7605 matches found
Security update for jhead (moderate)
This update for jhead fixes the following security issues: - CVE-2016-3822: jhead remote attackers to execute arbitrary code or cause a denial of service out-of-bounds access via crafted EXIF data bsc1108480. - CVE-2018-16554: The ProcessGpsInfo function may have allowed a remote attacker to caus...
Security update for bouncycastle (moderate)
This update for bouncycastle fixes the following security issue: - CVE-2018-1000180: Fixed flaw in the Low-level interface to RSA key pair generator. RSA Key Pairs generated in low-level API with added certainty may had less M-R tests than expected bsc1096291...
Security update for liblouis (moderate)
This update for liblouis fixes the following issues: Security issues fixed: - CVE-2018-11440: Fixed a stack-based buffer overflow in the function parseChars in compileTranslationTable.c bsc1095189 - CVE-2018-11577: Fixed a segmentation fault in loulogPrint in logging.c bsc1095945 - CVE-2018-11683...
Security update for gdm (moderate)
This update for gdm provides the following fixes: This security issue was fixed: - CVE-2018-14424: The daemon in GDM did not properly unexport display objects from its D-Bus interface when they are destroyed, which allowed a local attacker to trigger a use-after-free via a specially crafted...
Security update for MozillaFirefox (moderate)
This update for Mozilla Firefox to version 60.2.1esr fixes the following issues: Security issues fixed MFSA 2018-23: - CVE-2018-12385: Crash in TransportSecurityInfo due to cached data boo1109363 - CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords...
Security update for nodejs6 (moderate)
This update for nodejs6 to version 6.14.4 fixes the following issues: Security issues fixed: CVE-2018-12115: Fixed an out-of-bounds OOB write in Buffer.write for UCS-2 encoding bsc1105019 CVE-2018-0732: Upgrade to OpenSSL 1.0.2p, fixing a client DoS due to large DH parameter bsc1097158 Other issu...
Security update for openslp (important)
This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability bsc1090638 - Prevent out of bounds reads in message parsing This update was imported...
Security update for ImageMagick (moderate)
This update for ImageMagick fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-16329: Prevent NULL pointer dereference in the GetMagickProperty function leading to DoS bsc1106858 - CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM...
Security update for obs-service-refresh_patches (moderate)
This update for obs-service-refreshpatches fixes the following security issue: - An attacker creating a specially formated archive could have tricked the service in deleting directories that shouldn't be deleted boo1108189...
Security update for aubio (moderate)
This update for aubio fixes the following issues: - CVE-2018-14522: Fixed a crash in aubiopitchsetunit bsc1102359 - CVE-2018-14523: Fixed a buffer overrread resulting in crash or information leakage in newaubiopitchyinfft bsc1102364 This update was imported from the openSUSE:Leap:15.0:Update upda...
Security update for ffmpeg-4 (low)
This update for ffmpeg-4 to version 4.0.2 fixes the following issues: These security issues were fixed: - CVE-2018-15822: The flvwritepacket function did not check for an empty audio packet, leading to an assertion failure and DoS bsc1105869. - CVE-2018-13300: An improper argument passed to the...
Security update for python-Django1 (important)
This update for python-Django1 to version 1.11.15 fixes the following issues: The following security vulnerability was fixed: - CVE-2018-14574: Fixed an open redirect possibility in CommonMiddleware boo1102680 The following other bugs were fixed: - Fixed WKBWriter.write and writehex for empty...
Security update for hylafax+ (critical)
This update for hylafax+ fixes the following issues: Security issues fixed in 5.6.1: - CVE-2018-17141: multiple vulnerabilities affecting fax page reception in JPEG format Specially crafted input may have allowed remote execution of arbitrary code boo1109084 Additionally, this update also contain...
Security update for chromium (important)
This update for Chromium to version 69.0.3497.81 fixes multiple issues. Security issues fixed boo1107235: - CVE-2018-16065: Out of bounds write in V8 - CVE-2018-16066:Out of bounds read in Blink - CVE-2018-16067: Out of bounds read in WebAudio - CVE-2018-16068: Out of bounds write in Mojo -...
Security update for GraphicsMagick (important)
This update for GraphicsMagick fixes the following issues: Security issue fixed: - Disable PS, PS2, PS3 and PDF coders by default, remove gs calls from delegates.mgk boo1105592...
Security update for GraphicsMagick (low)
This update for GraphicsMagick fixes the following issues: - CVE-2018-16644: Added missing check for length in the functions ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause a denial of service via a crafted image bsc1107609 - CVE-2018-16645: Prevent excessive memory...
Security update for chromium (moderate)
This update for Chromium to version 69.0.3497.92 fixes the following issues: Security issues fixed boo1108114: - Function signature mismatch in WebAssembly - URL Spoofing in Omnibox The following tracked packaging issues were fixed: - the chromium package incorrectly provied swiftshader resolvabl...
Security update for okular (moderate)
This update for okular fixes the following security issue: - CVE-2018-1000801: Prevent directory traversal vulnerability in function unpackDocumentArchive could have resulted in arbitrary file creation via a specially crafted Okular archive bsc1107591...
Security update for seamonkey (important)
This update for seamonkey fixes the following issues: Mozilla Seamonkey was updated to 2.49.4: Now uses Gecko 52.9.1esr boo1098998. Security issues fixed with MFSA 2018-16 boo1098998: CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using...
Security update for phpMyAdmin (moderate)
This update for phpMyAdmin to version 4.8.3 addresses multiple issues. Security issues fixed: - CVE-2018-15605: vulnerability in the file import feature allowed cross-site scripting via importing a specially-crafted file PMASA-2018-5, boo1105726 This update also contains a number of upstream bug...
Security update for nextcloud (moderate)
This update for nextcloud to version 13.0.5 fixes the following issues: Security issues fixed: - CVE-2018-3780: Fixed a missing sanitization of search results for an autocomplete field that could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names,...
Security update for nemo-extensions (important)
This update for nemo-extensions fixes the following issues: The following security vulnerability was fixed: - Prevent unprivileged users from adding other users to sambashare boo1084703 This update was imported from the openSUSE:Leap:15.0:Update update project...
Security update for python-Django (moderate)
This update for python-Django to version 2.08 fixes the following issues: The following security vulnerability was fixed: - CVE-2018-14574: Fixed an redirection vulnerability in CommonMiddleware boo1102680 The following other bugs were fixed: - Fixed a regression in Django 2.0.7 that broke the...
Security update for chromium (moderate)
This update for Chromium to version 69.0.3497.100 fixes the following issues: - Security relevant fixes from internal audits, fuzzing and other initiatives booboo1108774...
Security update for obs-service-refresh_patches (moderate)
This update for obs-service-refreshpatches fixes the following security issue: - An attacker creating a specially formated archive could have tricked the service in deleting directories that shouldn't be deleted boo1108189...
Security update for hylafax+ (critical)
This update for hylafax+ fixes the following issues: Security issues fixed in 5.6.1: - CVE-2018-17141: multiple vulnerabilities affecting fax page reception in JPEG format Specially crafted input may have allowed remote execution of arbitrary code boo1109084 Additionally, this update also contain...
Security update for pango (moderate)
This update for pango fixes the following issue: Security issue fixed: - CVE-2018-15120: Fixed a denial of service when parsing emoji bsc1103877 This update was imported from the SUSE:SLE-15:Update update project...
Security update for webkit2gtk3 (moderate)
This update for webkit2gtk3 to version 2.20.5 fixes the following issues: Security issue fixed: - CVE-2018-12911: Fix off-by-one in xdgmimegetsimpleglobs bsc1101999. - CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4267, CVE-2018-4272, CVE-2018-4284: Processin...
Security update for exempi (low)
This update for exempi fixes the following security issue: - CVE-2017-18236: The ASFSupport::ReadHeaderObject function allowed remote attackers to cause a denial of service infinite loop via a crafted .asf file bsc1085589 - CVE-2017-18233: Prevent integer overflow in the Chunk class that allowed...
Security update for chromium (moderate)
This update for Chromium to version 69.0.3497.100 fixes the following issues: - Security relevant fixes from internal audits, fuzzing and other initiatives booboo1108774...
Security update for chromium (moderate)
This update for Chromium to version 69.0.3497.100 fixes the following issues: - Security relevant fixes from internal audits, fuzzing and other initiatives booboo1108774...
Security update for GraphicsMagick (low)
This update for GraphicsMagick fixes the following issues: - CVE-2018-16644: Added missing check for length in the functions ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause a denial of service via a crafted image bsc1107609 - CVE-2018-16645: Prevent excessive memory...
Security update for zsh (important)
This update for zsh to version 5.6 fixes the following security issues: - CVE-2018-0502: The beginning of a ! script file was mishandled, potentially leading to an execve call to a program named on the second line bsc1107296. - CVE-2018-13259: Shebang lines exceeding 64 characters were truncated,...
Security update for tomcat (moderate)
This update for tomcat to 8.0.53 fixes the following issues: Security issue fixed: - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service bsc1102400. - CVE-2018-8034: The ho...
Security update for libzypp, zypper (important)
This update for libzypp, zypper, libsolv provides the following fixes: Security fixes in libzypp: - CVE-2018-7685: PackageProvider: Validate RPMs before caching bsc1091624, bsc1088705 - CVE-2017-9269: Be sure bad packages do not stay in the cache bsc1045735 Changes in libzypp: - Update to version...
Security update for the Linux Kernel (important)
The openSUSE Leap 42.3 kernel was updated to 4.4.155 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-13093: Prevent NULL pointer dereference and panic in lookupslow on a NULL inode-iops pointer when doing pathwalks on a corrupted xfs image. This occure...
Security update for curl (moderate)
This update for curl fixes the following issues: This security issue was fixed: - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code bsc1106019 This non-security issue was fixed: - Fixed erroneous debug message when paired with OpenSSL bsc1089533 This update was imported fro...
Security update for ffmpeg-4 (low)
This update for ffmpeg-4 to version 4.0.2 fixes the following issues: These security issues were fixed: - CVE-2018-15822: The flvwritepacket function did not check for an empty audio packet, leading to an assertion failure and DoS bsc1105869. - CVE-2018-13300: An improper argument passed to the...
Security update for okular (moderate)
This update for okular fixes the following security issue: - CVE-2018-1000801: Prevent directory traversal vulnerability in function unpackDocumentArchive could have resulted in arbitrary file creation via a specially crafted Okular archive bsc1107591...
Security update for curl (moderate)
This update for curl fixes the following issues: This security issue was fixed: - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code bsc1106019 This non-security issue was fixed: - Use OPENSSLconfig instead of CONFmodulesloadfile to avoid crashes due to openssl engines...
Security update for spice-gtk (important)
This update for spice-gtk fixes the following issues: Security issues fixed: - CVE-2018-10873: Fix potential heap corruption when demarshalling bsc1104448 - CVE-2018-10893: Avoid buffer overflow on image lz checks bsc1101295 Other bugs fixed: - Add setuid bit to spice-client-glib-usb-acl-helper...
Security update for chromium (moderate)
This update for Chromium to version 69.0.3497.92 fixes the following issues: Security issues fixed boo1108114: - Function signature mismatch in WebAssembly - URL Spoofing in Omnibox The following tracked packaging issues were fixed: - the chromium package incorrectly provied swiftshader resolvabl...
Security update for okular (moderate)
This update for okular fixes the following security issue: - CVE-2018-1000801: Prevent directory traversal vulnerability in function unpackDocumentArchive could have resulted in arbitrary file creation via a specially crafted Okular archive bsc1107591...
Security update for chromium (moderate)
This update for Chromium to version 69.0.3497.92 fixes the following issues: Security issues fixed boo1108114: - Function signature mismatch in WebAssembly - URL Spoofing in Omnibox The following tracked packaging issues were fixed: - the chromium package incorrectly provied swiftshader resolvabl...
Security update for ffmpeg-4 (low)
This update for ffmpeg-4 to version 4.0.2 fixes the following issues: These security issues were fixed: - CVE-2018-15822: The flvwritepacket function did not check for an empty audio packet, leading to an assertion failure and DoS bsc1105869. - CVE-2018-13300: An improper argument passed to the...
Security update for python3 (moderate)
This update for python3 provides the following fixes: These security issues were fixed: - CVE-2018-1061: Prevent catastrophic backtracking in the difflib.ISLINEJUNK method. An attacker could have used this flaw to cause denial of service bsc1088004. - CVE-2018-1060: Prevent catastrophic...
Security update for compat-openssl098 (moderate)
This update for compat-openssl098 fixes the following security issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of...
Security update for php5 (moderate)
This update for php5 fixes the following issues: The following security issues were fixed: - CVE-2018-10360: Fixed an out-of-bounds read in the docorenote function in readelf.c in libmagic.a, which allowed remote attackers to cause a denial of service via a crafted ELF file bsc1096984 -...
Security update for qemu (moderate)
This update for qemu fixes the following issues: This security issue was fixed: - CVE-2018-12617: qmpguestfileread had an integer overflow that could have been exploited by sending a crafted QMP command including guest-file-read with a large count value to the agent via the listening socket causi...
Security update for MozillaFirefox (important)
This update to Mozilla Firefox 60.2.0esr fixes the following issues: Security issues fixed MFSA 2018-21, boo1107343: - CVE-2018-12377: Use-after-free in refresh driver timers - CVE-2018-12378: Use-after-free in IndexedDB - CVE-2017-16541: Proxy bypass using automount and autofs boo1066489 -...