Security update for pdns-recursor (moderate)

This update for pdns-recursor fixes the following issues: Security issues fixed: - CVE-2018-10851: Fixed denial of service via crafted zone record or crafted answer bsc1114157. - CVE-2018-14644: Fixed denial of service via crafted query for meta-types bsc1114170. - CVE-2018-14626: Fixed packet...

Security update for openvswitch (moderate)

This update for openvswitch to version 2.7.6 fixes the following issues: These security issues were fixed: - CVE-2018-17205: Prevent OVS crash when reverting old flows in bundle commit bsc1104467. - CVE-2018-17206: Avoid buffer overread in BUNDLE action decoding bsc1104467. - CVE-2018-17204:When...

Security update for qemu (moderate)

This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use...

Security update for tcpdump (moderate)

This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2018-19519: Fixed a stack-based buffer over-read in the printprefix function bsc1117267 This update was imported from the SUSE:SLE-15:Update update project...

Security update for Chromium (important)

This update to Chromium 71.0.3578.98 fixes the following issues: Security issues fixed boo1118529: - CVE-2018-17480: Out of bounds write in V8 - CVE-2018-17481: Use after frees in PDFium - CVE-2018-18335: Heap buffer overflow in Skia - CVE-2018-18336: Use after free in PDFium - CVE-2018-18337: Us...

Security update for Chromium (important)

This update to Chromium 71.0.3578.98 fixes the following issues: Security issues fixed boo1118529: - CVE-2018-17480: Out of bounds write in V8 - CVE-2018-17481: Use after frees in PDFium - CVE-2018-18335: Heap buffer overflow in Skia - CVE-2018-18336: Use after free in PDFium - CVE-2018-18337: Us...

Security update for cups (important)

This update for cups fixes the following security issue: - CVE-2018-4700: Fixed extremely predictable cookie generation that is effectively breaking the CSRF protection of the CUPS web interface bsc1115750. This update was imported from the SUSE:SLE-12:Update update project...

Security update for ghostscript (important)

This update for ghostscript to version 9.26 fixes the following issues: Security issues fixed: - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c bsc1117327 - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c bsc1117313 - CVE-2018-19477:...

Security update for ghostscript (important)

This update for ghostscript to version 9.26 fixes the following issues: Security issues fixed: - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c bsc1117327 - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c bsc1117313 - CVE-2018-19477:...

Security update for qemu (important)

This update for qemu fixes the following issues: Security issue fixed: - CVE-2018-16847: Fixed an out of bounds r/w buffer access in cmb operations bsc1114529. Non-security issue fixed: - Fixed serial console issue that triggered a qemu-kvm bug bsc1108474. This update was imported from the...

Security update for the Linux Kernel (important)

The openSUSE Leap 15.0 kernel was updated to 4.12.14-lp150.12.28.1 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-18281: The mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.3 kernel was updated to 4.4.165-81.1 to receive various bugfixes. The following non-security bugs were fixed: - 9p locks: fix glock.clientid leak in dolock bnc1012382. - 9p: clear dangling pointers in p9statfree bnc1012382. - ACPI / LPSS: Add alternative ACPI HIDs for Cherry...

Security update for phpMyAdmin (moderate)

This update for phpMyAdmin fixes security issues and bugs. Security issues addressed in the 4.8.4 release bsc1119245: - CVE-2018-19968: Local file inclusion through transformation feature - CVE-2018-19969: XSRF/CSRF vulnerability - CVE-2018-19970: XSS vulnerability in navigation tree This update...

Security update for phpMyAdmin (moderate)

This update for phpMyAdmin fixes security issues and bugs. Security issues addressed in the 4.8.4 release bsc1119245: - CVE-2018-19968: Local file inclusion through transformation feature - CVE-2018-19969: XSRF/CSRF vulnerability - CVE-2018-19970: XSS vulnerability in navigation tree This update...

Security update for Chromium (important)

This update to Chromium 71.0.3578.98 fixes on security issue. - CVE-2018-17481: Use after free in PDFium - a follow-up fix to Chromiun 70 boo1119364...

Security update for mozilla-nss (moderate)

This update for mozilla-nss to version 3.36.6 fixes the following issues: Security issues fixed: - CVE-2018-12384: NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random bmo1483128, boo1106873 - CVE-2018-12404: Cache side-channel variant of the...

Security update for Mozilla Firefox (important)

This update to Mozilla Firefox 60.4.0 ESR fixes security issues and bugs. Security issues fixed as part of the MFSA 2018-30 advisory boo1119105: - CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Use-after-free with select element -...

Security update for xen (important)

This update for xen fixes the following issues: Security issues fixed: - CVE-2018-18849: Fixed an out of bounds memory access issue was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsidomsgin bsc1114423. - CVE-2018-18883: Fixed a NULL pointer dereference that...

Security update for cups (important)

This update for cups fixes the following issues: Security issue fixed: - CVE-2018-4700: Fixed extremely predictable cookie generation that is effectively breaking the CSRF protection of the CUPS web interface bsc1115750. This update was imported from the SUSE:SLE-15:Update update project...

Security update for compat-openssl098 (moderate)

This update for compat-openssl098 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation bsc1113652. - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses bsc1113534. - CVE-2016-8610: Adjusted current...

Security update for pdns (moderate)

This update for pdns fixes the following issues: Security issues fixed: - CVE-2018-10851: Fixed denial of service via crafted zone record or crafted answer bsc1114157. - CVE-2018-14626: Fixed packet cache pollution via crafted query bsc1114169...

Security update for pdns-recursor (moderate)

This update for pdns-recursor to version 4.1.8 fixes the following issues: Security issues fixed: - CVE-2018-10851: Fixed denial of service via crafted zone record or crafted answer bsc1114157. - CVE-2018-14644: Fixed denial of service via crafted query for meta-types bsc1114170. - CVE-2018-14626...

Security update for Chromium (important)

This update to Chromium version 71.0.3578.80 fixes security issues and bugs. Security issues fixed boo1118529: - CVE-2018-17480: Out of bounds write in V8 - CVE-2018-17481: Use after frees in PDFium - CVE-2018-18335: Heap buffer overflow in Skia - CVE-2018-18336: Use after free in PDFium -...

Security update for ncurses (important)

This update for ncurses fixes the following issues: Security issue fixed: - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function ncparseentry bsc1115929. Non-security issue fixed: - Remove scree.xterm from terminfo data base as with this scree...

Security update for ImageMagick (moderate)

This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage bsc1113064. Non-security issues fixed: - Improve import documentation bsc1057246. - Allow override system security policy bsc1117463. - asanbuild: build...

Security update for tiff (moderate)

This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-19210: Fixed NULL pointer dereference in the TIFFWriteDirectorySec function bsc1115717. - CVE-2017-12944: Fixed denial of service issue in the TIFFReadDirEntryArray function bsc1054594. - CVE-2016-10094: Fixed...

Security update for libgit2 (important)

This update for libgit2 fixes the following issues: Security issue fixed: - CVE-2018-17456: Submodule URLs and paths with a leading "-" are now ignored to avoid injecting options into library consumers that perform recursive clones bsc1110949. Non-security issues fixed: - Version update to versio...

Security update for openssl-1_0_0 (moderate)

This update for openssl-100 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation bsc1113652. - CVE-2018-5407: Added elliptic curve scalar multiplication timing attack defenses that fixes "PortSmash" bsc1113534. Non-security...

Security update for otrs (moderate)

This update for otrs fixes the following issues: Update to version 4.0.33. Security issues fixed: - CVE-2018-19141: Fixed privilege escalation, that an attacker who is logged into OTRS as an admin user cannot manipulate the URL to cause execution of JavaScript in the context of OTRS. -...

Security update for dom4j (moderate)

This update for dom4j fixes the following issues: - CVE-2018-1000632: Prevent XML injection that could have resulted in an attacker tampering with XML documents bsc1105443. This update was imported from the SUSE:SLE-15:Update update project. This update was imported from the...

Security update for pam (important)

This update for pam fixes the following issue: Security issue fixed: - CVE-2018-17953: Fixed IP address and subnet handling of pamaccess.so that was not honoured correctly when a single host was specified bsc1115640. This update was imported from the SUSE:SLE-15:Update update project...

Security update for tomcat (moderate)

This update for tomcat to 9.0.12 fixes the following issues: See the full changelog at: http://tomcat.apache.org/tomcat-9.0-doc/changelog.htmlTomcat9.0.12markt Security issues fixed: - CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a directory e.g. redirecting to...

Security update for rubygem-activejob-5_1 (low)

This update for rubygem-activejob-51 fixes the following issues: Security issue fixed: - CVE-2018-16476: Fixed broken access control vulnerability bsc1117632. This update was imported from the SUSE:SLE-15:Update update project...

Recommended update for php5 (moderate)

This update for php5 fixes the following issues: Security issue fixed: - CVE-2018-19518: Fixed imapopen script injection flaw bsc1117107. This update was imported from the SUSE:SLE-12:Update update project...

Security update for ncurses (important)

This update for ncurses fixes the following issue: Security issue fixed: - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function ncparseentry bsc1115929. This update was imported from the SUSE:SLE-12:Update update project...

Security update for apache2-mod_jk (important)

This update for apache2-modjk fixes the following issue: Security issue fixed: - CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in httpd bsc1114612. This update was imported from the SUSE:SLE-15:Update update project...

Security update for postgresql10 (moderate)

This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2018-16850: Fixed improper quoting of transition table names when pgdump emits CREATE TRIGGER could have caused privilege escalation bsc1114837. Non-security issues fixed: - Update to release 10.6:...

Recommended update for php7 (moderate)

This update for php7 fixes the following issues: Security issue fixed: - CVE-2018-19518: Fixed imapopen script injection flaw bsc1117107. This update was imported from the SUSE:SLE-12:Update update project...

Security update for messagelib (low)

This update for messagelib fixes the following issues: The following security vulnerability was addressed: - CVE-2018-19516: Fix a potential issue with opening messages in a new browser window when displaying mails as HTML boo1117958...

Security update for postgresql94 (important)

This update for postgresql94 to 9.4.19 fixes the following security issue: - CVE-2018-10915: libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could have...

Security update for glib2 (moderate)

This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16428: Do not do a NULL pointer dereference crash. Avoid that, at the cost of introducing a new translatable error message bsc1107121. - CVE-2018-16429: Fixed out-of-bounds read vulnerability...

Security update for qemu (important)

This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use...

Security update for dpdk (moderate)

This update for dpdk to version 16.11.8 provides the following security fix: - CVE-2018-1059: restrict untrusted guest to misuse virtio to corrupt host application ovs-dpdk memory which could have lead all VM to lose connectivity bsc1089638 and following non-security fixes: - Enable the broadcom...

Security update for nextcloud (moderate)

This update for nextcloud fixes security issues and bugs. Security issues fixed: - CVE-2018-3780: Stored XSS in autocomplete suggestions for file comments boo1114817 This update also contains all bug fixes and improvements in the 13.0.8 version, including: - Password expiration time changed from...

Security update for nextcloud (moderate)

This update for nextcloud fixes security issues and bugs. Security issues fixed: - CVE-2018-3780: Stored XSS in autocomplete suggestions for file comments boo1114817 This update also contains all bug fixes and improvements in the 13.0.8 version, including: - Password expiration time changed from...

Security update for dom4j (moderate)

This update for dom4j fixes the following issues: - CVE-2018-1000632: Prevent XML injection that could have resulted in an attacker tampering with XML documents bsc1105443. This update was imported from the SUSE:SLE-15:Update update project...

Security update for rubygem-loofah (moderate)

This update for rubygem-loofah fixes the following issues: Security issue fixed: - CVE-2018-16468: Fixed XXS by removing the svg animate attribute from from the allowlist bsc1113969. This update was imported from the SUSE:SLE-15:Update update project...

Security update for tiff (moderate)

This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf bsc1099257. - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tiflzw.c bsc1113672. - CVE-2018-18557: Fixe...

Security update for tiff (moderate)

This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf bsc1099257. - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tiflzw.c bsc1113672. - CVE-2018-18557: Fixe...

Security update for openssh (moderate)

This update for openssh fixes the following issues: Following security issues have been fixed: - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully...