Security update for tcpdump (moderate)

openSUSE Security Update: Security update for tcpdump Announcement ID: openSUSE-SU-2019:1964-1 Rating: moderate References: 1068716 1142439 Cross-References: CVE-2017-16808 CVE-2019-1010220 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 An update that fixes two vulnerabilities is now...

Security update for subversion (important)

openSUSE Security Update: Security update for subversion Announcement ID: openSUSE-SU-2019:1910-1 Rating: important References: 1142721 1142743 Cross-References: CVE-2018-11782 CVE-2019-0203 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 An update that fixes two vulnerabilities is now...

Security update for vlc (important)

openSUSE Security Update: Security update for vlc Announcement ID: openSUSE-SU-2019:1909-1 Rating: important References: 1093732 1094893 1118586 1133290 1138354 1138933 1141522 1142161 1143547 1143549 Cross-References: CVE-2018-19857 CVE-2019-12874 CVE-2019-13602 CVE-2019-13962 CVE-2019-5439...

Security update for spamassassin (moderate)

openSUSE Security Update: Security update for spamassassin Announcement ID: openSUSE-SU-2019:1831-1 Rating: moderate References: 1069831 1107765 1108745 1108748 1108749 1108750 1115411 Cross-References: CVE-2016-1238 CVE-2017-15705 CVE-2018-11780 CVE-2018-11781 Affected Products: openSUSE Leap 15...

Security update for blueman (moderate)

openSUSE Security Update: Security update for blueman Announcement ID: openSUSE-SU-2019:1050-1 Rating: moderate References: 1083066 Affected Products: openSUSE Backports SLE-15 An update that contains security fixes can now be installed. Description: This update for blueman fixes the following...

Security update for okular (moderate)

This update for okular fixes the following security issue: - CVE-2018-1000801: Prevent directory traversal vulnerability in function unpackDocumentArchive could have resulted in arbitrary file creation via a specially crafted Okular archive bsc1107591...

Security update for libreoffice (moderate)

This update for libreoffice to 6.0.5.2 fixes the following issues: Security issues fixed: - CVE-2018-10583: An information disclosure vulnerability occurs during automatic processing and initiating an SMB connection embedded in a malicious file, as demonstrated by...

Security update for python-Django1 (important)

This update for python-Django1 to version 1.11.15 fixes the following issues: The following security vulnerability was fixed: - CVE-2018-14574: Fixed an open redirect possibility in CommonMiddleware boo1102680 The following other bugs were fixed: - Fixed WKBWriter.write and writehex for empty...

Security update for sddm (moderate)

This update for sddm fixes the following issues: The following security vulnerability was addressed: - CVE-2018-14345: Fixed the authentication, which did not check the password for users with an already existing session and allowed any user with access to the system bus to unlock any graphical...

Security update for mailman (moderate)

This update for mailman fixes the following issues: Security issue fixed: - CVE-2018-13796: Fix a content spoofing vulnerability with invalid list name messages inside the web UI boo1101288. Bug fixes: - update to 2.1.29: Fixed the listinfo and admin overview pages that were broken - update to...

Security update for php7 (moderate)

This update for php7 fixes the following issues: - CVE-2018-12882: exifreadfromimpl allowed attackers to trigger a use-after-free in exifreadfromfile because it closed a stream that it is not responsible for closing bsc1099098. This update was imported from the SUSE:SLE-15:Update update project...

opensuse-security@xxxxxxxxxxxx</li> <li><span class="identifier"> Date</span>: Tue, 29 May 2018 18:07:29 +0200 (CEST)</li> <li><span class="identifier"> Message-id</span>: &lt;<a href="msg00112.html">[email protected]</a>&gt;</li> </ul> <!--X-Head-of-Message-End--> <!--X-Head-Body-Sep-Begin--> </div> <div class="body"> <!--X-Head-Body-Sep-End--> <!--X-Body-of-Message--> openSUSE Security Update: Security update for pdns<br> ______________________________________________________________________________<br> <br> Announcement ID: openSUSE-SU-2018:1462-1<br> Rating: low<br> References: #1092540 <br> Cross-References: CVE-2018-1046<br> Affected Products:<br> SUSE Package Hub for SUSE Linux Enterprise 12<br> ______________________________________________________________________________<br> <br> An update that fixes one vulnerability is now available.<br> <br> Description:<br> <br> <br> pdns was updated to 4.1.2.<br> <br> Security fixes:<br> <br> * Dnsreplay: bail out on a too small outgoing buffer (CVE-2018-1046<br> bsc#1092540)<br> <br> Improvements:<br> <br> * API: increase serial after dnssec related updates<br> * Auth: lower ‘packet too short’ loglevel<br> * Make check-zone error on rows that have content but shouldn’t<br> * Auth: avoid an isane amount of new backend connections during an axfr<br> * Report unparseable data in stoul invalid_argument exception<br> * Backport: recheck serial when axfr is done<br> * Backport: add tcp support for alias<br> <br> Bug Fixes:<br> <br> * Auth: allocate new statements after reconnecting to postgresql<br> * Auth-bindbackend: only compare ips in ismaster() (Kees Monshouwer)<br> * Rather than crash, sheepishly report no file/linenum<br> * Document undocumented config vars<br> * Backport #6276 (auth 4.1.x): prevent cname + other data with dnsupdate<br> <br> Misc fixes:<br> <br> * Move includes around to avoid boost L conflict<br> * Backport: update edns option code list<br> * Auth: link dnspcap2protobuf against librt when needed<br> * Fix a warning on botan &amp;gt;= 2.5.0<br> * Auth 4.1.x: unbreak build<br> <br> <br> Patch Instructions:<br> <br> To install this openSUSE Security Update use the SUSE recommended <br> installation methods<br> like YaST online_update or &quot;zypper patch&quot;.<br> <br> Alternatively you can run the command listed for your product:<br> <br> - SUSE Package Hub for SUSE Linux Enterprise 12:<br> <br> zypper in -t patch openSUSE-2018-538=1<br> <br> <br> <br> Package List:<br> <br> - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x <br> x86_64):<br> <br> pdns-4.1.2-8.1<br> pdns-backend-godbc-4.1.2-8.1<br> pdns-backend-ldap-4.1.2-8.1<br> pdns-backend-lua-4.1.2-8.1<br> pdns-backend-mydns-4.1.2-8.1<br> pdns-backend-mysql-4.1.2-8.1<br> pdns-backend-postgresql-4.1.2-8.1<br> pdns-backend-remote-4.1.2-8.1<br> pdns-backend-sqlite3-4.1.2-8.1<br> <br> <br> References:<br> <br> <a rel="nofollow" href="https://www.suse.com/security/cve/CVE-2018-1046.html">https://www.suse.com/security/cve/CVE-2018-1046.html</a><br> <a rel="nofollow" href="https://bugzilla.suse.com/1092540">https://bugzilla.suse.com/1092540</a><br> <br> -- <br> To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx<br> For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx<br> <br> <!--X-Body-of-Message-End--> <!--X-MsgBody-End--> <!--X-Follow-Ups--> <!-- SwishCommand noindex --> </div> <table class="bodynav"> <tr> <td align="left"> &lt; Previous </td> <td align="right"> Next &gt; </td> </tr> </table> </div> <div class="visualClear"></div> </div> </div> </div> <div id="column-one"> <a name="indexes"></a> <div class="portlet" id="p-topnav"> <div class="pBody"> <ul> <li><a href="threads.html">Thread Index</a></li> <li><a href="author.html">Author Index</a></li> <li><a href="date.html">Date Index</a></li> <li><a href="all.html">All Messages</a></li> </ul> </div> </div> <div class="portlet" id="p-logo"> <a style="background-image: url(/skins/opensuse/opensuse.gif);" href="../" title="Back"></a> </div> <script type="text/javascript"> if (window.isMSIE55) fixalpha(); </script> <a name="search"></a> <div id="p-search" class="portlet" style="white-space: nowrap;"> <h5><label for="searchInput">Search this list</label> (Security update for pdns</h5> <!--X-Subject-Header-End--> <!--X-Head-of-Message--> <ul> <li><span class="identifier"> From</span>)

pdns was updated to 4.1.2. Security fixes: Dnsreplay: bail out on a too small outgoing buffer CVE-2018-1046 bsc1092540 Improvements: API: increase serial after dnssec related updates Auth: lower ‘packet too short’ loglevel Make check-zone error on rows that have content but shouldn’t Auth:...

Security update for util-linux (important)

This update for util-linux fixes the following issues: This security issue was fixed: - CVE-2017-2616: In su with PAM support it was possible for local users to send SIGKILL to selected other processes with root privileges bsc1023041. This non-security issues were fixed: - lscpu: Implement WSL...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.1 kernel was updated to 4.1.36 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-8655: A race condition in the afpacket packetsetring function could be used by local attackers to crash the kernel or gain privileges bsc1012754. -...

Security update for php5 (important)

This update for php5 fixes the following issues: - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mbstrcut bsc977003 - CVE-2016-3074: Signedness vulnerability in bundled libgd may...

Security update for php5 (important)

This update for php5 fixes the following security issues: - bsc974305: buffer overflow in libmagic - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM bnc973792. - CVE-2015-8835: SoapClient scall method suffered from type confusion issue bnc973351. - CVE-2016-3141: A use-after-free / double-free...

Mozilla Suite: Update to October 2013 release (important)

MozillaFirefox was updated to Firefox 25.0. MozillaThunderbird was updated to Thunderbird 24.1.0. Mozilla XULRunner was updated to 17.0.10esr. Mozilla NSPR was updated to 4.10.1. Changes in MozillaFirefox: requires NSS 3.15.2 or above MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2022:0085-1 Rating: important References: 1197163 Cross-References: CVE-2022-0971 CVE-2022-0972 CVE-2022-0973 CVE-2022-0974 CVE-2022-0975 CVE-2022-0976 CVE-2022-0977 CVE-2022-0978 CVE-2022-0979 CVE-2022-0980...

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2021:1635-1 Rating: important References: 1182863 1189547 1190244 1190269 1191332 1192250 1193485 Cross-References: CVE-2021-29981 CVE-2021-29982 CVE-2021-29987 CVE-2021-29991 CVE-2021-32810 CVE-2021-384...

Security update for containerd, docker, runc (important)

openSUSE Security Update: Security update for containerd, docker, runc Announcement ID: openSUSE-SU-2021:1404-1 Rating: important References: 1102408 1185405 1187704 1188282 1190826 1191015 1191121 1191334 1191355 1191434 Cross-References: CVE-2021-30465 CVE-2021-32760 CVE-2021-41089 CVE-2021-410...

Security update for go1.16 (moderate)

openSUSE Security Update: Security update for go1.16 Announcement ID: openSUSE-SU-2021:3487-1 Rating: moderate References: 1182345 1191468 Cross-References: CVE-2021-38297 CVSS scores: CVE-2021-38297 SUSE: 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: openSUSE Leap 15.3 An...

Security update for openexr (important)

openSUSE Security Update: Security update for openexr Announcement ID: openSUSE-SU-2021:1198-1 Rating: important References: 1188457 1188458 1188459 1188460 1188461 1188462 Cross-References: CVE-2021-20298 CVE-2021-20299 CVE-2021-20300 CVE-2021-20302 CVE-2021-20303 CVE-2021-20304 CVE-2021-3476 CV...

Security update for fastjar (low)

openSUSE Security Update: Security update for fastjar Announcement ID: openSUSE-SU-2021:1107-1 Rating: low References: 1188517 Cross-References: CVE-2010-2322 CVSS scores: CVE-2010-2322 SUSE: 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: openSUSE Leap 15.2 An update that fix...

Security update for opera (important)

openSUSE Security Update: Security update for opera Announcement ID: openSUSE-SU-2021:0712-1 Rating: important References: Cross-References: CVE-2021-21206 CVE-2021-21220 CVE-2021-21222 CVE-2021-21223 CVE-2021-21224 CVE-2021-21225 CVE-2021-21226 CVSS scores: CVE-2021-21220 NVD : 8.8...

Security update for gnome-settings-daemon, gnome-shell (moderate)

openSUSE Security Update: Security update for gnome-settings-daemon, gnome-shell Announcement ID: openSUSE-SU-2020:1861-1 Rating: moderate References: 1172760 1175155 Cross-References: CVE-2020-17489 Affected Products: openSUSE Leap 15.2 An update that solves one vulnerability and has one errata ...

Security update for php7 (important)

openSUSE Security Update: Security update for php7 Announcement ID: openSUSE-SU-2020:1767-1 Rating: important References: 1173786 1177351 1177352 Cross-References: CVE-2020-7069 CVE-2020-7070 Affected Products: openSUSE Leap 15.1 An update that solves two vulnerabilities and has one errata is now...

Security update for php7 (important)

openSUSE Security Update: Security update for php7 Announcement ID: openSUSE-SU-2020:1703-1 Rating: important References: 1177351 1177352 Cross-References: CVE-2020-7069 CVE-2020-7070 Affected Products: openSUSE Leap 15.2 An update that fixes two vulnerabilities is now available. Description: Thi...

Security update for kdeconnect-kde (important)

openSUSE Security Update: Security update for kdeconnect-kde Announcement ID: openSUSE-SU-2020:1647-1 Rating: important References: 1176268 Cross-References: CVE-2020-26164 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description: This...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2020:1048-1 Rating: important References: 1174189 Cross-References: CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 CVE-2020-6513 CVE-2020-6514 CVE-2020-6515 CVE-2020-6516 CVE-2020-6517 CVE-2020-6518 CVE-2020-6519...

Security update for apache2 (moderate)

openSUSE Security Update: Security update for apache2 Announcement ID: openSUSE-SU-2020:1293-1 Rating: moderate References: 1175070 1175071 1175074 Cross-References: CVE-2020-11984 CVE-2020-11993 CVE-2020-9490 Affected Products: openSUSE Leap 15.1 An update that fixes three vulnerabilities is now...

Security update for grub2 (important)

openSUSE Security Update: Security update for grub2 Announcement ID: openSUSE-SU-2020:1282-1 Rating: important References: 1172745 1174421 Cross-References: CVE-2020-15705 Affected Products: openSUSE Leap 15.2 An update that solves one vulnerability and has one errata is now available. Descriptio...

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2020:1179-1 Rating: important References: 1174538 Cross-References: CVE-2020-15652 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514 Affected Products: openSUSE Leap 15.1 An update that fixes four vulnerabiliti...

Security update for opera (important)

openSUSE Security Update: Security update for opera Announcement ID: openSUSE-SU-2020:0635-1 Rating: important References: Cross-References: CVE-2020-6457 CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 CVE-2020-6461 CVE-2020-6462 Affected Products: openSUSE Leap 15.1:NonFree An update that fixes 6...

Security update for python-mysql-connector-python (moderate)

openSUSE Security Update: Security update for python-mysql-connector-python Announcement ID: openSUSE-SU-2020:0430-1 Rating: moderate References: 1122204 Cross-References: CVE-2019-2435 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available...

Security update for libredwg (moderate)

openSUSE Security Update: Security update for libredwg Announcement ID: openSUSE-SU-2020:0096-1 Rating: moderate References: 1160520 1160522 1160523 1160524 1160525 1160526 1160527 Cross-References: CVE-2020-6609 CVE-2020-6610 CVE-2020-6611 CVE-2020-6612 CVE-2020-6613 CVE-2020-6614 CVE-2020-6615...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2020:0002-1 Rating: important References: 1157652 1158328 Cross-References: CVE-2019-11745 CVE-2019-13722 CVE-2019-17005 CVE-2019-17008 CVE-2019-17009 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 Affected...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2019:2693-1 Rating: important References: 1157269 Cross-References: CVE-2019-13723 CVE-2019-13724 Affected Products: openSUSE Backports SLE-15 An update that fixes two vulnerabilities is now available. Description...

Security update for libarchive (moderate)

openSUSE Security Update: Security update for libarchive Announcement ID: openSUSE-SU-2019:2615-1 Rating: moderate References: 1120653 1120654 1124341 1124342 1155079 Cross-References: CVE-2018-1000877 CVE-2018-1000878 CVE-2019-1000019 CVE-2019-1000020 CVE-2019-18408 Affected Products: openSUSE...

Security update for ghostscript (important)

openSUSE Security Update: Security update for ghostscript Announcement ID: openSUSE-SU-2019:2534-1 Rating: important References: 1156275 Cross-References: CVE-2019-14869 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for...

Security update for libcryptopp (moderate)

openSUSE Security Update: Security update for libcryptopp Announcement ID: openSUSE-SU-2019:1968-1 Rating: moderate References: 1143532 Cross-References: CVE-2019-14318 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 An update that...

Security update for bzip2 (important)

openSUSE Security Update: Security update for bzip2 Announcement ID: openSUSE-SU-2019:1918-1 Rating: important References: 1139083 Cross-References: CVE-2019-12900 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This...

Security update for nodejs6 (moderate)

This update for nodejs6 to version 6.14.4 fixes the following issues: Security issues fixed: CVE-2018-12115: Fixed an out-of-bounds OOB write in Buffer.write for UCS-2 encoding bsc1105019 CVE-2018-0732: Upgrade to OpenSSL 1.0.2p, fixing a client DoS due to large DH parameter bsc1097158 Other issu...

Security update for ffmpeg-4 (low)

This update for ffmpeg-4 to version 4.0.2 fixes the following issues: These security issues were fixed: - CVE-2018-15822: The flvwritepacket function did not check for an empty audio packet, leading to an assertion failure and DoS bsc1105869. - CVE-2018-13300: An improper argument passed to the...

Security update for gdk-pixbuf (moderate)

This update for gdk-pixbuf fixes the following issues: Security issue fixed: - CVE-2015-4491: Fix integer multiplication overflow that allows for DoS or potentially RCE bsc1053417. This update was imported from the SUSE:SLE-12-SP2:Update update project...

Security update for nextcloud (moderate)

This update for nextcloud fixes the following issues: Security issues fixed: - CVE-2018-3761: Fix improper authentication on the OAuth2 token endpoint bsc1100344. - CVE-2018-3762: Fix improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it...

Security update for lilypond (moderate)

This update for lilypond fixes the following issues: - CVE-2018-10992: lilypond: Does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks bsc1093056 - packages do not build reproducibl...

Security update for python-paramiko (important)

This update for python-paramiko fixes the following issues: - CVE-2018-7750: Fixed transport.py in the SSH server implementation of Paramiko that does not properly check whether authentication is completed before processing other requests bsc1085276...

Security update for cacti, cacti-spine (important)

This update for cacti, cacti-spine to version 1.1.28 fixes the following issues: - CVE-2017-16641: Potential code execution vulnerability in RRDtool functions boo1067166 - CVE-2017-16660: Remote execution vulnerability in logging function boo1067164 - CVE-2017-16661: Arbitrary file read...

Security update for samba (important)

This update for samba fixes the following issue: - An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as 'root'. CVE-2017-7494, bso12780, bsc1038231 This update was...

Security update for mysql-community-server (important)

This update for mysql-community-server to version 5.6.36 fixes the following issues: These security issues were fixed: - CVE-2016-5483: Mysqldump failed to properly quote certain identifiers in SQL statements written to the dump output, allowing for execution of arbitrary commands bsc1029014 -...