Security update for lcms2 (moderate)

This update for lcms2 fixes the following issues: - CVE-2018-16435: Heap-based buffer overflow via a crafted file in the second argument to cmsIT8LoadFromFile bsc1108813 This update was imported from the SUSE:SLE-15:Update update project...

Security update for hostapd (low)

hostapd was updated to fix following security issue: - CVE-2018-14526: Ignore unauthenticated encrypted EAPOL-Key data bsc1104205...

Security update for ImageMagick (moderate)

This update for ImageMagick fixes the following issues: - CVE-2017-14997: GraphicsMagick allowed remote attackers to cause a denial of service excessive memory allocation because of an integer underflow in ReadPICTImage in coders/pict.c. bsc1112399 - CVE-2018-16644: An regression in the security...

Security update for libgit2 (moderate)

This update for libgit2 fixes the following issues: - CVE-2018-8099: Fixed possible denial of service attack via different vectors by not being able to differentiate between these status codes bsc1085256. - CVE-2018-11235: With a crafted .gitmodules file, a malicious project can execute an...

Security update for mercurial (moderate)

This update for mercurial fixes the following issues: - CVE-2018-17983: Fix an out-of-bounds read during parsing of a malformed manifest entry bsc1110899. This update was imported from the SUSE:SLE-15:Update update project...

Security update for net-snmp (important)

This update for net-snmp fixes the following issues: Security issues fixed: - CVE-2018-18065: setkey in agent/helpers/tablecontainer.c had a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Deni...

Security update for clamav (moderate)

This update for clamav fixes the following issues: clamav was updated to version 0.100.2: - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. bsc1110723 -...

Security update for jhead (moderate)

This update for jhead fixes the following issues: Security issues fixed: - CVE-2018-17088: The ProcessGpsInfo function may have allowed a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check...

Security update for GraphicsMagick (moderate)

This update for GraphicsMagick fixes the following issues: Security issues fixed: - CVE-2017-10794: When GraphicsMagick processed an RGB TIFF picture with metadata indicating a single sample per pixel in coders/tiff.c, a buffer overflow occured, related to QuantumTransferMode. boo1112392 -...

Security update for mysql-community-server (important)

MySQL Community Server was updated to 5.6.42, fixing bugs and security issues: Changes: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-42.html Fixed CVEs: - CVE-2016-9843 boo1013882, CVE-2018-3143 boo1112421, - CVE-2018-3156 boo1112417, CVE-2018-3251 boo1112397, - CVE-2018-3133 boo111236...

Security update for webkit2gtk3 (moderate)

This update for webkit2gtk3 to version 2.20.3 fixes the issues: The following security vulnerabilities were addressed: - CVE-2018-12911: Fixed an off-by-one error in xdgmimegetsimpleglobs boo1101999 - CVE-2017-13884: An unspecified issue allowed remote attackers to execute arbitrary code or cause...

Security update for tomcat (moderate)

This update for tomcat fixes the following issues: - CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a directory e.g. redirecting to '/foo/' when the user requested '/foo' a specially crafted URL could be used to cause the redirect to be generated to any URI of th...

Security update for ntp (moderate)

NTP was updated to 4.2.8p12 bsc1111853: - CVE-2018-12327: Fixed stack buffer overflow in the openhost command-line call of NTPQ/NTPDC. bsc1098531 - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection bsc1083424 Please also see...

Security update for rust (moderate)

This update for rust fixes the following issues: - CVE-2018-1000622: rustdoc loads plugins from world writable directory allowing for arbitrary code execution This patch consists of requiring --plugin-path to be passed whenever --plugin is passed Note that rustdoc plugins will be removed entirely...

Security update for postgresql96 (important)

This update for postgresql96 to 9.6.10 fixes the following issues: These security issues were fixed: - CVE-2018-10915: libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted...

Security update for zziplib (moderate)

This update for zziplib fixes the following issues: - CVE-2018-17828: Remove any "../" components from pathnames of extracted files to avoid path traversal during unpacking. bsc1110687 This update was imported from the SUSE:SLE-12:Update update project...

Security update for python-cryptography (moderate)

This update for python-cryptography fixes the following issues: - CVE-2018-10903: The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1...

Security update for ntp (moderate)

This update for NTP to version 4.2.8p12 fixes the following vulnerabilities bsc1111853: - CVE-2018-12327: Fixed stack buffer overflow in the openhost command-line call of NTPQ/NTPDC. bsc1098531 - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing...

Security update for Mozilla Firefox (important)

This update for Mozilla Firefox to version 60.3.0esr fixes security issues and stability bugs. The following security issues were fixed MFSA 2018-27, boo1112852: - CVE-2018-12392: Crash with nested event loops - CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript -...

Security update for Chromium (important)

This update for Chromium to version 70.0.3538.67 fixes multiple issues. Security issues fixed bsc1112111: - CVE-2018-17462: Sandbox escape in AppCache - CVE-2018-17463: Remote code execution in V8 - Heap buffer overflow in Little CMS in PDFium - CVE-2018-17464: URL spoof in Omnibox -...

Security update for apache-pdfbox (moderate)

This update for apache-pdfbox fixes the following security issue: - CVE-2018-8036: A crafted file could have triggered an infinite loop which lead to DoS bsc1099721. - CVE-2018-11797: A carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree...

Security update for net-snmp (important)

This update for net-snmp fixes the following issues: Security issues fixed: - CVE-2018-18065: setkey in agent/helpers/tablecontainer.c had a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Deni...

Security update for pam_pkcs11 (moderate)

This update for pampkcs11 fixes the following security issues: - It was possible to replay an authentication by using a specially prepared smartcard or token bsc1105012 - Prevent buffer overflow if a user has a home directory with a length of more than 512 bytes bsc1105012 - Memory not cleaned...

Security update for rpm (moderate)

This update for rpm fixes the following issues: These security issues were fixed: - CVE-2017-7500: rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being...

Security update for udisks2 (moderate)

This update for udisks2 fixes the following issues: Following security issues was fixed: - CVE-2018-17336: A format string vulnerability in udiskslog bsc1109406 Following non-security issues were fixed: - strip trailing newline from sysfs raid level information bsc1091274 - Fix watcher error for...

Security update for tiff (moderate)

This update for tiff fixes the following issues: - CVE-2018-17100: There is a int32 overflow in multiplyms in tools/ppm2tiff.c, which can cause a denial of service crash or possibly have unspecified other impact via a crafted image file. bsc1108637 - CVE-2018-17101: There are two out-of-bounds...

Security update for tiff (moderate)

This update for tiff fixes the following issues: Security issue fixed: - CVE-2018-10779: TIFFWriteScanline in tifwrite.c had a heap-based buffer over-read, as demonstrated by bmp2tiff.bsc1092480 - CVE-2018-17100: There is a int32 overflow in multiplyms in tools/ppm2tiff.c, which can cause a denia...

Security update for pam_pkcs11 (moderate)

This update for pampkcs11 provides the following fixes: Security issues fixed bsc1105012: - Fixed a logic bug in pampkcs11.c, leading to an authentication replay vulnerability - Fixed a stack-based buffer overflow in opensshmapper.c - Make sure memory is properly cleaned before invoking free Othe...

Security update for wireshark (important)

This update for wireshark fixes the following issues: Wireshark was updated to 2.4.10 bsc1111647. Following security issues were fixed: - CVE-2018-18227: MS-WSP dissector crash wnpa-sec-2018-47 - CVE-2018-12086: OpcUA dissector crash wnpa-sec-2018-50 Further bug fixes and updated protocol support...

Security update for fuse (moderate)

This update for fuse fixes the following security issue: - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allowother' mount option regardless of whether 'userallowother' is set in the fuse...

Security update for fuse (moderate)

This update for fuse fixes the following issues: - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allowother' mount option regardless of whether 'userallowother' is set in the fuse...

Security update for haproxy (important)

This update for haproxy to version 1.8.14 fixes the following issues: These security issues were fixed: - CVE-2018-14645: A flaw was discovered in the HPACK decoder what caused an out-of-bounds read in hpackvalididx that resulted in a remote crash and denial of service bsc1108683 - CVE-2018-11469...

Security update for binutils (moderate)

This update for binutils to version 2.31 fixes the following issues: These security issues were fixed: - CVE-2017-15996: readelf allowed remote attackers to cause a denial of service excessive memory allocation or possibly have unspecified other impact via a crafted ELF file that triggered a buff...

Security update for singularity (moderate)

Singularity was updated to version 2.6.0, bringing features, bugfixes and security fixes. Security issues fixed: - CVE-2018-12021: Fixed access control on systems supporting overlay file system boo1100333. Highlights of 2.6.0: - Allow admin to specify a non-standard location for mksquashfs binary...

Security update for clamav (moderate)

This update for clamav fixes the following issues: clamav was updated to version 0.100.2. Following security issues were fixed: - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an...

Security update for zziplib (moderate)

This update for zziplib fixes the following issues: - CVE-2018-17828: Remove any "../" components from pathnames of extracted files to avoid path traversal during unpacking. bsc1110687 This update was imported from the SUSE:SLE-15:Update update project...

Security update for exiv2 (moderate)

This update for exiv2 fixes the following issues: exiv2 was updated to latest 0.26 branch, fixing bugs and security issues: - CVE-2018-12264, CVE-2018-12265: Integer overflows in the LoaderExifJpeg class could lead to memory corruption bsc1097599...

Security update for Chromium (important)

This update for Chromium to version 70.0.3538.67 fixes multiple issues. Security issues fixed bsc1112111: - CVE-2018-17462: Sandbox escape in AppCache - CVE-2018-17463: Remote code execution in V8 - Heap buffer overflow in Little CMS in PDFium - CVE-2018-17464: URL spoof in Omnibox -...

Security update for icinga (moderate)

This update for icinga fixes the following issues: Update to 1.14.0 - CVE-2015-8010: Fixed XSS in the icinga classic UI boo952777 - CVE-2016-8641 / CVE-2016-10089: fixed a possible symlink attack for files/dirs created by root boo1011630 and boo1018047 - CVE-2016-0726: removed the pre-configured...

Security update for libssh (important)

This update for libssh fixes the following security issue: - CVE-2018-10933: Fixed a server mode authentication bypass boo1108020. This update was imported from the SUSE:SLE-12:Update update project...

Security update for java-11-openjdk (moderate)

This update for java-11-openjdk fixes the following issues: Update to upstream tag jdk-11.0.1+13 Oracle October 2018 CPU Security fixes: - S8202936, CVE-2018-3183, bsc1112148: Improve script engine support - S8199226, CVE-2018-3169, bsc1112146: Improve field accesses - S8199177, CVE-2018-3149,...

Security update for ImageMagick (moderate)

This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. bsc1111069 -...

Security update for binutils (moderate)

This update for binutils to 2.31 fixes the following issues: These security issues were fixed: - CVE-2017-15996: readelf allowed remote attackers to cause a denial of service excessive memory allocation or possibly have unspecified other impact via a crafted ELF file that triggered a buffer...

Security update for axis (moderate)

This update for axis fixes the following security issue: - CVE-2018-8032: Prevent cross-site scripting XSS attack in the default servlet/services bsc1103658. This update was imported from the SUSE:SLE-12:Update update project...

Security update for texlive (important)

This update for texlive fixes the following issue: - CVE-2018-17407: Prevent buffer overflow when handling of Type 1 fonts allowed arbitrary code execution when a malicious font was loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex bsc1109673. This update was imported from...

Security update for samba (moderate)

Samba was updated to 4.6.15, bringing bug and security fixes. bsc1110943 Following security issues were fixed: - CVE-2018-10919: Fix unauthorized attribute access via searches. bsc1095057; Non-security bugs fixed: - Fix ctdbmutexcephradoshelper deadlock bsc1102230. - Allow idmaprid to have primar...

Security update for GraphicsMagick (moderate)

This update for GraphicsMagick fixes the following issues: - CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. bsc1111069...

Security update for ImageMagick (moderate)

This update for ImageMagick fixes the following security issues: - CVE-2017-11532: Prevent a memory leak vulnerability in the WriteMPCImage function in coders/mpc.c via a crafted file allowing for DoS bsc1050129 - CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function bsc1108283...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.3 kernel was updated to 4.4.159 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-13096: A denial of service out-of-bounds memory access and BUG can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image...

Security update for libssh (important)

This update for libssh fixes the following issues: - CVE-2018-10933: Fixed a server mode authentication bypass bsc1108020. This update was imported from the SUSE:SLE-15:Update update project...