Security update for openexr (moderate)

openSUSE Security Update: Security update for openexr Announcement ID: openSUSE-SU-2019:1826-1 Rating: moderate References: 1040109 1040113 1040115 Cross-References: CVE-2017-9111 CVE-2017-9113 CVE-2017-9115 Affected Products: openSUSE Leap 15.1 An update that fixes three vulnerabilities is now...

Security update for pdns-recursor (important)

openSUSE Security Update: Security update for pdns-recursor Announcement ID: openSUSE-SU-2019:0100-1 Rating: important References: 1121889 Cross-References: CVE-2019-3807 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for...

Security update for tiff (moderate)

This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf bsc1099257. - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tiflzw.c bsc1113672. - CVE-2018-18557: Fixe...

Security update for cobbler (important)

This update for cobbler fixes the following issues: Security issues fixed: - Forbid exposure of private methods in the API CVE-2018-10931, CVE-2018-1000225, bsc1104287, bsc1104189, bsc1105442 - Check access token when calling 'modifysetting' API endpoint bsc1104190, bsc1105440, CVE-2018-1000226...

Security update for Chromium (important)

This update for Chromium to version 67.0.3396.99 fixes multiple issues. Security issues fixed bsc1095163: - CVE-2018-6123: Use after free in Blink - CVE-2018-6124: Type confusion in Blink - CVE-2018-6125: Overly permissive policy in WebUSB - CVE-2018-6126: Heap buffer overflow in Skia -...

Security update for openssl (moderate)

This update for openssl fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a ke...

Security update for Mozilla Thunderbird (moderate)

This update for Mozilla Thunderbird to version 52.9.0 fixes multiple issues. Security issues fixed, inherited from the Mozilla common code base MFSA 2018-16, bsc1098998: - CVE-2018-12359: Buffer overflow using computed size of canvas element - CVE-2018-12360: Use-after-free when using focus -...

Security update for Opera (moderate)

This update for Opera 54.0.2952.41 fixes multiple issues. - CVE-2018-6148: Incorrect handling of CSP header boo1096508 This update to version 54.0.2952.41 also contains all security and bug fixes in this upstream version, including all fixes in the chromium engine...

Security update for phpMyAdmin (important)

This update for phpMyAdmin fixes multiple issues. Security issues fixed: CVE-2018-12613: File inclusion and remote code execution attack boo1098751 CVE-2018-12581: XSS in Designer feature boo1098752 This update to version 4.8.2 also contains number of upstream bug fixes and improvements...

Security update for glibc (important)

This update for glibc fixes the following issues: - CVE-2017-18269: Fix SSE2 memmove issue when crossing 2GB boundary bsc1094150 - CVE-2018-11236: Fix overflow in path length computation bsc1094161 - CVE-2018-11237: Don't write beyond buffer destination in mempcpyavx512novzeroupper bsc1094154 Non...

Security update for ghostscript (moderate)

This update for ghostscript fixes the following issues: - CVE-2018-10194: A stack-based buffer overflow was fixed in gdevpdts.c bsc1090099 This update was imported from the SUSE:SLE-12:Update update project...

Security update for xen (important)

This update for xen fixes several issues. These security issues were fixed: - CVE-2017-14316: Missing bound check in function allocheappages for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen XSA-231, bsc1056278 - CVE-2017-14318: The function...

Security update for exim (important)

This update for exim fixes the following issues: Changes in exim: - specify users with ref:mail, to make them dynamic. boo1046971 - CVE-2017-1000369: Fixed memory leaks that could be exploited to "stack crash" local privilege escalation boo1044692 - Require usermail groupmail to meet new users...

openssh-10.0p2-2.1 on GA media (moderate)

openssh-10.0p2-2.1 on GA media Announcement ID: openSUSE-SU-2025:15091-1 Rating: moderate Cross-References: CVE-2025-32728 CVSS scores: CVE-2025-32728 SUSE : 4.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N CVE-2025-32728 SUSE : 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N...

Security update for kafka (important)

openSUSE Security Update: Security update for kafka Announcement ID: openSUSE-SU-2022:0038-1 Rating: important References: 1193662 1194842 1194843 1194844 Cross-References: CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 CVSS scores: CVE-2021-4104 NVD : 7.5...

Security update for singularity (moderate)

openSUSE Security Update: Security update for singularity Announcement ID: openSUSE-SU-2021:1525-1 Rating: moderate References: 1193273 Cross-References: CVE-2021-41190 CVSS scores: CVE-2021-41190 NVD : 3 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N Affected Products: openSUSE Backports SLE-15-SP...

Security update for mariadb (important)

openSUSE Security Update: Security update for mariadb Announcement ID: openSUSE-SU-2021:2616-1 Rating: important References: 1182739 1183770 1185870 1185872 Cross-References: CVE-2021-2154 CVE-2021-2166 CVE-2021-27928 CVSS scores: CVE-2021-2154 NVD : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A...

Security update for icinga2 (moderate)

openSUSE Security Update: Security update for icinga2 Announcement ID: openSUSE-SU-2021:1089-1 Rating: moderate References: Cross-References: CVE-2020-29663 CVE-2021-32739 CVE-2021-32743 CVSS scores: CVE-2020-29663 NVD : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2020-29663 SUSE: 5.3...

Security update for nodejs8 (moderate)

openSUSE Security Update: Security update for nodejs8 Announcement ID: openSUSE-SU-2020:1644-1 Rating: moderate References: 1172686 1173937 Cross-References: CVE-2020-15095 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has one errata is now available...

Security update for python (moderate)

openSUSE Security Update: Security update for python Announcement ID: openSUSE-SU-2020:1257-1 Rating: moderate References: 1174091 Cross-References: CVE-2019-20907 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for python...

Security update for slirp4netns (important)

openSUSE Security Update: Security update for slirp4netns Announcement ID: openSUSE-SU-2020:0636-1 Rating: important References: 1170940 Cross-References: CVE-2020-1983 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...

Security update for python-nltk (moderate)

openSUSE Security Update: Security update for python-nltk Announcement ID: openSUSE-SU-2020:0440-1 Rating: moderate References: 1146427 Cross-References: CVE-2019-14751 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description: This upda...

Security update for ucl (moderate)

openSUSE Security Update: Security update for ucl Announcement ID: openSUSE-SU-2020:0179-1 Rating: moderate References: 1094138 Cross-References: CVE-2018-11243 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description: This update for u...

Security update for glusterfs (moderate)

openSUSE Security Update: Security update for glusterfs Announcement ID: openSUSE-SU-2020:0079-1 Rating: moderate References: 1090084 1105776 1107018 1107019 1107020 1107021 1107022 1107023 1107024 1107025 1107026 1107027 1107028 1107029 Cross-References: CVE-2018-1088 CVE-2018-10904 CVE-2018-109...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2019:2314-1 Rating: important References: 1146219 1153660 Cross-References: CVE-2019-13693 CVE-2019-13694 CVE-2019-13695 CVE-2019-13696 CVE-2019-13697 Affected Products: openSUSE Backports SLE-15-SP1 An update tha...

Security update for dovecot23 (important)

openSUSE Security Update: Security update for dovecot23 Announcement ID: openSUSE-SU-2019:2278-1 Rating: important References: 1133624 1133625 1145559 Cross-References: CVE-2019-11494 CVE-2019-11499 CVE-2019-11500 Affected Products: openSUSE Leap 15.0 An update that fixes three vulnerabilities is...

Security update for libseccomp (moderate)

openSUSE Security Update: Security update for libseccomp Announcement ID: openSUSE-SU-2019:2280-1 Rating: moderate References: 1082318 1128828 1142614 Cross-References: CVE-2019-9893 Affected Products: openSUSE Leap 15.0 An update that solves one vulnerability and has two fixes is now available...

Security update for xen (important)

This update for xen fixes the following issues: Security issues fixed: - CVE-2018-18849: Fixed an out of bounds memory access issue was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsidomsgin bsc1114423. - CVE-2018-18883: Fixed a NULL pointer dereference that...

Security update for dom4j (moderate)

This update for dom4j fixes the following issues: - CVE-2018-1000632: Prevent XML injection that could have resulted in an attacker tampering with XML documents bsc1105443. This update was imported from the SUSE:SLE-15:Update update project. This update was imported from the...

Security update for python-Django1 (important)

This update for python-Django1 to version 1.11.15 fixes the following issues: The following security vulnerability was fixed: - CVE-2018-14574: Fixed an open redirect possibility in CommonMiddleware boo1102680 The following other bugs were fixed: - Fixed WKBWriter.write and writehex for empty...

Security update for libvirt (moderate)

This update for libvirt fixes the following issues: Security issue fixed: - CVE-2018-3639: Add support for 'ssbd' and 'virt-ssbd' CPUID feature bits to address V4 Speculative Store Bypass aka "Memory Disambiguation" bsc1092885. Bug fixes: - bsc1094325: Enable virsh blockresize for XEN guests...

Security update for GraphicsMagick (low)

This update for GraphicsMagick fixes the following issues: The following security fixes were fixed: - CVE-2018-10805: Fixed a memory leak in ReadYCBCRImage in coders/ycbcr.c and rgb.c, cmyk.c and gray.c boo1095812 - Fixed invalid memory reads in dcm.c boo1075821c14...

Security update for MozillaFirefox, mozilla-nss (important)

This update for MozillaFirefox, mozilla-nss fixes the following issues: Security issue fixed in Mozilla Firefox 60.0.2 ESR: - CVE-2018-6126: Heap buffer overflow rasterizing paths in SVG with Skia MFSA 2018-14, boo1096449 The following bugs were fixed: - In KDE Open with option in download dialog...

opensuse-security@xxxxxxxxxxxx</li> <li><span class="identifier"> Date</span>: Mon, 28 May 2018 12:08:34 +0200 (CEST)</li> <li><span class="identifier"> Message-id</span>: &lt;<a href="msg00108.html">[email protected]</a>&gt;</li> </ul> <!--X-Head-of-Message-End--> <!--X-Head-Body-Sep-Begin--> </div> <div class="body"> <!--X-Head-Body-Sep-End--> <!--X-Body-of-Message--> openSUSE Security Update: Security update for jasper<br> ______________________________________________________________________________<br> <br> Announcement ID: openSUSE-SU-2018:1440-1<br> Rating: low<br> References: #1087020 <br> Cross-References: CVE-2018-9055<br> Affected Products:<br> openSUSE Leap 42.3<br> ______________________________________________________________________________<br> <br> An update that fixes one vulnerability is now available.<br> <br> Description:<br> <br> This update for jasper fixes the following issues:<br> <br> - CVE-2018-9055: denial of service via a reachable assertion in the<br> function jpc_firstone in libjasper/jpc/jpc_math.c could lead to<br> denial of service. (bsc#1087020)<br> <br> This update was imported from the SUSE:SLE-12:Update update project.<br> <br> <br> Patch Instructions:<br> <br> To install this openSUSE Security Update use the SUSE recommended <br> installation methods<br> like YaST online_update or &quot;zypper patch&quot;.<br> <br> Alternatively you can run the command listed for your product:<br> <br> - openSUSE Leap 42.3:<br> <br> zypper in -t patch openSUSE-2018-531=1<br> <br> <br> <br> Package List:<br> <br> - openSUSE Leap 42.3 (i586 x86_64):<br> <br> jasper-1.900.14-182.1<br> jasper-debuginfo-1.900.14-182.1<br> jasper-debugsource-1.900.14-182.1<br> libjasper-devel-1.900.14-182.1<br> libjasper1-1.900.14-182.1<br> libjasper1-debuginfo-1.900.14-182.1<br> <br> - openSUSE Leap 42.3 (x86_64):<br> <br> libjasper1-32bit-1.900.14-182.1<br> libjasper1-debuginfo-32bit-1.900.14-182.1<br> <br> <br> References:<br> <br> <a rel="nofollow" href="https://www.suse.com/security/cve/CVE-2018-9055.html">https://www.suse.com/security/cve/CVE-2018-9055.html</a><br> <a rel="nofollow" href="https://bugzilla.suse.com/1087020">https://bugzilla.suse.com/1087020</a><br> <br> -- <br> To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx<br> For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx<br> <br> <!--X-Body-of-Message-End--> <!--X-MsgBody-End--> <!--X-Follow-Ups--> <!-- SwishCommand noindex --> </div> <table class="bodynav"> <tr> <td align="left"> &lt; Previous </td> <td align="right"> Next &gt; </td> </tr> </table> </div> <div class="visualClear"></div> </div> </div> </div> <div id="column-one"> <a name="indexes"></a> <div class="portlet" id="p-topnav"> <div class="pBody"> <ul> <li><a href="threads.html">Thread Index</a></li> <li><a href="author.html">Author Index</a></li> <li><a href="date.html">Date Index</a></li> <li><a href="all.html">All Messages</a></li> </ul> </div> </div> <div class="portlet" id="p-logo"> <a style="background-image: url(/skins/opensuse/opensuse.gif);" href="../" title="Back"></a> </div> <script type="text/javascript"> if (window.isMSIE55) fixalpha(); </script> <a name="search"></a> <div id="p-search" class="portlet" style="white-space: nowrap;"> <h5><label for="searchInput">Search this list</label> (Security update for jasper</h5> <!--X-Subject-Header-End--> <!--X-Head-of-Message--> <ul> <li><span class="identifier"> From</span>)

This update for jasper fixes the following issues: - CVE-2018-9055: denial of service via a reachable assertion in the function jpcfirstone in libjasper/jpc/jpcmath.c could lead to denial of service. bsc1087020 This update was imported from the SUSE:SLE-12:Update update project...

Security update for opencv (important)

This update for opencv fixes the following issues: Security issues fixed: - CVE-2016-1516: OpenCV had a double free issue that allowed attackers to execute arbitrary code. boo1033152 - CVE-2017-14136: OpenCV had an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading ...

Security update for glibc (important)

This update for glibc fixes the following issues: Security issues fixed: - CVE-2017-8804: Fix memory leak after deserialization failure in xdrbytes, xdrstring bsc1037930 - CVE-2017-12132: Reduce EDNS payload size to 1200 bytes bsc1051791 - CVE-2018-6485,CVE-2018-6551: Fix integer overflows in...

Security update for bind (important)

This update for bind fixes several issues. This security issue was fixed: - CVE-2017-3145: Improper sequencing during cleanup could have lead to a use-after-free error that triggered an assertion failure and crash in named bsc1076118. These non-security issues were fixed: - Updated named.root fil...

glibc (critical)

CVE-2015-0235: A vulnerability was found and fixed in the GNU C Library, specifically in the function gethostbyname, that could lead to a local or remote buffer overflow. bsc913646...

Security update for kafka (important)

openSUSE Security Update: Security update for kafka Announcement ID: openSUSE-SU-2021:1631-1 Rating: important References: 1193662 Cross-References: CVE-2021-4104 CVSS scores: CVE-2021-4104 SUSE: 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP3 An...

Security update for mysql-connector-java (moderate)

openSUSE Security Update: Security update for mysql-connector-java Announcement ID: openSUSE-SU-2021:2622-1 Rating: moderate References: 1173600 Cross-References: CVE-2020-2875 CVE-2020-2933 CVE-2020-2934 CVSS scores: CVE-2020-2875 NVD : 4.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N...

Security update for the Linux Kernel (important)

openSUSE Security Update: Security update for the Linux Kernel Announcement ID: openSUSE-SU-2020:2112-1 Rating: important References: 1055014 1055186 1061843 1065600 1065729 1066382 1077428 1129923 1134760 1149032 1152489 1155798 1163592 1164648 1165692 1166146 1166166 1167030 1168468 1170415...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2020:2020-1 Rating: important References: 1178824 Cross-References: CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961...

Security update for bind (moderate)

openSUSE Security Update: Security update for bind Announcement ID: openSUSE-SU-2020:1701-1 Rating: moderate References: 1100369 1109160 1118367 1118368 1128220 1156205 1157051 1161168 1170667 1170713 1171313 1171740 1172958 1173307 1173311 1173983 1175443 1176092 1176674 906079 Cross-References:...

Security update for qemu (important)

openSUSE Security Update: Security update for qemu Announcement ID: openSUSE-SU-2020:1664-1 Rating: important References: 1174386 1174641 1174863 1175370 1175441 1176494 Cross-References: CVE-2020-14364 CVE-2020-15863 CVE-2020-16092 CVE-2020-24352 Affected Products: openSUSE Leap 15.2 An update...

Security update for libssh (important)

openSUSE Security Update: Security update for libssh Announcement ID: openSUSE-SU-2019:2689-1 Rating: important References: 1158095 Cross-References: CVE-2019-14889 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for libssh...

Security update for ghostscript (important)

openSUSE Security Update: Security update for ghostscript Announcement ID: openSUSE-SU-2019:2535-1 Rating: important References: 1156275 Cross-References: CVE-2019-14869 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...

Security update for libjpeg-turbo (important)

openSUSE Security Update: Security update for libjpeg-turbo Announcement ID: openSUSE-SU-2019:2530-1 Rating: important References: 1156402 Cross-References: CVE-2019-2201 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for...

Security update for openconnect (moderate)

openSUSE Security Update: Security update for openconnect Announcement ID: openSUSE-SU-2019:2388-1 Rating: moderate References: 1151178 Cross-References: CVE-2019-16239 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for...

Security update for wireshark (moderate)

openSUSE Security Update: Security update for wireshark Announcement ID: openSUSE-SU-2019:1965-1 Rating: moderate References: 1141980 Cross-References: CVE-2019-13619 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: Thi...

Security update for libheimdal (moderate)

openSUSE Security Update: Security update for libheimdal Announcement ID: openSUSE-SU-2019:1688-1 Rating: moderate References: 1047218 1084909 Cross-References: CVE-2018-16860 CVE-2019-12098 Affected Products: openSUSE Backports SLE-15 An update that fixes two vulnerabilities is now available...