Security update for openssl (moderate)

This update for openssl fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a ke...

Security update for Mozilla Thunderbird (moderate)

This update for Mozilla Thunderbird to version 52.9.0 fixes multiple issues. Security issues fixed, inherited from the Mozilla common code base MFSA 2018-16, bsc1098998: - CVE-2018-12359: Buffer overflow using computed size of canvas element - CVE-2018-12360: Use-after-free when using focus -...

Security update for ucode-intel (important)

This update for ucode-intel fixes the following issues: The microcode bundles was updated to the 20180703 release For the listed CPU chipsets this fixes CVE-2018-3640 Spectre v3a and helps mitigating CVE-2018-3639 Spectre v4 bsc1100147 bsc1087082 bsc1087083. More information on:...

Recommended update for postgresql95 (moderate)

This update for postgresql95 fixes the following issues: - Update to PostgreSQL 9.5.13: https://www.postgresql.org/docs/9.5/static/release-9-5-13.html A dump/restore is not required for those running 9.5.X. However, if the function marking mistakes mentioned belowpglogfilerotate affect you, you...

Security update for git-annex (moderate)

This update for git-annex to version 6.20180626 fixes the following issues: - CVE-2018-10857: Prevent file content disclosure by refusing to download content that cannot be verified with a hash, from encrypted special remotes and glacier bsc1098062. - CVE-2018-10859: Prevent local gpg encrypted...

Security update for git-annex (moderate)

This update for git-annex to version 6.20180626 fixes the following issues: - CVE-2018-10857: Prevent file content disclosure by refusing to download content that cannot be verified with a hash, from encrypted special remotes and glacier bsc1098062. - CVE-2018-10859: Prevent local gpg encrypted...

Security update for cairo (moderate)

This update for cairo fixes the following issues: The following security vulnerability was addressed: - CVE-2017-9814: Fixed and out-of-bounds read in cairo-truetype-subset.c by replacing the malloc implementation with cairomalloc and checking the size before memory allocation bsc1049092 This...

Security update for zsh (moderate)

This update for zsh to version 5.5 fixes the following issues: Security issues fixed: - CVE-2018-1100: Fixes a buffer overflow in utils.c:checkmailpath that can lead to local arbitrary code execution bsc1089030 - CVE-2018-1071: Fixed a stack-based buffer overflow in exec.c:hashcmd bsc1084656 -...

Security update for GraphicsMagick (low)

This update for GraphicsMagick fixes the following issues: The following security fixes were fixed: - CVE-2018-10805: Fixed a memory leak in ReadYCBCRImage in coders/ycbcr.c and rgb.c, cmyk.c and gray.c boo1095812 - Fixed invalid memory reads in dcm.c boo1075821c14...

Security update for ImageMagick (moderate)

This update for ImageMagick fixes the following issues: These security issues were fixed: - CVE-2017-13758: Prevent heap-based buffer overflow in the TracePoint function bsc1056277. - CVE-2017-10928: Prevent heap-based buffer over-read in the GetNextToken function that allowed remote attackers to...

Security update for Opera (moderate)

This update for Opera 54.0.2952.41 fixes multiple issues. - CVE-2018-6148: Incorrect handling of CSP header boo1096508 This update to version 54.0.2952.41 also contains all security and bug fixes in this upstream version, including all fixes in the chromium engine...

Security update for mailman (moderate)

This update for mailman to version 2.1.27 fixes the following issues: This security issue was fixed: - CVE-2018-0618: Additional protections against injecting scripts into listinfo and error messages pages bsc1099510. These non-security issues were fixed: - The hash generated when...

Security update for rubygem-sprockets (important)

This update for rubygem-sprockets fixes the following issues: The following security vulnerability was addressed: - CVE-2018-3760: Fixed a directory traversal issue in sprockets/server.rb:forbiddenrequest?, which allowed remote attackers to read arbitrary files via specially crafted requests...

Security update for procps (moderate)

This update for procps fixes the following security issues: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the...

Security update for unixODBC (moderate)

This update for unixODBC to version 2.3.6 fixes the following issues: - CVE-2018-7409: Buffer overflow in unicodetoansicopy was fixed in 2.3.5 bsc1082290 - CVE-2018-7485: Swapped arguments in SQLWriteFileDSN in odbcinst/SQLWriteFileDSN.c bsc1082484 Other fixes: - Enabled --enable-fastvalidate...

Security update for tiff (moderate)

This update for tiff fixes the following issues: These security issues were fixed: - CVE-2017-18013: There was a Null-Pointer Dereference in the tifprint.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. bsc1074317 - CVE-2018-10963: The TIFFWriteDirectorySec function in...

Security update for MozillaFirefox (important)

This security update for MozillaFirefox to version 60.1.0esr fixes multiple issues. Security issues fixed MFSA 2018-16, boo1098998: - CVE-2018-12359: Buffer overflow using computed size of canvas element - CVE-2018-12360: Use-after-free when using focus - CVE-2018-12361: Integer overflow in...

Security update for go1.9 (moderate)

This update for go1.9 fixes the following issues: Security issues fixed: - CVE-2018-7187: arbitrary command execution via VCS path boo1081495 Non-security changes: - Update to version 1.9.7 - fixes to the go command and compiler - minimal support to the go command for the vgo transition...

Security update for phpMyAdmin (important)

This update for phpMyAdmin fixes multiple issues. Security issues fixed: CVE-2018-12613: File inclusion and remote code execution attack boo1098751 CVE-2018-12581: XSS in Designer feature boo1098752 This update to version 4.8.2 also contains number of upstream bug fixes and improvements...

Security update for go1.9 (moderate)

This update for go1.9 fixes the following issues: Security issues fixed: - CVE-2018-7187: arbitrary command execution via VCS path boo1081495 Non-security changes: - Update to version 1.9.7 - fixes to the go command and compiler - minimal support to the go command for the vgo transition...

Security update for phpMyAdmin (important)

This update for phpMyAdmin fixes multiple issues. Security issues fixed: CVE-2018-12613: File inclusion and remote code execution attack boo1098751 CVE-2018-12581: XSS in Designer feature boo1098752 This update to version 4.8.2 also contains number of upstream bug fixes and improvements...

Security update for redis (important)

This update for redis to 4.0.10 fixes the following issues: These security issues were fixed: - CVE-2018-11218: Prevent heap corruption vulnerability in cmsgpack bsc1097430. - CVE-2018-11219: Prevent integer overflow in Lua scripting bsc1097768. For Leap 42.3 and openSUSE SLE 12 backports this is...

Security update for mariadb (important)

This update for MariaDB to version 10.0.35 fixes multiple issues: Security issues fixed: CVE-2018-2782: Unspecified DoS vulnerability in InnoDB bsc1090518 CVE-2018-2784: Unspecified DoS vulnerability in InnoDB bsc1090518 CVE-2018-2787: Unspecified vulnerability in InnoDB allowing writes bsc109051...

Security update for redis (important)

This update for redis to 4.0.10 fixes the following issues: These security issues were fixed: - CVE-2018-11218: Prevent heap corruption vulnerability in cmsgpack bsc1097430. - CVE-2018-11219: Prevent integer overflow in Lua scripting bsc1097768. For Leap 42.3 and openSUSE SLE 12 backports this is...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.3 was updated to 4.4.138 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes a...

Security update for cobbler (moderate)

This update for cobbler fixes the following issues: The following security issue has been fixed: - CVE-2017-1000469: Escape shell parameters provided by the user for the reposync action. bsc1074594 Additionally, the following non-security issues have been fixed: - Fix signature for SLES15...

Security update for matrix-synapse (moderate)

This update for matrix-synapse fixes the following security issue: - CVE-2018-12291: visibility rules were not applied correctly in the getmissingevents federation API boo1096833...

opensuse-security@xxxxxxxxxxxx</li> <li><span class="identifier"> Date</span>: Tue, 19 Jun 2018 12:08:11 +0200 (CEST)</li> <li><span class="identifier"> Message-id</span>: &lt;<a href="msg00037.html">[email protected]</a>&gt;</li> </ul> <!--X-Head-of-Message-End--> <!--X-Head-Body-Sep-Begin--> </div> <div class="body"> <!--X-Head-Body-Sep-End--> <!--X-Body-of-Message--> openSUSE Security Update: Security update for aubio<br> ______________________________________________________________________________<br> <br> Announcement ID: openSUSE-SU-2018:1734-1<br> Rating: low<br> References: #1072317 <br> Cross-References: CVE-2017-17554<br> Affected Products:<br> openSUSE Leap 15.0<br> ______________________________________________________________________________<br> <br> An update that fixes one vulnerability is now available.<br> <br> Description:<br> <br> This update for aubio fixes the following security issue:<br> <br> - CVE-2017-17554: Prevent NULL pointer dereference in the function<br> aubio_source_avcodec_readframe which may have lead to DoS when playing a<br> crafted audio file (bsc#1072317).<br> <br> <br> Patch Instructions:<br> <br> To install this openSUSE Security Update use the SUSE recommended <br> installation methods<br> like YaST online_update or &quot;zypper patch&quot;.<br> <br> Alternatively you can run the command listed for your product:<br> <br> - openSUSE Leap 15.0:<br> <br> zypper in -t patch openSUSE-2018-652=1<br> <br> <br> <br> Package List:<br> <br> - openSUSE Leap 15.0 (i586 x86_64):<br> <br> aubio-debugsource-0.4.6-lp150.3.3.1<br> aubio-tools-0.4.6-lp150.3.3.1<br> aubio-tools-debuginfo-0.4.6-lp150.3.3.1<br> libaubio-devel-0.4.6-lp150.3.3.1<br> libaubio5-0.4.6-lp150.3.3.1<br> libaubio5-debuginfo-0.4.6-lp150.3.3.1<br> <br> - openSUSE Leap 15.0 (x86_64):<br> <br> libaubio5-32bit-0.4.6-lp150.3.3.1<br> libaubio5-32bit-debuginfo-0.4.6-lp150.3.3.1<br> python-aubio-debugsource-0.4.6-lp150.3.3.1<br> python2-aubio-0.4.6-lp150.3.3.1<br> python2-aubio-debuginfo-0.4.6-lp150.3.3.1<br> python3-aubio-0.4.6-lp150.3.3.1<br> python3-aubio-debuginfo-0.4.6-lp150.3.3.1<br> <br> <br> References:<br> <br> <a rel="nofollow" href="https://www.suse.com/security/cve/CVE-2017-17554.html">https://www.suse.com/security/cve/CVE-2017-17554.html</a><br> <a rel="nofollow" href="https://bugzilla.suse.com/1072317">https://bugzilla.suse.com/1072317</a><br> <br> -- <br> To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx<br> For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx<br> <br> <!--X-Body-of-Message-End--> <!--X-MsgBody-End--> <!--X-Follow-Ups--> <!-- SwishCommand noindex --> </div> <table class="bodynav"> <tr> <td align="left"> &lt; Previous </td> <td align="right"> Next &gt; </td> </tr> </table> </div> <div class="visualClear"></div> </div> </div> </div> <div id="column-one"> <a name="indexes"></a> <div class="portlet" id="p-topnav"> <div class="pBody"> <ul> <li><a href="threads.html">Thread Index</a></li> <li><a href="author.html">Author Index</a></li> <li><a href="date.html">Date Index</a></li> <li><a href="all.html">All Messages</a></li> </ul> </div> </div> <div class="portlet" id="p-logo"> <a style="background-image: url(/skins/opensuse/opensuse.gif);" href="../" title="Back"></a> </div> <script type="text/javascript"> if (window.isMSIE55) fixalpha(); </script> <a name="search"></a> <div id="p-search" class="portlet" style="white-space: nowrap;"> <h5><label for="searchInput">Search this list</label> (Security update for aubio</h5> <!--X-Subject-Header-End--> <!--X-Head-of-Message--> <ul> <li><span class="identifier"> From</span>)

This update for aubio fixes the following security issue: - CVE-2017-17554: Prevent NULL pointer dereference in the function aubiosourceavcodecreadframe which may have lead to DoS when playing a crafted audio file bsc1072317...

opensuse-security@xxxxxxxxxxxx</li> <li><span class="identifier"> Date</span>: Tue, 19 Jun 2018 12:07:49 +0200 (CEST)</li> <li><span class="identifier"> Message-id</span>: &lt;<a href="msg00036.html">[email protected]</a>&gt;</li> </ul> <!--X-Head-of-Message-End--> <!--X-Head-Body-Sep-Begin--> </div> <div class="body"> <!--X-Head-Body-Sep-End--> <!--X-Body-of-Message--> openSUSE Security Update: Security update for aubio<br> ______________________________________________________________________________<br> <br> Announcement ID: openSUSE-SU-2018:1733-1<br> Rating: low<br> References: #1072317 <br> Cross-References: CVE-2017-17554<br> Affected Products:<br> openSUSE Leap 42.3<br> ______________________________________________________________________________<br> <br> An update that fixes one vulnerability is now available.<br> <br> Description:<br> <br> This update for aubio fixes the following security issue:<br> <br> - CVE-2017-17554: Prevent NULL pointer dereference in the function<br> aubio_source_avcodec_readframe which may have lead to DoS when playing a<br> crafted audio file (bsc#1072317).<br> <br> <br> Patch Instructions:<br> <br> To install this openSUSE Security Update use the SUSE recommended <br> installation methods<br> like YaST online_update or &quot;zypper patch&quot;.<br> <br> Alternatively you can run the command listed for your product:<br> <br> - openSUSE Leap 42.3:<br> <br> zypper in -t patch openSUSE-2018-651=1<br> <br> <br> <br> Package List:<br> <br> - openSUSE Leap 42.3 (i586 x86_64):<br> <br> aubio-debugsource-0.4.1-9.6.2<br> aubio-tools-0.4.1-9.6.2<br> aubio-tools-debuginfo-0.4.1-9.6.2<br> libaubio-devel-0.4.1-9.6.2<br> libaubio4-0.4.1-9.6.2<br> libaubio4-debuginfo-0.4.1-9.6.2<br> <br> - openSUSE Leap 42.3 (x86_64):<br> <br> libaubio4-32bit-0.4.1-9.6.2<br> libaubio4-debuginfo-32bit-0.4.1-9.6.2<br> <br> <br> References:<br> <br> <a rel="nofollow" href="https://www.suse.com/security/cve/CVE-2017-17554.html">https://www.suse.com/security/cve/CVE-2017-17554.html</a><br> <a rel="nofollow" href="https://bugzilla.suse.com/1072317">https://bugzilla.suse.com/1072317</a><br> <br> -- <br> To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx<br> For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx<br> <br> <!--X-Body-of-Message-End--> <!--X-MsgBody-End--> <!--X-Follow-Ups--> <!-- SwishCommand noindex --> </div> <table class="bodynav"> <tr> <td align="left"> &lt; Previous </td> <td align="right"> Next &gt; </td> </tr> </table> </div> <div class="visualClear"></div> </div> </div> </div> <div id="column-one"> <a name="indexes"></a> <div class="portlet" id="p-topnav"> <div class="pBody"> <ul> <li><a href="threads.html">Thread Index</a></li> <li><a href="author.html">Author Index</a></li> <li><a href="date.html">Date Index</a></li> <li><a href="all.html">All Messages</a></li> </ul> </div> </div> <div class="portlet" id="p-logo"> <a style="background-image: url(/skins/opensuse/opensuse.gif);" href="../" title="Back"></a> </div> <script type="text/javascript"> if (window.isMSIE55) fixalpha(); </script> <a name="search"></a> <div id="p-search" class="portlet" style="white-space: nowrap;"> <h5><label for="searchInput">Search this list</label> (Security update for aubio</h5> <!--X-Subject-Header-End--> <!--X-Head-of-Message--> <ul> <li><span class="identifier"> From</span>)

This update for aubio fixes the following security issue: - CVE-2017-17554: Prevent NULL pointer dereference in the function aubiosourceavcodecreadframe which may have lead to DoS when playing a crafted audio file bsc1072317...

Security update for samba (moderate)

Samba was updated to 4.6.14, fixing bugs and security issues: Version update to 4.6.14 bsc1093664: + vfsceph: add fake async pwrite/pread send/recv hooks; bso13425. + Fix memory leak in vfsceph; bso13424. + winbind: avoid using fstrcpydcname,... in dualinitconnection; bso13294. + s3:smb2server:...

Security update for gpg2 (important)

This update for gpg2 fixes the following security issue: - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2"...

Security update for python-python-gnupg (moderate)

This update for python-python-gnupg to version 0.4.3 fixes the following issues: The following security vulnerabilities were addressed: - Sanitize diagnostic output of the original file name in verbose mode CVE-2018-12020 boo1096745 The following other changes were made: - Add --no-verbose to the...

Security update for poppler (moderate)

This update for poppler fixes the following issues: These security issues were fixed: - CVE-2017-14517: Prevent NULL Pointer dereference in the XRef::parseEntry function via a crafted PDF document bsc1059066. - CVE-2017-9865: Fixed a stack-based buffer overflow vulnerability in GfxState.cc that...

Security update for java-1_8_0-openjdk (important)

This update for java-180-openjdk to version 8u171 fixes the following issues: These security issues were fixed: - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969,...

Security update for java-1_7_0-openjdk (important)

This update for java-170-openjdk to version 7u181 fixes the following issues: + S8162488: JDK should be updated to use LittleCMS 2.8 + S8180881: Better packaging of deserialization + S8182362: Update CipherOutputStream Usage + S8183032: Upgrade to LittleCMS 2.9 + S8189123: More consistent...

Security update for postgresql96 (moderate)

PostgreSQL was updated to 9.6.9 fixing bugs and security issues: Release notes: - https://www.postgresql.org/about/news/1851/ - https://www.postgresql.org/docs/current/static/release-9-6-9.html A dump/restore is not required for those running 9.6.X. However, if you use the adminpack extension, yo...

Security update for enigmail (moderate)

This update for enigmail fixes vulnerabilities that allowed spoofing of e-mail signatures: - CVE-2018-12019: signature spoofing via specially crafted OpenPGP user IDs boo1097525 - CVE-2018-12020: signature spoofing via diagnostic output of the original file name in GnuPG verbose mode boo1096745...

Security update for enigmail (moderate)

This update for enigmail fixes vulnerabilities that allowed spoofing of e-mail signatures: - CVE-2018-12019: signature spoofing via specially crafted OpenPGP user IDs boo1097525 - CVE-2018-12020: signature spoofing via diagnostic output of the original file name in GnuPG verbose mode boo1096745...

Security update for opencv (moderate)

This update for opencv fixes this security issue: - CVE-2017-18009: Prevent heap-based buffer over-read in the function cv::HdrDecoder::checkSignature bsc1074312...

Security update for bouncycastle (moderate)

This update for bouncycastle to version 1.59 fixes the following issues: These security issues were fixed: - CVE-2017-13098: BouncyCastle, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provided a weak Bleichenbacher oracle when any TLS cipher suite using...

opensuse-security@xxxxxxxxxxxx</li> <li><span class="identifier"> Date</span>: Wed, 13 Jun 2018 18:07:57 +0200 (CEST)</li> <li><span class="identifier"> Message-id</span>: &lt;<a href="msg00024.html">[email protected]</a>&gt;</li> </ul> <!--X-Head-of-Message-End--> <!--X-Head-Body-Sep-Begin--> </div> <div class="body"> <!--X-Head-Body-Sep-End--> <!--X-Body-of-Message--> openSUSE Security Update: Security update for taglib<br> ______________________________________________________________________________<br> <br> Announcement ID: openSUSE-SU-2018:1686-1<br> Rating: low<br> References: #1096180 <br> Cross-References: CVE-2018-11439<br> Affected Products:<br> openSUSE Leap 42.3<br> openSUSE Leap 15.0<br> ______________________________________________________________________________<br> <br> An update that fixes one vulnerability is now available.<br> <br> Description:<br> <br> This update for taglib fixes this security issues:<br> <br> - CVE-2018-11439: The TagLib::Ogg::FLAC::File::scan function allowed<br> remote attackers to cause information disclosure (heap-based buffer<br> over-read) via a crafted audio file (bsc#1096180).<br> <br> <br> Patch Instructions:<br> <br> To install this openSUSE Security Update use the SUSE recommended <br> installation methods<br> like YaST online_update or &quot;zypper patch&quot;.<br> <br> Alternatively you can run the command listed for your product:<br> <br> - openSUSE Leap 42.3:<br> <br> zypper in -t patch openSUSE-2018-627=1<br> <br> - openSUSE Leap 15.0:<br> <br> zypper in -t patch openSUSE-2018-627=1<br> <br> <br> <br> Package List:<br> <br> - openSUSE Leap 42.3 (i586 x86_64):<br> <br> libtag-devel-1.11-8.1<br> libtag1-1.11-8.1<br> libtag1-debuginfo-1.11-8.1<br> libtag_c0-1.11-8.1<br> libtag_c0-debuginfo-1.11-8.1<br> taglib-1.11-8.1<br> taglib-debuginfo-1.11-8.1<br> taglib-debugsource-1.11-8.1<br> <br> - openSUSE Leap 42.3 (x86_64):<br> <br> libtag1-32bit-1.11-8.1<br> libtag1-debuginfo-32bit-1.11-8.1<br> libtag_c0-32bit-1.11-8.1<br> libtag_c0-debuginfo-32bit-1.11-8.1<br> <br> - openSUSE Leap 15.0 (i586 x86_64):<br> <br> libtag-devel-1.11.1-lp150.3.3.1<br> libtag1-1.11.1-lp150.3.3.1<br> libtag1-debuginfo-1.11.1-lp150.3.3.1<br> libtag_c0-1.11.1-lp150.3.3.1<br> libtag_c0-debuginfo-1.11.1-lp150.3.3.1<br> taglib-1.11.1-lp150.3.3.1<br> taglib-debuginfo-1.11.1-lp150.3.3.1<br> taglib-debugsource-1.11.1-lp150.3.3.1<br> <br> - openSUSE Leap 15.0 (x86_64):<br> <br> libtag1-32bit-1.11.1-lp150.3.3.1<br> libtag1-32bit-debuginfo-1.11.1-lp150.3.3.1<br> libtag_c0-32bit-1.11.1-lp150.3.3.1<br> libtag_c0-32bit-debuginfo-1.11.1-lp150.3.3.1<br> <br> <br> References:<br> <br> <a rel="nofollow" href="https://www.suse.com/security/cve/CVE-2018-11439.html">https://www.suse.com/security/cve/CVE-2018-11439.html</a><br> <a rel="nofollow" href="https://bugzilla.suse.com/1096180">https://bugzilla.suse.com/1096180</a><br> <br> -- <br> To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx<br> For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx<br> <br> <!--X-Body-of-Message-End--> <!--X-MsgBody-End--> <!--X-Follow-Ups--> <!-- SwishCommand noindex --> </div> <table class="bodynav"> <tr> <td align="left"> &lt; Previous </td> <td align="right"> Next &gt; </td> </tr> </table> </div> <div class="visualClear"></div> </div> </div> </div> <div id="column-one"> <a name="indexes"></a> <div class="portlet" id="p-topnav"> <div class="pBody"> <ul> <li><a href="threads.html">Thread Index</a></li> <li><a href="author.html">Author Index</a></li> <li><a href="date.html">Date Index</a></li> <li><a href="all.html">All Messages</a></li> </ul> </div> </div> <div class="portlet" id="p-logo"> <a style="background-image: url(/skins/opensuse/opensuse.gif);" href="../" title="Back"></a> </div> <script type="text/javascript"> if (window.isMSIE55) fixalpha(); </script> <a name="search"></a> <div id="p-search" class="portlet" style="white-space: nowrap;"> <h5><label for="searchInput">Search this list</label> (Security update for taglib</h5> <!--X-Subject-Header-End--> <!--X-Head-of-Message--> <ul> <li><span class="identifier"> From</span>)

This update for taglib fixes this security issues: - CVE-2018-11439: The TagLib::Ogg::FLAC::File::scan function allowed remote attackers to cause information disclosure heap-based buffer over-read via a crafted audio file bsc1096180...

Security update for mupdf (moderate)

This update for mupdf fixes the following security issue: - CVE-2018-1000051: Prevent use after free in fzkeepkeystorable that can result in DOS / possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF bsc1080531...

Security update for glibc (moderate)

This update for glibc fixes the following issues: This security issue was fixed: - Fixed an buffer overwrite issue in memcpy for Knights Landing CPUs boo1092877, CVE-2018-11237...

Security update for prosody (moderate)

This update for prosody to version 0.10.2 fixes the following issues: This security issue was fixed: - CVE-2018-10847: Prevent insufficient validation of client-provided parameters during XMPP stream restarts. Authenticated users may have overriden the realm associated with their session,...

Security update for kernel-firmware (moderate)

This update for kernel-firmware fixes the following issues: This security issue was fixed: - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by speculative execution and indirect branch prediction bsc1095735 This update was imported from...

Security update for ImageMagick (moderate)

This update for ImageMagick to version 7.0.7-34 fixes the following issues: The following security issue was fixed: - Fixed numerous use of uninitialized values, integer overflow, memory exceeded, and timeouts. The following non-security issues were fixed: - Added support for reading eXIf chunks ...

Security update for qemu (important)

This update for qemu fixes the following issues: This security issue was fixed: - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests bsc1092885. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of al...

Security update for prosody (moderate)

This update for prosody fixes the following issues: This security issue was fixed: - CVE-2018-10847: Prevent insufficient validation of client-provided parameters during XMPP stream restarts. Authenticated users may have overriden the realm associated with their session, potentially bypassing...

Security update for slf4j (important)

This update for slf4j fixes the following security issue: - CVE-2018-8088: Remote attackers could have bypassed intended access restrictions via crafted data. Disallow EventData deserialization by default from now on bsc1085970...

Security update for curl (moderate)

This update for curl to version 7.60.0 fixes the following issues: These security issues were fixed: - CVE-2018-1000300: Prevent heap-based buffer overflow when closing down an FTP connection with very long server command replies bsc1092094. - CVE-2018-1000301: Prevent buffer over-read that could...