security Update : tigervnc (openSUSE-2020-1666)

This update for tigervnc fixes the following issues : - CVE-2020-26117: Server certificates were stored as certiticate authorities, allowing malicious owners of these certificates to impersonate any server after a client had added an exception bsc1176733 This update was imported from the...

openSUSE Security Update : rubygem-actionpack-5_1 (openSUSE-2020-1536)

This update for rubygem-actionpack-51 fixes the following issues : - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security...

openSUSE Security Update : openldap2 (openSUSE-2020-1459)

This update for openldap2 fixes the following issues : - bsc1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptiv...

openSUSE Security Update : libxml2 (openSUSE-2020-1430)

This update for libxml2 fixes the following issues : - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal bsc1176179. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this plug...

openSUSE Security Update : libjpeg-turbo (openSUSE-2020-1413)

This update for libjpeg-turbo fixes the following issues : - CVE-2020-13790: Fixed a heap-based buffer over-read via a malformed PPM input file bsc1172491. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks...

openSUSE Security Update : php7 (openSUSE-2020-1356)

This update for php7 fixes the following issues : - CVE-2020-7068: Use of freed hash key in the pharparsezipfile function bsc1175223. This update was imported from the SUSE:SLE-15-SP2:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin we...

openSUSE Security Update : freerdp (openSUSE-2020-1332)

This update for freerdp fixes the following issues : - CVE-2020-15103: Fix integer overflow due to missing input sanitation in rdpegfx channel bsc1174321. This update was imported from the SUSE:SLE-15-SP1:Update update project. C Tenable Network Security, Inc. The descriptive text and package...