7605 matches found
Security update for GraphicsMagick (low)
This update for GraphicsMagick fixes the following security issue: - CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM file that has a negative pixel value. If the affected code was used as a library loaded into a process that includes sensitive information, that...
Security update for nodejs4 (moderate)
This update for nodejs4 fixes the following issues: Security issues fixed: - CVE-2018-12115: Fixed an out-of-bounds memory write in Buffer that could be used to write to memory outside of a Buffer's memory space buffer bsc1105019 - Upgrade to OpenSSL 1.0.2p, which fixed: - CVE-2018-0732: Client...
Security update for chromium (important)
This update for Chromium to version 69.0.3497.81 fixes multiple issues. Security issues fixed boo1107235: - CVE-2018-16065: Out of bounds write in V8 - CVE-2018-16066:Out of bounds read in Blink - CVE-2018-16067: Out of bounds read in WebAudio - CVE-2018-16068: Out of bounds write in Mojo -...
Security update for chromium (important)
This update for Chromium to version 69.0.3497.81 fixes multiple issues. Security issues fixed boo1107235: - CVE-2018-16065: Out of bounds write in V8 - CVE-2018-16066:Out of bounds read in Blink - CVE-2018-16067: Out of bounds read in WebAudio - CVE-2018-16068: Out of bounds write in Mojo -...
Security update for MozillaThunderbird (important)
This update for MozillaThunderbird to version 60.0 fixes the following issues: These security issues were fixed: - CVE-2018-12359: Prevent buffer overflow using computed size of canvas element bsc1098998. - CVE-2018-12360: Prevent use-after-free when using focus bsc1098998. - CVE-2018-12361:...
Security update for php7 (moderate)
This update for php7 fixes the following issues: - CVE-2017-9118: Fixed an out of bounds access in phppcrereplaceimpl via a crafted pregreplace call bsc1105466 This update was imported from the SUSE:SLE-12:Update update project...
Security update for apache-pdfbox (moderate)
This update for apache-pdfbox fixes the following issues: Security issue fixed: - CVE-2018-8036: Fix infinite loop while parsing files that leads to an out of memory issue bsc1099721. This update was imported from the SUSE:SLE-15:Update update project...
Security update for dovecot22 (important)
This update for dovecot22 fixes the following issues: Security issue fixed: - CVE-2017-15130: Fixed a potential denial of service via TLS SNI config lookups, which would slow the process down and could have led to exhaustive memory allocation and/or process restarts bsc1082828 This update was...
Security update for wireshark (moderate)
This update for wireshark to version 2.4.9 fixes the following issues: Security issues fixed bsc1106514: - CVE-2018-16058: Bluetooth AVDTP dissector crash wnpa-sec-2018-44 - CVE-2018-16056: Bluetooth Attribute Protocol dissector crash wnpa-sec-2018-45 - CVE-2018-16057: Radiotap dissector crash...
Security update for yubico-piv-tool (low)
This update for yubico-piv-tool fixes the following issues: Security issues fixed: - CVE-2018-14779: Fixed an buffer overflow and an out of bounds memory read in ykpivtransferdata, which could be triggered by a malicious token. boo1104809, YSA-2018-03 - CVE-2018-14780: Fixed an buffer overflow an...
Security update for spice (important)
This update for spice fixes the following issues: Security issues fixed: - CVE-2018-10873: Fix potential heap corruption when demarshalling bsc1104448 - CVE-2018-10893: Avoid buffer overflow on image lz checks bsc1101295 This update was imported from the SUSE:SLE-12-SP3:Update update project...
Security update for spice-gtk (important)
This update for spice-gtk fixes the following issues: Security issues fixed: - CVE-2018-10873: Fix potential heap corruption when demarshalling bsc1104448 - CVE-2018-10893: Avoid buffer overflow on image lz checks bsc1101295 This update was imported from the SUSE:SLE-12-SP3:Update update project...
Security update for ImageMagick (important)
This update for ImageMagick fixes the following issues: Security issue fixed: - Disable PS, PS2, PS3, XPS and PDF coders in default policy.xml bsc1105592 This update was imported from the SUSE:SLE-15:Update update project...
Security update for postgresql10 (moderate)
This update for postgresql10 fixes the following issues: PostgreSQL 10 was updated to 10.5: - https://www.postgresql.org/about/news/1851/ - https://www.postgresql.org/docs/current/static/release-10-5.html A dump/restore is not required for those running 10.X. However, if you use the adminpack...
Security update for spice (important)
This update for spice fixes the following issues: Security issues fixed: - CVE-2018-10873: Fix potential heap corruption when demarshalling bsc1104448 - CVE-2018-10893: Avoid buffer overflow on image lz checks bsc1101295 This update was imported from the SUSE:SLE-15:Update update project...
Security update for libressl (moderate)
This update for libressl to version 2.8.0 fixes the following issues: Security issues fixed: - CVE-2018-12434: Avoid a timing side-channel leak when generating DSA and ECDSA signatures. boo1097779 - Reject excessively large primes in DH key generation. - CVE-2018-8970: Fixed a bug in...
Security update for libressl (moderate)
This update for libressl to version 2.8.0 fixes the following issues: Security issues fixed: - CVE-2018-12434: Avoid a timing side-channel leak when generating DSA and ECDSA signatures. boo1097779 - Reject excessively large primes in DH key generation. Other bugs fixed: - Fixed a pair of 20+...
Security update for zutils (moderate)
This update for zutils to version 1.7 fixes one security issue: - CVE-2018-1000637: buffer overrun in zcat utility boo1103878 Please note that the zutils zcat utility is distinct from the default gzip zcat utility...
Security update for cobbler (important)
This update for cobbler fixes the following issues: Security issues fixed: - Forbid exposure of private methods in the API CVE-2018-10931, CVE-2018-1000225, bsc1104287, bsc1104189, bsc1105442 - Check access token when calling 'modifysetting' API endpoint bsc1104190, bsc1105440, CVE-2018-1000226...
Security update for wireshark (moderate)
This update for wireshark to version 2.2.17 fixes the following issues: Security issues fixed boo1106514: - CVE-2018-16058: Bluetooth AVDTP dissector crash wnpa-sec-2018-44 - CVE-2018-16056: Bluetooth Attribute Protocol dissector crash wnpa-sec-2018-45 - CVE-2018-16057: Radiotap dissector crash...
Security update for libX11 (important)
This update for libX11 fixes the following issues: Security issues fixed: - CVE-2018-14598: Fixed a crash on invalid reply in XListExtensions boo1102073 - CVE-2018-14599: Fixed an off-by-one write in XListExtensions boo1102062 - CVE-2018-14600: Fixed an out of boundary write in XListExtensions...
Security update for libreoffice (moderate)
This update for libreoffice to 6.0.5.2 fixes the following issues: Security issues fixed: - CVE-2018-10583: An information disclosure vulnerability occurs during automatic processing and initiating an SMB connection embedded in a malicious file, as demonstrated by...
Security update for libreoffice (moderate)
This update for libreoffice to 6.0.5.2 fixes the following issues: Security issues fixed: - CVE-2018-10583: An information disclosure vulnerability occurs during automatic processing and initiating an SMB connection embedded in a malicious file, as demonstrated by...
Security update for phpMyAdmin (moderate)
This update for phpMyAdmin to version 4.8.3 addresses multiple issues. Security issues fixed: - CVE-2018-15605: vulnerability in the file import feature allowed cross-site scripting via importing a specially-crafted file PMASA-2018-5, boo1105726 This update also contains a number of upstream bug...
Security update for kbuild, virtualbox (important)
This update for kbuild, virtualbox fixes the following issues: kbuild changes: - Update to version 0.1.9998svn3110 - Do not assume glibc glob internals - Support GLIBC glob interface version 2 - Fix build failure boo1079838 - Fix build with GCC7 boo1039375 - Fix build by disabling vboxvideodrv.so...
Security update for phpMyAdmin (moderate)
This update for phpMyAdmin to version 4.8.3 addresses multiple issues. Security issues fixed: - CVE-2018-15605: vulnerability in the file import feature allowed cross-site scripting via importing a specially-crafted file PMASA-2018-5, boo1105726 This update also contains a number of upstream bug...
Security update for nextcloud (moderate)
This update for nextcloud to version 13.0.5 fixes the following issues: Security issues fixed: - CVE-2018-3780: Fixed a missing sanitization of search results for an autocomplete field that could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names,...
Security update for GraphicsMagick (important)
This update for GraphicsMagick fixes the following issues: Security issue fixed: - Disable PS, PS2, PS3 and PDF coders by default, remove gs calls from delegates.mgk boo1105592...
Security update for nextcloud (moderate)
This update for nextcloud to version 13.0.5 fixes the following issues: Security issues fixed: - CVE-2018-3780: Fixed a missing sanitization of search results for an autocomplete field that could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names,...
Security update for ImageMagick (moderate)
This update for ImageMagick fixes the following issues: Security issues fixed: CVE-2018-14434: A memory leak for a colormap in WriteMPCImage incoders/mpc.c was fixed. bsc1102003 CVE-2018-14435: A memory leak in DecodeImage in coders/pcd.c was fixed. bsc1102007 CVE-2018-14436: A memory leak in...
Security update for libgit2 (important)
This update for libgit2 to version 0.26.5 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10887: Fixed an integer overflow which in turn leads to an out of bound read, allowing to read the base object, which could be exploited by an attacker to cause...
Security update for python-Django (moderate)
This update for python-Django to version 2.08 fixes the following issues: The following security vulnerability was fixed: - CVE-2018-14574: Fixed an redirection vulnerability in CommonMiddleware boo1102680 The following other bugs were fixed: - Fixed a regression in Django 2.0.7 that broke the...
Security update for libXcursor (low)
This update for libXcursor fixes the following issues: - CVE-2015-9262: XcursorThemeInherits allowed remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow bsc1103511...
Security update for ceph (important)
This update for ceph fixes the following issues: Security issues fixed: - CVE-2018-7262: rgw: malformed http headers can crash rgw bsc1081379. - CVE-2017-16818: User reachable asserts allow for DoS bsc1063014. Bug fixes: - bsc1061461: OSDs keep generating coredumps after adding new OSD node to...
Security update for GraphicsMagick (low)
This update for GraphicsMagick fixes the following issues: The following security issue was fixed: - CVE-2018-14435: Fixed a memory leak in DecodeImage in coders/pcd.c boo1102007...
Security update for perl-Archive-Zip (moderate)
This update for perl-Archive-Zip fixes the following security issue: - CVE-2018-10860: Prevent directory traversal caused by not properly sanitizing paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could have used this flaw to write or...
Security update for xen (important)
This update for xen fixes the following security issues: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS...
Security update for xen (important)
This update for xen fixes the following security issues: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS...
Security update for apache2 (moderate)
This update for apache2 fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests bsc1101689. - CVE-2018-8011: Fixed a null pointer dereference in modm...
Security update for curl (moderate)
This update for curl fixes the following issues: Security issue fixed: - CVE-2018-0500: Fix a SMTP send heap buffer overflow bsc1099793. This update was imported from the SUSE:SLE-15:Update update project...
Security update for the Linux Kernel (important)
The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-10853: A flaw was found in KVM in which certain instructions such as sgdt/sidt call segmentedwritestd doesn't propagate access correctly. As such, during userspac...
Security update for clamav (moderate)
This update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability bsc1101410 - CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small fil...
Security update for php7 (moderate)
This update for php7 fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-14851: Fixed an out-of-bound read in exifprocessIFDinMAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. bsc1103659 -...
Security update for the Linux Kernel (important)
The openSUSE Leap 42.3 kernel was updated to 4.4.143 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-18344: The timercreate syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent-sigevnotify field, which leads to...
Security update for qemu (moderate)
This update for qemu to version 2.11.2 fixes the following issues: Security issue fixed: - CVE-2018-11806: Fix heap buffer overflow issue that can happen while reassembling fragmented datagrams bsc1096223. - CVE-2018-3639: Mitigation functionality for Speculative Store Bypass issue in x86...
Security update for samba (important)
This update for samba fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-1139: Disable NTLMv1 auth if smb.conf doesn't allow it; bsc1095048 - CVE-2018-1140: ldbsearch 'distinguishedName=abc' and DNS query with escapes crashes; bsc1095056 - CVE-2018-10919:...
Security update to ucode-intel (important)
ucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 Spectre v3a and is part of the mitigations for CVE-2018-3639 Spectre v4 and CVE-2018-3646 L1 Terminal fault. bsc1104134 bsc1087082 bsc1087083 bsc1089343 Processor Identifier Version Products Mode...
Security update for apache2 (moderate)
This update for apache2 fixes the following issues: The following security vulnerability were fixed: - CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests bsc1101689. This update was imported from the SUSE:SLE-12-SP2:Update...
Security update for samba (important)
This update for samba fixes the following issues: The following security vulnerability was fixed: - CVE-2018-10858: Fixed insufficient input validation on client directory listing in libsmbclient; bsc1103411; The following other change was made: - s3: winbind: Fix 'winbind normalize names' in...
Security update for libheimdal (important)
This update for libheimdal to version 7.5.0 fixes the following issues: The following security vulnerability was fixed: - CVE-2017-17439: Fixed a remote denial of service vulnerability through which remote unauthenticated attackers were able to crash the KDC by sending a crafted UDP packet...