7585 matches found
Security update for glibc (critical)
This update for glibc fixes the following security issues: fix stack overflow in the glibc libresolv DNS resolver function getaddrinfo, known as CVE-2015-7547. It is a client side networked/remote vulnerability...
Security update for glibc (important)
This update for glibc fixes the following issues: - errorcheck-mutex-no-elision.patch: Don't do lock elision on an error checking mutex boo956716, BZ 17514 - reinitialize-dlloadwritelock.patch: Reinitialize dlloadwritelock on fork boo958315, BZ 19282 - send-dg-buffer-overflow.patch: Fix getaddrin...
Security update for glibc (important)
This update for glibc fixes the following security issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses bsc961721 - CVE-2015-8777: Insufficient checking of LDPOINTERGUARD...
Security update for vlc (important)
This update for vlc fixes the following issues: - CVE-2015-5949: Remote attackers could have caused a denial of service crash and possibly execute arbitrary code via a crafted 3GP file boo965227...
Security update for flash-player (important)
This update for flash-player fixes the following issues: - Security update to 11.2.202.569 bsc965901: APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,...
Security update for flash-player (important)
This update for flash-player fixes the following issues: - Security update to 11.2.202.569 boo965901: APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,...
Security update for MySQL (important)
This update to MySQL 5.6.28 fixes the following issues bsc962779: - CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem CRT process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote...
Security update for MySQL (important)
This update to MySQL 5.6.28 fixes the following issues bsc962779: - CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem CRT process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote...
Security update for rubygem-rails-html-sanitizer (important)
This update for rubygem-rails-html-sanitizer fixes the following issues: - CVE-2015-7579: XSS vulnerability in rails-html-sanitizer bsc963327 - CVE-2015-7578: XSS vulnerability via attributes bsc963326 - CVE-2015-7580: XSS via whitelist sanitizer bsc963328...
Security update for the Linux Kernel (important)
The openSUSE 13.2 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2016-0728: A reference leak in keyring handling with joinsessionkeyring could lead to local attackers gain root privileges. bsc962075. - CVE-2015-7550: A local user could have...
Security update for xulrunner (important)
XULRunner was updated to 38.6.0 to fix two security issues. The following vulnerabilities were fixed: CVE-2016-1930: Miscellaneous memory safety hazards boo963632 CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation boo963635...
Security update for the MozillaFirefox, mozilla-nss and mozilla-nspr (important)
This update to MozillaFirefox fixes several security issues and bugs. Mozilla Firefox was updated to 44.0. Mozilla NSS was updated to 3.21 Mozilla NSPR was updated to 4.11. The following vulnerabilities were fixed: CVE-2016-1930/CVE-2016-1931: Miscellaneous memory safety hazards boo963633...
Security update for Mozilla Firefox (important)
This update fixes the following security related issues by updating packages to a more recent version: Update of NSPR to 4.11 Update of NSS to 3.21 Update of Firefox to 44.0 MFSA 2016-01/CVE-2016-1930/CVE-2016-1931 Miscellaneous memory safety hazards MFSA 2016-02/CVE-2016-1933 bmo1231761 Out of...
Security update for the Linux Kernel (important)
The openSUSE 13.1 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2016-0728: A reference leak in keyring handling with joinsessionkeyring could lead to local attackers gain root privileges. bsc962075. - CVE-2015-7550: A local user could have...
Security update for the Linux Kernel (important)
The Linux kernel for openSUSE Leap 42.1 was updated to the 4.1.15 stable release, and also includes security and bugfixes. Following security bugs were fixed: - CVE-2016-0728: A reference leak in keyring handling with joinsessionkeyring could lead to local attackers gain root privileges. bsc96207...
Security update for java-1_7_0-openjdk (critical)
java-170-openjdk was updated to version 7u95 to fix 9 security issues. bsc962743 - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 SLOTH bsc960996 - CVE-2015-8126: Vulnerability in the AWT...
Security update for Java7 (important)
Update OpenJDK to 7u95 / IcedTea 2.6.4 including the following fixes: Security fixes - S8059054, CVE-2016-0402: Better URL processing - S8130710, CVE-2016-0448: Better attributes processing - S8132210: Reinforce JMX collector internals - S8132988: Better printing dialogues - S8133962,...
Security update for Chromium (important)
Chromium was updated to 48.0.2564.82 to fix security issues and bugs. The following vulnerabilities were fixed: - CVE-2016-1612: Bad cast in V8 boo963184 - CVE-2016-1613: Use-after-free in PDFium boo963185 - CVE-2016-1614: Information leak in Blink boo963186 - CVE-2016-1615: Origin confusion in...
Security update for java-1_8_0-openjdk (critical)
java-180-openjdk was updated to version 7u95 to fix several security issues. bsc962743 The following vulnerabilities were fixed: - CVE-2015-7575: Further reduce use of MD5 SLOTH bsc960996 - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472:...
Security update for java-1_7_0-openjdk (critical)
java-170-openjdk was updated to version 7u95 to fix 9 security issues. bsc962743 - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 SLOTH bsc960996 - CVE-2015-8126: Vulnerability in the AWT...
Security update for java-1_8_0-openjdk (critical)
java-180-openjdk was updated to version 7u95 to fix 9 security issues. bsc962743 - CVE-2015-7575: Further reduce use of MD5 SLOTH bsc960996 - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same f...
Security update for openldap2 (important)
This update fixes the following security issues: - CVE-2015-6908: The bergetnext function allowed remote attackers to cause a denial of service reachable assertion and application crash via crafted BER data, as demonstrated by an attack against slapd. bsc945582 - CVE-2015-4000: Fix weak...
Security update for openldap2 (important)
This update fixes the following security issues: - CVE-2015-6908: The bergetnext function allowed remote attackers to cause a denial of service reachable assertion and application crash via crafted BER data, as demonstrated by an attack against slapd. bsc945582 - CVE-2015-4000: Fix weak...
Security update for Chromium (important)
Chromium was updated to 48.0.2564.82 to fix security issues and bugs. The following vulnerabilities were fixed: - CVE-2016-1612: Bad cast in V8 boo963184 - CVE-2016-1613: Use-after-free in PDFium boo963185 - CVE-2016-1614: Information leak in Blink boo963186 - CVE-2016-1615: Origin confusion in...
Security update for Chromium (important)
Chromium was updated to 48.0.2564.82 to fix security issues and bugs. The following vulnerabilities were fixed: - CVE-2016-1612: Bad cast in V8 boo963184 - CVE-2016-1613: Use-after-free in PDFium boo963185 - CVE-2016-1614: Information leak in Blink boo963186 - CVE-2016-1615: Origin confusion in...
Security update for ffmpeg (important)
This update to ffmpeg 2.8.5 fixes the following issues: CVE-2016-1897: Cross-origin issue in URL processing concat - local file disclosure boo961937 CVE-2016-1898: Cross-origin issue in URL processing subfile - local file disclosure boo961937...
Security update for openldap2 (important)
This update fixes the following security issues: - CVE-2015-6908: The bergetnext function allowed remote attackers to cause a denial of service reachable assertion and application crash via crafted BER data, as demonstrated by an attack against slapd. bsc945582 - CVE-2015-4000: Fix weak...
Security update for roundcubemail (important)
Update to 1.0.8 - Add workaround for https://bugs.php.net/bug.php?id=70757 1490582 - Fix HTML sanitizer to skip !-- node type X -- in output 1490583 - Fix charset encoding of message/rfc822 part bodies 1490606 - Fix handling of message/rfc822 attachments on replies and forwards 1490607 - Fix PDF...
Security update for roundcubemail (important)
This update to roundcubemail 1.1.4 fixes the following issues: - CVE-2015-8770: Path traversal vulnerability allowed code execution to remote authenticated users if they were also upload files to the same server through some other method boo962067 This update also contains all upstream fixes in...
Security update for roundcubemail (important)
This update to roundcubemail 1.0.8 fixes the following issues: - CVE-2015-8770: Path traversal vulnerability allowed code execution to remote authenticated users if they were also upload files to the same server through some other method boo962067 This update also contains all upstream fixes in...
Security update for giflib (important)
The following patch fixes - a heap overflow in giffix - a memory leak in libgif6...
Security update for bind (important)
This update for bind fixes the following issues: - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations bsc962189...
Security update for bind (important)
This update for bind fixes the following issues: - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations bsc962189...
Security update for bind (important)
This update for bind fixes the following issues: - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations bsc962189 This update was imported from the SUSE:SLE-12-SP1:Update update project...
openssh (critical)
CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client's private key through the roaming feature bsc961642 - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflow in the OpenSSH client through the...
Security update for openssh (critical)
CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client's private key through the roaming feature bsc961642 - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflow in the OpenSSH client through the...
Security update for openssh (critical)
This update for openssh fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client's private key through the roaming feature bsc961642 - CVE-2016-0778: A malicious or compromised server could could trigger a...
Security update for openssh (critical)
This update for openssh fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client's private key through the roaming feature bsc961642 - CVE-2016-0778: A malicious or compromised server could could trigger a...
Security update for xen (important)
This update for xen fixes the following issues: - CVE-2015-8567,CVE-2015-8568: xen: qemu: net: vmxnet3: host memory leakage boo959387 - CVE-2015-8550: xen: paravirtualized drivers incautious about shared memory contents XSA-155, boo957988 - CVE-2015-8558: xen: qemu: usb: infinite loop in...
Security update for xen (important)
This update for xen fixes the following security issues: - CVE-2015-8550: paravirtualized drivers incautious about shared memory contents XSA-155, boo957988 - CVE-2015-8558: qemu: usb: infinite loop in ehciadvancestate results in DoS boo959006 - CVE-2015-7549: qemu pci: null pointer dereference...
Security update for xen (important)
This update for xen fixes the following security issues: - CVE-2015-8568 CVE-2015-8567: xen: qemu: net: vmxnet3: host memory leakage boo959387 - CVE-2015-8550: xen: paravirtualized drivers incautious about shared memory contents XSA-155, boo957988 - CVE-2015-8558: xen: qemu: usb: infinite loop in...
Security update for ffmpeg (important)
This update to ffmpeg 2.8.4 fixes the following issues: CVE-2015-8661: Denial of service via crafted .mov file boo960385 CVE-2015-8662: Denial of service via crafted JPEG 2000 data boo960384 CVE-2015-8663: Denial of service via crafted H.264 data boo960383...
Security update for grub2 (important)
Fix buffer overflows when reading username and password. bsc956631, CVE-2015-8370 - Check MS-DOS header to find PE file header. bsc954126 - Use dirname for copying Xen kernel and initrd to esp. bsc955493 - Fix reading password by grub2-mkpasswd-pbdk2 without controlling tty. bsc954519 - Add luks,...
Security update for Mozilla Thunderbird (important)
Mozilla Thunderbird was updated to 38.5.0 to fix multiple security issues. The following vulnerabilities were fixed: boo959277 CVE-2015-7201: Miscellaneous memory safety hazards CVE-2015-7210: Use-after-free in WebRTC when datachannel is used after being destroyed CVE-2015-7212: Integer overflow...
Security update for flash-player (important)
This update for flash-player fixes the following issues: - Security update to 11.2.202.559 boo960317: APSB16-01, CVE-2015-8459, CVE-2015-8460, CVE-2015-8634, CVE-2015-8635, CVE-2015-8636, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8644,...
Security update for flash-player (important)
This update for flash-player fixes the following issues: - Security update to 11.2.202.559 boo960317: APSB16-01, CVE-2015-8459, CVE-2015-8460, CVE-2015-8634, CVE-2015-8635, CVE-2015-8636, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8644,...
Security update for grub2 (important)
This update for grub2 fixes the following issue: - CVE-2015-8370: Fix for overflow in grubpasswordget and grubuserget functions bsc956631...
Security update for bind (important)
This update for bind fixes the following security issue: - CVE-2015-8000: Fix remote denial of service by misparsing incoming responses boo958861...
Security update for xulrunner (important)
Xulrunner was updated to 38.5.0 to fix several security issues. The following vulnerabilities were fixed boo959277: CVE-2015-7201: Miscellaneous memory safety hazards CVE-2015-7210: Use-after-free in WebRTC when datachannel is used after being destroyed CVE-2015-7212: Integer overflow allocating...
Security update for grub2 (important)
This update for grub2 fixes the following issue: Changes in grub2: - CVE-2015-8370: Fix for overflow in grubpasswordget and grubuserget functions bnc956631...