7618 matches found
Security update for php7 (moderate)
This update for php7 fixes the following issues: - CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade was mishandled in the phphandler function bsc1108753. This update was imported from the SUSE:SLE-12:Update...
Security update for ant (moderate)
This update for ant fixes the following issues: Security issue fixed: - CVE-2018-10886: Fixed a path traversal vulnerability in malformed zip file paths, which allowed arbitrary file writes and could potentially lead to code execution bsc1100053 This update was imported from the SUSE:SLE-15:Updat...
Security update for shadow (moderate)
This update for shadow fixes the following security issue: - CVE-2018-16588: Prevent useradd from creating intermediate directories with mode 0777 bsc1106914 This update was imported from the SUSE:SLE-12-SP2:Update update project...
Security update for libzypp, zypper (important)
This update for libzypp, zypper fixes the following issues: Update libzypp to version 16.17.20: Security issues fixed: - PackageProvider: Validate delta rpms before caching bsc1091624, bsc1088705, CVE-2018-7685 - PackageProvider: Validate downloaded rpm package signatures before caching bsc109162...
Security update for tiff (moderate)
This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-10779: Fixed a heap-based buffer overflow in TIFFWriteScanline in tifwrite.c bsc1092480 - CVE-2017-17942: Fixed a heap-based buffer overflow in the function PackBitsEncode in tifpackbits.c. bsc1074186 -...
Security update for php5-smarty3 (moderate)
This update for php5-smarty3 fixes the following issues: - CVE-2018-16381: Prevent traversal vulnerability due to insufficient template code sanitization that allowed attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files...
Security update for apache2 (moderate)
This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-8743: Fixed liberal whitespace interpretation accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chai...
Security update for nodejs8 (moderate)
This update for nodejs8 to version 8.11.4 fixes the following issues: Security issues fixed: - CVE-2018-12115: Fixed an out-of-bounds memory write in Buffer that could be used to write to memory outside of a Buffer's memory space buffer bsc1105019 - Upgrade to OpenSSL 1.0.2p, which fixed: -...
Security update for gnutls (moderate)
This update for gnutls fixes the following issues: Security issues fixed: - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery bsc1105460 - CVE-2018-10845: HMAC-SHA-384 vulnerable to...
Security update for shadow (moderate)
This update for shadow fixes the following security issue: - CVE-2018-16588: Prevent useradd from creating intermediate directories with mode 0777 bsc1106914 This update was imported from the SUSE:SLE-15:Update update project...
Security update for gd (moderate)
This update for gd fixes the following issues: Security issue fixed: - CVE-2018-1000222: Fixed a double free vulnerability in gdImageBmpPtr that could result in remote code execution. This could have been exploited via a specially crafted JPEG image files. bsc1105434 This update was imported from...
Security update for php7 (moderate)
This update for php7 fixes the following issues: Security issue fixed: - CVE-2018-1000222: Fixed a double free vulnerability in gdImageBmpPtr that could result in remote code execution. This could have been exploited via a specially crafted JPEG image files. bsc1105434 This update was imported fr...
Security update for GraphicsMagick (low)
This update for GraphicsMagick fixes the following security issue: - CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function bsc1108283. An earlier update added a change that also fixed this issues that was unknown at the time of release: - CVE-2018-16749: Added missing NULL chec...
Security update for jhead (moderate)
This update for jhead fixes the following security issues: - CVE-2016-3822: jhead remote attackers to execute arbitrary code or cause a denial of service out-of-bounds access via crafted EXIF data bsc1108480. - CVE-2018-16554: The ProcessGpsInfo function may have allowed a remote attacker to caus...
Security update for bouncycastle (moderate)
This update for bouncycastle fixes the following security issue: - CVE-2018-1000180: Fixed flaw in the Low-level interface to RSA key pair generator. RSA Key Pairs generated in low-level API with added certainty may had less M-R tests than expected bsc1096291...
Security update for liblouis (moderate)
This update for liblouis fixes the following issues: Security issues fixed: - CVE-2018-11440: Fixed a stack-based buffer overflow in the function parseChars in compileTranslationTable.c bsc1095189 - CVE-2018-11577: Fixed a segmentation fault in loulogPrint in logging.c bsc1095945 - CVE-2018-11683...
Security update for gdm (moderate)
This update for gdm provides the following fixes: This security issue was fixed: - CVE-2018-14424: The daemon in GDM did not properly unexport display objects from its D-Bus interface when they are destroyed, which allowed a local attacker to trigger a use-after-free via a specially crafted...
Security update for MozillaFirefox (moderate)
This update for Mozilla Firefox to version 60.2.1esr fixes the following issues: Security issues fixed MFSA 2018-23: - CVE-2018-12385: Crash in TransportSecurityInfo due to cached data boo1109363 - CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords...
Security update for nodejs6 (moderate)
This update for nodejs6 to version 6.14.4 fixes the following issues: Security issues fixed: CVE-2018-12115: Fixed an out-of-bounds OOB write in Buffer.write for UCS-2 encoding bsc1105019 CVE-2018-0732: Upgrade to OpenSSL 1.0.2p, fixing a client DoS due to large DH parameter bsc1097158 Other issu...
Security update for openslp (important)
This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability bsc1090638 - Prevent out of bounds reads in message parsing This update was imported...
Security update for ImageMagick (moderate)
This update for ImageMagick fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-16329: Prevent NULL pointer dereference in the GetMagickProperty function leading to DoS bsc1106858 - CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM...
Security update for obs-service-refresh_patches (moderate)
This update for obs-service-refreshpatches fixes the following security issue: - An attacker creating a specially formated archive could have tricked the service in deleting directories that shouldn't be deleted boo1108189...
Security update for aubio (moderate)
This update for aubio fixes the following issues: - CVE-2018-14522: Fixed a crash in aubiopitchsetunit bsc1102359 - CVE-2018-14523: Fixed a buffer overrread resulting in crash or information leakage in newaubiopitchyinfft bsc1102364 This update was imported from the openSUSE:Leap:15.0:Update upda...
Security update for ffmpeg-4 (low)
This update for ffmpeg-4 to version 4.0.2 fixes the following issues: These security issues were fixed: - CVE-2018-15822: The flvwritepacket function did not check for an empty audio packet, leading to an assertion failure and DoS bsc1105869. - CVE-2018-13300: An improper argument passed to the...
Security update for python-Django1 (important)
This update for python-Django1 to version 1.11.15 fixes the following issues: The following security vulnerability was fixed: - CVE-2018-14574: Fixed an open redirect possibility in CommonMiddleware boo1102680 The following other bugs were fixed: - Fixed WKBWriter.write and writehex for empty...
Security update for hylafax+ (critical)
This update for hylafax+ fixes the following issues: Security issues fixed in 5.6.1: - CVE-2018-17141: multiple vulnerabilities affecting fax page reception in JPEG format Specially crafted input may have allowed remote execution of arbitrary code boo1109084 Additionally, this update also contain...
Security update for chromium (important)
This update for Chromium to version 69.0.3497.81 fixes multiple issues. Security issues fixed boo1107235: - CVE-2018-16065: Out of bounds write in V8 - CVE-2018-16066:Out of bounds read in Blink - CVE-2018-16067: Out of bounds read in WebAudio - CVE-2018-16068: Out of bounds write in Mojo -...
Security update for GraphicsMagick (important)
This update for GraphicsMagick fixes the following issues: Security issue fixed: - Disable PS, PS2, PS3 and PDF coders by default, remove gs calls from delegates.mgk boo1105592...
Security update for GraphicsMagick (low)
This update for GraphicsMagick fixes the following issues: - CVE-2018-16644: Added missing check for length in the functions ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause a denial of service via a crafted image bsc1107609 - CVE-2018-16645: Prevent excessive memory...
Security update for chromium (moderate)
This update for Chromium to version 69.0.3497.92 fixes the following issues: Security issues fixed boo1108114: - Function signature mismatch in WebAssembly - URL Spoofing in Omnibox The following tracked packaging issues were fixed: - the chromium package incorrectly provied swiftshader resolvabl...
Security update for okular (moderate)
This update for okular fixes the following security issue: - CVE-2018-1000801: Prevent directory traversal vulnerability in function unpackDocumentArchive could have resulted in arbitrary file creation via a specially crafted Okular archive bsc1107591...
Security update for seamonkey (important)
This update for seamonkey fixes the following issues: Mozilla Seamonkey was updated to 2.49.4: Now uses Gecko 52.9.1esr boo1098998. Security issues fixed with MFSA 2018-16 boo1098998: CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using...
Security update for phpMyAdmin (moderate)
This update for phpMyAdmin to version 4.8.3 addresses multiple issues. Security issues fixed: - CVE-2018-15605: vulnerability in the file import feature allowed cross-site scripting via importing a specially-crafted file PMASA-2018-5, boo1105726 This update also contains a number of upstream bug...
Security update for nextcloud (moderate)
This update for nextcloud to version 13.0.5 fixes the following issues: Security issues fixed: - CVE-2018-3780: Fixed a missing sanitization of search results for an autocomplete field that could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names,...
Security update for nemo-extensions (important)
This update for nemo-extensions fixes the following issues: The following security vulnerability was fixed: - Prevent unprivileged users from adding other users to sambashare boo1084703 This update was imported from the openSUSE:Leap:15.0:Update update project...
Security update for python-Django (moderate)
This update for python-Django to version 2.08 fixes the following issues: The following security vulnerability was fixed: - CVE-2018-14574: Fixed an redirection vulnerability in CommonMiddleware boo1102680 The following other bugs were fixed: - Fixed a regression in Django 2.0.7 that broke the...
Security update for chromium (moderate)
This update for Chromium to version 69.0.3497.100 fixes the following issues: - Security relevant fixes from internal audits, fuzzing and other initiatives booboo1108774...
Security update for obs-service-refresh_patches (moderate)
This update for obs-service-refreshpatches fixes the following security issue: - An attacker creating a specially formated archive could have tricked the service in deleting directories that shouldn't be deleted boo1108189...
Security update for hylafax+ (critical)
This update for hylafax+ fixes the following issues: Security issues fixed in 5.6.1: - CVE-2018-17141: multiple vulnerabilities affecting fax page reception in JPEG format Specially crafted input may have allowed remote execution of arbitrary code boo1109084 Additionally, this update also contain...
Security update for pango (moderate)
This update for pango fixes the following issue: Security issue fixed: - CVE-2018-15120: Fixed a denial of service when parsing emoji bsc1103877 This update was imported from the SUSE:SLE-15:Update update project...
Security update for webkit2gtk3 (moderate)
This update for webkit2gtk3 to version 2.20.5 fixes the following issues: Security issue fixed: - CVE-2018-12911: Fix off-by-one in xdgmimegetsimpleglobs bsc1101999. - CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4267, CVE-2018-4272, CVE-2018-4284: Processin...
Security update for exempi (low)
This update for exempi fixes the following security issue: - CVE-2017-18236: The ASFSupport::ReadHeaderObject function allowed remote attackers to cause a denial of service infinite loop via a crafted .asf file bsc1085589 - CVE-2017-18233: Prevent integer overflow in the Chunk class that allowed...
Security update for chromium (moderate)
This update for Chromium to version 69.0.3497.100 fixes the following issues: - Security relevant fixes from internal audits, fuzzing and other initiatives booboo1108774...
Security update for chromium (moderate)
This update for Chromium to version 69.0.3497.100 fixes the following issues: - Security relevant fixes from internal audits, fuzzing and other initiatives booboo1108774...
Security update for GraphicsMagick (low)
This update for GraphicsMagick fixes the following issues: - CVE-2018-16644: Added missing check for length in the functions ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause a denial of service via a crafted image bsc1107609 - CVE-2018-16645: Prevent excessive memory...
Security update for zsh (important)
This update for zsh to version 5.6 fixes the following security issues: - CVE-2018-0502: The beginning of a ! script file was mishandled, potentially leading to an execve call to a program named on the second line bsc1107296. - CVE-2018-13259: Shebang lines exceeding 64 characters were truncated,...
Security update for tomcat (moderate)
This update for tomcat to 8.0.53 fixes the following issues: Security issue fixed: - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service bsc1102400. - CVE-2018-8034: The ho...
Security update for libzypp, zypper (important)
This update for libzypp, zypper, libsolv provides the following fixes: Security fixes in libzypp: - CVE-2018-7685: PackageProvider: Validate RPMs before caching bsc1091624, bsc1088705 - CVE-2017-9269: Be sure bad packages do not stay in the cache bsc1045735 Changes in libzypp: - Update to version...
Security update for the Linux Kernel (important)
The openSUSE Leap 42.3 kernel was updated to 4.4.155 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-13093: Prevent NULL pointer dereference and panic in lookupslow on a NULL inode-iops pointer when doing pathwalks on a corrupted xfs image. This occure...
Security update for curl (moderate)
This update for curl fixes the following issues: This security issue was fixed: - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code bsc1106019 This non-security issue was fixed: - Fixed erroneous debug message when paired with OpenSSL bsc1089533 This update was imported fro...