7848 matches found
Security update for openssl (important)
This update for openssl fixes various security issues: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...
Security update for openssl (important)
This update for openssl fixes various security issues: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...
Security update for openssl (important)
This update for openssl fixes various security issues: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...
Security update for openssl (important)
This update for openssl fixes the following issues: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...
Security update for postgresql94 (important)
This update for postgresql94 fixes the following issues: - Security and bugfix release 9.4.6: IMPORTANT Users of version 9.4 will need to reindex any jsonbpathops indexes they have created, in order to fix a persistent issue with missing index entries. Fix infinite loops and buffer-overrun proble...
Security update for the Linux Kernel (important)
The openSUSE 13.2 kernel was updated to receive security and bugfixes. It also fixes a regression that caused the Chromium sandbox to no longer work bsc965356. Following security bugs were fixed: - CVE-2016-2069: A flaw was discovered in a way the Linux deals with paging structures. When Linux...
Security update for qemu (important)
This update fixes the following security issues: - Enforce receive packet size, thus eliminating buffer overflow and potential security issue. bsc957162 CVE-2015-7512 - Infinite loop in processing command block list. CVE-2015-8345 bsc956829: This update also fixes a non-security bug: - Due to spa...
Security update for postgresql93 (important)
This update for postgresql93 fixes the following issues: - Security and bugfix release 9.3.11: Fix infinite loops and buffer-overrun problems in regular expressions CVE-2016-0773, boo966436. Fix regular-expression compiler to handle loops of constraint arcs CVE-2007-4772. Prevent certain PL/Java...
Security update for Chromium (critical)
This update contains Chromium 48.0.2564.116 and fixes the following security flaw: - CVE-2016-1629: Same-origin bypass in Blink and Sandbox escape in Chrome. boo967376...
Security update to Chromium 48.0.2564.116 (critical)
This update contains Chromium 48.0.2564.116 ans fixes the following security flaw: - CVE-2016-1629: Same-origin bypass in Blink and Sandbox escape in Chrome. boo967376...
Security update for obs-service-download_files, obs-service-extract_file, obs-service-recompress, obs-service-source_validator, obs-service-verify_file (important)
This update for a number of source services fixes the following issues: - boo967265: Various code/parameter injection issues could have allowed malicious service definition to execute commands or make changes to the user's file system The following source services are affected -...
Security update to Chromium 48.0.2564.116 (critical)
This update contains Chromium 48.0.2564.116 ans fixes the following security flaw: - CVE-2016-1629: Same-origin bypass in Blink and Sandbox escape in Chrome. boo967376...
Security update for glibc (critical)
This update for glibc fixes the following security issues: fix stack overflow in the glibc libresolv DNS resolver function getaddrinfo, known as CVE-2015-7547. It is a client side networked/remote vulnerability...
Security update for glibc (critical)
This update for glibc fixes the following security issues: fix stack overflow in the glibc libresolv DNS resolver function getaddrinfo, known as CVE-2015-7547. It is a client side networked/remote vulnerability...
Security update for glibc (important)
This update for glibc fixes the following issues: - errorcheck-mutex-no-elision.patch: Don't do lock elision on an error checking mutex boo956716, BZ 17514 - reinitialize-dlloadwritelock.patch: Reinitialize dlloadwritelock on fork boo958315, BZ 19282 - send-dg-buffer-overflow.patch: Fix getaddrin...
Security update for glibc (important)
This update for glibc fixes the following security issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses bsc961721 - CVE-2015-8777: Insufficient checking of LDPOINTERGUARD...
Security update for vlc (important)
This update for vlc fixes the following issues: - CVE-2015-5949: Remote attackers could have caused a denial of service crash and possibly execute arbitrary code via a crafted 3GP file boo965227...
Security update for flash-player (important)
This update for flash-player fixes the following issues: - Security update to 11.2.202.569 bsc965901: APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,...
Security update for flash-player (important)
This update for flash-player fixes the following issues: - Security update to 11.2.202.569 boo965901: APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,...
Security update for MySQL (important)
This update to MySQL 5.6.28 fixes the following issues bsc962779: - CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem CRT process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote...
Security update for MySQL (important)
This update to MySQL 5.6.28 fixes the following issues bsc962779: - CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem CRT process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote...
Security update for rubygem-rails-html-sanitizer (important)
This update for rubygem-rails-html-sanitizer fixes the following issues: - CVE-2015-7579: XSS vulnerability in rails-html-sanitizer bsc963327 - CVE-2015-7578: XSS vulnerability via attributes bsc963326 - CVE-2015-7580: XSS via whitelist sanitizer bsc963328...
Security update for the Linux Kernel (important)
The openSUSE 13.2 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2016-0728: A reference leak in keyring handling with joinsessionkeyring could lead to local attackers gain root privileges. bsc962075. - CVE-2015-7550: A local user could have...
Security update for xulrunner (important)
XULRunner was updated to 38.6.0 to fix two security issues. The following vulnerabilities were fixed: CVE-2016-1930: Miscellaneous memory safety hazards boo963632 CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation boo963635...
Security update for the MozillaFirefox, mozilla-nss and mozilla-nspr (important)
This update to MozillaFirefox fixes several security issues and bugs. Mozilla Firefox was updated to 44.0. Mozilla NSS was updated to 3.21 Mozilla NSPR was updated to 4.11. The following vulnerabilities were fixed: CVE-2016-1930/CVE-2016-1931: Miscellaneous memory safety hazards boo963633...
Security update for Mozilla Firefox (important)
This update fixes the following security related issues by updating packages to a more recent version: Update of NSPR to 4.11 Update of NSS to 3.21 Update of Firefox to 44.0 MFSA 2016-01/CVE-2016-1930/CVE-2016-1931 Miscellaneous memory safety hazards MFSA 2016-02/CVE-2016-1933 bmo1231761 Out of...
Security update for the Linux Kernel (important)
The openSUSE 13.1 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2016-0728: A reference leak in keyring handling with joinsessionkeyring could lead to local attackers gain root privileges. bsc962075. - CVE-2015-7550: A local user could have...
Security update for the Linux Kernel (important)
The Linux kernel for openSUSE Leap 42.1 was updated to the 4.1.15 stable release, and also includes security and bugfixes. Following security bugs were fixed: - CVE-2016-0728: A reference leak in keyring handling with joinsessionkeyring could lead to local attackers gain root privileges. bsc96207...
Security update for java-1_7_0-openjdk (critical)
java-170-openjdk was updated to version 7u95 to fix 9 security issues. bsc962743 - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 SLOTH bsc960996 - CVE-2015-8126: Vulnerability in the AWT...
Security update for Java7 (important)
Update OpenJDK to 7u95 / IcedTea 2.6.4 including the following fixes: Security fixes - S8059054, CVE-2016-0402: Better URL processing - S8130710, CVE-2016-0448: Better attributes processing - S8132210: Reinforce JMX collector internals - S8132988: Better printing dialogues - S8133962,...
Security update for Chromium (important)
Chromium was updated to 48.0.2564.82 to fix security issues and bugs. The following vulnerabilities were fixed: - CVE-2016-1612: Bad cast in V8 boo963184 - CVE-2016-1613: Use-after-free in PDFium boo963185 - CVE-2016-1614: Information leak in Blink boo963186 - CVE-2016-1615: Origin confusion in...
Security update for java-1_8_0-openjdk (critical)
java-180-openjdk was updated to version 7u95 to fix several security issues. bsc962743 The following vulnerabilities were fixed: - CVE-2015-7575: Further reduce use of MD5 SLOTH bsc960996 - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472:...
Security update for java-1_7_0-openjdk (critical)
java-170-openjdk was updated to version 7u95 to fix 9 security issues. bsc962743 - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 SLOTH bsc960996 - CVE-2015-8126: Vulnerability in the AWT...
Security update for java-1_8_0-openjdk (critical)
java-180-openjdk was updated to version 7u95 to fix 9 security issues. bsc962743 - CVE-2015-7575: Further reduce use of MD5 SLOTH bsc960996 - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same f...
Security update for openldap2 (important)
This update fixes the following security issues: - CVE-2015-6908: The bergetnext function allowed remote attackers to cause a denial of service reachable assertion and application crash via crafted BER data, as demonstrated by an attack against slapd. bsc945582 - CVE-2015-4000: Fix weak...
Security update for openldap2 (important)
This update fixes the following security issues: - CVE-2015-6908: The bergetnext function allowed remote attackers to cause a denial of service reachable assertion and application crash via crafted BER data, as demonstrated by an attack against slapd. bsc945582 - CVE-2015-4000: Fix weak...
Security update for Chromium (important)
Chromium was updated to 48.0.2564.82 to fix security issues and bugs. The following vulnerabilities were fixed: - CVE-2016-1612: Bad cast in V8 boo963184 - CVE-2016-1613: Use-after-free in PDFium boo963185 - CVE-2016-1614: Information leak in Blink boo963186 - CVE-2016-1615: Origin confusion in...
Security update for Chromium (important)
Chromium was updated to 48.0.2564.82 to fix security issues and bugs. The following vulnerabilities were fixed: - CVE-2016-1612: Bad cast in V8 boo963184 - CVE-2016-1613: Use-after-free in PDFium boo963185 - CVE-2016-1614: Information leak in Blink boo963186 - CVE-2016-1615: Origin confusion in...
Security update for ffmpeg (important)
This update to ffmpeg 2.8.5 fixes the following issues: CVE-2016-1897: Cross-origin issue in URL processing concat - local file disclosure boo961937 CVE-2016-1898: Cross-origin issue in URL processing subfile - local file disclosure boo961937...
Security update for openldap2 (important)
This update fixes the following security issues: - CVE-2015-6908: The bergetnext function allowed remote attackers to cause a denial of service reachable assertion and application crash via crafted BER data, as demonstrated by an attack against slapd. bsc945582 - CVE-2015-4000: Fix weak...
Security update for roundcubemail (important)
Update to 1.0.8 - Add workaround for https://bugs.php.net/bug.php?id=70757 1490582 - Fix HTML sanitizer to skip !-- node type X -- in output 1490583 - Fix charset encoding of message/rfc822 part bodies 1490606 - Fix handling of message/rfc822 attachments on replies and forwards 1490607 - Fix PDF...
Security update for roundcubemail (important)
This update to roundcubemail 1.1.4 fixes the following issues: - CVE-2015-8770: Path traversal vulnerability allowed code execution to remote authenticated users if they were also upload files to the same server through some other method boo962067 This update also contains all upstream fixes in...
Security update for roundcubemail (important)
This update to roundcubemail 1.0.8 fixes the following issues: - CVE-2015-8770: Path traversal vulnerability allowed code execution to remote authenticated users if they were also upload files to the same server through some other method boo962067 This update also contains all upstream fixes in...
Security update for giflib (important)
The following patch fixes - a heap overflow in giffix - a memory leak in libgif6...
Security update for bind (important)
This update for bind fixes the following issues: - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations bsc962189...
Security update for bind (important)
This update for bind fixes the following issues: - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations bsc962189...
Security update for bind (important)
This update for bind fixes the following issues: - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations bsc962189 This update was imported from the SUSE:SLE-12-SP1:Update update project...
openssh (critical)
CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client's private key through the roaming feature bsc961642 - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflow in the OpenSSH client through the...
Security update for openssh (critical)
CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client's private key through the roaming feature bsc961642 - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflow in the OpenSSH client through the...
Security update for openssh (critical)
This update for openssh fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client's private key through the roaming feature bsc961642 - CVE-2016-0778: A malicious or compromised server could could trigger a...