Security update for chromium (important)

This update for chromium to version 64.0.3282.167 fixes the following issue: CVE-2018-6056: Incorrect derived class instantiation in V8 bsc1080920...

Security update for chromium (important)

This update for chromium to version 64.0.3282.167 fixes the following issue: CVE-2018-6056: Incorrect derived class instantiation in V8 bsc1080920...

Security update for libreoffice (important)

This update for libreoffice fixes the following issues: LibreOffice was updated to 5.4.5.1: - CVE-2018-6871: Fixes data exposure when using WEBSERVICE bsc1080249 This update was imported from the SUSE:SLE-12-SP3:Update update project...

Security update for leptonica (important)

This update for leptonica fixes the following issues: - CVE-2018-3836: Fixes a command injection vulnerability boo1079358 TALOS-2018-0516...

Security update for freetype2 (important)

This update for freetype2 fixes the following security issues: - CVE-2016-10244: Make sure that the parsecharstrings function in type1/t1load.c does ensure that a font contains a glyph name to prevent a DoS through a heap-based buffer over-read or possibly have unspecified other impact via a...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.3 kernel was updated to 4.4.114 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to a...

Security update for docker, docker-runc, containerd, golang-github-docker-libnetwork (important)

This update for docker, docker-runc, containerd, golang-github-docker-libnetwork fixes several issues. These security issues were fixed: - CVE-2017-16539: The DefaultLinuxSpec function in oci/defaults.go docker did not block /proc/scsi pathnames, which allowed attackers to trigger data loss when...

Security update for plasma5-workspace (important)

This update for plasma5-workspace fixes security issues and bugs. The following vulnerabilities were fixed: - CVE-2018-6790: Desktop notifications could have been used to load arbitrary remote images into Plasma, allowing for client IP discovery boo1079429 - CVE-2018-6791: A specially crafted fil...

Security update for plasma5-workspace (important)

This update for plasma5-workspace fixes security issues and bugs. The following vulnerabilities were fixed: - CVE-2018-6790: Desktop notifications could have been used to load arbitrary remote images into Plasma, allowing for client IP discovery boo1079429 - CVE-2018-6791: A specially crafted fil...

Security update for freeimage (important)

This update for freeimage fixes one issues. This security issue was fixed: - CVE-2016-5684: Prevent out-of-bounds write vulnerability in the XMP image handling functionality. A specially crafted XMP file could have caused an arbitrary memory overwrite resulting in code execution boo1002621...

Security update for webkit2gtk3 (important)

This update for webkit2gtk3 fixes the following issues: Update to version 2.18.5: + Disable SharedArrayBuffers from Web API. + Reduce the precision of "high" resolution time to 1ms. + bsc1075419 - Security fixes: includes improvements to mitigate the effects of Spectre and Meltdown CVE-2017-5753...

Security update for bind (important)

This update for bind fixes several issues. This security issue was fixed: - CVE-2017-3145: Improper sequencing during cleanup could have lead to a use-after-free error that triggered an assertion failure and crash in named bsc1076118. These non-security issues were fixed: - Updated named.root fil...

Security update for chromium (important)

This update for chromium to 64.0.3282.119 fixes several issues. These security issues were fixed: - CVE-2018-6031: Use after free in PDFium boo1077571 - CVE-2018-6032: Same origin bypass in Shared Worker boo1077571 - CVE-2018-6033: Race when opening downloaded files boo1077571 - CVE-2018-6034:...

Security update for chromium (important)

This update for chromium to 64.0.3282.119 fixes several issues. These security issues were fixed: - CVE-2018-6031: Use after free in PDFium boo1077571 - CVE-2018-6032: Same origin bypass in Shared Worker boo1077571 - CVE-2018-6033: Race when opening downloaded files boo1077571 - CVE-2018-6034:...

Security update for clamav (important)

This update for clamav fixes the following issues: - Update to security release 0.99.3 bsc1077732 CVE-2017-12376 ClamAV Buffer Overflow in handlepdfname Vulnerability CVE-2017-12377 ClamAV Mew Packet Heap Overflow Vulnerability CVE-2017-12379 ClamAV Buffer Overflow in messageAddArgument...

Security update for MozillaThunderbird (important)

This update for MozillaThunderbird to version 52.6 fixes several issues. These security issues were fixed: - CVE-2018-5095: Integer overflow in Skia library during edge builder allocation bsc1077291. - CVE-2018-5096: Use-after-free while editing form elements bsc1077291. - CVE-2018-5097:...

Security update for MozillaThunderbird (important)

This update for MozillaThunderbird to version 52.6 fixes several issues. These security issues were fixed: - CVE-2018-5095: Integer overflow in Skia library during edge builder allocation bsc1077291. - CVE-2018-5096: Use-after-free while editing form elements bsc1077291. - CVE-2018-5097:...

Security update for newsbeuter (important)

This update for newsbeuter fixes one issues. This security issue was fixed: - CVE-2017-14500: Improper Neutralization of special elements allowed remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure that includes shell metacharacters in its...

Security update for mysql-community-server (important)

This update for mysql-community-server to version 5.6.39 fixes several issues. These security issues were fixed: - CVE-2018-2622: Vulnerability in the subcomponent: Server: DDL. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromi...

Security update for MozillaFirefox (important)

This update for MozillaFirefox fixes the following issues: - update to Firefox 52.6esr boo1077291 MFSA 2018-01 Speculative execution side-channel attack "Spectre" MFSA 2018-03 CVE-2018-5091 bmo1423086 Use-after-free with DTMF timers CVE-2018-5095 bmo1418447 Integer overflow in Skia library during...

Security update for virtualbox (important)

This update for virtualbox to version 5.1.32 fixes the following issues: The following vulnerabilities were fixed boo1076372: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacke...

Security update for newsbeuter (important)

This update for newsbeuter fixes one issues. This security issue was fixed: - CVE-2017-12904: Improper neutralization of special elements allowed remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL bsc1054578...

Security update for xmltooling (important)

This update for xmltooling fixes the following issues: - CVE-2018-0486: Fixed a security bug when xmltooling mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD bsc1075975 This updat...

Security update for tiff (important)

This update for tiff to version 4.0.9 fixes the following issues: Security issues fixed: - CVE-2014-8128: Fix out-of-bounds read with malformed TIFF image in multiple tools bsc969783. - CVE-2015-7554: Fix invalid write in tiffsplit / TIFFVGetField bsc960341. - CVE-2016-10095: Fix stack-based buff...

Security update for glibc (important)

This update for glibc fixes the following issues: - A privilege escalation bug in the realpath function has been fixed. CVE-2018-1000001, bsc1074293 - A memory leak and a buffer overflow in the dynamic ELF loader has been fixed. CVE-2017-1000408, CVE-2017-1000409, bsc1071319 - An issue in the cod...

Security update for ucode-intel (important)

This update for ucode-intel fixes the following issues: Update to Intel CPU Microcode version 20180108 boo1075262 - The pre-released microcode fixing some important security issues is now officially published and included in the added tarball. New firmware updates since last version 20170707 are...

Security update for qemu (important)

This update for qemu fixes the following issues: This update for qemu fixes the following issues: A mitigation for a security flaw has been applied: - CVE-2017-5715: QEMU was updated to allow passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling branch...

Security update for java-1_7_0-openjdk (important)

This update for java-170-openjdk fixes the following issues: Security issues fixed: - CVE-2017-10356: Fix issue inside subcomponent Security bsc1064084. - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO bsc1064071. - CVE-2017-10281: Fix issue inside subcomponent Serialization...

Security update for qemu (important)

This update for qemu fixes the following issues: A new feature was added: - Support EPYC vCPU type bsc1052825 fate324038 Also a mitigation for a security problem has been applied: - CVE-2017-5715: QEMU was updated to allow passing through new MSR and CPUID flags from the host VM to the CPU, to...

Security update for kernel-firmware (important)

This update for kernel-firmware fixes the following issues: - Add microcodeamdfam17h.bin bsc1068032 CVE-2017-5715 This new firmware disables branch prediction on AMD family 17h processor to mitigate an attack on the branch predictor that could lead to information disclosure from e.g. kernel memor...

Security update for ImageMagick (important)

This update for ImageMagick fixes the following issues: - security update xcf.c: CVE-2017-14343: Memory leak vulnerability in ReadXCFImage could lead to denial of service via a crafted file. CVE-2017-12691: The ReadOneLayer function in coders/xcf.c allows remote attackers to cause a denial of...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.2 kernel was updated to 4.4.104 to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory bnc1068032. - CVE-2017-5753 / "SpectreAttack": Local attacker...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.3 kernel was updated to 4.4.104 to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory bnc1068032. - CVE-2017-5753 / "SpectreAttack": Local attacker...

Security update for kernel-firmware (important)

This update for kernel-firmware fixes the following issues: - Add microcodeamdfam17h.bin bsc1068032 CVE-2017-5715 This new firmware disables branch prediction on AMD family 17h processor to mitigate a attack on the branch predictor that could lead to information disclosure from e.g. kernel memory...

Security update for phpMyAdmin (important)

This update for phpMyAdmin to version 4.7.7 fixes a security issue and bugs. The following vulnerability was fixed: - By deceiving a user to click on a crafted URL, it was possible to perform harmful database operations bsc1074066, PMASA-2017-09 This update also contains all upstream improvements...

Security update for phpMyAdmin (important)

This update for phpMyAdmin to version 4.7.7 fixes a security issue and bugs. The following vulnerability was fixed: - By deceiving a user to click on a crafted URL, it was possible to perform harmful database operations bsc1074066, PMASA-2017-09 This update also contains all upstream improvements...

Security update for Mozilla Thunderbird (important)

This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities: - CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin bsc1074043 - CVE-2017-7847: Local path string can be leaked from RSS feed bsc1074044 - CVE-2017-7848: RSS Feed vulnerable to new line...

Security update for Mozilla Thunderbird (important)

This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities: - CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin bsc1074043 - CVE-2017-7847: Local path string can be leaked from RSS feed bsc1074044 - CVE-2017-7848: RSS Feed vulnerable to new line...

Security update for evince (important)

This update for evince fixes the following issues: Security issue fixed: - CVE-2017-1000083: Remove support for tar and tar-like commands in comics backend bsc1046856. This update was imported from the SUSE:SLE-12-SP2:Update update project...

Security update for enigmail (important)

This update for enigmail to version 1.9.9 fixes the following issues boo1073858: Enigmail could be coerced to use a malicious PGP public key with a corresponding secret key controlled by an attacker Enigmail could have replayed encrypted content in partially encrypted e-mails, allowing a plaintex...

Security update for ImageMagick (important)

This update for ImageMagick fixes the following issues: CVE-2017-14989: use-after-free in RenderFreetype in MagickCore/annotate.c could lead to denial of service bsc1061254 CVE-2017-14682: GetNextToken in MagickCore/token.c heap buffer overflow could lead to denial of service bsc1060176 Memory le...

Security update for enigmail (important)

This update for enigmail to version 1.9.9 fixes the following issues boo1073858: Enigmail could be coerced to use a malicious PGP public key with a corresponding secret key controlled by an attacker Enigmail could have replayed encrypted content in partially encrypted e-mails, allowing a plaintex...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.3 kernel was updated to 4.4.103 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000405: A bug in the THP CoW support could be used by local attackers to corrupt memory of other processes and cause them to crash bnc1069496. -...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.2 kernel was updated to 4.4.102 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000405: A bug in the THP CoW support could be used by local attackers to corrupt memory of other processes and cause them to crash bnc1069496. -...

Security update for chromium (important)

This update to Chromium 63.0.3239.108 fixes the following issues: - CVE-2017-15429: UXSS in V8 bsc1072976 - Various fuzzing fixes...

Security update for openssl (important)

This update for openssl fixes the following issues: - OpenSSL Security Advisory 07 Dec 2017 CVE-2017-3737: OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error...

Security update for chromium (important)

This update to Chromium 63.0.3239.108 fixes the following issues: - CVE-2017-15429: UXSS in V8 bsc1072976 - Various fuzzing fixes...

Security update for GraphicsMagick (important)

This update for GraphicsMagick fixes the following issues: CVE-2017-12140: ReadDCMImage in coders\dcm.c has a ninteger signedness error leading to excessive memory consumption bnc1051847 CVE-2017-14994: NULL pointer in ReadDCMImage in coders/dcm.c could lead to denial of service bnc1061587...

Security update for the OBS toolchain (important)

This OBS toolchain update fixes the following issues: Package 'build': - CVE-2010-4226: force use of bsdtar for VMs bnc665768 - CVE-2017-14804: Improve file name check extractbuild bsc1069904 - switch baselibs scheme for debuginfo packages from foo-debuginfo-32bit to foo-32bit-debuginfo fate32321...

Security update for chromium (important)

This update to Chromium 63.0.3239.84 fixes the following security issues: - CVE-2017-5124: UXSS with MHTML - CVE-2017-5125: Heap overflow in Skia - CVE-2017-5126: Use after free in PDFium - CVE-2017-5127: Use after free in PDFium - CVE-2017-5128: Heap overflow in WebGL - CVE-2017-5129: Use after...