7605 matches found
Security update for wireshark (moderate)
This update for wireshark fixes the following issues: Security issues fixed: - CVE-2018-14342: BGP dissector large loop wnpa-sec-2018-34, boo1101777 - CVE-2018-14344: ISMP dissector crash wnpa-sec-2018-35, boo1101788 - CVE-2018-14340: Multiple dissectors could crash wnpa-sec-2018-36, boo1101804 -...
Security update for bouncycastle (moderate)
This update for bouncycastle fixes the following issues: Security issue fixed: - CVE-2018-1000613: Fix use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' boo1100694...
Security update for libgcrypt (moderate)
This update for libgcrypt fixes the following issues: The following security vulnerability was addressed: - CVE-2018-0495: Mitigate a novel side-channel attack by enabling blinding for ECDSA signatures bsc1097410. The following other issues were fixed: - Extended the fipsdrv dsa-sign and dsa-veri...
Security update for rsyslog (moderate)
This update for rsyslog fixes the following issues: The following security vulnerability was addressed: CVE-2015-3243: Make sure that log files are not created world-readable bsc935393 This update was imported from the SUSE:SLE-12-SP3:Update update project...
Security update for glibc (moderate)
This update for glibc fixes the following security issues: - CVE-2017-18269: An SSE2-optimized memmove implementation for i386 did not correctly perform the overlapping memory check if the source memory range spaned the middle of the address space, resulting in corrupt data being produced by the...
Security update for Chromium (important)
This update for Chromium to version 68.0.3440.75 fixes multiple issues. Security issues fixed boo1102530: - CVE-2018-6153: Stack buffer overflow in Skia - CVE-2018-6154: Heap buffer overflow in WebGL - CVE-2018-6155: Use after free in WebRTC - CVE-2018-6156: Heap buffer overflow in WebRTC -...
Security update for Chromium (important)
This update for Chromium to version 68.0.3440.75 fixes multiple issues. Security issues fixed boo1102530: - CVE-2018-6153: Stack buffer overflow in Skia - CVE-2018-6154: Heap buffer overflow in WebGL - CVE-2018-6155: Use after free in WebRTC - CVE-2018-6156: Heap buffer overflow in WebRTC -...
Security update for e2fsprogs (moderate)
This update for e2fsprogs fixes the following issues: Security issues fixed: - CVE-2015-0247: Fixed couple of heap overflows in e2fsprogs fsck, dumpe2fs, e2image... bsc915402. - CVE-2015-1572: Fixed potential buffer overflow in closefs bsc918346. Bug fixes: - bsc1038194: generic/405 test fails wi...
Security update for mercurial (moderate)
This update for mercurial fixes the following issues: Security issues fixed: - CVE-2018-13346: Fix mpatchapply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data bsc1100354. - CVE-2018-13347: Fix mpatch.c that mishandles integer...
Security update for bouncycastle (moderate)
This update for bouncycastle fixes the following issues: Security issues fixed: - CVE-2018-1000613: Fix use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' boo1100694. - CVE-2017-13098: Fix against Bleichenbacher oracle when not using the lightweight APIs boo1072697...
Security update for qutebrowser (moderate)
This update for qutebrowser fixes the following issues: Security issue fixed: - CVE-2018-1000559: Fix an XSS issue on qute://history boo1101507...
Security update for openssl-1_0_0 (moderate)
This update for openssl-100 fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating ...
Security update for openssh (moderate)
This update for openssh fixes the following issues: Security issue fixed: - CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message bsc1076957. This update was imported from the SUSE:SLE-12-SP2:Update update project...
Security update for shadow (important)
This update for shadow fixes the following issues: - CVE-2016-6252: Incorrect integer handling could results in local privilege escalation bsc1099310 This update was imported from the SUSE:SLE-12-SP2:Update update project...
Security update for python (moderate)
This update for python fixes the following issues: The following security vulnerabilities were addressed: - Add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this, attackers could cause a denial of service via a crafted wav format audio file. bsc1083507,...
Security update for cinnamon (moderate)
This update for cinnamon fixes the following issues: Security issue fixed: - CVE-2018-13054: Fix symlink attack vulnerability boo1083067. Bug fixes: - Update to version 3.4.6 changes since 3.4.4: osdWindow.js: Always check the theme node on first showing - an actor's width isn't necessarily fille...
Security update for rubygem-sprockets (moderate)
This update for rubygem-sprockets fixes the following issues: The following security vulnerability was addressed: - CVE-2018-3760: Fixed a path traversal issue in sprockets/server.rb:forbiddenrequest?, which allowed remote attackers to read arbitrary files bsc1098369 This update was imported from...
Security update for ImageMagick (moderate)
This update for ImageMagick fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-11625: Fixed heap-based buffer over-read in SetGrayscaleImage in the quantize.c file, which allowed remote attackers to cause buffer over-read via a crafted file. bsc1096200 -...
Security update for libgcrypt (moderate)
This update for libgcrypt fixes the following issue: The following security issue was fixed: - CVE-2018-0495: Fixed a novel side-channel attack, by enabling blinding for ECDSA signatures bsc1097410 This update was imported from the SUSE:SLE-15:Update update project...
Security update for cinnamon (moderate)
This update for cinnamon fixes the following issues: Security issue fixed: - CVE-2018-13054: Fix symlink attack vulnerability boo1083067...
Security update for qutebrowser (moderate)
This update for qutebrowser fixes the following issues: Security issue fixed: - CVE-2018-1000559: Fix an XSS issue on qute://history boo1101507. - CVE-2018-10895: Fix CSRF issue on the qute://settings page boo1100968...
Security update for the Linux Kernel (important)
The openSUSE Leap 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-13406: An integer overflow in the uvesafbsetcmap function could have result in local attackers being able to crash the kernel or potentially elevate privileges...
Security update for the Linux Kernel (important)
The openSUSE 42.3 was updated to 4.4.140 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-13053: The alarmtimernsleep function had an integer overflow via a large relative timeout because ktimeaddsafe was not used bnc1099924. - CVE-2018-9385: Prevent...
Security update for openssl-1_1 (moderate)
This update for openssl-11 fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a...
Security update for xen (important)
This update for xen fixes the following issues: Security issues fixed: - CVE-2018-3665: Fix Lazy FP Save/Restore issue XSA-267 bsc1095242. - CVE-2018-12891: Fix possible Denial of Service DoS via certain PV MMU operations that affect the entire host XSA-264 bsc1097521. - CVE-2018-12892: Fix libxl...
Security update for Chromium (important)
This update for Chromium to version 67.0.3396.99 fixes multiple issues. Security issues fixed bsc1095163: - CVE-2018-6123: Use after free in Blink - CVE-2018-6124: Type confusion in Blink - CVE-2018-6125: Overly permissive policy in WebUSB - CVE-2018-6126: Heap buffer overflow in Skia -...
Security update for Chromium (important)
This update for Chromium to version 67.0.3396.99 fixes multiple issues. Security issues fixed bsc1095163: - CVE-2018-6123: Use after free in Blink - CVE-2018-6124: Type confusion in Blink - CVE-2018-6125: Overly permissive policy in WebUSB - CVE-2018-6126: Heap buffer overflow in Skia -...
Security update for mercurial (moderate)
This update for mercurial fixes the following issues: Security issues fixed: - CVE-2018-13348: Fix the mpatchdecode function in mpatch.c that mishandles certain situations where there should be at least 12 bytes remaining after thecurrent position in the patch data boo1100353. - CVE-2018-13347: F...
Security update for polkit (moderate)
This update for polkit fixes the following issues: - CVE-2018-1116: Fixed trusting the client-supplied UID which could lead to a denial of service too many dialogs caused by local attackers boo1099031...
Security update for rsyslog (moderate)
This update for rsyslog fixes the following security issue: - CVE-2015-3243: Prevent weak permissions for generated log files, which allowed local users to obtain sensitive information bsc935393. This update was imported from the SUSE:SLE-15:Update update project...
Security update for libopenmpt (moderate)
This update for libopenmpt to version 0.3.9 fixes the following issues: These security issues were fixed: - CVE-2018-11710: Prevent write near address 0 in out-of-memory situations when reading AMS files bsc1095644 - CVE-2018-10017: Preven out-of-bounds memory read with IT/ITP/MO3 files containin...
Security update for php7 (moderate)
This update for php7 fixes the following issues: - CVE-2018-12882: exifreadfromimpl allowed attackers to trigger a use-after-free in exifreadfromfile because it closed a stream that it is not responsible for closing bsc1099098. This update was imported from the SUSE:SLE-15:Update update project...
Security update for gdk-pixbuf (moderate)
This update for gdk-pixbuf fixes the following security issue: - CVE-2017-1000422: Prevent several integer overflow in the gifgetlzw function resulting in memory corruption and potential code execution bsc1074462. This update was imported from the SUSE:SLE-12-SP2:Update update project...
Security update for perl (moderate)
This update for perl fixes the following issues: - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files bsc1096718 This update was imported from the SUSE:SLE-15:Update update project...
Security update for perl (important)
This update for perl fixes the following issues: This security issue was fixed: - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files bsc1096718 This non-security issue was fixed: - fix debugger crash ...
Security update for singularity (moderate)
This update for singularity fixes the following issues: - CVE-2018-12021: A race condition might have allowed malicious users to bypass directory image restrictions, like mounting the host root filesystem as a container image boo1100333...
Security update for nodejs8 (moderate)
This update for nodejs8 to version 8.11.3 fixes the following issues: These security issues were fixed: - CVE-2018-7167: Calling Buffer.fill or Buffer.alloc with some parameters could have lead to a hang which could have resulted in a DoS bsc1097375. - CVE-2018-7161: By interacting with the http2...
Security update for nodejs6 (moderate)
This update for nodejs6 to version 6.14.3 fixes the following issues: The following security vulnerability was addressed: - Fixed a denial of service DoS vulnerability in Buffer.fill, which could hang when being called CVE-2018-7167, bsc1097375. The following other changes were made: - Use absolu...
Security update for exiv2 (moderate)
This update for exiv2 to 0.26 fixes the following security issues: - CVE-2017-14864: Prevent invalid memory address dereference in Exiv2::getULong that could have caused a segmentation fault and application crash, which leads to denial of service bsc1060995. - CVE-2017-14862: Prevent invalid memo...
Security update for openslp (important)
This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability bsc1090638 - Prevent out of bounds reads in message parsing This update was imported...
Security update for tiff (moderate)
This update for tiff fixes the following security issues: These security issues were fixed: - CVE-2017-18013: Fixed a NULL pointer dereference in the tifprint.cTIFFPrintDirectory function that could have lead to denial of service bsc1074317. - CVE-2018-10963: Fixed an assertion failure in the...
Security update for slurm (moderate)
This update for slurm to version 17.11.7 fixes the following issues: This security issue was fixed: - CVE-2018-10995: Ensure correct handling of user names and group ids bsc1095508. These non-security issues were fixed: - CRAY - Add slurmsmwd to the contribs/cray dir - PMIX - Added the direct...
Security update for libvorbis (moderate)
This update for libvorbis fixes the following issues: The following security issue was fixed: - Fixed the validation of channels in mapping0forward, which previously allowed remote attackers to cause a denial of service via specially crafted files CVE-2018-10392, bsc1091070 This update was import...
Security update for nextcloud (moderate)
This update for nextcloud fixes the following issues: Security issues fixed: - CVE-2018-3761: Fix improper authentication on the OAuth2 token endpoint bsc1100344. - CVE-2018-3762: Fix improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it...
Security update for unzip (moderate)
This update for unzip fixes the following issues: - CVE-2014-9636: Prevent denial of service out-of-bounds read or write and crash via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression bsc914442 -...
Security update for php7 (moderate)
This update for php7 fixes the following issues: - CVE-2018-12882: exifreadfromimpl allowed attackers to trigger a use-after-free in exifreadfromfile because it closed a stream that it is not responsible for closing bsc1099098 This update was imported from the SUSE:SLE-12:Update update project...
Security update for openvpn (moderate)
This update for openvpn fixes the following issues: - CVE-2018-9336: Fix potential double-free in Interactive Service could lead to denial of service bsc1090839. This update was imported from the SUSE:SLE-15:Update update project...
Security update for ghostscript (moderate)
This update for ghostscript fixes the following issues: - CVE-2018-10194: The settextdistance function did not prevent overflows in text-positioning calculation, which allowed remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted P...
Security update for rubygem-yard (important)
This update for rubygem-yard fixes the following issues: - CVE-2017-17042: The server in YARD did not block relative paths with an initial ../ sequence, which allowed attackers to conduct directory traversal attacks and read arbitrary files bsc1070263. This update was imported from the...
Security update for Mozilla Thunderbird (moderate)
This update for Mozilla Thunderbird to version 52.9.0 fixes multiple issues. Security issues fixed, inherited from the Mozilla common code base MFSA 2018-16, bsc1098998: - CVE-2018-12359: Buffer overflow using computed size of canvas element - CVE-2018-12360: Use-after-free when using focus -...