7590 matches found
Security update for kauth, kdelibs4 (important)
This update for kauth and kdelibs4 fixes the following issues: - CVE-2017-8422: logic flaw in the KAuth framework allowed privilege escalation boo1036244...
Security update for xen (important)
This update for xen fixes several issues. These security issues were fixed: - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch XSA-21...
Security update for the Linux Kernel (important)
The openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-7618: crypto/ahash.c in the Linux kernel allowed attackers to cause a denial of service API operation calling its own callback, and infinite recursion by triggeri...
Security update for mysql-community-server (important)
This update for mysql-community-server to version 5.6.36 fixes the following issues: These security issues were fixed: - CVE-2016-5483: Mysqldump failed to properly quote certain identifiers in SQL statements written to the dump output, allowing for execution of arbitrary commands bsc1029014 -...
Security update for ghostscript (important)
This update for ghostscript fixes the following security vulnerabilities: CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. bsc1036453 CVE-2016-9601: An integer overflow in the bundled jbig2dec library could have been misused to...
Security update for Chromium (important)
This update to Chromium 58.0.3029.96 fixes one security issue: - CVE-2017-5068: race condition in WebRTC bsc1037594...
Security update for Chromium (important)
This update to Chromium 58.0.3029.96 fixes one security issue: - CVE-2017-5068: race condition in WebRTC bsc1037594...
Security update for virtualbox (important)
This update for virtualbox to version 5.1.22 fixes the following issues: These security issues were fixed bsc1034854: - CVE-2017-3561: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Easily exploitable vulnerability allows low privileged attacker...
Security update for virtualbox (important)
This update to virtualbox 5.0.40 fixes the following issues: These security issues were fixed bsc1034854: - CVE-2017-3513: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Difficult to exploit vulnerability allows high privileged attacker with logon...
Security update for the Linux Kernel (important)
The openSUSE Leap 42.2 kernel was updated to 4.4.62 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-7618: crypto/ahash.c in the Linux kernel allowed attackers to cause a denial of service API operation calling its own callback, and infinite recursion b...
Security update for ruby2.1 (important)
This ruby2.1 update to version 2.1.9 fixes the following issues: Security issues fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new"initialize" bsc1018808 - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL bsc959495 - CVE-2015-3900: hostname validation does...
Security update for libosip2 (important)
This update for libosip2 fixes the following issues: Changes in libosip2: - CVE-2017-7853: In libosip2 in GNU 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msgosipbodyparse function defined in osipparser2/osipmessageparse.c, resulting in a remote DoS. boo1034570 -...
Security update for tiff (important)
This update for tiff fixes the following issues: Security issues fixed: - CVE-2016-10272: LibTIFF 4.0.7 allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and...
Security update for chromium (important)
This update to Chromium 58.0.3029.81 fixes the following security issues bsc1035103: - CVE-2017-5057: Type confusion in PDFium - CVE-2017-5058: Heap use after free in Print Preview - CVE-2017-5059: Type confusion in Blink - CVE-2017-5060: URL spoofing in Omnibox - CVE-2017-5061: URL spoofing in...
Security update for Mozilla Firefox (important)
Mozilla Firefox was updated to Firefox 52.1.0esr. The following vulnerabilities were fixed bsc1035082: - CVE-2017-5443: Out-of-bounds write during BinHex decoding - CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - CVE-2017-5464: Memory corruption wit...
Security update for chromium (important)
This update to Chromium 58.0.3029.81 fixes the following security issues bsc1035103: - CVE-2017-5057: Type confusion in PDFium - CVE-2017-5058: Heap use after free in Print Preview - CVE-2017-5059: Type confusion in Blink - CVE-2017-5060: URL spoofing in Omnibox - CVE-2017-5061: URL spoofing in...
Security update for xen (important)
This update for xen to version 4.7.2 fixes the following issues: These security issues were fixed: - CVE-2017-7228: Broken check in memoryexchange permited PV guest breakout bsc1030442. - XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or...
Security update for bind (important)
This update for bind fixes the following issues: CVE-2017-3137 bsc1033467: Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could have been exploited to cause a denial of service of a bind server performing recursion...
Security update for postgresql93 (important)
This update for postgresql93 to version 9.3.14 fixes the several issues. These security issues were fixed: - CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference bsc993454. - CVE-2016-5424: Fix client programs' handling of special characters in database and role names...
Security update for pidgin (important)
This update for pidgin to version 2.12.0 fixes the following issues: This security issue was fixed: - CVE-2017-2640: Out of bounds memory read in purplemarkupunescapeentity boo1028835. These non-security issues were fixed: + libpurple: - Fix the use of uninitialised memory if running...
Security update for apparmor (important)
This update for apparmor fixes the following issues: These security issues were fixed: - CVE-2017-6507: Preserve unknown profiles when reloading apparmor.service lp1668892, boo1029696 - boo1017260: Migration to apparmor.service accidently disable AppArmor. Note: This will re-enable AppArmor if it...
Security update for samba (important)
This update for samba fixes the following issues: Security issues fixed: - CVE-2017-2619: Symlink race permits opening files outside share directory bsc1027147. Bugfixes: - Force usage of ncurses6-config thru NCURSESCONFIG env var bsc1023847. - Add missing ldb module directory bsc1012092. - Don't...
Security update for samba (important)
This update for samba fixes the following issues: Security issues fixed: - CVE-2017-2619: Symlink race permits opening files outside share directory bsc1027147. Bugfixes: - Don't package man pages for VFS modules that aren't built bsc993707. - syncreq: make asyncconnectsend "reentrant"; bso12105;...
Security update for ruby2.2, ruby2.3 (important)
This update for ruby2.2, ruby2.3 fixes the following issues: Security issues fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new"initialize" boo1018808 - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL boo959495 Detailed ChangeLog: -...
Security update for Chromium (important)
This update to Chromium 57.0.2987.133 fixes the following issues boo1031677: - CVE-2017-5055: Use after free in printing - CVE-2017-5054: Heap buffer overflow in V8 - CVE-2017-5052: Bad cast in Blink - CVE-2017-5056: Use after free in Blink - CVE-2017-5053: Out of bounds memory access in V8 The...
Security update for Chromium (important)
This update to Chromium 57.0.2987.133 fixes the following issues boo1031677: - CVE-2017-5055: Use after free in printing - CVE-2017-5054: Heap buffer overflow in V8 - CVE-2017-5052: Bad cast in Blink - CVE-2017-5056: Use after free in Blink - CVE-2017-5053: Out of bounds memory access in V8 The...
Security update for the Linux Kernel (important)
The openSUSE Leap 42.2 kernel was updated to 4.4.56 fix various security issues and bugs. The following security bugs were fixed: - CVE-2017-7184: The xfrmreplayverifylen function in net/xfrm/xfrmuser.c in the Linux kernel did not validate certain size data after an XFRMMSGNEWAE update, which...
Security update for the Linux Kernel (important)
====================================================================== Still left to do: - Check CVE descriptions. They need to be written in the past tense. They are processed automatically, THERE CAN BE ERRORS IN THERE! - Remove version numbers from the CVE descriptions - Check the capitalizati...
Security update for mbedtls (important)
This update to mbedtls 1.3.19 fixes security issues and bugs. The following vulnerability was fixed: CVE-2017-2784: A remote user could have used a specially crafted certificate to cause mbedtls to free a buffer allocated on the stack when verifying the validity of public key with a secp224k1...
Security update for mbedtls (important)
This update to mbedtls 1.3.19 fixes security issues and bugs. The following vulnerability was fixed: CVE-2017-2784: A remote user could have used a specially crafted certificate to cause mbedtls to free a buffer allocated on the stack when verifying the validity of public key with a secp224k1...
Security update for Mozilla Firefox (important)
Mozilla Firefox was updated to 52.0.1 to fix one security issue: - CVE-2017-5428: integer overflow in createImageBitmap boo1029822, MFSA 2017-08...
Security update for Chromium (important)
Chromium was updated to 57.0.2987.98 to fix security issues and bugs. The following vulnerabilities were fixed bsc1028848: - CVE-2017-5030: Memory corruption in V8 - CVE-2017-5031: Use after free in ANGLE - CVE-2017-5032: Out of bounds write in PDFium - CVE-2017-5029: Integer overflow in libxslt ...
Security update for Chromium (important)
Chromium was updated to 57.0.2987.98 to fix security issues and bugs. The following vulnerabilities were fixed bsc1028848: - CVE-2017-5030: Memory corruption in V8 - CVE-2017-5031: Use after free in ANGLE - CVE-2017-5032: Out of bounds write in PDFium - CVE-2017-5029: Integer overflow in libxslt ...
Security update for qemu (important)
This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow flaw allowing a privileged user to crash the Qemu process on the host resulting in DoS bsc1023907. - CVE-2017-5857: The Virtio...
Security update for MozillaFirefox, mozilla-nss (important)
This update for MozillaFirefox and mozilla-nss fixes the following issues: MozillaFirefox was updated to Firefox 52.0 boo1028391 requires NSS = 3.28.3 Pages containing insecure password fields now display a warning directly within username and password fields. Send and open a tab from one device ...
Security update for xen (important)
This update for xen fixes several issues. These security issues were fixed: - CVE-2017-2620: In CIRRUSBLTMODEMEMSYSSRC mode the bitblit copy routine cirrusbitbltcputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation bsc1024834. -...
Security update for munin (important)
This update for munin fixes the following issues: - An attacker has been able to write arbitrary local files with the permissions of the web server, by using parameter injection boo1026539, CVE-2017-6188 - The MySQL plugin has been fixed to work correctly against MySQL 5.5 on Leap 42.1...
Security update for mysql-community-server (important)
mysql-community-server was updated to version 5.6.35 to fix bugs and security issues: Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-35.html Fixed CVEs: CVE-2016-8318 boo1020872, CVE-2017-3312 boo1020873, CVE-2017-3258 boo1020875, CVE-2017-3273 boo1020876, CVE-2017-3244 boo102087...
Security update for util-linux (important)
This update for util-linux fixes the following issues: This security issue was fixed: - CVE-2017-2616: In su with PAM support it was possible for local users to send SIGKILL to selected other processes with root privileges bsc1023041. This non-security issues were fixed: - lscpu: Implement WSL...
Security update for util-linux (important)
This update for util-linux fixes the following issues: This security issue was fixed: - CVE-2017-2616: In su with PAM support it was possible for local users to send SIGKILL to selected other processes with root privileges bsc1023041. This non-security issues were fixed: - lscpu: Implement WSL...
Security update for php7 (important)
This update for php7 fixes the following security issues: - CVE-2016-7480: The SplObjectStorage unserialize implementation in ext/spl/splobserver.c in PHP did not verify that a key is an object, which allowed remote attackers to execute arbitrary code or cause a denial of service uninitialized...
Security update of chromium (important)
Google chromium was updated to 56.0.2924.87: Various small fixes Disabled option to enable/disable plugins in the chrome://plugins - Changed the build requirement of libavformat to library version 57.41.100, as included in ffmpeg 3.1.1, as only this version properly supports the public AVStream A...
Security update for Chromium (important)
This update to Chromium 55.0.2883.75 fixes the following vulnerabilities: - CVE-2016-9651: Private property access in V8 - CVE-2016-5208: Universal XSS in Blink - CVE-2016-5207: Universal XSS in Blink - CVE-2016-5206: Same-origin bypass in PDFium - CVE-2016-5205: Universal XSS in Blink -...
Security update for the Linux Kernel (important)
The openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-6074: The dccprcvstateprocess function in net/dccp/input.c in the Linux kernel mishandled DCCPPKTREQUEST packet data structures in the LISTEN state, which allowed...
Security update for the Linux Kernel (important)
The openSUSE Leap 42.2 kernel was updated to 4.4.49 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5986: A userlevel triggerable BUGON on sctpwaitforsndbuf was fixed. bsc1025235 - CVE-2017-5970: The ipv4pktinfoprepare function in net/ipv4/ipsockglue.c...
Security update for java-1_7_0-openjdk (important)
This update for java-170-openjdk fixes the following issues: - Oracle Critical Patch Update of January 2017 to OpenJDK 7u131 bsc1020905: Security Fixes - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution -...
Security update for opus (important)
This update for opus fixes the following issues: - CVE-2017-0381: Fixed a remote code execution vulnerability in silk/NLSFstabilize.c when playing certain media files bsc1020102 This update was imported from the SUSE:SLE-12:Update update project...
Security update of chromium (important)
Google chromium was updated to 56.0.2924.87: Various small fixes Disabled option to enable/disable plugins in the chrome://plugins - Changed the build requirement of libavformat to library version 57.41.100, as included in ffmpeg 3.1.1, as only this version properly supports the public AVStream A...
Security update for mariadb (important)
This mariadb version update to 10.0.29 fixes the following issues: - CVE-2017-3318: unspecified vulnerability affecting Error Handling bsc1020896 - CVE-2017-3317: unspecified vulnerability affecting Logging bsc1020894 - CVE-2017-3312: insecure error log file handling in mysqldsafe, incomplete...
Security update for mysql-community-server (important)
mysql-community-server was updated to version 5.6.35 to fix bugs and security issues: Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-35.html Fixed CVEs: CVE-2016-8318 boo1020872, CVE-2017-3312 boo1020873, CVE-2017-3258 boo1020875, CVE-2017-3273 boo1020876, CVE-2017-3244 boo102087...