7605 matches found
Security update for apache2 (important)
This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2...
Security update for git (important)
This update for git fixes the following issues: - CVE-2018-17456: Git allowed remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. boo1110949. This update was imported from the SUSE:SLE-15:Update...
Security update for libxml2 (moderate)
This update for libxml2 fixes the following security issues: - CVE-2018-9251: The xzdecomp function allowed remote attackers to cause a denial of service infinite loop via a crafted XML file that triggers LZMAMEMLIMITERROR, as demonstrated by xmllint bsc1088279 - CVE-2018-14567: Prevent denial of...
Security update for git (important)
This update for git fixes the following issues: - CVE-2018-17456: Git allowed remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. boo1110949...
Security update for mgetty (moderate)
This update for mgetty fixes the following issues: - CVE-2018-16741: Fixed a command injection in fax/faxq-helper.c boo1108752 - CVE-2018-16742: Stack-based buffer overflow in contrib/scrts.c triggered via command line parameter boo1108762 - CVE-2018-16743: Stack-based buffer overflow with long...
Security update for libxml2 (moderate)
This update for libxml2 fixes the following security issues: - CVE-2018-9251: The xzdecomp function allowed remote attackers to cause a denial of service infinite loop via a crafted XML file that triggers LZMAMEMLIMITERROR, as demonstrated by xmllint bsc1088279. - CVE-2018-14567: Prevent denial o...
Security update for soundtouch (moderate)
This update for soundtouch fixes the following security issue: - CVE-2018-1000223: Prevent buffer overflow in WavInFile::readHeaderBlock that could have resulted in arbitrary code execution when opening maliocius file in soundstretch utility bsc1103676 This update was imported from the...
Security update for moinmoin-wiki (moderate)
This update for moinmoin-wiki to version 1.9.10 fixes the following security issue: - CVE-2017-5934: Cross-site scripting vulnerability in the GUI editor boo1111104...
Security update for postgresql10 (moderate)
This update for brings postgresql10 version 10.5 to openSUSE Leap 42.3. FATE325659 bnc1108308 This release marks the change of the versioning scheme for PostgreSQL to a "x.y" format. This means the next minor releases of PostgreSQL will be 10.1, 10.2, ... and the next major release will be 11...
Security update for java-1_8_0-openjdk (important)
This update for java-180-openjdk to the jdk8u181 icedtea 3.9.0 release fixes the following issues: These security issues were fixed: - CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...
Security update for ImageMagick (important)
This update for ImageMagick fixes the following issues: - Allow writing PS, PS2, PS3, XPS, EPS and PDF, disable reading these filetypes only by default security policy bsc1105592 This update was imported from the SUSE:SLE-15:Update update project...
Security update for the Linux Kernel (important)
The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-14633: A security flaw was found in the chapservercomputemd5 function in the ISCSI target code in a way an authentication request from an ISCSI initiator is...
Security update for php7 (moderate)
This update for php7 fixes the following issues: This security issue was fixed: - CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade was mishandled in the phphandler function bsc1108753 This non-security issu...
Security update for java-1_8_0-openjdk (important)
This update for java-180-openjdk to the jdk8u181 icedtea 3.9.0 release fixes the following issues: These security issues were fixed: - CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...
Security update for php5 (moderate)
This update for php5 fixes the following issue: - CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade was mishandled in the phphandler function bsc1108753 This update was imported from the SUSE:SLE-12:Update...
Security update for tomcat (moderate)
This update for tomcat to version 9.0.10 fixes the following issues: Security issues fixed: - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service bsc1102400. - CVE-2018-801...
Security update for python (moderate)
This update for python fixes the following issue: - CVE-2018-1000802: Prevent command injection in shutil module makearchive function via passage of unfiltered user input bsc1109663 This update was imported from the SUSE:SLE-15:Update update project...
Security update for MozillaThunderbird (important)
This update for Mozilla Thunderbird to version 60.2.1 fixes multiple issues. Multiple security issues were fixed in the Mozilla platform as advised in MFSA 2018-25. In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are...
Security update for unzip (moderate)
This update for unzip fixes the following security issues: - CVE-2014-9913: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption bsc1013993 - CVE-2015-7696: Specially crafted zip files with password protection could trigger a crash and lead to...
Security update for ghostscript (important)
This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code bsc1109105 - CVE-2018-15909: Prevent type...
Security update for ghostscript (important)
This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code bsc1109105 - CVE-2018-15909: Prevent type...
Security update for gitolite (moderate)
This update for gitolite fixes the following issues: Gitolite was updated to 3.6.9: - CVE-2018-16976: prevent racy access to repos in process of migration to gitolite boo1108272 - 'info' learns new '-p' option to show only physical repos as opposed to wild repos The update to 3.6.8 contains: - fi...
Security update for openssl-1_0_0 (moderate)
This update for openssl-100 to 1.0.2p fixes the following issues: These security issues were fixed: - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information bsc1104789 - CVE-2018-0737: The RSA Key generation algorithm has bee...
Security update for ImageMagick (low)
This update for ImageMagick fixes the following security issues: - CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS bsc1106989 - CVE-2018-16329: Prevent NULL pointer dereference in the GetMagickProperty function leading to DoS bsc1106858. -...
Security update for openssl-1_1 (moderate)
This update for openssl-11 to 1.1.0i fixes the following issues: These security issues were fixed: - CVE-2018-0732: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an...
Security update for libX11 (moderate)
This update for libX11 fixes the following security issues: - CVE-2018-14599: The function XListExtensions was vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact bsc1102062 - CVE-2018-14600: The function XListExtensions...
Security update for otrs (moderate)
This update for otrs to version 4.0.32 fixes the following issues: These security issues were fixed: - CVE-2018-16586: An attacker could have sent a malicious email to an OTRS system. If a logged in user opens it, the email could have caused the browser to load external image or CSS resources...
Security update for bitcoin (important)
This update for bitcoin to version 0.16.3 fixes the following issues: - CVE-2018-17144: Prevent remote denial of service application crash exploitable by miners via duplicate input bsc1108992. For additional changes please check the changelog...
Security update for texlive (important)
This update for texlive fixes the following issue: - CVE-2018-17407: Prevent buffer overflow when handling of Type 1 fonts allowed arbitrary code execution when a malicious font was loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex bsc1109673...
Security update for Mozilla Firefox (important)
This update for Mozilla Firefox to version 60.2.2esr contains the following security fixes MFSA 2018-24: - CVE-2018-12386: Type confusion in JavaScript allowed remote code execution bsc1110506 - CVE-2018-12387: Array.prototype.push stack pointer vulnerability may enable exploits in the sandboxed...
Security update for zsh (important)
This update for zsh to version 5.6.2 fixes the following issues: These security issues were fixed: - CVE-2018-0502: The beginning of a ! script file was mishandled, potentially leading to an execve call to a program named on the second line bsc1107296 - CVE-2018-13259: Shebang lines exceeding 64...
Security update for gnutls (moderate)
This update for gnutls fixes the following security issues: - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery bsc1105460 - CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen...
Security update for openssl (moderate)
This update for openssl fixes the following issues: These security issues were fixed: - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information bsc1104789 - CVE-2018-0737: The RSA Key generation algorithm has been shown to be...
Security update for yast2-smt (important)
This update fixes the following issue in yast2-smt: - Remove cron job rescheduling bsc1097560 This update is a requirement for the security update for SMT. Because of that it is tagged as security to ensure that all users, even those that only install security updates, install it. This update was...
Security update for mgetty (important)
This update for mgetty fixes the following issues: - CVE-2018-16741: The function doactivate did not properly sanitize shell metacharacters to prevent command injection bsc1108752. - CVE-2018-16745: The mailto parameter was not sanitized, leading to a buffer overflow if long untrusted input reach...
Security update for gd (moderate)
This update for gd fixes the following issues: Security issue fixed: - CVE-2018-1000222: Fixed a double free vulnerability in gdImageBmpPtr that could result in remote code execution. This could have been exploited via a specially crafted JPEG image files. bsc1105434 This update was imported from...
Security update for dom4j (moderate)
This update for dom4j fixes the following issues: - CVE-2018-1000632: Prevent XML injection vulnerability that allowed an attacker to tamper with XML documents bsc1105443 This update was imported from the SUSE:SLE-12:Update update project...
Security update for php7 (moderate)
This update for php7 fixes the following issues: - CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade was mishandled in the phphandler function bsc1108753. This update was imported from the SUSE:SLE-12:Update...
Security update for ant (moderate)
This update for ant fixes the following issues: Security issue fixed: - CVE-2018-10886: Fixed a path traversal vulnerability in malformed zip file paths, which allowed arbitrary file writes and could potentially lead to code execution bsc1100053 This update was imported from the SUSE:SLE-15:Updat...
Security update for shadow (moderate)
This update for shadow fixes the following security issue: - CVE-2018-16588: Prevent useradd from creating intermediate directories with mode 0777 bsc1106914 This update was imported from the SUSE:SLE-12-SP2:Update update project...
Security update for libzypp, zypper (important)
This update for libzypp, zypper fixes the following issues: Update libzypp to version 16.17.20: Security issues fixed: - PackageProvider: Validate delta rpms before caching bsc1091624, bsc1088705, CVE-2018-7685 - PackageProvider: Validate downloaded rpm package signatures before caching bsc109162...
Security update for tiff (moderate)
This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-10779: Fixed a heap-based buffer overflow in TIFFWriteScanline in tifwrite.c bsc1092480 - CVE-2017-17942: Fixed a heap-based buffer overflow in the function PackBitsEncode in tifpackbits.c. bsc1074186 -...
Security update for php5-smarty3 (moderate)
This update for php5-smarty3 fixes the following issues: - CVE-2018-16381: Prevent traversal vulnerability due to insufficient template code sanitization that allowed attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files...
Security update for apache2 (moderate)
This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-8743: Fixed liberal whitespace interpretation accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chai...
Security update for nodejs8 (moderate)
This update for nodejs8 to version 8.11.4 fixes the following issues: Security issues fixed: - CVE-2018-12115: Fixed an out-of-bounds memory write in Buffer that could be used to write to memory outside of a Buffer's memory space buffer bsc1105019 - Upgrade to OpenSSL 1.0.2p, which fixed: -...
Security update for gnutls (moderate)
This update for gnutls fixes the following issues: Security issues fixed: - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery bsc1105460 - CVE-2018-10845: HMAC-SHA-384 vulnerable to...
Security update for shadow (moderate)
This update for shadow fixes the following security issue: - CVE-2018-16588: Prevent useradd from creating intermediate directories with mode 0777 bsc1106914 This update was imported from the SUSE:SLE-15:Update update project...
Security update for gd (moderate)
This update for gd fixes the following issues: Security issue fixed: - CVE-2018-1000222: Fixed a double free vulnerability in gdImageBmpPtr that could result in remote code execution. This could have been exploited via a specially crafted JPEG image files. bsc1105434 This update was imported from...
Security update for php7 (moderate)
This update for php7 fixes the following issues: Security issue fixed: - CVE-2018-1000222: Fixed a double free vulnerability in gdImageBmpPtr that could result in remote code execution. This could have been exploited via a specially crafted JPEG image files. bsc1105434 This update was imported fr...
Security update for GraphicsMagick (low)
This update for GraphicsMagick fixes the following security issue: - CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function bsc1108283. An earlier update added a change that also fixed this issues that was unknown at the time of release: - CVE-2018-16749: Added missing NULL chec...