7590 matches found
Security update for the Linux Kernel (important)
The openSUSE Leap 42.1 kernel to 4.1.38 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-7117: Use-after-free vulnerability in the sysrecvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors...
Security update for the Linux Kernel (important)
The openSUSE 42.2 kernel was updated to 4.4.42 stable release. The following security bugs were fixed: - CVE-2016-7117: Use-after-free vulnerability in the sysrecvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg...
Security update for tigervnc (important)
This update for tigervnc fixes the following issues: This security issue was fixed: - CVE-2016-10207: Prevent crash caused by failed TLS connection bnc1023012 This non-security issue was fixed: Fix random client disconnections boo1022432...
Security update for spice (important)
This security update for spice fixes the following issues: CVE-2016-9577: A buffer overflow in the spice server could have potentially been used by unauthenticated attackers to execute arbitrary code. bsc1023078 CVE-2016-9578: Unauthenticated attackers could have caused a denial of service via a...
Security update for spice (important)
This security update for spice fixes the following issues: - CVE-2016-9577: A buffer overflow in the spice server could have potentially been used by unauthenticated attackers to execute arbitrary code. bsc1023078 - CVE-2016-9578: Unauthenticated attackers could have caused a denial of service vi...
Security update for gnutls (important)
This update for gnutls fixes the following security issues: - GnuTLS could have crashed when processing maliciously crafted OpenPGP certificates GNUTLS-SA-2017-2, bsc1018832, CVE-2017-5335, CVE-2017-5337, CVE-2017-5336 - GnuTLS could have falsely accepted certificates when using OCSP...
Security update for virtualbox (important)
This update for virtualbox to version 5.1.14 fixes the following issues: These security issues were fixed: - CVE-2016-5545: Vulnerability in the GUI subcomponent of virtualbox allows unauthenticated attacker unauthorized update, insert or delete access to some data as well as unauthorized read...
Security update for java-1_8_0-openjdk (important)
This update for java-180-openjdk fixes the following issues: Oracle Critical Patch Update of January 2017 bsc1020905 Upgrade to version jdk8u121 icedtea 3.3.0: - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution...
Security update for MozillaFirefox (important)
This update for MozillaFirefox to version 51.0.1 fixes security issues and bugs. These security issues were fixed: CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP bmo1325200, boo1021814 CVE-2017-5376: Use-after-free in XSL bmo1311687, boo1021817 CVE-2017-5377: Memory...
Security update for seamonkey (important)
This update for Seamonkey to version 2.46 fixes security issues and bugs. The following vulnerabilities were fixed: - Fix all Gecko related security issues between 43.0.1 and 49.0.2 - CVE-2016-6354: buffer overrun in flex boo990856 The following non-security changes are included: - improve...
Security update for virtualbox (important)
This update for virtualbox to version 5.0.32 fixes the following issues: These security issues were fixed: - CVE-2016-5545: Vulnerability in the GUI subcomponent of virtualbox allows unauthenticated attacker unauthorized update, insert or delete access to some data as well as unauthorized read...
Security update for rabbitmq-server (important)
This update for rabbitmq-server fixes the following issue: - CVE-2016-9877: An issue in Pivotal RabbitMQ caused connection authentication with a username/password pair to succeed if an existing username was provided but the password is omitted from the connection request. Connections that use TLS...
Security update for gstreamer-0_10-plugins-good (important)
This update for gstreamer-010-plugins-good fixes the following issues: - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write bsc1012102 - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write bsc1012103 - CVE-2016-9636: Prevent maliciously craft...
Security update for systemd (important)
This update for systemd fixes the following issues: This security issue was fixed: - CVE-2016-10156: Fix permissions set on permanent timer timestamp files, preventing local unprivileged users from escalating privileges bsc1020601. These non-security issues were fixed: - Fix permission set on...
Security update for openjpeg2 (important)
This update for openjpeg2 fixes the following issues: CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm could lead to heap buffer overflow bsc1014543 CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop bsc1014975 CVE-2016-7445: Null pointer...
Security update for qemu (important)
qemu was updated to fix several issues. These security issues were fixed: - CVE-2016-9102: Memory leak in the v9fsxattrcreate function in hw/9pfs/9p.c in allowed local guest OS administrators to cause a denial of service memory consumption and QEMU process crash via a large number of Txattrcreate...
Security update for bind (important)
This update for bind fixes the following issues: - Fix a potential assertion failure that could have been triggered by a malformed response to an ANY query, thereby facilitating a denial-of-service attack. CVE-2016-9131, bsc1018700, bsc1018699 - Fix a potential assertion failure that could have...
Security update for openjpeg2 (important)
This update for openjpeg2 fixes the following issues: CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm could lead to heap buffer overflow bsc1014543 CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop bsc1014975 CVE-2016-7445: Null pointer...
Security update for bind (important)
This update for bind fixes the following issues: - Fix a potential assertion failure that could have been triggered by a malformed response to an ANY query, thereby facilitating a denial-of-service attack. CVE-2016-9131, bsc1018700, bsc1018699 - Fix a potential assertion failure that could have...
Security update for icoutils (important)
This update for icoutils to version 0.31.1 fixes the following issues: - CVE-2017-5208: An integer overflow allows maliciously crafted files to cause DoS or code execution boo1018756. - CVE-2017-5331: Incorrect out of bounds checks in checkoffset allow for DoS or code execution boo1018756. -...
Security update for icoutils (important)
This update for icoutils to version 0.31.1 fixes the following issues: - CVE-2017-5208: An integer overflow allows maliciously crafted files to cause DoS or code execution boo1018756. - CVE-2017-5331: Incorrect out of bounds checks in checkoffset allow for DoS or code execution boo1018756. -...
Security update for icoutils (important)
This update for icoutils to version 0.31.1 fixes the following issues: - CVE-2017-5208: An integer overflow allows maliciously crafted files to cause DoS or code execution boo1018756. - CVE-2017-5331: Incorrect out of bounds checks in checkoffset allow for DoS or code execution boo1018756. -...
Security update for gstreamer-0_10-plugins-good (important)
This update for gstreamer-010-plugins-good fixes the following issues: - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write bsc1012102 - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write bsc1012103 - CVE-2016-9636: Prevent maliciously craft...
Security update for python-pycrypto (important)
This update for python-pycrypto fixes the following issues: - A heap buffer overflow in the AES module was fixed that could have lead to remote code execution, if the mode of operation can be specified from the outside CVE-2013-7459, boo1017420...
Security update for openjpeg2 (important)
This update for openjpeg2 fixes the following issues: CVE-2016-9114: NULL Pointer Access in function imagetopnm of convert.c:1943jp2 could lead to crash bsc1007740 CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.cjp2 bsc1007741 CVE-2016-9580, CVE-2016-9581: Possible Heap...
Security update for gstreamer-plugins-good (important)
This update for gstreamer-plugins-good fixes the following issues: - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write bsc1012102 - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write bsc1012103 - CVE-2016-9636: Prevent maliciously crafted...
Security update for icinga (important)
This update for icinga includes various upstream fixes and the following security security fixes: - icinga was updated to version 1.14.0 - the classic-UI was vulnerable to a cross site scripting attack CVE-2015-8010, boo952777 - A user with nagios privileges could have gained root privileges by...
Security update for gstreamer-plugins-good (important)
This update for gstreamer-plugins-good fixes the following issues: - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write bsc1012102 - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write bsc1012103 - CVE-2016-9636: Prevent maliciously crafted...
Security update for flash-player (important)
This update to Adobe Flash 24.0.0.194 fixes the following vulnerabilities advised under APSB17-02: - security bypass vulnerability that could lead to information disclosure CVE-2017-2938 - use-after-free vulnerabilities that could lead to code execution CVE-2017-2932, CVE-2017-2936, CVE-2017-2937...
Security update for jasper (important)
This update for jasper fixes the following issues: - CVE-2016-8654: Heap-based buffer overflow in QMFB code in JPC codec. bsc1012530 - CVE-2016-9395: Invalid jasper files could lead to abort of the library caused by attacker provided image. bsc1010977 - CVE-2016-9398: Invalid jasper files could...
Security update for gstreamer-plugins-good (important)
This update for gstreamer-plugins-good fixes the following security issues: - CVE-2016-9807: Flic decoder invalid read could lead to crash. bsc1013655 - CVE-2016-9634: Flic out-of-bounds write could lead to code execution. bsc1012102 - CVE-2016-9635: Flic out-of-bounds write could lead to code...
Security update for ImageMagick (important)
This update for ImageMagick fixes the following issues: CVE-2016-9556 Possible Heap-overflow found by fuzzing bsc1011130 CVE-2016-9559 Possible Null pointer access found by fuzzing bsc1011136 CVE-2016-8707 Possible code execution in Tiff conver utility bsc1014159 CVE-2016-8866 Memory allocation...
Security update for libgme (important)
This update for libgme fixes the following issues: - CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961: Various issues were fixed in the handling of SPC music files that could have been exploited for gaining privileges of desktop users. bsc1015941 This update was imported...
Security update for dnsmasq (important)
This update for dnsmasq fixes the following issues: - CVE-2015-8899: Denial of service between local and remote dns entries bsc983273 This update was imported from the SUSE:SLE-12-SP1:Update update project...
Security update for xen (important)
This updates xen to version 4.4.406 to fix the following issues: - An unprivileged user in a guest could gain guest could escalate privilege to that of the guest kernel, if it had could invoke the instruction emulator. Only 64-bit x86 HVM guest were affected. Linux guest have not been vulnerable...
Security update for xen (important)
This updates xen to version 4.5.5 to fix the following issues: - An unprivileged user in a guest could gain guest could escalate privilege to that of the guest kernel, if it had could invoke the instruction emulator. Only 64-bit x86 HVM guest were affected. Linux guest have not been vulnerable...
Security update for xen (important)
This update for xen fixes the following issues: - A Mishandling of SYSCALL singlestep during emulation which could have lead to privilege escalation. XSA-204, bsc1016340, CVE-2016-10013 - CMPXCHG8B emulation failed to ignore operand size override which could have lead to information disclosure...
Security update for the Linux Kernel (important)
The openSUSE 42.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-9756: KVM: x86: drop error recovery in emjmpfar and emretfar bsc1013038. The following non-security bugs were fixed: - scsi: megaraidsas: fix macro MEGASASISLOGICAL to...
Security update for MozillaFirefox (important)
This update to MozillaFirefox 50.1.0 fixes the following vulnerabilities: - CVE-2016-9894: Buffer overflow in SkiaGL - CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements - CVE-2016-9895: CSP bypass using marquee tag - CVE-2016-9896: Use-after-free with WebVR -...
Security update for roundcubemail (important)
This update for roundcubemail fixes the following issues: - A maliciously crafted email could cause untrusted code to be executed cross site scripting using $lt;area href=javascript:... boo982003, CVE-2016-5103 - Avoid HTML styles that could cause potential click jacking boo1001856 - A maliciousl...
Security update for ImageMagick (important)
This security update for ImageMagick fixes the following issues: - a maliciously crafted compressed TIFF image could cause code remote code execution in the convert utility in particular circumstances CVE-2016-8707, boo1014159 - a memory allocation failure was fixed CVE-2016-8866, boo1009318,...
Security update for MozillaFirefox (important)
This update to MozillaFirefox 50.1.0 fixes the following vulnerabilities: - CVE-2016-9894: Buffer overflow in SkiaGL - CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements - CVE-2016-9895: CSP bypass using marquee tag - CVE-2016-9896: Use-after-free with WebVR -...
Security update for lxc (important)
This update for lxc fixes the following issue: - CVE-2016-8649: guest escape via ptrace of lxc-attach boo1010933...
Security update for gstreamer-plugins-bad (important)
This update for gstreamer-plugins-bad fixes the following issues: - Maliciously crafted VMnc VMware video streams typically contained in .avi files could cause code execution during decoding or information leaks due to an unitialized buffer CVE-2016-9445, CVE-2016-9446, boo1010829...
Security update for gstreamer-0_10-plugins-bad (important)
This update for gstreamer-010-plugins-bad fixes the following issues: - Maliciously crafted VMnc files VMWare video format could lead to crashes CVE-2016-9445, CVE-2016-9446, boo1010829. - Maliciously crafted NSF files NES sound format could lead to arbitrary code execution CESA-2016-0001,...
Security update for tomcat (important)
This update for tomcat fixes the following issues: Feature changes: The embedded Apache Commons DBCP component was updated to version 2.0. bsc1010893 fate321029 Security fixes: - CVE-2016-0762: Realm Timing Attack bsc1007854 - CVE-2016-5018: Security Manager Bypass bsc1007855 - CVE-2016-6794:...
Security update for xen (important)
xen was updated to version 4.7.1 to fix 17 security issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host bsc1011652. - CVE-2016-9386: x86 null segments were not always treated as...
Security update for tomcat (important)
This update for Tomcat provides the following fixes: Feature changes: The embedded Apache Commons DBCP component was updated to version 2.0. bsc1010893 fate321029 Security fixes: - CVE-2016-0762: Realm Timing Attack bsc1007854 - CVE-2016-5018: Security Manager Bypass bsc1007855 - CVE-2016-6794:...
Security update for the Linux Kernel (important)
The openSUSE 13.1 kernel was updated to fix two security issues. The following security bugs were fixed: - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg or /dev/bsg to elevate their privileges bsc1013604. - CVE-2016-9794: A...
Security update for Chromium (important)
This update to Chromium 55.0.2883.75 fixes the following vulnerabilities: - CVE-2016-9651: Private property access in V8 - CVE-2016-5208: Universal XSS in Blink - CVE-2016-5207: Universal XSS in Blink - CVE-2016-5206: Same-origin bypass in PDFium - CVE-2016-5205: Universal XSS in Blink -...