7605 matches found
Security update for mariadb (important)
This update for mariadb to 10.0.27 fixes the following issues: release notes: https://kb.askmonty.org/en/mariadb-10027-release-notes https://kb.askmonty.org/en/mariadb-10026-release-notes changelog: https://kb.askmonty.org/en/mariadb-10027-changelog...
Security update for bind (important)
This update for bind fixes the following issues: - A defect in BIND's handling of responses containing a DNAME answer had the potential to trigger assertion errors in the server remotely, thereby facilitating a denial-of-service attack. CVE-2016-8864, bsc1007829. - Fix BIND to return a valid...
Security update for bind (important)
This update for bind fixes the following issues: - A defect in BIND's handling of responses containing a DNAME answer had the potential to trigger assertion errors in the server remotely, thereby facilitating a denial-of-service attack. CVE-2016-8864, bsc1007829...
Security update for Mozilla Firefox (important)
Mozilla Firefox was updated to 49.0.2 to fix two security issues and some bugs. The following vulnerabilities were fixed: CVE-2016-5287: Crash in nsTArraybase bsc1006475 CVE-2016-5288: Web content can read cache entries bsc1006476 The following changes and fixes are included: Asynchronous renderi...
Security update for chromium (important)
This update to Chromium 54.0.2840.90: fixes the following security issues: - CVE-2016-5198: out of bounds memory access in v8 boo1008274...
Security update for chromium (important)
This update to Chromium 54.0.2840.90: fixes the following security issues: - CVE-2016-5198: out of bounds memory access in v8 boo1008274...
Security update for flash-player (important)
This update for Adobe Flash Player to 11.2.202.643 fixes the following vulnerability: - CVE-2016-7855: use-after-free vulnerability APSB16-36, boo1007098...
Security update for flash-player (important)
This update for Adobe Flash Player to 11.2.202.643 fixes the following vulnerability: - CVE-2016-7855: use-after-free vulnerability APSB16-36, boo1007098...
kernel update for Evergreen 11.4 (important)
This kernel update fixes the well known "Dirty COW" issue as well as a bunch of other security and non-security related issues...
Security update for ghostscript (important)
This update for ghostscript fixes the following issues: - CVE-2016-8602: Fixes a NULL dereference in .sethalftone5 boo1004237. - CVE-2013-5653, CVE-2016-7978, CVE-2016-7979: Fix multiple -dsafer related CVE's boo1001951...
Security update for quagga (important)
This update for quagga fixes the following issue: - CVE-2016-1245: Fix for a zebra stack overrun in IPv6 RA receive code. bsc1005258...
Security update for qemu (important)
qemu was updated to fix 19 security issues. These security issues were fixed: - CVE-2016-2392: The isrndis function in the USB Net device emulator hw/usb/dev-network.c in QEMU did not properly validate USB configuration descriptor objects, which allowed local guest OS administrators to cause a...
Security update for Mozilla Firefox (important)
Mozilla Firefox was updated to 49.0.2 to fix two security issues a some bugs. The following vulnerabilities were fixed: CVE-2016-5287: Crash in nsTArraybase bsc1006475 CVE-2016-5288: Web content can read cache entries bsc1006476 The following changes and fixes are included: Asynchronous rendering...
Security update for the Linux Kernel (important)
The openSUSE 13.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-8956: The rfcommsockbind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service...
Security update for quagga (important)
This update for quagga fixes the following issue: - CVE-2016-1245: Fix for a zebra stack overrun in IPv6 RA receive code. bsc1005258...
Security update for gd (important)
This update for gd fixes the following issue: - CVE-2016-7568: Integer overflow in the gdImageWebpCtx function in gdwebp.c libgd bsc1001900...
Security update for php5 (important)
This update for php5 fixes the following issu: - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf bsc1004924. - CVE-2016-7568: Integer overflow in the gdImageWebpCtx function in gdwebp.c libgd bsc1001900. - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf bsc1005274...
Security update for Chromium (important)
Chromium was updated to 54.0.2840.59 to fix security issues and bugs. The following security issues are fixed bnc1004465: - CVE-2016-5181: Universal XSS in Blink - CVE-2016-5182: Heap overflow in Blink - CVE-2016-5183: Use after free in PDFium - CVE-2016-5184: Use after free in PDFium -...
Security update for the Linux Kernel (important)
The openSUSE 13.1 kernel was updated to fix bugs and security issues. The following security bugs were fixed: - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service stack consumption and panic or possibly have unspecified other impact by triggering...
Security update for the Linux Kernel (important)
The openSUSE Leap 42.1 kernel was updated to 4.1.34, fixing bugs and security issues. The following security bugs were fixed: - CVE-2016-5195: A local privilege escalation using MAPPRIVATE was fixed, which is reportedly exploited in the wild bsc1004418. - CVE-2016-8658: Stack-based buffer overflo...
Security update for ghostscript-library (important)
This update for ghostscript-library fixes the following issues: - Multiple security vulnerabilities have been discovered where ghostscript's "-dsafer" flag did not provide sufficient protection against unintended access to the file system. Thus, a machine that would process a specially crafted...
Security update for php5 (important)
This update for php5 fixes the following security issues: CVE-2016-7411: php5: Memory corruption when destructing deserialized object CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNEDFLAG in BIT field CVE-2016-7413: Use after free in wddxdeserialize CVE-2016-7414: Out of bounds...
Security update for systemd (important)
This update for systemd fixes the following security issue: - CVE-2016-7796: A zero-length message received over systemd's notification socket could make managerdispatchnotifyfd return an error and, as a side effect, disable the notification handler completely. As the notification socket is...
Security update for compat-openssl098 (important)
This update for compat-openssl098 fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 Constant time fla...
Security update for systemd (important)
This update for systemd fixes the following issues: - CVE-2016-7796: A zero-length message received over systemd's notification socket could make managerdispatchnotifyfd return an error and, as a side effect, disable the notification handler completely. As the notification socket is world-writabl...
Security update for xen (important)
This update for xen fixes the following issues: These security issues were fixed: - CVE-2016-7092: The getpagefroml3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables bsc995785 - CVE-2016-709...
Security update for nodejs (important)
This update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues: Nodejs embedded openssl version update + upgrade to 1.0.2j CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052 + remove support for dynamic 3rd party engine modules http: Properly...
Security update for xen (important)
This update for xen fixes the following issues: These security issues were fixed: - CVE-2016-7092: The getpagefroml3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables bsc995785 - CVE-2016-709...
Security update for python-Jinja2 (important)
This update for python-Jinja2 fixes the following issues: Update to version 2.8: - Added target parameter to urlize function. - Added support for followsymlinks to the file system loader. - The truncate filter now counts the length. - Added equalto filter that helps with select filters. - Changed...
Security update for postgresql94 (important)
This update for postgresql94 to version 9.4.9 fixes the several issues. These security issues were fixed: - CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference bsc993454. - CVE-2016-5424: Fix client programs' handling of special characters in database and role names...
Security update for php5 (important)
This update for php5 fixes the following security issues: CVE-2016-6128: Invalid color index not properly handled bsc987580 CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif bsc988032 CVE-2016-6292: Null pointer dereference in exifprocessusercomment...
Security update for mariadb (important)
This update for mariadb to 10.0.27 fixes the following issues: Security issue fixed: CVE-2016-6662: A malicious user with SQL and filesystem access could create a my.cnf in the datadir and, under certain circumstances, execute arbitrary code as mysql or even root user. bsc998309 release notes:...
Security update for php5 (important)
This update for php5 fixes the following security issues: CVE-2016-7411: Memory corruption when destructing deserialized object CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNEDFLAG in BIT field CVE-2016-7413: Use after free in wddxdeserialize CVE-2016-7414: Out of bounds heap...
Security update for postgresql93 (important)
The postgresql server postgresql93 was updated to 9.3.14 fixes the following issues: Update to version 9.3.14: Fix possible mis-evaluation of nested CASE-WHEN expressions CVE-2016-5423, boo993454 Fix client programs' handling of special characters in database and role names CVE-2016-5424, boo9934...
Security update for openssl (important)
This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 Constant time flag not...
Security update for bind (critical)
The nameserver bind was updated to fix a remote denial of service vulnerability, where a crafted packet could cause the nameserver to abort. CVE-2016-2776, bsc1000362 This update was imported from the SUSE:SLE-12-SP1:Update update project...
Security update for openssl (important)
This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 boo999665 Severity: High OCSP Status Request extension unbounded memory growth CVE-2016-6304 boo999666 Severity: Low Pointer arithmetic undefined behaviour CVE-2016-2177 boo982575 Constant time flag not...
Security update for MozillaFirefox, mozilla-nss (important)
MozillaFirefox was updated to version 49.0 boo999701 - New features Updated Firefox Login Manager to allow HTTPS pages to use saved HTTP logins. Added features to Reader Mode that make it easier on the eyes and the ears Improved video performance for users on systems that support SSE3 without...
Recommended update for flash-player (important)
This update for flash-player fixes the following security issues APSB16-29, boo998589: integer overflow vulnerability that could lead to code execution CVE-2016-4287. use-after-free vulnerabilities that could lead to code execution CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923,...
Security update for MozillaFirefox, mozilla-nss (important)
This update for MozillaFirefox and mozilla-nss fixes the following issues: MozillaFirefox was updated to version 49.0 boo999701 - New features Updated Firefox Login Manager to allow HTTPS pages to use saved HTTP logins. Added features to Reader Mode that make it easier on the eyes and the ears...
Security update for php5 (important)
This update for php5 fixes the following security issues: CVE-2016-7124: Create an Unexpected Object and Don't Invoke wakeup in Deserialization CVE-2016-7125: PHP Session Data Injection Vulnerability CVE-2016-7126: selectcolors write out-of-bounds CVE-2016-7127: imagegammacorrect allowed arbitrar...
Recommended update for chromium (important)
Chromium was updated to 53.0.2785.113 to fix a number of security issues and bugs. The following vulnerabilities were fixed: - CVE-2016-5170: Use after free in Blink - CVE-2016-5171: Use after free in Blink - CVE-2016-5172: Arbitrary Memory Read in v8 - CVE-2016-5173: Extension resource access -...
Security update for chromium (important)
Chromium was updated to 53.0.2785.113 to fix a number of security issues and bugs. The following vulnerabilities were fixed: - CVE-2016-5170: Use after free in Blink - CVE-2016-5171: Use after free in Blink - CVE-2016-5172: Arbitrary Memory Read in v8 - CVE-2016-5173: Extension resource access -...
Recommended update for chromium (important)
Chromium was updated to 53.0.2785.113 to fix a number of security issues and bugs. The following vulnerabilities were fixed: - CVE-2016-5170: Use after free in Blink - CVE-2016-5171: Use after free in Blink - CVE-2016-5172: Arbitrary Memory Read in v8 - CVE-2016-5173: Extension resource access -...
Recommended update for flash-player (important)
This update for flash-player fixes the following security issues APSB16-29, boo998589: integer overflow vulnerability that could lead to code execution CVE-2016-4287. use-after-free vulnerabilities that could lead to code execution CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923,...
Security update for Chromium (important)
Chromium was updated to 53.0.2785.101 to fix a number of security issues and bugs. The following vulnerabilities were fixed: boo996648 - CVE-2016-5147: Universal XSS in Blink. - CVE-2016-5148: Universal XSS in Blink. - CVE-2016-5149: Script injection in extensions. - CVE-2016-5150: Use after free...
Security update for the Linux Kernel (important)
The openSUSE Leap 42.1 kernel was updated to 4.1.31 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service memory...
Security update for Chromium (important)
Chromium was updated to 53.0.2785.89 to fix a number of security issues. The following vulnerabilities were fixed: boo996648 - CVE-2016-5147: Universal XSS in Blink. - CVE-2016-5148: Universal XSS in Blink. - CVE-2016-5149: Script injection in extensions. - CVE-2016-5150: Use after free in Blink....
Security update for karchive (important)
This update for karchive fixes the following issues: - CVE-2016-6232: A remote attacker could have been able to overwrite arbitrary files when tricking the user into downloading KDE extras such as wallpapers or Plasma Applets boo989698...
Security update for the Linux Kernel (important)
The openSUSE 13.1 kernel was updated to 3.12.62 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2014-9904: The sndcompresscheckinput function in sound/core/compressoffload.c in the ALSA subsystem in the Linux kernel did not properly check for an integer...