Security update for Chromium (important)

Chromium was updated to 52.0.2743.82 to fix the following security issues boo989901: - CVE-2016-1706: Sandbox escape in PPAPI - CVE-2016-1707: URL spoofing on iOS - CVE-2016-1708: Use-after-free in Extensions - CVE-2016-1709: Heap-buffer-overflow in sfntly - CVE-2016-1710: Same-origin bypass in...

Security update for ImageMagick (important)

ImageMagick was updated to fix 66 security issues. These security issues were fixed: - CVE-2014-9810: SEGV in dpx file handler. bsc983803. - CVE-2014-9811: Crash in xwd file handler bsc984032. - CVE-2014-9812: NULL pointer dereference in ps file handling bsc984137. - CVE-2014-9813: Crash on...

Security update for flash-player (important)

Adobe Flash Player was updated to 11.2.202.632 to fix many security issues tracked under the upstream advisory APSB16-25, allowing remote attackers to execute arbitrary code when delivering specially crafted Flash content. The following vulnerabilities were fixed: - CVE-2016-4172: memory corrupti...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.1 was updated to 4.1.27 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-4997: A buffer overflow in 32bit compatsetsockopt iptables handling could lead to a local privilege escalation. bsc986362 - CVE-2016-5829: Multiple heap-based...

Security update for flash-player (important)

Adobe Flash Player was updated to 11.2.202.632 to fix many security issues tracked under the upstream advisory APSB16-25, allowing remote attackers to execute arbitrary code when delivering specially crafted Flash content. The following vulnerabilities were fixed: - CVE-2016-4172: memory corrupti...

Security update for Mozilla Thunderbird (important)

This update contains Mozilla Thunderbird 45.2. boo983549 It fixes security issues mostly affecting the e-mail program when used in a browser context, such as viewing a web page or HTMl formatted e-mail. The following vulnerabilities were fixed: - CVE-2016-2818, CVE-2016-2815: Memory safety bugs...

Security update for Mozilla Thunderbird (important)

This update contains Mozilla Thunderbird 45.2. boo983549 It fixes security issues mostly affecting the e-mail program when used in a browser context, such as viewing a web page or HTMl formatted e-mail. The following vulnerabilities were fixed: - CVE-2016-2818, CVE-2016-2815: Memory safety bugs...

Security update for Mozilla Thunderbird (important)

This update contains Mozilla Thunderbird 45.2. boo983549 It fixes security issues mostly affecting the e-mail program when used in a browser context, such as viewing a web page or HTMl formatted e-mail. The following vulnerabilities were fixed: - CVE-2016-2818, CVE-2016-2815: Memory safety bugs...

Security update for php5 (important)

php5 was updated to fix nine security issues. These security issues were fixed: - CVE-2016-5773: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize bsc986247. - CVE-2016-5772: Double Free Courruption in wddxdeserialize bsc986244. - CVE-2016-5771: Use After Free...

Security update for qemu (important)

qemu was updated to fix 29 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation bsc980711 - CVE-2016-4441: Avoid OOB access in 53C9X emulation bsc980723 - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation bsc981266 - CVE-2015-8817: Avoi...

Security update for ImageMagick (important)

ImageMagick was updated to fix 66 security issues. These security issues were fixed: - CVE-2014-9810: SEGV in dpx file handler bsc983803. - CVE-2014-9811: Crash in xwd file handler bsc984032. - CVE-2014-9812: NULL pointer dereference in ps file handling bsc984137. - CVE-2014-9813: Crash on...

Security update for GraphicsMagick (important)

GraphicsMagick was updated to fix 37 security issues. These security issues were fixed: - CVE-2014-9810: SEGV in dpx file handler bsc983803. - CVE-2014-9811: Crash in xwd file handler bsc984032. - CVE-2014-9813: Crash on corrupted viff file bsc984035. - CVE-2014-9814: NULL pointer dereference in...

Security update for mariadb (important)

mariadb was updated to version 10.0.25 to fix 25 security issues. These security issues were fixed: - CVE-2016-0505: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Options bsc980904. - CVE-2016-0546: Unspecified vulnerability...

Security update for mariadb (important)

mariadb was updated to version 10.0.25 to fix 25 security issues. These security issues were fixed: - CVE-2016-0505: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Options bsc980904. - CVE-2016-0546: Unspecified vulnerability...

Security update for obs-service-source_validator (important)

obs-service-sourcevalidator was updated to fix one security issue. This security issue was fixed: - CVE-2016-4007: Several maintained source services are vulnerable to code/paramter injection bsc967265. This non-security issue was fixed: - bsc967610: Several occurrences of uninitialized value...

Security update for obs-service-source_validator (important)

obs-service-sourcevalidator was updated to fix one security issue. This security issue was fixed: - CVE-2016-4007: Several maintained source services are vulnerable to code/paramter injection bsc967265. This non-security issue was fixed: - bsc967610: Several occurrences of uninitialized value...

Security update for Chromium (important)

Chromium was updated to 51.0.2704.103 to fix three vulnerabilities: - CVE-2016-1704: Various fixes from internal audits, fuzzing and other initiatives shared identifier boo985397 Includes vulnerability fixes from 50.0.2661.102 boo979859: - CVE-2016-1667: Same origin bypass in DOM - CVE-2016-1668:...

Security update for ImageMagick (important)

This update for ImageMagick fixes the following issues: This security issue was fixed: - CVE-2016-5118: Prevent code execution via popen bsc982178 This non-security issue was fixed: - Fix encoding of /Title in generated PDFs. bsc867943 This update was imported from the SUSE:SLE-12:Update update...

Security update for vlc (important)

This update for vlc to 2.2.4 to fix the following security issue: - CVE-2016-5108: Fix out-of-bound write in adpcm QT IMA codec boo984382. This also include an update of codecs and libraries to fix these 3rd party security issues: - CVE-2016-1514: Matroska libebml EbmlUnicodeString Heap Informati...

Security update for vlc (important)

This update for vlc to version 2.1.6 fixes the following issues: These CVE were fixed: - CVE-2016-5108: Reject invalid QuickTime IMA files boo984382. - CVE-2016-3941: Heap overflow in processing wav files boo973354. These security issues without were fixed: - Fix heap overflow in decomp stream...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.1 kernel was updated to 4.1.26 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils was...

Security update for ntp (important)

ntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed: - CVE-2016-4953: Bad authentication demobilizes ephemeral associations bsc982065. - CVE-2016-4954: Processing spoofed server packets bsc982066. - CVE-2016-4955: Autokey association reset bsc982067. -...

Security update for Chromium (important)

Chromium was updated to 51.0.2704.103 to fix three vulnerabilities: - CVE-2016-1704: Various fixes from internal audits, fuzzing and other initiatives shared identifier boo985397...

Security update for flash-player (critical)

Adobe flash-player was updated to 11.2.202.626 to fix the following security issues: Security update to 11.2.202.626 boo984695: APSB16-18, CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132,...

Security update for Chromium (important)

Chromium was updated to 51.0.2704.103 to fix three vulnerabilities: - CVE-2016-1704: Various fixes from internal audits, fuzzing and other initiatives shared identifier boo985397...

Security update for Chromium (important)

Chromium was updated to 51.0.2704.103 to fix three vulnerabilities: - CVE-2016-1704: Various fixes from internal audits, fuzzing and other initiatives shared identifier boo985397...

Security update for flash-player (critical)

Adobe flash-player was updated to 11.2.202.626 to fix the following security issues: Security update to 11.2.202.626 boo984695: APSB16-18, CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132,...

Security update for libxml2 (important)

This update for libxml2 fixes the following security issues: - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c bsc963963, bsc965283, bsc981114. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings...

Security update for libxml2 (important)

This update brings libxml2 to version 2.9.4. These security issues were fixed: - CVE-2016-3627: The xmlStringGetNodeList function in tree.c, when used in recovery mode, allowed context-dependent attackers to cause a denial of service infinite recursion, stack consumption, and application crash vi...

Security update for ntp (important)

ntp was updated to fix five security issues. These security issues were fixed: - CVE-2016-4953: Bad authentication demobilizes ephemeral associations bsc982065. - CVE-2016-4954: Processing spoofed server packets bsc982066. - CVE-2016-4955: Autokey association reset bsc982067. - CVE-2016-4956:...

Security update for nodejs (important)

This update for nodejs to version 4.4.5 fixes the several issues. These security issues introduced by the bundled openssl were fixed by going to version 1.0.2h: - CVE-2016-2107: The AES-NI implementation in OpenSSL did not consider memory allocation during a certain padding check, which allowed...

Security update for MozillaFirefox, mozilla-nss (important)

This update to Mozilla Firefox 47 fixes the following issues boo983549: Security fixes: - CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards boo983638 MFSA 2016-49 - CVE-2016-2819: Buffer overflow parsing HTML5 fragments boo983655 MFSA 2016-50 - CVE-2016-2821: Use-after-free deletin...

Security update for php5 (important)

This update for php5 fixes the following issues: - CVE-2013-7456: imagescale out-of-bounds read bnc982009. - CVE-2016-5093: geticuvalueinternal out-of-bounds read bnc982010. - CVE-2016-5094: Don't create strings with lengths outside int range bnc982011. - CVE-2016-5095: Don't create strings with...

Security update for MozillaFirefox, mozilla-nss (important)

This update to Mozilla Firefox 47 fixes the following issues boo983549: Security fixes: - CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards boo983638 MFSA 2016-49 - CVE-2016-2819: Buffer overflow parsing HTML5 fragments boo983655 MFSA 2016-50 - CVE-2016-2821: Use-after-free deletin...

Security update for ImageMagick (important)

This update for ImageMagick fixes the following issues: - security update: CVE-2016-5118 boo982178 + ImageMagick-CVE-2016-5118.patch...

Security update for expat (important)

This update for expat fixes the following issues: Security issue fixed: - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. bsc979441 - CVE-2015-1283: Fix multiple integer overflows. bnc980391 This update was imported from the SUSE:SLE-12:Update updat...

Security update for GraphicsMagick (important)

This update for GraphicsMagick fixes the following issues: - security update: CVE-2016-5118 boo982178 + GraphicsMagick-CVE-2016-5118.patch...

Security update for GraphicsMagick (important)

This update for GraphicsMagick fixes the following issues: - security update: CVE-2016-5118 boo982178 + GraphicsMagick-CVE-2016-5118.patch...

Security update for Chromium (important)

Chromium was updated to 51.0.2704.79 to fix the following vulnerabilities: - CVE-2016-1696: Cross-origin bypass in Extension bindings - CVE-2016-1697: Cross-origin bypass in Blink - CVE-2016-1698: Information leak in Extension bindings - CVE-2016-1699: Parameter sanitization failure in DevTools -...

Security update for Chromium (important)

Chromium was updated to 51.0.2704.79 to fix a number of security issues. boo982719 - CVE-2016-1696: Cross-origin bypass in Extension bindings - CVE-2016-1697: Cross-origin bypass in Blink - CVE-2016-1698: Information leak in Extension bindings - CVE-2016-1699: Parameter sanitization failure in...

Security update for expat (important)

This update for expat fixes the following security issues: - CVE-2015-1283: Fixed multiple integer overflows that could lead to buffer overflows boo980391 - CVE-2016-0718: Fixed Expat XML parser that mishandles certain kinds of malformed input documents boo979441...

Security update for Chromium (important)

Chromium was updated to 51.0.2704.63 to fix the following vulnerabilities boo981886: - CVE-2016-1672: Cross-origin bypass in extension bindings - CVE-2016-1673: Cross-origin bypass in Blink - CVE-2016-1674: Cross-origin bypass in extensions - CVE-2016-1675: Cross-origin bypass in Blink -...

Security update for Chromium (important)

Chromium was updated to 51.0.2704.63 to fix the following vulnerabilities boo981886: - CVE-2016-1672: Cross-origin bypass in extension bindings - CVE-2016-1673: Cross-origin bypass in Blink - CVE-2016-1674: Cross-origin bypass in extensions - CVE-2016-1675: Cross-origin bypass in Blink -...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-2847: Limit the per-user amount of pages allocated in pipes bsc970948. - CVE-2016-3136: mctu232: add sanity checking in probe bnc970955. - CVE-2016-2188: iowarrio...

Security update for php5 (important)

This update for php5 fixes the following security issues: - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mbstrcut bsc977003 - CVE-2015-8867: The PHP function...

Security update for mysql-community-server (important)

This mysql-community-server version update to 5.6.30 fixes the following issues: Security issues fixed: - fixed CVEs boo962779, boo959724: CVE-2016-0705, CVE-2016-0639, CVE-2015-3194, CVE-2016-0640, CVE-2016-2047, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649,...

Security update for ntp (important)

This update for ntp to 4.2.8p7 fixes the following issues: CVE-2016-1547, bsc977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. CVE-2016-1548, bsc977461: Interleave-pivot CVE-2016-1549, bsc977451: Sybil vulnerability: ephemeral association attack. CVE-2016-1550, bsc977464: Improve NTP security...

Security update for GraphicsMagick (important)

This update for GraphicsMagick fixes the following issues: Security issues fixed: - Multiple security issues in GraphicsMagick/ImageMagick boo978061 CVE-2016-3714, CVE-2016-3718, CVE-2016-3715, CVE-2016-3717...

Security update for Chromium (important)

Chromium was updated to 50.0.2661.102 to fix four vulnerabilities boo979859: - CVE-2016-1667: Same origin bypass in DOM - CVE-2016-1668: Same origin bypass in Blink V8 bindings - CVE-2016-1669: Buffer overflow in V8 - CVE-2016-1670: Race condition in loader...

Security update for flash-player (important)

This security update for flash-player to 11.2.202.621 fixes the following issues boo979422: A critical vulnerability CVE-2016-4117 exists in Adobe Flash Player 21.0.0.226 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially...