Security update for SDL2_image (moderate)

This update for SDL2image fixes the following issues: Security issues fixed: - CVE-2018-3839: Fixed an exploitable code execution vulnerability that existed in the XCF image rendering functionality of the Simple DirectMedia Layer bsc1089087. - CVE-2018-3977: Fixed a possible code execution via...

Security update for openssl (moderate)

This update for openssl fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation bsc1113652. - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses bsc1113534. - Add missing timing side channel patch for...

Security update for SDL2_image (moderate)

This update for SDL2image fixes the following issues: Security issues fixed: - CVE-2018-3839: Fixed an exploitable code execution vulnerability that existed in the XCF image rendering functionality of the Simple DirectMedia Layer bsc1089087. - CVE-2018-3977: Fixed a possible code execution via...

Security update for postgresql10 (moderate)

This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2018-16850: Fixed improper quoting of transition table names when pgdump emits CREATE TRIGGER could have caused privilege escalation bsc1114837. Non-security issues fixed: - Update to release 10.6:...

Security update for openssl-1_1 (moderate)

This update for openssl-11 fixes the following issues: Security issues fixed: - CVE-2018-0734: timing vulnerability in DSA signature generation bsc1113652. - CVE-2018-0735: timing vulnerability in ECDSA signature generation bsc1113651. This update was imported from the SUSE:SLE-15:Update update...

Security update for libwpd (important)

This update for libwpd fixes the following issues: Security issue fixed: - CVE-2018-19208: illegal address access inside libwpd at function WP6ContentListener:defineTable bsc1115713. This update was imported from the SUSE:SLE-15:Update update project...

Security update for virtualbox (important)

This update for virtualbox fixes the following issues: virtualbox was updated to version 5.2.22 released November 09 2018 by Oracle. Security issues fixed: - Fixed a guest-to-host excape via the e1000 virtual network driver bsc1115041. Non-security issues fixed: - Audio: Fixed a regression in the...

Security update for chromium (important)

This update for Chromium to version 70.0.3538.110 fixes the following security issue: - CVE-2018-17479: Use-after-free in GPU boo1116608...

Security update for chromium (important)

This update for Chromium to version 70.0.3538.110 fixes the following security issue: - CVE-2018-17479: Use-after-free in GPU boo1116608...

Security update for libwpd (important)

This update for libwpd fixes the following issues: Security issue fixed: - CVE-2018-19208: Fixed illegal address access inside libwpd at function WP6ContentListener:defineTable bsc1115713. This update was imported from the SUSE:SLE-12:Update update project...

Security update for GraphicsMagick (moderate)

This update for GraphicsMagick fixes the following issues: Security issue fixed: - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage of coders/msl.c bsc1113064. Non-security issues fixed: - asanbuild: build ASAN included - debugbuild: build more suitable for debugging This update wa...

Security update for chromium (moderate)

This update contains Chromium 70.0.3538.102 and fixes security issues and bugs. Vulnerabilities fixed: - CVE-2018-17478: Out of bounds memory access in V8 boo1115537 - Various fixes from internal audits, fuzzing and other initiatives Packaging changes: - noto-emoji-fonts is no longer a recommende...

Security update for chromium (important)

This update contains Chromium 70.0.3538.102 and fixes security issues and bugs. Vulnerabilities fixed in 70.0.3538.102: - CVE-2018-17478: Out of bounds memory access in V8 boo1115537 Vulnerabilities fixed in 70.0.3538.67 bsc1112111: - CVE-2018-17462: Sandbox escape in AppCache - CVE-2018-17463:...

Security update for SDL2_image (moderate)

This update for SDL2image fixes the following issues: Security issues fixed: - CVE-2018-3839: Fixed an exploitable code execution vulnerability that existed in the XCF image rendering functionality of the Simple DirectMedia Layer bsc1089087. - CVE-2018-3977: Fixed a possible code execution via...

Security update for GraphicsMagick (moderate)

This update for GraphicsMagick fixes the following issues: Security issue fixed: - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage of coders/msl.c bsc1113064. Non-security issues fixed: - asanbuild: build ASAN included - debugbuild: build more suitable for debugging...

Security update for squid (important)

This update for squid fixes the following issues: Security issues fixed: - CVE-2018-19131: Fixed Cross-Site-Scripting vulnerability in the TLS error handling bsc1113668. - CVE-2018-19132: Fixed small memory leak in processing of SNMP packets bsc1113669. Non-security issues fixed: - Create runtime...

Security update for GraphicsMagick (moderate)

This update for GraphicsMagick fixes the following issues: Security issue fixed: - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage of coders/msl.c bsc1113064. Non-security issues fixed: - asanbuild: build ASAN included - debugbuild: build more suitable for debugging...

Security update for libmatroska, mkvtoolnix (low)

This update for libmatroska, mkvtoolnix fixes the following issues: Security issue fixed: - CVE-2018-4022: Fixed use-after-free vulnerability that existed in the way MKV matroska file format was handled bsc1113709...

Security update for squid (important)

This update for squid fixes the following issues: Security issues fixed: - CVE-2018-19131: Fixed Cross-Site-Scripting vulnerability in the TLS error handling bsc1113668. - CVE-2018-19132: Fixed small memory leak in processing of SNMP packets bsc1113669. Non-security issues fixed: - Create runtime...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.3 kernel was updated to 4.4.162 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-18281: The mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the pagetables of a...

Security update for chromium (moderate)

This update contains Chromium 70.0.3538.102 and fixes security issues and bugs. Vulnerabilities fixed: - CVE-2018-17478: Out of bounds memory access in V8 boo1115537 - Various fixes from internal audits, fuzzing and other initiatives Packaging changes: - noto-emoji-fonts is no longer a recommende...

Security update for amanda (moderate)

This update for amanda fixes the following security issue: - CVE-2016-10729: Local privilege escalation from amanda user to root via unsafe tar command options bsc1112916...

Security update for systemd (important)

This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. bsc1113632 - CVE-2018-15686: A vulnerability in unitdeserializ...

Security update for libxkbcommon (low)

This update for libxkbcommon to version 0.8.2 fixes the following issues: - Fix a few NULL-dereferences, out-of-bounds access and undefined behavior in the XKB text format parser. - CVE-2018-15853: Endless recursion could have been used by local attackers to crash xkbcommon users by supplying a...

Security update for openssh (moderate)

This update for openssh fixes the following issues: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration ...

Security update for xorg-x11-server (moderate)

This update for xorg-x11-server fixes the following issues: - CVE-2018-14665: Disable -logfile and -modulepath when running with elevated privileges bsc1112020, Note that SUSE by default does not run with elevated privileges, so the default installation is not affected by this problem. This updat...

Security update for apache-pdfbox (moderate)

This update for apache-pdfbox fixes the following security issue: - CVE-2018-11797: A carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. bsc1111009: This update was imported from the SUSE:SLE-15:Update update project...

Security update for ImageMagick (moderate)

This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. bsc1111069 - CVE-2018-18016: Fixed a memory...

Security update for LibreOffice and dependency libraries (moderate)

This update for LibreOffice, libepubgen, liblangtag, libmwaw, libnumbertext, libstaroffice, libwps, myspell-dictionaries, xmlsec1 fixes the following issues: LibreOffice was updated to 6.1.3.2 fate326624 and contains new features and lots of bugfixes: The full changelog can be found on:...

Security update for icecast (important)

This update for icecast fixes the following security issues: - CVE-2018-18820: A buffer overflow in url-auth could have potentially allowed remote code execution boo1114434...

Security update for libarchive (moderate)

This update for libarchive fixes the following issues: - CVE-2016-10209: The archivewstringappendfrommbs function in archivestring.c allowed remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted archive file. bsc1032089 - CVE-2016-10349: The...

Security update for opensc (moderate)

This update for opensc fixes the following security issues: - CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card bsc1106998 - CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card bsc1106999 - CVE-2018-16393: Fixed buffer overflows wh...

Security update for apache2 (important)

This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2...

Security update for accountsservice (moderate)

This update for accountsservice fixes the following issues: This security issue was fixed: - CVE-2018-14036: Prevent directory traversal caused by an insufficient path check in userchangeiconfileauthorizedcb bsc1099699 Thsese non-security issues were fixed: - Don't abort loading users when an...

Security update for qemu (moderate)

This update for qemu fixes the following issues: These security issues were fixed: - CVE-2018-12617: qmpguestfileread had an integer overflow that could have been exploited by sending a crafted QMP command including guest-file-read with a large count value to the agent via the listening socket...

Security update for curl (moderate)

This update for curl fixes the following issues: - CVE-2018-16839: A SASL password overflow via integer overflow was fixed which could lead to crashes bsc1112758 - CVE-2018-16840: A use-after-free in SASL handle close was fixed which could lead to crashes bsc1112758 - CVE-2018-16842: A...

Security update for python, python-base (moderate)

This update for python, python-base fixes the following issues: Security issues fixed: - CVE-2018-1000802: Prevent command injection in shutil module makearchive function via passage of unfiltered user input bsc1109663. - CVE-2018-1061: Fixed DoS via regular expression backtracking in...

Security update for opensc (moderate)

This update for opensc fixes the following issues: - CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card bsc1106998 - CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card bsc1106999 - CVE-2018-16393: Fixed buffer overflows when handli...

Security update for curl (moderate)

This update for curl fixes the following issues: - CVE-2018-16840: A use after free in closing SASL handles was fixed bsc1112758 - CVE-2018-16842: A Out-of-bounds Read in toolmsgs.c was fixed which could lead to crashes bsc1113660 This update was imported from the SUSE:SLE-12:Update update projec...

Security update for ntfs-3g_ntfsprogs (low)

This update for ntfs-3gntfsprogs fixes the following issues: - CVE-2017-0358: Missing sanitization of the environment during a call to modprobe allowed local users to escalate fo root privilege bsc1022500 This update was imported from the SUSE:SLE-12:Update update project...

Security update for systemd (important)

This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. bsc1113632 - CVE-2018-15686: A vulnerability in unitdeserializ...

Security update for audiofile (moderate)

This update for audiofile fixes the following issues: - CVE-2018-17095: A heap-based buffer overflow in Expand3To4Module::run could occurred when running sfconvert leading to crashes or code execution when handling untrusted soundfiles bsc1111586. This update was imported from the...

Security update for soundtouch (important)

This update for soundtouch fixes the following issues: - CVE-2018-17098: The WavFileBase class allowed remote attackers to cause a denial of service heap corruption from size inconsistency or possibly have unspecified other impact, as demonstrated by SoundStretch. bsc1108632 - CVE-2018-17097: The...

Security update for soundtouch (moderate)

This update for soundtouch fixes the following issues: - CVE-2018-17098: The WavFileBase class allowed remote attackers to cause a denial of service heap corruption from size inconsistency or possibly have unspecified other impact, as demonstrated by SoundStretch. bsc1108632 - CVE-2018-17097: The...

Security update for libarchive (moderate)

This update for libarchive fixes the following issues: - CVE-2017-14501: An out-of-bounds read flaw existed in parsefileinfo in archivereadsupportformatiso9660.c when extracting a specially crafted iso9660 iso file, related to archivereadformatiso9660readheader. bsc1059139 - CVE-2017-14502:...

Security update for MozillaThunderbird (important)

This update for Mozilla Thunderbird to version 60.2.1 fixes multiple issues. Multiple security issues were fixed in the Mozilla platform as advised in MFSA 2018-25 and MFSA 2018-28. In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading...

Security update for the Linux Kernel (important)

The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-18710: An information leak in cdromioctlselectdisc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned lo...

Security update for MozillaThunderbird (important)

This update for MozillaThunderbird fixes the following issues: Thunderbird 63 ESR was updated to version 60.3.0 to fix the following issues bsc1112852: Security issues fixed MFSA 2018-28: - CVE-2018-12389: Fixed memory safety bugs. - CVE-2018-12390: Fixed memory safety bugs. - CVE-2018-12391: Fix...

Security update for wpa_supplicant (moderate)

This update for wpasupplicant provides the following fixes: This security issues was fixe: - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the...

Security update for audiofile (moderate)

This update for audiofile fixes the following issues: - CVE-2018-17095: A heap-based buffer overflow in Expand3To4Module::run could occurred when running sfconvert leading to crashes or code execution when handling untrusted soundfiles bsc1111586. This update was imported from the...