Security update for php5 (important)

The PHP script interpreter was updated to receive various security fixes: CVE-2015-4602 bnc935224: Fixed an incomplete Class unserialization type confusion. CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 bnc935226: Fixed type confusion issues in unserialize with various SOAP methods. CVE-2015-4603...

Security update for Adobe Flash Player (important)

Adobe Flash Player was updated to 11.2.202.468 to fix one security issue. The following vulnerability was fixed: CVE-2015-3113: A heap buffer overflow vulnerability could have allowed code execution bsc935701, APSB15-14...

Security update for Adobe Flash Player (important)

Adobe Flash Player was updated to 11.2.202.468 to fix one security issue. The following vulnerability was fixed: CVE-2015-3113: A heap buffer overflow vulnerability could have allowed code execution bsc935701, APSB15-14...

Security update for openssl (important)

openssl was updated to fix six security issues. The following vulnerabilities were fixed: CVE-2015-4000: The Logjam Attack / weakdh.org. Rject connections with DH parameters shorter than 768 bits, generates 2048-bit DH parameters by default. boo931698 CVE-2015-1788: Malformed ECParameters causes...

Security update for xen (important)

Xen was updated to fix eight vulnerabilities. The following vulnerabilities were fixed: CVE-2015-2751: Certain domctl operations may be abused to lock up the host XSA-127 boo922709 CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu XSA-128 boo931625 CVE-2015-4104:...

Security update for xen (important)

Xen was updated to 4.4.2 to fix multiple vulnerabilities and non-security bugs. The following vulnerabilities were fixed: CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu XSA-128 boo931625 CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests XSA-129...

Security update for Adobe Flash Player (important)

Adobe Flash Player was updated to 11.2.202.466 to fix multiple security issues. The following vulnerabilities were fixed: CVE-2015-3096: bypass for CVE-2014-5333 CVE-2015-3098: vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure CVE-2015-309...

Security update for cups (critical)

This update fixes the following issues: - CVE-2015-1158 and CVE-2015-1159 fixes a possible privilege escalation via cross-site scripting and bad print job submission used to replace cupsd.conf on server CUPS STR4609 CERT-VU-810572 CVE-2015-1158 CVE-2015-1159 bugzilla.suse.com bsc924208. In genera...

Security update for Adobe Flash Player (important)

Adobe Flash Player was updated to 11.2.202.466 to fix multiple security issues. The following vulnerabilities were fixed: CVE-2015-3096: bypass for CVE-2014-5333 CVE-2015-3098: vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure CVE-2015-309...

Security update for xen (important)

The XEN hypervisor was updated to fix two security issues: - Fixed a buffer overflow in the floppy drive emulation, which could be used to denial of service attacks or potential code execution against the host. CVE-2015-3456 - Xen did not initialize certain fields, which allowed certain remote...

Security update for flash-player (important)

The Adobe flash-player package was updated to version 11.2.202.460 to fix several security issues. The following vulnerabilities were fixed bsc930677: APSB15-09, CVE-2015-3044, CVE-2015-3077, CVE-2015-3078, CVE-2015-3079, CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083, CVE-2015-3084,...

Security update for qemu (important)

qemu was updated to fix a security issue: CVE-2015-3456: Fixed a buffer overflow in the floppy drive emulation, which could be used to denial of service attacks or potential code execution against the host...

Security update for qemu (important)

Qemu was updated to v2.1.3: See http://wiki.qemu-project.org/ChangeLog/2.1 for more information. This update includes a security fix: CVE-2015-3456: Fixed a buffer overflow in the floppy drive emulation, which could be used to denial of service attacks or potential code execution against the host...

Update to Firefox 31.7.0esr (important)

update to Firefox 31.7.0esr bnc930622 MFSA 2015-46/CVE-2015-2708 Miscellaneous memory safety hazards MFSA 2015-47/VE-2015-0797 bmo1080995 Buffer overflow parsing H.264 video with Linux Gstreamer MFSA 2015-48/CVE-2015-2710 bmo1149542 Buffer overflow with SVG content and CSS MFSA...

Security update for flash-player (important)

The Adobe flash-player package was updated to version 11.2.202.460 to fix several security issues. The following vulnerabilities were fixed bsc930677: APSB15-09, CVE-2015-3044, CVE-2015-3077, CVE-2015-3078, CVE-2015-3079, CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083, CVE-2015-3084,...

Security update for php5 (important)

PHP was updated to fix three security issues. The following vulnerabilities were fixed: CVE-2015-3330: Specially crafted PHAR files could, when executed under Apache httpd 2.4 apache2handler, allow arbitrary code execution bnc928506 CVE-2015-3329: Specially crafted PHAR data could lead to...

Security update for wpa_supplicant (important)

The wireless network encryption and authentication daemon wpasupplicant was updated to fix a security issue. The following vulnerability was fixed: CVE-2015-1863: A buffer overflow in handling SSIDs in P2P management frames allowed attackers in radio range to crash, expose memory content or...

Security update for DirectFB (important)

DirectFB was updated to fix two security issues. The following vulnerabilities were fixed: CVE-2014-2977: Multiple integer signedness errors could allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based...

Security update for java-1_7_0-openjdk (important)

OpenJDK was updated to 2.5.5 - OpenJdk 7u79 to fix security issues and bugs: The following vulnerabilities were fixed: CVE-2015-0458: Deployment: unauthenticated remote attackers could execute arbitrary code via multiple protocols. CVE-2015-0459: 2D: unauthenticated remote attackers could execute...

Security update for java-1_8_0-openjdk (important)

OpenJDK was updated to jdk8u45-b14 to fix security issues and bugs. The following vulnerabilities were fixed: CVE-2015-0458: Deployment: unauthenticated remote attackers could execute arbitrary code via multiple protocols. CVE-2015-0459: 2D: unauthenticated remote attackers could execute arbitrar...

Security update for xen (important)

Xen was updated to 4.3.4 to fix multiple vulnerabities and non-security bugs. The following vulnerabilities were fixed: - Long latency MMIO mapping operations are not preemptible XSA-125 CVE-2015-2752 bnc922705 - Unmediated PCI command register access in qemu XSA-126 CVE-2015-2756 bnc922706 -...

Security update for Adobe Flash Player (important)

Adobe Flash Player was updated to 11.2.202.457 to fix several security issues that could lead to remote code execution. An exploit for CVE-2015-3043 was reported to exist in the wild. The following vulnerabilities were fixed: Memory corruption vulnerabilities that could lead to code execution...

Security update for Adobe Flash Player (important)

Adobe Flash Player was updated to 11.2.202.457 to fix several security issues that could lead to remote code execution. An exploit for CVE-2015-3043 was reported to exist in the wild. The following vulnerabilities were fixed: Memory corruption vulnerabilities that could lead to code execution...

Security update for the Linux Kernel (important)

The Linux kernel was updated to fix various bugs and security issues. Following security issues were fixed: - CVE-2014-8173: A NULL pointer dereference flaw was found in the way the Linux kernels madvise MADVWILLNEED functionality handled page table locking. A local, unprivileged user could have...

Security update for Linux Kernel (important)

The Linux kernel was updated to fix bugs and security issues: Following security issues were fixed: - CVE-2015-1421: Use-after-free vulnerability in the sctpassocupdate function in net/sctp/associola.c in the Linux kernel allowed remote attackers to cause a denial of service slab corruption and...

Security update for Chromium (important)

Chromium was updated to 41.0.2272.118 to fix two security issues. The following vulnerabilities were fixed: A combination of V8, Gamepad and IPC bugs could lead to remote code execution outside of the sandbox CVE-2015-1233, boo925713 Buffer overflow via race condition in GPU CVE-2015-1234, boo925...

Security update for MozillaFirefox, MozillaThunderbird, mozilla-nspr (important)

Mozilla Firefox and Thunderbird were updated to fix several important vulnerabilities. Mozilla Firefox was updated to 37.0.1. Mozilla Thunderbird was updated to 31.6.0. mozilla-nspr was updated to 4.10.8 as a dependency. The following vulnerabilities were fixed in Mozilla Firefox: Miscellaneous...

Security update for seamonkey (important)

SeaMonkey was updated to 2.33.1 to fix several vulnerabilities. The following vulnerabilities were fixed: Privilege escalation through SVG navigation CVE-2015-0818 Code execution through incorrect JavaScript bounds checking elimination CVE-2015-0817...

Security update for libXfont (important)

libXFont was updated to fix three vulnerabilities when parsing BDF files bnc921978 As libXfont is used by the X server to read font files, and an unprivileged user with access to the X server can tell the X server to read a given font file from a path of their choosing, these vulnerabilities have...

Security update for MozillaFirefox (important)

MozillaFirefox was updated to Firefox 36.0.4 to fix two critical security issues found during Pwn2Own: MFSA 2015-28/CVE-2015-0818 bmo1144988 Privilege escalation through SVG navigation MFSA 2015-29/CVE-2015-0817 bmo1145255 Code execution through incorrect JavaScript bounds checking elimination Al...

update to Firefox 31.5.3 (important)

Update to Firefox 31.5.3 bnc923534 MFSA 2015-28/CVE-2015-0818 bmo1144988 Privilege escalation through SVG navigation MFSA 2015-29/CVE-2015-0817 bmo1145255 Code execution through incorrect JavaScript bounds checking elimination - update to Firefox 31.5.0esr bnc917597 MFSA 2015-11/CVE-2015-0836...

kernel update for Evergreen 11.4, includes leap second deadlock fix (important)

kernel update for Evergreen 11.4, includes leap second deadlock fix and fixes for other security and stability issues...

Security update to Chromium 41.0.2272.76 (important)

Chromium was updated to 41.0.2272.76 bnc920825 Security fixes: CVE-2015-1212: Out-of-bounds write in media CVE-2015-1213: Out-of-bounds write in skia filters CVE-2015-1214: Out-of-bounds write in skia filters CVE-2015-1215: Out-of-bounds write in skia filters CVE-2015-1216: Use-after-free in v8...

flashplayer to version 11.2.202.451 (important)

Adobe Flash Player was updated to 11.2.202.451 bsc922033. These security issues were fixed: - Memory corruption vulnerabilities that could lead to code executionCVE-2016-0332,CVE-2015-0333, CVE-2015-0335, CVE-2015-0339. - Type confusion vulnerabilities that could lead to code...

Security update for flash-player (critical)

Adobe Flash Player was updated to 11.2.202.451 bsc922033. These security issues were fixed: - Memory corruption vulnerabilities that could lead to code execution CVE-2016-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339. - Type confusion vulnerabilities that could lead to code execution...

Security update for osc (important)

osc was updated to fix a security issue and some non-security bugs. osc was updated to 0.151.0, fixing the following vulnerability: fixed shell command injection via crafted service files CVE-2015-0778 boo901643 The following non-security bugs were fixed: fix times when data comes from OBS backen...

Security update for MozillaThunderbird (important)

MozillaThunderbird was updated to version 31.5.0 to fix four security issues. These security issues were fixed: - CVE-2015-0836: Miscellaneous memory safety hazards - CVE-2015-0831: Use-after-free in IndexedDB - CVE-2015-0827: Out-of-bounds read and write while rendering SVG content -...

Security update for chromium (important)

chromium was updated to version 40.0.2214.111 to fix 31 vulnerabilities. These security issues were fixed: - CVE-2015-1209: Use-after-free in DOM bnc916841. - CVE-2015-1210: Cross-origin-bypass in V8 bindings bnc916843. - CVE-2015-1211: Privilege escalation using service workers bnc916838. -...

Security update for php5 (important)

php5 was updated to fix two security issues. These security issues were fixed: - CVE-2014-9652: Out of bounds read in mconvert bnc917150. - CVE-2015-0273: Use after free vulnerability in unserialize with DateTimeZone bnc918768...

Security update for MozillaFirefox, mozilla-nss (important)

MozillaFirefox, mozilla-nss were updated to fix 18 security issues. MozillaFirefox was updated to version 36.0. These security issues were fixed: - CVE-2015-0835, CVE-2015-0836: Miscellaneous memory safety hazards - CVE-2015-0832: Appended period to hostnames can bypass HPKP and HSTS protections ...

Security update for snack (important)

snack was updated to fix one security issue. This security issue was fixed: - CVE-2012-6303: Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allowed remote attackers to cause a denial of service crash and...

Security update for samba (important)

samba was updated to fix two security issues. These security issues were fixed: - CVE-2015-0240: Ensure we don't call tallocfree on an uninitialized pointer bnc917376. - CVE-2014-8143: Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain...

Security update for clamav (important)

clamav was updated to version 0.98.6 that fixes bugs and several security issues: bsc916217, CVE-2015-1461: Remote attackers can have unspecified impact via Yoda's crypter or mew packer files. bsc916214, CVE-2015-1462: Unspecified impact via acrafted upx packer file. bsc916215, CVE-2015-1463:...

Security update for xen (important)

The XEN virtualization was updated to fix bugs and security issues: Security issues fixed: CVE-2015-0361: XSA-116: xen: xen crash due to use after free on hvm guest teardown CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation CVE-2014-9030: XSA-113: Guest effectable page reference lea...

update for flash-player (critical)

flash-player was updated to version 11.2.202.442 to fix 18 security issues. These security issues were fixed: - Use-after-free vulnerabilities that could lead to code execution CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322. - Memory corruption vulnerabilities that could lead to code...

Security update for flash-player (critical)

flash-player was updated to version 11.2.202.442 to fix 18 security issues. These security issues were fixed: - Use-after-free vulnerabilities that could lead to code execution CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322. - Memory corruption vulnerabilities that could lead to code...

Security update for xen (important)

The virtualization software XEN was updated to version 4.3.3 and also to fix bugs and security issues. Security issues fixed: CVE-2015-0361: XSA-116: xen: xen crash due to use after free on hvm guest teardown CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation CVE-2014-9030: XSA-113:...

Security update for seamonkey (important)

Mozilla seamonkey was updated to SeaMonkey 2.32 bnc910669 MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 Miscellaneous memory safety hazards MFSA 2015-02/CVE-2014-8637 bmo1094536 Uninitialized memory use during bitmap rendering MFSA 2015-03/CVE-2014-8638 bmo1080987 sendBeacon requests lack an Origin...

Security update for java-1_7_0-openjdk (important)

OpenJDK was updated to 2.5.4 - OpenJDK 7u75 to fix security issues and bugs: Security fixes - S8046656: Update protocol support - S8047125, CVE-2015-0395: ref More phantom object references - S8047130: Fewer escapes from escape analysis - S8048035, CVE-2015-0400: Ensure proper proxy protocols -...

Security update for glibc (critical)

This update for glibc fixes the following security issue: CVE-2015-0235: A vulnerability was found and fixed in the GNU C Library, specifically in the function gethostbyname, that could lead to a local or remote buffer overflow. bsc913646...