Security update for bind (important)

This update for bind fixes the following security issue: - CVE-2015-8000: Fix remote denial of service by misparsing incoming responses bsc958861. This update was imported from the SUSE:SLE-12-SP1:Update update project...

Security update for bind (important)

This update for bind fixes the following security issue: - CVE-2015-8000: Fix remote denial of service by misparsing incoming responses boo958861...

Security update for samba, ldb, talloc, tdb, tevent (important)

This update for ldb, samba, talloc, tdb, tevent fixes the following issues: ldb was updated to 1.1.24. + Fix ldap \00 search expression attack dos; cve-2015-3223; bso11325 + Fix remote read memory exploit in ldb; cve-2015-5330; bso11599 + Move ldbunpackdata into ldbmodule.h for testing + Fix...

Security update for ldb, samba, talloc, tdb, tevent (important)

This update for ldb, samba, talloc, tdb, tevent fixes the following security issues and bugs: The Samba LDB was updated to version 1.1.24: - Fix ldap \00 search expression attack dos; CVE-2015-3223; bso11325 - Fix remote read memory exploit in ldb; CVE-2015-5330; bso11599 - Move ldbunpackdata int...

Security update for Chromium (important)

Chromium was updated to 47.0.2525.106 to fix security issues. Vulnerabilities were fixed under the following collective identifier: CVE-2015-6792: Fixes from internal audits and fuzzing. boo959458...

Security update for Chromium (important)

Chromium was updated to 47.0.2525.106 to fix security issues. Vulnerabilities were fixed under the following collective identifier: CVE-2015-6792: Fixes from internal audits and fuzzing. boo959458...

Security update for Chromium (important)

Chromium was updated to 47.0.2526.80 to fix security issues and bugs. The following vulnerabilities were fixed: CVE-2015-6788: Type confusion in extensions CVE-2015-6789: Use-after-free in Blink CVE-2015-6790: Escaping issue in saved pages CVE-2015-6791: Various fixes from internal audits, fuzzin...

Security update for Chromium (important)

Chromium was updated to 47.0.2526.80 to fix security issues and bugs. The following vulnerabilities were fixed: CVE-2015-6788: Type confusion in extensions CVE-2015-6789: Use-after-free in Blink CVE-2015-6790: Escaping issue in saved pages CVE-2015-6791: Various fixes from internal audits, fuzzin...

Security update for mbedtls (important)

This update for mbedtls fixes the following security and non-security issues: - Update to 1.3.15 Fix potential double free if sslsetpsk is called more than once and some allocation fails. Cannot be forced remotely. Found by Guido Vranken, Intelworks. Fix potential heap corruption on windows when...

Security update to MariaDB 5.5.46 (important)

MariaDB was updated to 5.5.46 to fix security issues and bugs. The following vulnerabilities were fixed in the upstream release: CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4913, CVE-2015-4792 A li...

Security update to MariaDB 10.0.22 (important)

MariaDB was updated to 10.0.22 to fix security issues and bugs. The following vulnerabilities were fixed in the upstream release: CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4913, CVE-2015-4792 A...

Security update to MySQL 5.6.27 (important)

MySQL was updated to 5.6.27 to fix security issues and bugs. The following vulnerabilities were fixed as part of the upstream release boo951391: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789, CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4815,...

Security update for flash-player (important)

This update for flash-player to version 11.2.202.554 fixes the following security issues in Adobe security advisory APSB15-32. These updates resolve heap buffer overflow vulnerabilities that could lead to code execution CVE-2015-8438, CVE-2015-8446. These updates resolve memory corruption...

Security update for libpng16 (important)

The libpng16 package was updated to fix the following security issues: - CVE-2015-8126: Fixed a buffer overflow vulnerabilities in pnggetPLTE/pngsetPLTE functions bsc954980...

Security update for libpng12 (important)

The libpng12 package was updated to fix the following security issues: - CVE-2015-8126: Fixed a buffer overflow vulnerabilities in pnggetPLTE/pngsetPLTE functions bsc954980. - CVE-2015-7981: Fixed an out-of-bound read bsc952051...

Security update for xen (important)

xen was updated to fix 12 security issues. These security issues were fixed: - CVE-2015-7972: Populate-on-demand balloon size inaccuracy can crash guests bsc951845. - CVE-2015-7969: Leak of main per-domain vcpu pointer array DoS bsc950703. - CVE-2015-7969: Leak of per-domain profiling-related vcp...

Security update for krb5 (important)

krb5 was updated to fix three security issues. These security issues were fixed: - CVE-2015-2695: Applications which call gssinquirecontext on a partially-established SPNEGO context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process cras...

Security update for java-1_7_0-openjdk (important)

java-170-openjdk was updated to version 7u91 to fix 17 security issues. These security issues were fixed: - CVE-2015-4843: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability...

Security update for xen (important)

xen was updated to fix 13 security issues. These security issues were fixed: - CVE-2015-7972: Populate-on-demand balloon size inaccuracy can crash guests bsc951845. - CVE-2015-7969: Leak of main per-domain vcpu pointer array DoS bsc950703. - CVE-2015-7969: Leak of per-domain profiling-related vcp...

Security update for MozillaFirefox, mozilla-nspr, mozilla-nss, xulrunner, seamonkey (important)

Mozilla Firefox was updated to version 42.0, fixing bugs and security issues. Mozilla xulrunner was updated to xulrunner 38.4.0. Seamonkey was updated to 2.39. New features in Mozilla Firefox: Private Browsing with Tracking Protection blocks certain Web elements that could be used to record your...

Security update for krb5 (important)

krb5 was updated to fix three security issues. These security issues were fixed: - CVE-2015-2695: Applications which call gssinquirecontext on a partially-established SPNEGO context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process cras...

Security update for bouncycastle (important)

bouncycastle was updated to version 1.53 to fix one security issue. This security issue was fixed: - CVE-2015-7940: Invalid curve attack bsc951727...

Security update for java-1_7_0-openjdk (important)

java-170-openjdk was updated to fix 17 security issues. These security issues were fixed: - CVE-2015-4843: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via unknown...

Security update for java-1_8_0-openjdk (important)

java-180-openjdk was updated to fix 24 security issues. These security issues were fixed: - CVE-2015-4734: A remote user can exploit a flaw in the Embedded JGSS component to partially access data - CVE-2015-4803: A remote user can exploit a flaw in the JRockit JAXP component to cause partial deni...

Security update for java-1_7_0-openjdk (important)

java-170-openjdk was updated to fix 17 security issues. These security issues were fixed: - CVE-2015-4843: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via unknown...

Security update for Chromium (important)

Chromium was updated to 45.0.2454.101 to fix two security issues. The following vulnerabilities were fixed: CVE-2015-1303: Cross-origin bypass in DOM boo947504 CVE-2015-1304: Cross-origin bypass in V8 boo947507...

Security update for the Linux Kernel (important)

The openSUSE 13.2 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: CVE-2015-3290: arch/x86/entry/entry64.S in the Linux kernel on the x8664 platform improperly relied on espfix64 during nested NMI processing, which allowed local users to gain...

Security update for haproxy (important)

haproxy was updated to fix two security issues. These security issues were fixed: - CVE-2015-3281: The bufferslowrealign function in HAProxy did not properly realign a buffer that is used for pending outgoing data, which allowed remote attackers to obtain sensitive information uninitialized memor...

Security update for MozillaFirefox (important)

MozillaFirefox was updated to version 41.0.2 to fix one security issue. This security issue was fixed: - CVE-2015-7184: Cross-origin restriction bypass using Fetch bsc950686. These non-security issues were fixed: Fix a startup crash related to Yandex toolbar and Adblock Plus bmo1209124 Fix...

Security update for flash-player (critical)

This security issue was fixed: - CVE-2015-7645: Critical vulnerability affecting 11.2.202.535 used in Pawn Storm APSA15-05 bsc950474...

Security update for flash-player (critical)

flash-player was updated to fix one security issue. This security issue was fixed: - CVE-2015-7645: Critical vulnerability affecting 11.2.202.535 used in Pawn Storm APSA15-05 bsc950474...

Security update for Adobe Flash Player (important)

Adobe Flash Player was updated to 11.2.202.535 to fix a number of security issues. boo950169, APSB15-25 The following vulnerabilities were fixed: CVE-2015-7628: Vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure CVE-2015-5569: Defense-in-dept...

Security update for polkit (important)

Polkit was updated to 0.113 to fix four security issues. The following vulnerabilities were fixed: CVE-2015-4625: a local privilege escalation due to predictable authentication session cookie values. boo935119 CVE-2015-3256: various memory corruption vulnerabilities in use of the JavaScript...

Security update for Chromium (important)

Chromium was updated to 45.0.2454.101 to fix two security issues. The following vulnerabilities were fixed: CVE-2015-1303: Cross-origin bypass in DOM boo947504 CVE-2015-1304: Cross-origin bypass in V8 boo947507...

Security update for seamonkey (important)

seamonkey was updated to fix 25 security issues. These security issues were fixed: - CVE-2015-4520: Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to bypass CORS preflight protection mechanisms by leveraging 1 duplicate cache-key generation or 2 retrieval of...

Security update for MozillaThunderbird (important)

MozillaThunderbird was updated to fix 17 security issues. These security issues were fixed: - CVE-2015-4509: Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to execute arbitrary code via crafte...

Security update for bind (important)

BIND was updated to fix a denial of service against servers performing validation on DNSSEC-signed records CVE-2015-5722, bsc944066...

Security update for MozillaFirefox (important)

MozillaFirefox was updated to Firefox 41.0 bnc947003 Security issues fixed: MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards MFSA 2015-97/CVE-2015-4503 bmo994337 Memory leak in mozTCPSocket to servers MFSA 2015-98/CVE-2015-4504 bmo1132467 Out of bounds read in QCMS...

Security update for php5 (important)

The PHP5 script interpreter was updated to fix various security issues: CVE-2015-6831: A use after free vulnerability in unserialize has been fixed which could be used to crash php or potentially execute code. bnc942291 bnc942294 bnc942295 CVE-2015-6832: A dangling pointer in the unserialization ...

Security update for flash-player (critical)

Adobe Flash Player was updated to 11.2.202.521 APSB15-23 bsc946880 fixing several security issues: More information can be found on: https://helpx.adobe.com/security/products/flash-player/apsb15-23.html...

Security update for bind (important)

BIND was updated to fix a denial of service against servers performing validation on DNSSEC-signed records CVE-2015-5722, bsc944066...

Security update for icedtea-web (important)

The icedtea-web java plugin was updated to 1.6.1. Changes included: Enabled Entry-Point attribute check permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. fixed DownloadService comments in deployment.properties now should...

Security update for flash-player (critical)

Security update to 11.2.202.508 bsc941239: APSB15-19: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545,...

Security update for MozillaFirefox (important)

update to Firefox 40.0 bnc940806 Added protection against unwanted software downloads Suggested Tiles show sites of interest, based on categories from your recent browsing history Hello allows adding a link to conversations to provide context on what the conversation will be about New style for...

Security update for MozillaFirefox (important)

update to Firefox 40.0 bnc940806 Added protection against unwanted software downloads Suggested Tiles show sites of interest, based on categories from your recent browsing history Hello allows adding a link to conversations to provide context on what the conversation will be about New style for...

Security update for flash-player (critical)

Security update to 11.2.202.508 bsc941239: APSB15-19: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545,...

Security update for glibc (important)

glibc was updated to fix one security issue. This security issue was fixed: - CVE-2014-4043: The posixspawnfileactionsaddopen function in glibc did not copy its path argument in accordance with the POSIX specification, which allowed context-dependent attackers to trigger use-after-free...

Security update for the Linux Kernel (important)

The openSUSE 13.2 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-3290: A flaw was found in the way the Linux kernels nested NMI handler and espfix64 functionalities interacted during NMI processing. A local, unprivileged user could use...

Security update for bind (important)

bind was updated to fix one security issue. This security issue was fixed: - CVE-2015-5477: Remote DoS via TKEY queries boo939567 Exposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet...

Security update for libuser (important)

libuser was updated to fix on security issue. The following vulnerability was fixed: CVE-2015-3246: local root exploit through passwd file handling boo937533...