7590 matches found
Security update for qemu (important)
This update for qemu fixes the following issues: - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE12-SP1 - Change package post script udevadm trigger calls to be device specific bsc1002116 - Address various security/stability issues Fix OOB access in...
Security update for the openSUSE Leap 42.1 kernel. (important)
The openSUSE Leap 42.1 kernel has been updated to fix a security issue: - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg or /dev/bsg to elevate their privileges bsc1013604...
Security update for the Linux Kernel (important)
The openSUSE 14.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg or /dev/bsg to elevate their privileges bsc1013604. The...
Security update for the Linux Kernel (important)
The openSUSE 13.1 kernel was updated to receive various critical security fixes. The following security bugs were fixed: - CVE-2016-8655: A race condition in the afpacket packetsetring function could be used by local attackers to crash the kernel or gain privileges bsc1012754. - CVE-2016-8632: Th...
Security update for the Linux Kernel (important)
The openSUSE 13.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-8962: Double free vulnerability in the sgcommonwrite function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of...
Security update for GraphicsMagick (important)
This update for GraphicsMagick fixes the following issues: - a possible shell execution attack was fixed. if the first character of an input filename for 'convert' was a '|' then the remainder of the filename was passed to the shell CVE-2016-5118, boo982178 - Maliciously crafted pnm files could...
Security update for the Linux Kernel (important)
The openSUSE Leap 42.1 kernel was updated to 4.1.36 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-8655: A race condition in the afpacket packetsetring function could be used by local attackers to crash the kernel or gain privileges bsc1012754. -...
Security update for the Linux Kernel (important)
The openSUSE Leap 42.2 kernel was updated to 4.4.36 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended...
Security update for roundcubemail (important)
roundcubemail was updated to version 1.1.7 and fixes the following issues: - Update to 1.1.7 A maliciously crafted FROM value could cause extra parameters to be passed to the sendmail command boo1012493 A maliciously crafted email could cause untrusted code to be executed cross site scripting usi...
Security update for tiff (important)
Tiff was updated to version 4.0.7. This update fixes the following issues: libtiff/tifaux.c + Fix crash in TIFFVGetFieldDefaulted when requesting Predictor tag and that the zip/lzw codec is not configured. http://bugzilla.maptools.org/showbug.cgi?id=2591 libtiff/tifcompress.c + Make TIFFNoDecode...
Security update for roundcubemail (important)
This update for roundcubemail fixes the following issues: - A maliciously crafted email could cause untrusted code to be executed cross site scripting using $lt;area href=javascript:... boo982003, CVE-2016-5103 - Avoid HTML styles that could cause potential click jacking boo1001856 - A maliciousl...
Security update for mariadb (important)
This mariadb update to version 10.0.28 fixes the following issues bsc1008318: Security fixes: - CVE-2016-8283: Unspecified vulnerability in subcomponent Types bsc1005582 - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption bsc1005581 - CVE-2016-5629: Unspecified vulnerability in...
Security update for mariadb (important)
This mariadb update to version 10.0.28 fixes the following issues bsc1008318: Security fixes: - CVE-2016-8283: Unspecified vulnerability in subcomponent Types bsc1005582 - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption bsc1005581 - CVE-2016-5629: Unspecified vulnerability in...
Security update for the Linux Kernel (important)
The openSUSE 13.1 kernel was updated to 3.12.67 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2013-5634: arch/arm/kvm/arm.c in the Linux kernel on the ARM platform, when KVM is used, allowed host OS users to cause a denial of service NULL pointer...
Security update for MozillaThunderbird (important)
This update for MozillaThunderbird fixes some potential security issues and bugs. The following security flaws cannot be exploited through email because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts: - CVE-2016-9079: SVG Animation Remote Co...
Security update for Mozilla Firefox, Thunderbird and NSS (important)
This update to Mozilla Firefox 50.0.2, Thunderbird 45.5.1 and NSS 3.16.2 fixes a number of security issues. The following vulnerabilities were fixed in Mozilla Firefox MFSA 2016-89: - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterizeedges1 bmo1292443 - CVE-2016-5292: URL parsing causes crash...
Security update for MozillaFirefox (important)
MozillaFirefox is updated to version 50.0.2 which fixes the following issues: Firefox crashed with 3rd party Chinese IME when using IME text fixed in version 50.0.1 Redirection from an HTTP connection to a data: URL could inherit wrong origin after an HTTP redirect fixed in version 50.0.1,...
Security update for vim (important)
This update for vim fixes the following security issues: - Fixed CVE-2016-1248 an arbitrary command execution vulnerability bsc1010685 This update for vim fixes the following issues: - Fix build with Python 3.5. bsc988903 This update was imported from the SUSE:SLE-12:Update update project...
Security update for vim (important)
This update for vim fixes the following security issues: - Fixed CVE-2016-1248 an arbitrary command execution vulnerability bsc1010685...
Security update for Mozilla Thunderbird (important)
This update contains Mozilla Thunderbird 45.5.1 and fixes one vulnerability. In Mozilla Thunderbird, this vulnerability may be exploited when used in a browser-like context. - CVE-2016-9079: SVG Animation Remote Code Execution MFSA 2016-92, bsc1012964, bmo1321066...
Security update for java-1_8_0-openjdk (important)
OpenJDK Java was updated to jdk8u111 icedtea 3.2.0 to fix the following issues: Security fixes + S8146490: Direct indirect CRL checks + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks bsc1005522 + S8156794: Extend data shari...
Security update for pacemaker (important)
This update for pacemaker fixes the following issues: Security issues fixed: - CVE-2016-7797: Notify other clients of a new connection only if the handshake has completed bsc967388, bsc1002767. - CVE-2016-7035: Fixed improper IPC guarding in pacemaker bsc1007433. Bug fixes: - bsc1003565: crmd:...
Security update for php5 (important)
This update for php5 fixes the following issues: CVE-2016-9137: Fixed a use after free in unserialize in curl file deserialization boo1008029...
Security update for java-1_8_0-openjdk (important)
OpenJDK java-180-openjdk was updated to jdk8u111 icedtea 3.2.0 to fix the following issues: Security fixes + S8146490: Direct indirect CRL checks + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks boo1005522 + S8156794: Exten...
Security update for MozillaFirefox, mozilla-nss (important)
This update to Mozilla Firefox 50.0 fixes a number of security issues. The following vulnerabilities were fixed in Mozilla Firefox MFSA 2016-89: - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterizeedges1 bmo1292443 - CVE-2016-5292: URL parsing causes crash bmo1288482 - CVE-2016-5297: Incorrec...
Security update for php5 (important)
This update for php5 fixes the following security issues: - CVE-2016-7568: A specially crafted image file could cause an application crash or potentially execute arbitrary code when the image is converted to webp bsc1001900 - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf bsc1004924 -...
Security update for php5 (important)
This update for php5 fixes the following security issues: - CVE-2016-7568: A specially crafted image file could cause an application crash or potentially execute arbitrary code when the image is converted to webp bsc1001900 - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf bsc1004924 -...
Security update for Chromium (important)
This update to Chromium 54.0.2840.100 fixes the following vulnerabilities: - CVE-2016-5199: Heap corruption in FFmpeg boo1009892 - CVE-2016-5200: out of bounds memory access in v8 boo1009893 - CVE-2016-5201: info leak in extensions boo1009894 - CVE-2016-5202: various fixes from internal audits...
Security update for Chromium (important)
This update to Chromium 54.0.2840.100 fixes the following vulnerabilities: - CVE-2016-5199: Heap corruption in FFmpeg boo1009892 - CVE-2016-5200: out of bounds memory access in v8 boo1009893 - CVE-2016-5201: info leak in extensions boo1009894 - CVE-2016-5202: various fixes from internal audits...
Security update for mysql-community-server (important)
mysql-community-server was updated to 5.6.34 to fix the following issues: Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html...
Security update for flash-player (important)
This update to Adobe Flash Player 11.2.202.644 fixes the following security issues: - type confusion vulnerabilities that could lead to code execution CVE-2016-7860, CVE-2016-7861, CVE-2016-7865 - use-after-free vulnerabilities that could lead to code execution CVE-2016-7857, CVE-2016-7858,...
Security update for flash-player (important)
This update to Adobe Flash Player 11.2.202.644 fixes the following security issues: - type confusion vulnerabilities that could lead to code execution CVE-2016-7860, CVE-2016-7861, CVE-2016-7865 - use-after-free vulnerabilities that could lead to code execution CVE-2016-7857, CVE-2016-7858,...
Security update for gd (important)
This update for gd fixes the following security issues: - CVE-2016-7568: A specially crafted image file could cause an application crash or potentially execute arbitrary code when the image is converted to webp bsc1001900 - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf bsc1004924 -...
Security update for mysql-community-server (important)
mysql-community-server was updated to 5.6.34 to fix the following issues: Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html...
Security update for curl (important)
This update for curl fixes the following security issues: - CVE-2016-8624: invalid URL parsing with '' bsc1005646 - CVE-2016-8623: Use-after-free via shared cookies bsc1005645 - CVE-2016-8622: URL unescape heap overflow via integer truncation bsc1005643 - CVE-2016-8621: curlgetdate read out of...
Security update for mariadb (important)
This update for mariadb to 10.0.27 fixes the following issues: release notes: https://kb.askmonty.org/en/mariadb-10027-release-notes https://kb.askmonty.org/en/mariadb-10026-release-notes changelog: https://kb.askmonty.org/en/mariadb-10027-changelog...
Security update for bind (important)
This update for bind fixes the following issues: - A defect in BIND's handling of responses containing a DNAME answer had the potential to trigger assertion errors in the server remotely, thereby facilitating a denial-of-service attack. CVE-2016-8864, bsc1007829. - Fix BIND to return a valid...
Security update for bind (important)
This update for bind fixes the following issues: - A defect in BIND's handling of responses containing a DNAME answer had the potential to trigger assertion errors in the server remotely, thereby facilitating a denial-of-service attack. CVE-2016-8864, bsc1007829...
Security update for Mozilla Firefox (important)
Mozilla Firefox was updated to 49.0.2 to fix two security issues and some bugs. The following vulnerabilities were fixed: CVE-2016-5287: Crash in nsTArraybase bsc1006475 CVE-2016-5288: Web content can read cache entries bsc1006476 The following changes and fixes are included: Asynchronous renderi...
Security update for chromium (important)
This update to Chromium 54.0.2840.90: fixes the following security issues: - CVE-2016-5198: out of bounds memory access in v8 boo1008274...
Security update for chromium (important)
This update to Chromium 54.0.2840.90: fixes the following security issues: - CVE-2016-5198: out of bounds memory access in v8 boo1008274...
Security update for flash-player (important)
This update for Adobe Flash Player to 11.2.202.643 fixes the following vulnerability: - CVE-2016-7855: use-after-free vulnerability APSB16-36, boo1007098...
Security update for flash-player (important)
This update for Adobe Flash Player to 11.2.202.643 fixes the following vulnerability: - CVE-2016-7855: use-after-free vulnerability APSB16-36, boo1007098...
kernel update for Evergreen 11.4 (important)
This kernel update fixes the well known "Dirty COW" issue as well as a bunch of other security and non-security related issues...
Security update for ghostscript (important)
This update for ghostscript fixes the following issues: - CVE-2016-8602: Fixes a NULL dereference in .sethalftone5 boo1004237. - CVE-2013-5653, CVE-2016-7978, CVE-2016-7979: Fix multiple -dsafer related CVE's boo1001951...
Security update for quagga (important)
This update for quagga fixes the following issue: - CVE-2016-1245: Fix for a zebra stack overrun in IPv6 RA receive code. bsc1005258...
Security update for qemu (important)
qemu was updated to fix 19 security issues. These security issues were fixed: - CVE-2016-2392: The isrndis function in the USB Net device emulator hw/usb/dev-network.c in QEMU did not properly validate USB configuration descriptor objects, which allowed local guest OS administrators to cause a...
Security update for Mozilla Firefox (important)
Mozilla Firefox was updated to 49.0.2 to fix two security issues a some bugs. The following vulnerabilities were fixed: CVE-2016-5287: Crash in nsTArraybase bsc1006475 CVE-2016-5288: Web content can read cache entries bsc1006476 The following changes and fixes are included: Asynchronous rendering...
Security update for the Linux Kernel (important)
The openSUSE 13.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-8956: The rfcommsockbind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service...
Security update for quagga (important)
This update for quagga fixes the following issue: - CVE-2016-1245: Fix for a zebra stack overrun in IPv6 RA receive code. bsc1005258...