Security update for php5 (important)

This update for php5 fixes the following issues: Security issues fixed: - CVE-2018-10545: Fix access controls in FPM child processes bsc1091367. - CVE-2018-10547: Fix Reflected XSS on the PHAR 403 and 404 error pages bsc1091362. - CVE-2018-10546: Fix an infinite loop exists in ext/iconv/iconv.c...

Security update for libreoffice (moderate)

This update for libreoffice to 6.0.4.2 fixes lots of bugs and also the following issues: Security issues fixed: - CVE-2018-10120: The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx did not validate a customizations index, which allowed remote attackers to cause a denial of...

Security update for librsvg (moderate)

This update for librsvg fixes the following issues: - CVE-2018-1000041: Input validation issue could lead to credentials leak. bsc1083232 Update to version 2.40.20: + Except for emergencies, this will be the LAST RELEASE of the librsvg-2.40.x series. We are moving to 2.41, which is vastly improve...

Security update for Chromium (important)

This update for Chromium to version 66.0.3359.170 fixes the following issues: Security issues fixed boo1092923: - CVE-2018-6121: Privilege Escalation in extensions - CVE-2018-6122: Type confusion in V8 - CVE-2018-6120: Heap buffer overflow in PDFium - Various fixes from internal audits, fuzzing a...

Security update for xen (important)

This update for xen to version 4.9.2 fixes several issues. This feature was added: - Added script, udev rule and systemd service to watch for vcpu online/offline events in a HVM domU. They are triggered via 'xl vcpu-set domU N' These security issues were fixed: - CVE-2018-8897: Prevent mishandlin...

Security update for opencv (important)

This update for opencv fixes the following issues: - CVE-2016-1517: Fixed a denial of service segfault via vectors involving corrupt chunks boo1033150 - CVE-2016-1516: Fixed a double free issue that allows attackers to execute arbitrary code boo1033152...

Security update for opencv (important)

This update for opencv fixes the following issues: - CVE-2016-1517: Fixed a denial of service segfault via vectors involving corrupt chunks boo1033150 - CVE-2016-1516: Fixed a double free issue that allows attackers to execute arbitrary code boo1033152...

Security update for Mozilla Firefox (important)

This update for Mozilla Firefox to 52.8.0 ESR fixes the following issues: Security issssue fixed: bsc1092548, MFSA 2018-12: - CVE-2018-5183: Backport critical security fixes in Skia - CVE-2018-5154: Use-after-free with SVG animations and clip paths - CVE-2018-5155: Use-after-free with SVG...

Security update for php7 (important)

This update for php7 fixes the following issues: Security issues fixed: - CVE-2018-10545: Fix access controls in FPM child processes bsc1091367. - CVE-2018-10547: Fix Reflected XSS on the PHAR 403 and 404 error pages bsc1091362. - CVE-2018-10546: Fix an infinite loop exists in ext/iconv/iconv.c...

Security update for Chromium (important)

This update for Chromium to version 66.0.3359.139 fixes the following issues: - CVE-2018-6118: Use after free in Media Cache bsc1091288 - CVE-2018-6085: Use after free in Disk Cache - CVE-2018-6086: Use after free in Disk Cache - CVE-2018-6087: Use after free in WebAssembly - CVE-2018-6088: Use...

Security update for patch (important)

This update for patch fixes the following issues: Security issues fixed: - CVE-2018-1000156: Malicious patch files cause ed to execute arbitrary commands bsc1088420. - CVE-2018-6951: Fixed NULL pointer dereference in the intuitdifftype function in pch.c bsc1080918. - CVE-2016-10713: Fixed...

Security update for corosync (important)

This update for corosync fixes the following issues: - CVE-2018-1084: Integer overflow in totemcrypto:authenticatenss23 could lead to command execution bsc1089346 - Providing an empty uid or gid results in coroparse adding uid 0. bsc1066585 - Fix a problem with configuration file incompatibilitie...

Security update for zsh (important)

This update for zsh fixes the following issues: - CVE-2014-10070: environment variable injection could lead to local privilege escalation bnc1082885 - CVE-2014-10071: buffer overflow in exec.c could lead to denial of service. bnc1082977 - CVE-2014-10072: buffer overflow In utils.c when scanning...

Security update for virtualbox (important)

This update for VirtualBox to version 5.1.36 fixes multiple issues: Security issues fixed: - CVE-2018-0739: Unauthorized remote attacker may have caused a hang or frequently repeatable crash complete DOS - CVE-2018-2830: Attacker with host login may have compromised Virtualbox or further system...

Security update for hdf5 (important)

This update for hdf5 fixes the following issues: - fix security issues arbitary code execution: CVE-2016-4330: H5TARRAY Code Execution boo1011201 CVE-2016-4331: H5ZNBIT Code Execution boo1011204 CVE-2016-4332: Shareable Message Type Code Execution boo1011205 CVE-2016-4333: Array index bounds issu...

Security update for hdf5 (important)

This update for hdf5 fixes the following issues: - fix security issues arbitary code execution: CVE-2016-4330: H5TARRAY Code Execution boo1011201 CVE-2016-4331: H5ZNBIT Code Execution boo1011204 CVE-2016-4332: Shareable Message Type Code Execution boo1011205 CVE-2016-4333: Array index bounds issu...

Security update for PackageKit (important)

This update for PackageKit fixes the following security issue: - CVE-2018-1106: Drop the polkit rule which could allow users in wheel group to install packages without root password bsc1086936. This update was imported from the SUSE:SLE-12-SP2:Update update project...

Security update for chromium (important)

This update for Chromium to version 66.0.3359.117 fixes the following issues: Security issues fixed boo1090000: - CVE-2018-6085: Use after free in Disk Cache - CVE-2018-6086: Use after free in Disk Cache - CVE-2018-6087: Use after free in WebAssembly - CVE-2018-6088: Use after free in PDFium -...

Security update for cfitsio (important)

This update for cfitsio fixes the following issues: Security issues fixed: - CVE-2018-1000166: Unsafe use of sprintf can allow a remote unauthenticated attacker to execute arbitrary code boo1088590 This update to version 3.430 also contains a number of upstream bug fixes. The following tracked...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.3 kernel was updated to 4.4.126 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-1091: In the flushtmregstothread function in arch/powerpc/kernel/ptrace.c, a guest kernel crash can be triggered from unprivileged userspace during a...

Security update for libvirt (important)

This update for libvirt and virt-manager fixes the following issues: Security issues fixed: - CVE-2017-5715: Fixes for speculative side channel attacks aka "SpectreAttack" var2 bsc1079869. - CVE-2018-6764: Fixed guest executable code injection via libnssdns.so loaded by libvirtlxc before init...

Security update for memcached (important)

This update for memcached fixes the following issues: - CVE-2017-9951: Fixed heap-based buffer over-read in tryreadcommand function which allowed remote attackers to cause a denial of service attack bsc1056865. This update was imported from the SUSE:SLE-12:Update update project...

Security update for LibVNCServer (important)

LibVNCServer was updated to fix two security issues. These security issues were fixed: - CVE-2018-7225: Missing input sanitization inside rfbserver.c rfbProcessClientNormalMessage bsc1081493. - CVE-2016-9942: Heap-based buffer overflow in ultra.c allowed remote servers to cause a denial of servic...

Security update for librelp (important)

This update for librelp fixes the following issues: - CVE-2018-1000140: A stack-based buffer overflow in the code for checking of x509 certificates allowed a remote attacker with an access to the rsyslog logging facility to potentially execute arbitrary code by sending a specially crafted x509...

Security update for clamav (important)

This update for clamav fixes the following issues: Security issues fixed: - CVE-2012-6706: VMSFDELTA filter inside the unrar implementation allows an arbitrary memory write bsc1045315. - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CH...

Security update for python-paramiko (important)

This update for python-paramiko fixes the following issues: - CVE-2018-7750: Fixed transport.py in the SSH server implementation of Paramiko that does not properly check whether authentication is completed before processing other requests bsc1085276...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.3 kernel was updated to 4.4.120 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-8087: Memory leak in the hwsimnewradionl function in drivers/net/wireless/mac80211hwsim.c allowed local users to cause a denial of service memory...

Security update for qemu (important)

This update for qemu fixes the following issues: This update has the next round of Spectre v2 related patches, which now integrate with corresponding changes in libvirt. CVE-2017-5715 bsc1068032 The January 2018 release of qemu initially addressed the Spectre v2 vulnerability for KVM guests by...

Security update for various KMPs (important)

The Spectre Variant 2 in the Linux Kernel is mitigated using "retpolines". This update rebuilds all openSUSE Leap 42.3 KMPs to use "retpolines" and so be able to mitigate the Spectre v2 attack. bsc1068032 CVE-2017-5715...

Security update for MozillaFirefox (important)

This update for Mozilla Firefox to version 52.7.2esr fixes security issues and bugs. Security issues fixed: - CVE-2018-5146: Specially crafted vorbis files could have been used to execute arbitrary code via an Out of bounds memory write bsc1085671, MFSA 2018-08 - CVE-2018-5147: Specially crafted...

Security update for SDL2, SDL2_image (important)

This update for SDL2 and SDL2image fixes the following issues: - CVE-2017-14441: Code execution in the ICO image rendering bsc1084282. - CVE-2017-14440: Potential code execution in the ILBM image rendering functionality bsc1084257. - CVE-2017-12122: Potential code execution in the ILBM image...

Security update for mariadb (important)

This update for mariadb fixes the following issues: MariaDB was updated to 10.0.34 bsc1078431 The following security vulnerabilities are fixed: - CVE-2018-2562: Vulnerability in the MySQL Server subcomponent: Server : Partition. Easily exploitable vulnerability allowed low privileged attacker wit...

Security update for ucode-intel (important)

This update for ucode-intel fixes the following issues: The Intel CPU microcode version was updated to version 20180312. This update enables the IBPB+IBRS based mitigations of the Spectre v2 flaws boo1085207 CVE-2017-5715 - New Platforms - BDX-DE EGW A0 6-56-5:10 e000009 - SKX B1 6-55-3:97 100014...

Security update for Chromium (important)

This update for Chromium to version 65.0.3325.162 fixes the following issues: - CVE-2017-11215: Use after free in Flash - CVE-2017-11225: Use after free in Flash - CVE-2018-6060: Use after free in Blink - CVE-2018-6061: Race condition in V8 - CVE-2018-6062: Heap buffer overflow in Skia -...

Security update for java-1_7_0-openjdk (important)

This update for java-170-openjdk fixes the following issues: Security issues fixed in OpenJDK 7u171 January 2018 CPUbsc1076366: - CVE-2018-2579: Improve key keying case - CVE-2018-2588: Improve LDAP logins - CVE-2018-2599: Improve reliability of DNS lookups - CVE-2018-2602: Improve usage messages...

Security update for MozillaFirefox (important)

This update for Mozilla Firefox to version 52.7.0esr fixes multiple issues. Security issues fixed bsc1085130, MFSA 2018-07: - CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList - CVE-2018-5129: Out-of-bounds write with malformed IPC messages - CVE-2018-5130: Mismatched RTP payloa...

Security update for java-1_8_0-openjdk (important)

This update for java-180-openjdk fixes the following issues: Security issues fix in jdk8u161 icedtea 3.7.0bsc1076366: - CVE-2018-2579: Improve key keying case - CVE-2018-2582: Better interface invocations - CVE-2018-2588: Improve LDAP logins - CVE-2018-2599: Improve reliability of DNS lookups -...

Security update for cups (important)

This update for cups fixes the following issues: - CVE-2017-18190: Removed localhost.localdomain from list of trustworthy hosts in scheduler/client.c to avoid arbitrary IPP command execution in conjunction with DNS rebinding. bsc1081557 This update was imported from the SUSE:SLE-12:Update update...

Security update for freexl (important)

This update for freexl fixes the following issues: freexl was updated to version 1.0.5: No changelog provided by upstream Various heapoverflows in 1.0.4 have been fixed: CVE-2018-7439: heap-buffer-overflow in freexl.c:3912 readminibiffnextrecord boo1082774 CVE-2018-7438: heap-buffer-overflow in...

Security update for freexl (important)

This update for freexl fixes the following issues: freexl was updated to version 1.0.5: No changelog provided by upstream Various heapoverflows in 1.0.4 have been fixed: CVE-2018-7439: heap-buffer-overflow in freexl.c:3912 readminibiffnextrecord boo1082774 CVE-2018-7438: heap-buffer-overflow in...

Security update for lame (important)

This update for lame fixes the following issues: Lame was updated to version 3.100: Improved detection of MPEG audio data in RIFF WAVE files. sf3545112 Invalid sampling detection New switch --gain decibel, range -20.0 to +12.0, a more convenient way to apply Gain adjustment in decibels, than the...

Security update for lame (important)

This update for lame fixes the following issues: Lame was updated to version 3.100: Improved detection of MPEG audio data in RIFF WAVE files. sf3545112 Invalid sampling detection New switch --gain decibel, range -20.0 to +12.0, a more convenient way to apply Gain adjustment in decibels, than the...

Security update for php5 (important)

This update for php5 fixes the following issues: - CVE-2016-10712: In PHP all of the return values of streamgetmetadata could be controlled if the input can be controlled e.g., during file uploads. bsc1080234 This update was imported from the SUSE:SLE-12:Update update project...

Security update for postgresql95 (important)

This update for postgresql95 fixes the following issues: Upate to PostgreSQL 9.5.11: Security issues fixed: https://www.postgresql.org/docs/9.5/static/release-9-5-11.html CVE-2018-1053, boo1077983: Ensure that all temporary files made by pgupgrade are non-world-readable. boo1079757: Rename...

Security update for p7zip (important)

This update for p7zip fixes the following security issues: - CVE-2016-1372: Fixed multiple vulnerabilities when processing crafted 7z files bsc984650 - CVE-2017-17969: Fixed a heap-based buffer overflow in a shrink decoder bsc1077725 - CVE-2018-5996: Fixed memory corruption in RAR decompression...

Security update for glibc (important)

This update for glibc fixes the following issues: Security issues fixed: - CVE-2017-8804: Fix memory leak after deserialization failure in xdrbytes, xdrstring bsc1037930 - CVE-2017-12132: Reduce EDNS payload size to 1200 bytes bsc1051791 - CVE-2018-6485,CVE-2018-6551: Fix integer overflows in...

Security update for quagga (important)

This update for quagga fixes the following issues: - CVE-2017-16227: Fixed bgpd DoS via specially crafted BGP UPDATE messages boo1065641 - CVE-2018-5378: Fixed bgpd bounds check issue via attribute length Quagga-2018-0543,boo1079798 - CVE-2018-5379: Fixed bgpd double free when processing UPDATE...

Security update for exim (important)

This update for exim fixes the following issues: - CVE-2018-6789: Fixed a buffer overflow in the base64decode function, which could be used to execute code remotely. boo1079832...

Security update for xen (important)

This update for xen fixes several issues. These security issues were fixed: - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka "Spectre" and "Meltdown" attacks bsc1074562, bsc1068032 - CVE-2017-15595: x86 PV guest OS users were...

Security update for openssl-steam (important)

This update for openssl-steam fixes the following issues: - Merged changes from upstream openssl Factory rev 137 into this fork for Steam. Updated to openssl 1.0.2k: CVE-2016-7055: Montgomery multiplication may produce incorrect results boo1009528 CVE-2016-7056: ECSDA P-256 timing attack key...