Security update for python-Django1 (important)

This update for python-Django1 to version 1.11.15 fixes the following issues: The following security vulnerability was fixed: - CVE-2018-14574: Fixed an open redirect possibility in CommonMiddleware boo1102680 The following other bugs were fixed: - Fixed WKBWriter.write and writehex for empty...

Security update for nemo-extensions (important)

This update for nemo-extensions fixes the following issues: The following security vulnerability was fixed: - Prevent unprivileged users from adding other users to sambashare boo1084703...

Security update for aubio (moderate)

This update for aubio fixes the following issues: - CVE-2018-14522: Fixed a crash in aubiopitchsetunit bsc1102359 - CVE-2018-14523: Fixed a buffer overrread resulting in crash or information leakage in newaubiopitchyinfft bsc1102364...

Security update for seamonkey (important)

This update for seamonkey fixes the following issues: Mozilla Seamonkey was updated to 2.49.4: Now uses Gecko 52.9.1esr boo1098998. Security issues fixed with MFSA 2018-16 boo1098998: CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using...

Security update for python-Django (moderate)

This update for python-Django to 1.11.15 fixes the following issues: This security issue was fixed: - CVE-2018-14574: Prevent open redirect in django.middleware.common.CommonMiddleware bsc1102680. These non-security issues were fixed: - Fixed WKBWriter.write and writehex for empty polygons on GEO...

Security update for lxc (moderate)

This update for lxc fixes the following issues: The following security vulnerability was fixed: - CVE-2018-6556: Fixed an information leak and possible open side effects to regular users via lxc-user-nic boo988348...

Security update for cgit (moderate)

This update for cgit to version 1.2.1 fixes the following issues: The following security vulnerability was addressed: - CVE-2018-14912: Fixed a directory traversal vulnerability, when enable-http-clone=1 is not turned off boo1103799 The following other changes were made: - Update to upstream...

Security update for sddm (moderate)

This update for sddm fixes the following issues: The following security vulnerability was addressed: - CVE-2018-14345: Fixed the authentication, which did not check the password for users with an already existing session and allowed any user with access to the system bus to unlock any graphical...

Security update for mailman (moderate)

This update for mailman fixes the following issues: Security issue fixed: - CVE-2018-13796: Fix a content spoofing vulnerability with invalid list name messages inside the web UI boo1101288. Bug fixes: - update to 2.1.29: Fixed the listinfo and admin overview pages that were broken - update to...

Security update for cgit (moderate)

This update for cgit fixes the following issues: The following security vulnerability was addressed: - CVE-2018-14912: Fixed a directory traversal vulnerability, when enable-http-clone=1 is not turned off boo1103799 The following other changes were made: - Update to upstream release 1.2.1...

Recommended update for NetworkManager-vpnc (moderate)

This update for NetworkManager-vpnc fixes the following issues: Security issue fixed: - CVE-2018-10900: Check configurations that contain newline characters and invalidate them to avoid security attacks bsc1101147. This update was imported from the SUSE:SLE-12-SP2:Update update project...

Security update for libvirt (moderate)

This update for libvirt fixes the following issues: Security issue fixed: - CVE-2018-3639: Add support for 'ssbd' and 'virt-ssbd' CPUID feature bits to address V4 Speculative Store Bypass aka "Memory Disambiguation" bsc1092885. Bug fixes: - bsc1094325: Enable virsh blockresize for XEN guests...

Security update for libsoup (moderate)

This update for libsoup fixes the following issues: Security issue fixed: - CVE-2018-12910: Fix crash when handling empty hostnames bsc1100097. - CVE-2017-2885: Fix chunk decoding buffer overrun that could be exploited against either clients or servers bsc1052916. Bug fixes: - bsc1086036:...

Security update for virtualbox (important)

This update for virtualbox to version 5.2.16 fixes the following issues: The following security vulnerabilities were fixed boo1101667: - CVE-2018-3005: Fixed an easily exploitable vulnerability that allowed unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox...

Security update for libcdio (low)

This update for libcdio fixes the following issues: The following security vulnerabilities were addressed: - CVE-2017-18199: Fixed a NULL pointer dereference in reallocsymlink in rock.c bsc1082821 - CVE-2017-18201: Fixed a double free vulnerability in getcdtextgeneric in cdiogeneric.c bsc1082877 ...

Security update for mysql-community-server (moderate)

This update for mysql-community-server to version 5.6.41 fixes the following issues: Security vulnerabilities fixed: - CVE-2018-3064: Fixed an easily exploitable vulnerability that allowed a low privileged attacker with network access via multiple protocols to compromise the MySQL Server...

Security update for cups (moderate)

This update for cups fixes the following issues: The following security vulnerabilities were fixed: - Fixed a local privilege escalation to root and sandbox bypasses in the scheduler - CVE-2018-4180: Fixed a local privilege escalation to root in dnssd backend bsc1096405 - CVE-2018-4181: Limited...

Security update for python-mitmproxy (moderate)

This update for python-mitmproxy fixes the following issues: The following security vulnerability was fixed: - CVE-2018-14505: Fixed multiple DNS rebinding attacks related to tools/web/app.py boo1102178 The following other issue was fixed: - Fixed a dependency issue with python-ldap3 boo1101457...

Security update for blueman (moderate)

This update for blueman fixes the following issues: The following security issue was addressed: - Fixed the polkit authorization checks in blueman, which previously allowed any user with access to the D-Bus system bus to trigger certain network configuration logic in blueman without authenticatio...

Security update for sssd (moderate)

This update for sssd fixes the following security issue: - CVE-2018-10852: Set stricter permissions on /var/lib/sss/pipes/sudo to prevent the disclosure of sudo rules for arbitrary users bsc1098377. This update was imported from the SUSE:SLE-15:Update update project...

Security update for libtirpc (important)

This update for libtirpc fixes the following issues: Security issue fixed: - bsc968175: Fix remote crash of RPC services. Bug fixes: - bsc1072183: Send RPC getport call as specified via parameter. This update was imported from the SUSE:SLE-12-SP2:Update update project...

Security update for gdk-pixbuf (moderate)

This update for gdk-pixbuf fixes the following issues: Security issue fixed: - CVE-2015-4491: Fix integer multiplication overflow that allows for DoS or potentially RCE bsc1053417. This update was imported from the SUSE:SLE-12-SP2:Update update project...

Security update for libraw (moderate)

This update for libraw fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-5813: Fixed an error within the "parseminolta" function dcraw/dcraw.c that could be exploited to trigger an infinite loop via a specially crafted file. This could be exploited to...

Security update for webkit2gtk3 (moderate)

This update for webkit2gtk3 to version 2.20.3 fixes the following issues: These security issues were fixed: - CVE-2018-4190: An unspecified issue allowed remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch bsc1097693. - CVE-2018-4199: An...

Security update for polkit (moderate)

This update for polkit fixes the following issues: Security issue fixed: - CVE-2018-1116: Fix uid comparison lacking in polkitbackendinteractiveauthoritycheckauthorization bsc1099031. This update was imported from the SUSE:SLE-15:Update update project...

Security update for ceph (important)

This update for ceph fixes the following issues: Security issues fixed: - CVE-2018-10861: Ensure that ceph-mon does perform authorization on all OSD pool ops bsc1099162 - CVE-2018-1129: cephx signature check bypass bsc1096748 - CVE-2018-1128: cephx protocol was vulnerable to replay attack...

Recommended update for enigmail (moderate)

This update for enigmail to 2.0.8 fixes the following issues: The enigmail 2.0.8 release addresses a security issue and solves a few regression bugs. A security issue has been fixed that allows an attacker to prepare a plain, unauthenticated HTML message in a way that it looks like it's signed...

Security update for clamav (moderate)

This update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability bsc1101410 - CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small fil...

Recommended update for enigmail (moderate)

This update for enigmail to 2.0.8 fixes the following issues: The enigmail 2.0.8 release addresses a security issue and solves a few regression bugs. A security issue has been fixed that allows an attacker to prepare a plain, unauthenticated HTML message in a way that it looks like it's signed...

Security update for java-11-openjdk (moderate)

This java-11-openjdk update to version jdk-11+24 fixes the following issues: Security issues fixed: - CVE-2018-2940: Fix unspecified vulnerability in subcomponent Libraries bsc1101645. - CVE-2018-2952: Fix unspecified vulnerability in subcomponent Concurrency bsc1101651. - CVE-2018-2972: Fix...

Security update for the Linux Kernel (important)

The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-5390 aka "SegmentSmack": A remote attacker even with relatively low bandwidth could have caused lots of CPU usage by triggering the worst case scenario during IP...

Security update for libcgroup (moderate)

This update for libcgroup fixes the following issues: The following security vulnerability was fixed: - CVE-2018-14348: Fixed a permission issue with /var/log/cgred. The permissions were not restrictive enough beforehand and ignored any umask setting. boo1100365...

Security update for cups (moderate)

This update for cups fixes the following issues: The following security vulnerabilities were fixed: - CVE-2017-18248: Handle invalid characters properly in printing jobs. This fixes a problem that was causing the DBUS library to abort the calling process. bsc1061066 bsc1087018 - Fixed a local...

Security update for ovmf (moderate)

This update for ovmf provide the following fix: Security issues fixed: - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth bsc1094290, bsc1094291. Bug fixes: - Only use SLES-UEFI-CA-Certificate-2048.crt for the SUSE flavor to provide the better...

Security update for kernel-firmware (moderate)

This update for kernel-firmware to version 20180525 fixes the following issues: This security issue was fixed: - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by speculative execution and indirect branch prediction bsc1095735 This updat...

Security update for znc (moderate)

This update for znc fixes the following issues: - Update to version 1.7.1 CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf bnc1101281 CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name. bnc1101280 - Update to...

Security update for libofx (important)

This update for libofx fixes the following issues: The following security vulnerabilities have been addressed: - CVE-2017-2920: Fixed an exploitable buffer overflow in the tag parsing functionality, which could result in an out of bounds write and could be triggered via a specially crafted OFX fi...

Security update for znc (moderate)

This update for znc fixes the following issues: - Update to version 1.7.1 CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf bnc1101281 CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name. bnc1101280 - Update to...

Security update for rpm (moderate)

This update for rpm fixes the following issues: This security vulnerability was fixed: - CVE-2017-7500: Fixed symlink attacks during RPM installation bsc943457 This update was imported from the SUSE:SLE-15:Update update project...

Security update for libsndfile (moderate)

This update for libsndfile fixes the following issues: Security issues fixed: - CVE-2018-13139: Fix a stack-based buffer overflow in psfmemset in common.c that allows remote attackers to cause a denial of service bsc1100167. - CVE-2017-17456: Prevent segmentation fault in the function d2alawarray...

Security update for python-dulwich (moderate)

This update for python-dulwich to version 0.18.5 fixes this security issue: - CVE-2017-16228: Dulwich, when an SSH subprocess is used, allowed remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname bsc1066430. For detailed changes please see...

Security update for mutt (important)

This update for mutt fixes the following issues: Security issues fixed: - bsc1101428: Mutt 1.10.1 security release update. - CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status mailbox literal count size bsc1101583. - CVE-2018-14353: Fix imapquotestring in imap/util.c that has an...

Security update for xen (moderate)

This update for xen fixes the following issues: Security issues fixed: - CVE-2018-3665: Fix Lazy FP Save/Restore issue XSA-267 bsc1095242. - CVE-2018-12891: Fix possible Denial of Service DoS via certain PV MMU operations that affect the entire host XSA-264 bsc1097521. - CVE-2018-12892: Fix libxl...

Security update for nautilus (low)

This update for nautilus fixes the following issues: Security issue fixed: - CVE-2017-14604: Add a metadata::trusted metadata to the file once the user acknowledges the file as trusted, and also remove the "trusted" content in the desktop file bsc1060031. This update was imported from the...

Security update for libsndfile (moderate)

This update for libsndfile fixes the following issues: Security issues fixed: - CVE-2018-13139: Fix a stack-based buffer overflow in psfmemset in common.c that allows remote attackers to cause a denial of service bsc1100167. - CVE-2017-17456: Prevent segmentation fault in the function d2alawarray...

Security update for ovmf (moderate)

This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth bsc1094289. This update was imported from the SUSE:SLE-15:Update update project...

Security update for java-10-openjdk (important)

This update for OpenJDK 10.0.2 fixes the following security issues: - CVE-2018-2940: the libraries sub-component contained an easily exploitable vulnerability that allowed attackers to compromise Java SE or Java SE Embedded over the network, potentially gaining unauthorized read access to data...

Security update for util-linux (moderate)

This update for util-linux fixes the following security issue: - CVE-2018-7738: Fix local vulnerability using embedded shell commands in a mountpoint name bsc1084300 This update was imported from the SUSE:SLE-15:Update update project...

Security update for util-linux (moderate)

This update for util-linux fixes the following issues: This non-security issue was fixed: - CVE-2018-7738: bash-completion/umount allowed local users to gain privileges by embedding shell commands in a mountpoint name, which was mishandled during a umount command by a different user bsc1084300...

Security update for wireshark (moderate)

This update for wireshark fixes the following issues: Security issues fixed: - CVE-2018-7325: RPKI-Router infinite loop boo1082692 - CVE-2018-14342: BGP dissector large loop wnpa-sec-2018-34, boo1101777 - CVE-2018-14344: ISMP dissector crash wnpa-sec-2018-35, boo1101788 - CVE-2018-14340: Multiple...