openSUSE Security Announce
Threads by month
- ----- 2024 -----
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
July 2016
- 1 participants
- 29 discussions
[security-announce] openSUSE-SU-2016:1833-1: important: Security update for ImageMagick
by opensuse-security@opensuse.org 20 Jul '16
by opensuse-security@opensuse.org 20 Jul '16
20 Jul '16
openSUSE Security Update: Security update for ImageMagick
______________________________________________________________________________
Announcement ID: openSUSE-SU-2016:1833-1
Rating: important
References: #983232 #983234 #983253 #983259 #983292 #983305
#983308 #983521 #983523 #983527 #983533 #983739
#983746 #983752 #983774 #983794 #983796 #983799
#983803 #984014 #984018 #984023 #984028 #984032
#984035 #984135 #984137 #984142 #984144 #984145
#984149 #984150 #984160 #984166 #984172 #984179
#984181 #984183 #984184 #984185 #984186 #984187
#984191 #984193 #984370 #984372 #984373 #984374
#984375 #984379 #984394 #984398 #984400 #984401
#984404 #984406 #984408 #984409 #984427 #984433
#984436 #985442 #985448 #985451 #985456 #985460
#986608 #986609
Cross-References: CVE-2014-9805 CVE-2014-9806 CVE-2014-9807
CVE-2014-9808 CVE-2014-9809 CVE-2014-9810
CVE-2014-9811 CVE-2014-9812 CVE-2014-9813
CVE-2014-9814 CVE-2014-9815 CVE-2014-9816
CVE-2014-9817 CVE-2014-9818 CVE-2014-9819
CVE-2014-9820 CVE-2014-9821 CVE-2014-9822
CVE-2014-9823 CVE-2014-9824 CVE-2014-9825
CVE-2014-9826 CVE-2014-9828 CVE-2014-9829
CVE-2014-9830 CVE-2014-9831 CVE-2014-9832
CVE-2014-9833 CVE-2014-9834 CVE-2014-9835
CVE-2014-9836 CVE-2014-9837 CVE-2014-9838
CVE-2014-9839 CVE-2014-9840 CVE-2014-9841
CVE-2014-9842 CVE-2014-9843 CVE-2014-9844
CVE-2014-9845 CVE-2014-9846 CVE-2014-9847
CVE-2014-9848 CVE-2014-9849 CVE-2014-9850
CVE-2014-9851 CVE-2014-9852 CVE-2014-9853
CVE-2014-9854 CVE-2015-8894 CVE-2015-8895
CVE-2015-8896 CVE-2015-8897 CVE-2015-8898
CVE-2015-8900 CVE-2015-8901 CVE-2015-8902
CVE-2015-8903 CVE-2016-4562 CVE-2016-4563
CVE-2016-4564 CVE-2016-5687 CVE-2016-5688
CVE-2016-5689 CVE-2016-5690 CVE-2016-5691
CVE-2016-5841 CVE-2016-5842
Affected Products:
openSUSE Leap 42.1
______________________________________________________________________________
An update that fixes 68 vulnerabilities is now available.
Description:
ImageMagick was updated to fix 66 security issues.
These security issues were fixed:
- CVE-2014-9810: SEGV in dpx file handler. (bsc#983803).
- CVE-2014-9811: Crash in xwd file handler (bsc#984032).
- CVE-2014-9812: NULL pointer dereference in ps file handling (bsc#984137).
- CVE-2014-9813: Crash on corrupted viff file (bsc#984035).
- CVE-2014-9814: NULL pointer dereference in wpg file handling
(bsc#984193).
- CVE-2014-9815: Crash on corrupted wpg file (bsc#984372).
- CVE-2014-9816: Out of bound access in viff image (bsc#984398).
- CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400).
- CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181).
- CVE-2014-9819: Heap overflow in palm files (bsc#984142).
- CVE-2014-9830: Handling of corrupted sun file (bsc#984135).
- CVE-2014-9831: Handling of corrupted wpg file (bsc#984375).
- CVE-2014-9850: Incorrect thread limit logic (bsc#984149).
- CVE-2014-9851: Crash when parsing resource block (bsc#984160).
- CVE-2014-9852: Incorrect usage of object after it has been destroyed
(bsc#984191).
- CVE-2014-9853: Memory leak in rle file handling (bsc#984408).
- CVE-2015-8902: PDB file DoS (CPU consumption) (bsc#983253).
- CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259).
- CVE-2015-8900: HDR file DoS (endless loop) (bsc#983232).
- CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234).
- CVE-2016-5688: Various invalid memory reads in ImageMagick WPG
(bsc#985442).
- CVE-2014-9834: Heap overflow in pict file (bsc#984436).
- CVE-2014-9806: Prevent leak of file descriptor due to corrupted file.
(bsc#983774).
- CVE-2016-5687: Out of bounds read in DDS coder (bsc#985448).
- CVE-2014-9838: Out of memory crash in magick/cache.c (bsc#984370).
- CVE-2014-9854: Filling memory during identification of TIFF image
(bsc#984184).
- CVE-2015-8898: Prevent null pointer access in magick/constitute.c
(bsc#983746).
- CVE-2014-9833: Heap overflow in psd file (bsc#984406).
- CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523).
- CVE-2015-8895: Integer and Buffer overflow in coders/icon.c (bsc#983527).
- CVE-2015-8896: Double free / integer truncation issue in
coders/pict.c:2000 (bsc#983533).
- CVE-2015-8897: Out of bounds error in SpliceImage (bsc#983739).
- CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451).
- CVE-2016-5691: Checks for pixel.red/green/blue in dcm coder (bsc#985456).
- CVE-2014-9836: Crash in xpm file handling (bsc#984023).
- CVE-2014-9808: SEGV due to corrupted dpc images. (bsc#983796).
- CVE-2014-9821: Avoid heap overflow in pnm files. (bsc#984014).
- CVE-2014-9820: Heap overflow in xpm files (bsc#984150).
- CVE-2014-9823: Heap overflow in palm file (bsc#984401).
- CVE-2014-9822: Heap overflow in quantum file (bsc#984187).
- CVE-2014-9825: Heap overflow in corrupted psd file (bsc#984427).
- CVE-2014-9824: Heap overflow in psd file (bsc#984185).
- CVE-2014-9809: SEGV due to corrupted xwd images. (bsc#983799).
- CVE-2014-9826: Incorrect error handling in sun files (bsc#984186).
- CVE-2014-9843: Incorrect boundary checks in DecodePSDPixels (bsc#984179).
- CVE-2014-9842: Memory leak in psd handling (bsc#984374).
- CVE-2014-9841: Throwing of exceptions in psd handling (bsc#984172).
- CVE-2014-9840: Out of bound access in palm file (bsc#984433).
- CVE-2014-9847: Incorrect handling of "previous" image in the JNG decoder
(bsc#984144).
- CVE-2014-9846: Added checks to prevent overflow in rle file.
(bsc#983521).
- CVE-2014-9845: Crash due to corrupted dib file (bsc#984394).
- CVE-2014-9844: Out of bound issue in rle file (bsc#984373).
- CVE-2014-9849: Crash in png coder (bsc#984018).
- CVE-2014-9848: Memory leak in quantum management (bsc#984404).
- CVE-2014-9807: Double free in pdb coder. (bsc#983794).
- CVE-2014-9829: Out of bound access in sun file (bsc#984409).
- CVE-2014-9832: Heap overflow in pcx file (bsc#984183).
- CVE-2014-9805: SEGV due to a corrupted pnm file. (bsc#983752).
- CVE-2016-4564: The DrawImage function in MagickCore/draw.c in
ImageMagick made an incorrect function call in attempting to locate the
next token, which allowed remote attackers to cause a denial of service
(buffer overflow and application crash) or possibly have unspecified
other impact via a crafted file (bsc#983308).
- CVE-2016-4563: The TraceStrokePolygon function in MagickCore/draw.c in
ImageMagick mishandled the relationship between the BezierQuantum value
and certain strokes data, which allowed remote attackers to cause a
denial of service (buffer overflow and application crash) or possibly
have unspecified other impact via a crafted file (bsc#983305).
- CVE-2016-4562: The DrawDashPolygon function in MagickCore/draw.c in
ImageMagick mishandled calculations of certain vertices integer data,
which allowed remote attackers to cause a denial of service (buffer
overflow and application crash) or possibly have unspecified other
impact via a crafted file (bsc#983292).
- CVE-2014-9839: Theoretical out of bound access in
magick/colormap-private.h (bsc#984379).
- CVE-2016-5689: NULL ptr dereference in dcm coder (bsc#985460).
- CVE-2014-9837: Additional PNM sanity checks (bsc#984166).
- CVE-2014-9835: Heap overflow in wpf file (bsc#984145).
- CVE-2014-9828: Corrupted (too many colors) psd file (bsc#984028).
- CVE-2016-5841: Integer overflow could have read to RCE (bnc#986609).
- CVE-2016-5842: Out-of-bounds read in MagickCore/property.c:1396 could
have lead to memory leak (bnc#986608).
This update was imported from the SUSE:SLE-12:Update update project.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.1:
zypper in -t patch openSUSE-2016-883=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.1 (i586 x86_64):
ImageMagick-6.8.8.1-15.1
ImageMagick-debuginfo-6.8.8.1-15.1
ImageMagick-debugsource-6.8.8.1-15.1
ImageMagick-devel-6.8.8.1-15.1
ImageMagick-extra-6.8.8.1-15.1
ImageMagick-extra-debuginfo-6.8.8.1-15.1
libMagick++-6_Q16-3-6.8.8.1-15.1
libMagick++-6_Q16-3-debuginfo-6.8.8.1-15.1
libMagick++-devel-6.8.8.1-15.1
libMagickCore-6_Q16-1-6.8.8.1-15.1
libMagickCore-6_Q16-1-debuginfo-6.8.8.1-15.1
libMagickWand-6_Q16-1-6.8.8.1-15.1
libMagickWand-6_Q16-1-debuginfo-6.8.8.1-15.1
perl-PerlMagick-6.8.8.1-15.1
perl-PerlMagick-debuginfo-6.8.8.1-15.1
- openSUSE Leap 42.1 (x86_64):
ImageMagick-devel-32bit-6.8.8.1-15.1
libMagick++-6_Q16-3-32bit-6.8.8.1-15.1
libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-15.1
libMagick++-devel-32bit-6.8.8.1-15.1
libMagickCore-6_Q16-1-32bit-6.8.8.1-15.1
libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-15.1
libMagickWand-6_Q16-1-32bit-6.8.8.1-15.1
libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-15.1
- openSUSE Leap 42.1 (noarch):
ImageMagick-doc-6.8.8.1-15.1
References:
https://www.suse.com/security/cve/CVE-2014-9805.html
https://www.suse.com/security/cve/CVE-2014-9806.html
https://www.suse.com/security/cve/CVE-2014-9807.html
https://www.suse.com/security/cve/CVE-2014-9808.html
https://www.suse.com/security/cve/CVE-2014-9809.html
https://www.suse.com/security/cve/CVE-2014-9810.html
https://www.suse.com/security/cve/CVE-2014-9811.html
https://www.suse.com/security/cve/CVE-2014-9812.html
https://www.suse.com/security/cve/CVE-2014-9813.html
https://www.suse.com/security/cve/CVE-2014-9814.html
https://www.suse.com/security/cve/CVE-2014-9815.html
https://www.suse.com/security/cve/CVE-2014-9816.html
https://www.suse.com/security/cve/CVE-2014-9817.html
https://www.suse.com/security/cve/CVE-2014-9818.html
https://www.suse.com/security/cve/CVE-2014-9819.html
https://www.suse.com/security/cve/CVE-2014-9820.html
https://www.suse.com/security/cve/CVE-2014-9821.html
https://www.suse.com/security/cve/CVE-2014-9822.html
https://www.suse.com/security/cve/CVE-2014-9823.html
https://www.suse.com/security/cve/CVE-2014-9824.html
https://www.suse.com/security/cve/CVE-2014-9825.html
https://www.suse.com/security/cve/CVE-2014-9826.html
https://www.suse.com/security/cve/CVE-2014-9828.html
https://www.suse.com/security/cve/CVE-2014-9829.html
https://www.suse.com/security/cve/CVE-2014-9830.html
https://www.suse.com/security/cve/CVE-2014-9831.html
https://www.suse.com/security/cve/CVE-2014-9832.html
https://www.suse.com/security/cve/CVE-2014-9833.html
https://www.suse.com/security/cve/CVE-2014-9834.html
https://www.suse.com/security/cve/CVE-2014-9835.html
https://www.suse.com/security/cve/CVE-2014-9836.html
https://www.suse.com/security/cve/CVE-2014-9837.html
https://www.suse.com/security/cve/CVE-2014-9838.html
https://www.suse.com/security/cve/CVE-2014-9839.html
https://www.suse.com/security/cve/CVE-2014-9840.html
https://www.suse.com/security/cve/CVE-2014-9841.html
https://www.suse.com/security/cve/CVE-2014-9842.html
https://www.suse.com/security/cve/CVE-2014-9843.html
https://www.suse.com/security/cve/CVE-2014-9844.html
https://www.suse.com/security/cve/CVE-2014-9845.html
https://www.suse.com/security/cve/CVE-2014-9846.html
https://www.suse.com/security/cve/CVE-2014-9847.html
https://www.suse.com/security/cve/CVE-2014-9848.html
https://www.suse.com/security/cve/CVE-2014-9849.html
https://www.suse.com/security/cve/CVE-2014-9850.html
https://www.suse.com/security/cve/CVE-2014-9851.html
https://www.suse.com/security/cve/CVE-2014-9852.html
https://www.suse.com/security/cve/CVE-2014-9853.html
https://www.suse.com/security/cve/CVE-2014-9854.html
https://www.suse.com/security/cve/CVE-2015-8894.html
https://www.suse.com/security/cve/CVE-2015-8895.html
https://www.suse.com/security/cve/CVE-2015-8896.html
https://www.suse.com/security/cve/CVE-2015-8897.html
https://www.suse.com/security/cve/CVE-2015-8898.html
https://www.suse.com/security/cve/CVE-2015-8900.html
https://www.suse.com/security/cve/CVE-2015-8901.html
https://www.suse.com/security/cve/CVE-2015-8902.html
https://www.suse.com/security/cve/CVE-2015-8903.html
https://www.suse.com/security/cve/CVE-2016-4562.html
https://www.suse.com/security/cve/CVE-2016-4563.html
https://www.suse.com/security/cve/CVE-2016-4564.html
https://www.suse.com/security/cve/CVE-2016-5687.html
https://www.suse.com/security/cve/CVE-2016-5688.html
https://www.suse.com/security/cve/CVE-2016-5689.html
https://www.suse.com/security/cve/CVE-2016-5690.html
https://www.suse.com/security/cve/CVE-2016-5691.html
https://www.suse.com/security/cve/CVE-2016-5841.html
https://www.suse.com/security/cve/CVE-2016-5842.html
https://bugzilla.suse.com/983232
https://bugzilla.suse.com/983234
https://bugzilla.suse.com/983253
https://bugzilla.suse.com/983259
https://bugzilla.suse.com/983292
https://bugzilla.suse.com/983305
https://bugzilla.suse.com/983308
https://bugzilla.suse.com/983521
https://bugzilla.suse.com/983523
https://bugzilla.suse.com/983527
https://bugzilla.suse.com/983533
https://bugzilla.suse.com/983739
https://bugzilla.suse.com/983746
https://bugzilla.suse.com/983752
https://bugzilla.suse.com/983774
https://bugzilla.suse.com/983794
https://bugzilla.suse.com/983796
https://bugzilla.suse.com/983799
https://bugzilla.suse.com/983803
https://bugzilla.suse.com/984014
https://bugzilla.suse.com/984018
https://bugzilla.suse.com/984023
https://bugzilla.suse.com/984028
https://bugzilla.suse.com/984032
https://bugzilla.suse.com/984035
https://bugzilla.suse.com/984135
https://bugzilla.suse.com/984137
https://bugzilla.suse.com/984142
https://bugzilla.suse.com/984144
https://bugzilla.suse.com/984145
https://bugzilla.suse.com/984149
https://bugzilla.suse.com/984150
https://bugzilla.suse.com/984160
https://bugzilla.suse.com/984166
https://bugzilla.suse.com/984172
https://bugzilla.suse.com/984179
https://bugzilla.suse.com/984181
https://bugzilla.suse.com/984183
https://bugzilla.suse.com/984184
https://bugzilla.suse.com/984185
https://bugzilla.suse.com/984186
https://bugzilla.suse.com/984187
https://bugzilla.suse.com/984191
https://bugzilla.suse.com/984193
https://bugzilla.suse.com/984370
https://bugzilla.suse.com/984372
https://bugzilla.suse.com/984373
https://bugzilla.suse.com/984374
https://bugzilla.suse.com/984375
https://bugzilla.suse.com/984379
https://bugzilla.suse.com/984394
https://bugzilla.suse.com/984398
https://bugzilla.suse.com/984400
https://bugzilla.suse.com/984401
https://bugzilla.suse.com/984404
https://bugzilla.suse.com/984406
https://bugzilla.suse.com/984408
https://bugzilla.suse.com/984409
https://bugzilla.suse.com/984427
https://bugzilla.suse.com/984433
https://bugzilla.suse.com/984436
https://bugzilla.suse.com/985442
https://bugzilla.suse.com/985448
https://bugzilla.suse.com/985451
https://bugzilla.suse.com/985456
https://bugzilla.suse.com/985460
https://bugzilla.suse.com/986608
https://bugzilla.suse.com/986609
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2016:1826-1: important: Security update for flash-player
by opensuse-security@opensuse.org 19 Jul '16
by opensuse-security@opensuse.org 19 Jul '16
19 Jul '16
SUSE Security Update: Security update for flash-player
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:1826-1
Rating: important
References: #988579
Cross-References: CVE-2016-4172 CVE-2016-4173 CVE-2016-4174
CVE-2016-4175 CVE-2016-4176 CVE-2016-4177
CVE-2016-4178 CVE-2016-4179 CVE-2016-4180
CVE-2016-4181 CVE-2016-4182 CVE-2016-4183
CVE-2016-4184 CVE-2016-4185 CVE-2016-4186
CVE-2016-4187 CVE-2016-4188 CVE-2016-4189
CVE-2016-4190 CVE-2016-4217 CVE-2016-4218
CVE-2016-4219 CVE-2016-4220 CVE-2016-4221
CVE-2016-4222 CVE-2016-4223 CVE-2016-4224
CVE-2016-4225 CVE-2016-4226 CVE-2016-4227
CVE-2016-4228 CVE-2016-4229 CVE-2016-4230
CVE-2016-4231 CVE-2016-4232 CVE-2016-4233
CVE-2016-4234 CVE-2016-4235 CVE-2016-4236
CVE-2016-4237 CVE-2016-4238 CVE-2016-4239
CVE-2016-4240 CVE-2016-4241 CVE-2016-4242
CVE-2016-4243 CVE-2016-4244 CVE-2016-4245
CVE-2016-4246 CVE-2016-4247 CVE-2016-4248
CVE-2016-4249
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP1
SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________
An update that fixes 52 vulnerabilities is now available.
Description:
Adobe Flash Player was updated to 11.2.202.632 to fix many security issues
tracked under the upstream advisory APSB16-25, allowing remote attackers
to execute arbitrary code when delivering specially crafted Flash content.
The following vulnerabilities were fixed:
- CVE-2016-4172: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4173: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4174: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4175: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4176: stack corruption vulnerability that could lead to code
execution
- CVE-2016-4177: stack corruption vulnerability that could lead to code
execution
- CVE-2016-4178: security bypass vulnerability that could lead to
information disclosure
- CVE-2016-4179: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4180: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4181: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4182: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4183: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4184: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4185: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4186: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4187: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4188: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4189: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4190: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4217: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4218: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4219: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4220: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4221: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4222: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4223: type confusion vulnerability that could lead to code
execution
- CVE-2016-4224: type confusion vulnerability that could lead to code
execution
- CVE-2016-4225: type confusion vulnerability that could lead to code
execution
- CVE-2016-4226: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4227: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4228: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4229: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4230: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4231: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4232: memory leak vulnerability
- CVE-2016-4233: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4234: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4235: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4236: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4237: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4238: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4239: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4240: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4241: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4242: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4243: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4244: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4245: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4246: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4247: race condition vulnerability that could lead to
information disclosure
- CVE-2016-4248: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4249: heap buffer overflow vulnerability that could lead to
code execution
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP1:
zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1073=1
- SUSE Linux Enterprise Desktop 12-SP1:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1073=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64):
flash-player-11.2.202.632-136.1
flash-player-gnome-11.2.202.632-136.1
- SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
flash-player-11.2.202.632-136.1
flash-player-gnome-11.2.202.632-136.1
References:
https://www.suse.com/security/cve/CVE-2016-4172.html
https://www.suse.com/security/cve/CVE-2016-4173.html
https://www.suse.com/security/cve/CVE-2016-4174.html
https://www.suse.com/security/cve/CVE-2016-4175.html
https://www.suse.com/security/cve/CVE-2016-4176.html
https://www.suse.com/security/cve/CVE-2016-4177.html
https://www.suse.com/security/cve/CVE-2016-4178.html
https://www.suse.com/security/cve/CVE-2016-4179.html
https://www.suse.com/security/cve/CVE-2016-4180.html
https://www.suse.com/security/cve/CVE-2016-4181.html
https://www.suse.com/security/cve/CVE-2016-4182.html
https://www.suse.com/security/cve/CVE-2016-4183.html
https://www.suse.com/security/cve/CVE-2016-4184.html
https://www.suse.com/security/cve/CVE-2016-4185.html
https://www.suse.com/security/cve/CVE-2016-4186.html
https://www.suse.com/security/cve/CVE-2016-4187.html
https://www.suse.com/security/cve/CVE-2016-4188.html
https://www.suse.com/security/cve/CVE-2016-4189.html
https://www.suse.com/security/cve/CVE-2016-4190.html
https://www.suse.com/security/cve/CVE-2016-4217.html
https://www.suse.com/security/cve/CVE-2016-4218.html
https://www.suse.com/security/cve/CVE-2016-4219.html
https://www.suse.com/security/cve/CVE-2016-4220.html
https://www.suse.com/security/cve/CVE-2016-4221.html
https://www.suse.com/security/cve/CVE-2016-4222.html
https://www.suse.com/security/cve/CVE-2016-4223.html
https://www.suse.com/security/cve/CVE-2016-4224.html
https://www.suse.com/security/cve/CVE-2016-4225.html
https://www.suse.com/security/cve/CVE-2016-4226.html
https://www.suse.com/security/cve/CVE-2016-4227.html
https://www.suse.com/security/cve/CVE-2016-4228.html
https://www.suse.com/security/cve/CVE-2016-4229.html
https://www.suse.com/security/cve/CVE-2016-4230.html
https://www.suse.com/security/cve/CVE-2016-4231.html
https://www.suse.com/security/cve/CVE-2016-4232.html
https://www.suse.com/security/cve/CVE-2016-4233.html
https://www.suse.com/security/cve/CVE-2016-4234.html
https://www.suse.com/security/cve/CVE-2016-4235.html
https://www.suse.com/security/cve/CVE-2016-4236.html
https://www.suse.com/security/cve/CVE-2016-4237.html
https://www.suse.com/security/cve/CVE-2016-4238.html
https://www.suse.com/security/cve/CVE-2016-4239.html
https://www.suse.com/security/cve/CVE-2016-4240.html
https://www.suse.com/security/cve/CVE-2016-4241.html
https://www.suse.com/security/cve/CVE-2016-4242.html
https://www.suse.com/security/cve/CVE-2016-4243.html
https://www.suse.com/security/cve/CVE-2016-4244.html
https://www.suse.com/security/cve/CVE-2016-4245.html
https://www.suse.com/security/cve/CVE-2016-4246.html
https://www.suse.com/security/cve/CVE-2016-4247.html
https://www.suse.com/security/cve/CVE-2016-4248.html
https://www.suse.com/security/cve/CVE-2016-4249.html
https://bugzilla.suse.com/988579
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2016:1802-1: important: Security update for flash-player
by opensuse-security@opensuse.org 14 Jul '16
by opensuse-security@opensuse.org 14 Jul '16
14 Jul '16
openSUSE Security Update: Security update for flash-player
______________________________________________________________________________
Announcement ID: openSUSE-SU-2016:1802-1
Rating: important
References: #988579
Cross-References: CVE-2016-4172 CVE-2016-4173 CVE-2016-4174
CVE-2016-4175 CVE-2016-4176 CVE-2016-4177
CVE-2016-4178 CVE-2016-4179 CVE-2016-4180
CVE-2016-4181 CVE-2016-4182 CVE-2016-4183
CVE-2016-4184 CVE-2016-4185 CVE-2016-4186
CVE-2016-4187 CVE-2016-4188 CVE-2016-4189
CVE-2016-4190 CVE-2016-4217 CVE-2016-4218
CVE-2016-4219 CVE-2016-4220 CVE-2016-4221
CVE-2016-4222 CVE-2016-4223 CVE-2016-4224
CVE-2016-4225 CVE-2016-4226 CVE-2016-4227
CVE-2016-4228 CVE-2016-4229 CVE-2016-4230
CVE-2016-4231 CVE-2016-4232 CVE-2016-4233
CVE-2016-4234 CVE-2016-4235 CVE-2016-4236
CVE-2016-4237 CVE-2016-4238 CVE-2016-4239
CVE-2016-4240 CVE-2016-4241 CVE-2016-4242
CVE-2016-4243 CVE-2016-4244 CVE-2016-4245
CVE-2016-4246 CVE-2016-4247 CVE-2016-4248
CVE-2016-4249
Affected Products:
openSUSE 13.1 NonFree
______________________________________________________________________________
An update that fixes 52 vulnerabilities is now available.
Description:
Adobe Flash Player was updated to 11.2.202.632 to fix many security issues
tracked under the upstream advisory APSB16-25, allowing remote attackers
to execute arbitrary code when delivering specially crafted Flash content.
The following vulnerabilities were fixed:
- CVE-2016-4172: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4173: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4174: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4175: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4176: stack corruption vulnerability that could lead to code
execution
- CVE-2016-4177: stack corruption vulnerability that could lead to code
execution
- CVE-2016-4178: security bypass vulnerability that could lead to
information disclosure
- CVE-2016-4179: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4180: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4181: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4182: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4183: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4184: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4185: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4186: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4187: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4188: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4189: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4190: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4217: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4218: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4219: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4220: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4221: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4222: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4223: type confusion vulnerability that could lead to code
execution
- CVE-2016-4224: type confusion vulnerability that could lead to code
execution
- CVE-2016-4225: type confusion vulnerability that could lead to code
execution
- CVE-2016-4226: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4227: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4228: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4229: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4230: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4231: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4232: memory leak vulnerability
- CVE-2016-4233: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4234: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4235: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4236: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4237: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4238: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4239: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4240: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4241: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4242: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4243: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4244: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4245: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4246: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4247: race condition vulnerability that could lead to
information disclosure
- CVE-2016-4248: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4249: heap buffer overflow vulnerability that could lead to
code execution
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1 NonFree:
zypper in -t patch 2016-870=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 NonFree (i586 x86_64):
flash-player-11.2.202.632-168.1
flash-player-gnome-11.2.202.632-168.1
flash-player-kde4-11.2.202.632-168.1
References:
https://www.suse.com/security/cve/CVE-2016-4172.html
https://www.suse.com/security/cve/CVE-2016-4173.html
https://www.suse.com/security/cve/CVE-2016-4174.html
https://www.suse.com/security/cve/CVE-2016-4175.html
https://www.suse.com/security/cve/CVE-2016-4176.html
https://www.suse.com/security/cve/CVE-2016-4177.html
https://www.suse.com/security/cve/CVE-2016-4178.html
https://www.suse.com/security/cve/CVE-2016-4179.html
https://www.suse.com/security/cve/CVE-2016-4180.html
https://www.suse.com/security/cve/CVE-2016-4181.html
https://www.suse.com/security/cve/CVE-2016-4182.html
https://www.suse.com/security/cve/CVE-2016-4183.html
https://www.suse.com/security/cve/CVE-2016-4184.html
https://www.suse.com/security/cve/CVE-2016-4185.html
https://www.suse.com/security/cve/CVE-2016-4186.html
https://www.suse.com/security/cve/CVE-2016-4187.html
https://www.suse.com/security/cve/CVE-2016-4188.html
https://www.suse.com/security/cve/CVE-2016-4189.html
https://www.suse.com/security/cve/CVE-2016-4190.html
https://www.suse.com/security/cve/CVE-2016-4217.html
https://www.suse.com/security/cve/CVE-2016-4218.html
https://www.suse.com/security/cve/CVE-2016-4219.html
https://www.suse.com/security/cve/CVE-2016-4220.html
https://www.suse.com/security/cve/CVE-2016-4221.html
https://www.suse.com/security/cve/CVE-2016-4222.html
https://www.suse.com/security/cve/CVE-2016-4223.html
https://www.suse.com/security/cve/CVE-2016-4224.html
https://www.suse.com/security/cve/CVE-2016-4225.html
https://www.suse.com/security/cve/CVE-2016-4226.html
https://www.suse.com/security/cve/CVE-2016-4227.html
https://www.suse.com/security/cve/CVE-2016-4228.html
https://www.suse.com/security/cve/CVE-2016-4229.html
https://www.suse.com/security/cve/CVE-2016-4230.html
https://www.suse.com/security/cve/CVE-2016-4231.html
https://www.suse.com/security/cve/CVE-2016-4232.html
https://www.suse.com/security/cve/CVE-2016-4233.html
https://www.suse.com/security/cve/CVE-2016-4234.html
https://www.suse.com/security/cve/CVE-2016-4235.html
https://www.suse.com/security/cve/CVE-2016-4236.html
https://www.suse.com/security/cve/CVE-2016-4237.html
https://www.suse.com/security/cve/CVE-2016-4238.html
https://www.suse.com/security/cve/CVE-2016-4239.html
https://www.suse.com/security/cve/CVE-2016-4240.html
https://www.suse.com/security/cve/CVE-2016-4241.html
https://www.suse.com/security/cve/CVE-2016-4242.html
https://www.suse.com/security/cve/CVE-2016-4243.html
https://www.suse.com/security/cve/CVE-2016-4244.html
https://www.suse.com/security/cve/CVE-2016-4245.html
https://www.suse.com/security/cve/CVE-2016-4246.html
https://www.suse.com/security/cve/CVE-2016-4247.html
https://www.suse.com/security/cve/CVE-2016-4248.html
https://www.suse.com/security/cve/CVE-2016-4249.html
https://bugzilla.suse.com/988579
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2016:1799-1: important: Security update for MozillaFirefox, MozillaFirefox-branding-SLE and mozilla-nss
by opensuse-security@opensuse.org 14 Jul '16
by opensuse-security@opensuse.org 14 Jul '16
14 Jul '16
SUSE Security Update: Security update for MozillaFirefox, MozillaFirefox-branding-SLE and mozilla-nss
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:1799-1
Rating: important
References: #983549 #983638 #983639 #983643 #983646 #983651
#983652 #983653 #983655 #984006 #985659
Cross-References: CVE-2016-2815 CVE-2016-2818 CVE-2016-2819
CVE-2016-2821 CVE-2016-2822 CVE-2016-2824
CVE-2016-2828 CVE-2016-2831 CVE-2016-2834
Affected Products:
SUSE OpenStack Cloud 5
SUSE Manager Proxy 2.1
SUSE Manager 2.1
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-SP3-LTSS
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that solves 9 vulnerabilities and has two fixes
is now available.
Description:
MozillaFirefox, MozillaFirefox-branding-SLE and mozilla-nss were updated
to fix nine security issues.
MozillaFirefox was updated to version 45.2.0 ESR. mozilla-nss was updated
to version 3.21.1.
These security issues were fixed:
- CVE-2016-2834: Memory safety bugs in NSS (MFSA 2016-61) (bsc#983639).
- CVE-2016-2824: Out-of-bounds write with WebGL shader (MFSA 2016-53)
(bsc#983651).
- CVE-2016-2822: Addressbar spoofing though the SELECT element (MFSA
2016-52) (bsc#983652).
- CVE-2016-2821: Use-after-free deleting tables from a contenteditable
document (MFSA 2016-51) (bsc#983653).
- CVE-2016-2819: Buffer overflow parsing HTML5 fragments (MFSA 2016-50)
(bsc#983655).
- CVE-2016-2828: Use-after-free when textures are used in WebGL operations
after recycle pool destruction (MFSA 2016-56) (bsc#983646).
- CVE-2016-2831: Entering fullscreen and persistent pointerlock without
user permission (MFSA 2016-58) (bsc#983643).
- CVE-2016-2815, CVE-2016-2818: Miscellaneous memory safety hazards (MFSA
2016-49) (bsc#983638)
These non-security issues were fixed:
- Fix crashes on aarch64
* Determine page size at runtime (bsc#984006)
* Allow aarch64 to work in safe mode (bsc#985659)
- Fix crashes on mainframes
All extensions must now be signed by addons.mozilla.org. Please read
README.SUSE for more details.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud 5:
zypper in -t patch sleclo50sp3-MozillaFirefox-12649=1
- SUSE Manager Proxy 2.1:
zypper in -t patch slemap21-MozillaFirefox-12649=1
- SUSE Manager 2.1:
zypper in -t patch sleman21-MozillaFirefox-12649=1
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-MozillaFirefox-12649=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-MozillaFirefox-12649=1
- SUSE Linux Enterprise Server 11-SP3-LTSS:
zypper in -t patch slessp3-MozillaFirefox-12649=1
- SUSE Linux Enterprise Point of Sale 11-SP3:
zypper in -t patch sleposp3-MozillaFirefox-12649=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-MozillaFirefox-12649=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE OpenStack Cloud 5 (x86_64):
MozillaFirefox-45.2.0esr-45.2
MozillaFirefox-branding-SLED-45.0-23.10
MozillaFirefox-translations-45.2.0esr-45.2
firefox-fontconfig-2.11.0-2.1
libfreebl3-3.21.1-35.1
libfreebl3-32bit-3.21.1-35.1
libsoftokn3-3.21.1-35.1
libsoftokn3-32bit-3.21.1-35.1
mozilla-nspr-32bit-4.12-29.1
mozilla-nspr-4.12-29.1
mozilla-nss-3.21.1-35.1
mozilla-nss-32bit-3.21.1-35.1
mozilla-nss-tools-3.21.1-35.1
- SUSE Manager Proxy 2.1 (x86_64):
MozillaFirefox-45.2.0esr-45.2
MozillaFirefox-branding-SLED-45.0-23.10
MozillaFirefox-translations-45.2.0esr-45.2
firefox-fontconfig-2.11.0-2.1
libfreebl3-3.21.1-35.1
libfreebl3-32bit-3.21.1-35.1
libsoftokn3-3.21.1-35.1
libsoftokn3-32bit-3.21.1-35.1
mozilla-nspr-32bit-4.12-29.1
mozilla-nspr-4.12-29.1
mozilla-nss-3.21.1-35.1
mozilla-nss-32bit-3.21.1-35.1
mozilla-nss-tools-3.21.1-35.1
- SUSE Manager 2.1 (s390x x86_64):
MozillaFirefox-45.2.0esr-45.2
MozillaFirefox-branding-SLED-45.0-23.10
MozillaFirefox-translations-45.2.0esr-45.2
firefox-fontconfig-2.11.0-2.1
libfreebl3-3.21.1-35.1
libfreebl3-32bit-3.21.1-35.1
libsoftokn3-3.21.1-35.1
libsoftokn3-32bit-3.21.1-35.1
mozilla-nspr-32bit-4.12-29.1
mozilla-nspr-4.12-29.1
mozilla-nss-3.21.1-35.1
mozilla-nss-32bit-3.21.1-35.1
mozilla-nss-tools-3.21.1-35.1
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):
MozillaFirefox-devel-45.2.0esr-45.2
firefox-fontconfig-devel-2.11.0-2.1
mozilla-nspr-devel-4.12-29.1
mozilla-nss-devel-3.21.1-35.1
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
MozillaFirefox-45.2.0esr-45.2
MozillaFirefox-branding-SLED-45.0-23.10
MozillaFirefox-translations-45.2.0esr-45.2
firefox-fontconfig-2.11.0-2.1
libfreebl3-3.21.1-35.1
libsoftokn3-3.21.1-35.1
mozilla-nspr-4.12-29.1
mozilla-nss-3.21.1-35.1
mozilla-nss-tools-3.21.1-35.1
- SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64):
libfreebl3-32bit-3.21.1-35.1
libsoftokn3-32bit-3.21.1-35.1
mozilla-nspr-32bit-4.12-29.1
mozilla-nss-32bit-3.21.1-35.1
- SUSE Linux Enterprise Server 11-SP4 (ia64):
libfreebl3-x86-3.21.1-35.1
libsoftokn3-x86-3.21.1-35.1
mozilla-nspr-x86-4.12-29.1
mozilla-nss-x86-3.21.1-35.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):
MozillaFirefox-45.2.0esr-45.2
MozillaFirefox-branding-SLED-45.0-23.10
MozillaFirefox-translations-45.2.0esr-45.2
firefox-fontconfig-2.11.0-2.1
libfreebl3-3.21.1-35.1
libsoftokn3-3.21.1-35.1
mozilla-nspr-4.12-29.1
mozilla-nss-3.21.1-35.1
mozilla-nss-tools-3.21.1-35.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64):
libfreebl3-32bit-3.21.1-35.1
libsoftokn3-32bit-3.21.1-35.1
mozilla-nspr-32bit-4.12-29.1
mozilla-nss-32bit-3.21.1-35.1
- SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
MozillaFirefox-45.2.0esr-45.2
MozillaFirefox-branding-SLED-45.0-23.10
MozillaFirefox-translations-45.2.0esr-45.2
firefox-fontconfig-2.11.0-2.1
libfreebl3-3.21.1-35.1
libsoftokn3-3.21.1-35.1
mozilla-nspr-4.12-29.1
mozilla-nss-3.21.1-35.1
mozilla-nss-tools-3.21.1-35.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
MozillaFirefox-debuginfo-45.2.0esr-45.2
MozillaFirefox-debugsource-45.2.0esr-45.2
firefox-fontconfig-debuginfo-2.11.0-2.1
firefox-fontconfig-debugsource-2.11.0-2.1
mozilla-nspr-debuginfo-4.12-29.1
mozilla-nspr-debugsource-4.12-29.1
mozilla-nss-debuginfo-3.21.1-35.1
mozilla-nss-debugsource-3.21.1-35.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64):
mozilla-nspr-debuginfo-32bit-4.12-29.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (ia64):
mozilla-nspr-debuginfo-x86-4.12-29.1
References:
https://www.suse.com/security/cve/CVE-2016-2815.html
https://www.suse.com/security/cve/CVE-2016-2818.html
https://www.suse.com/security/cve/CVE-2016-2819.html
https://www.suse.com/security/cve/CVE-2016-2821.html
https://www.suse.com/security/cve/CVE-2016-2822.html
https://www.suse.com/security/cve/CVE-2016-2824.html
https://www.suse.com/security/cve/CVE-2016-2828.html
https://www.suse.com/security/cve/CVE-2016-2831.html
https://www.suse.com/security/cve/CVE-2016-2834.html
https://bugzilla.suse.com/983549
https://bugzilla.suse.com/983638
https://bugzilla.suse.com/983639
https://bugzilla.suse.com/983643
https://bugzilla.suse.com/983646
https://bugzilla.suse.com/983651
https://bugzilla.suse.com/983652
https://bugzilla.suse.com/983653
https://bugzilla.suse.com/983655
https://bugzilla.suse.com/984006
https://bugzilla.suse.com/985659
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2016:1798-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 14 Jul '16
by opensuse-security@opensuse.org 14 Jul '16
14 Jul '16
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2016:1798-1
Rating: important
References: #970114 #970275 #978469 #980265 #983977 #984755
#986362 #986530 #986572
Cross-References: CVE-2016-4470 CVE-2016-4794 CVE-2016-4997
CVE-2016-5829
Affected Products:
openSUSE Leap 42.1
______________________________________________________________________________
An update that solves four vulnerabilities and has 5 fixes
is now available.
Description:
The openSUSE Leap 42.1 was updated to 4.1.27 to receive various security
and bugfixes.
The following security bugs were fixed:
- CVE-2016-4997: A buffer overflow in 32bit compat_setsockopt iptables
handling could lead to a local privilege escalation. (bsc#986362)
- CVE-2016-5829: Multiple heap-based buffer overflows in the
hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux
kernel allow local users to cause a denial of service or possibly have
unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)
HIDIOCSUSAGES ioctl call (bnc#986572).
- CVE-2016-4470: The key_reject_and_link function in security/keys/key.c
in the Linux kernel did not ensure that a certain data structure is
initialized, which allowed local users to cause a denial of service
(system crash) via vectors involving a crafted keyctl request2 command
(bnc#984755).
- CVE-2016-4794: Use-after-free vulnerability in mm/percpu.c in the Linux
kernel allowed local users to cause a denial of service (BUG)
or possibly have unspecified other impact via crafted use of the mmap
and bpf system calls (bnc#980265).
The following non-security bugs were fixed:
- Refresh patches.xen/xen-netback-coalesce: Restore copying of SKBs with
head exceeding page size (bsc#978469).
- Refresh patches.xen/xen3-patch-2.6.26 (fix PAT initialization).
- Refresh patches.xen/xen3-patch-2.6.39 (fix ia32_compat inheritance).
- Refresh patches.xen/xen3-patch-3.14: Suppress atomic file position
updates for /proc/xen/xenbus (bsc#970275).
- Refresh patches.xen/xen3-patch-3.16 (drop redundant addition of a
comment).
- Refresh patches.xen/xen3-patch-4.1.7-8.
- base: make module_create_drivers_dir race-free (bnc#983977).
- ipvs: count pre-established TCP states as active (bsc#970114).
- net: thunderx: Fix TL4 configuration for secondary Qsets (bsc#986530).
- net: thunderx: Fix link status reporting (bsc#986530).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.1:
zypper in -t patch openSUSE-2016-869=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.1 (i686 x86_64):
kernel-debug-4.1.27-24.1
kernel-debug-base-4.1.27-24.1
kernel-debug-base-debuginfo-4.1.27-24.1
kernel-debug-debuginfo-4.1.27-24.1
kernel-debug-debugsource-4.1.27-24.1
kernel-debug-devel-4.1.27-24.1
kernel-debug-devel-debuginfo-4.1.27-24.1
kernel-ec2-4.1.27-24.1
kernel-ec2-base-4.1.27-24.1
kernel-ec2-base-debuginfo-4.1.27-24.1
kernel-ec2-debuginfo-4.1.27-24.1
kernel-ec2-debugsource-4.1.27-24.1
kernel-ec2-devel-4.1.27-24.1
kernel-pv-4.1.27-24.1
kernel-pv-base-4.1.27-24.1
kernel-pv-base-debuginfo-4.1.27-24.1
kernel-pv-debuginfo-4.1.27-24.1
kernel-pv-debugsource-4.1.27-24.1
kernel-pv-devel-4.1.27-24.1
kernel-vanilla-4.1.27-24.1
kernel-vanilla-debuginfo-4.1.27-24.1
kernel-vanilla-debugsource-4.1.27-24.1
kernel-vanilla-devel-4.1.27-24.1
kernel-xen-4.1.27-24.1
kernel-xen-base-4.1.27-24.1
kernel-xen-base-debuginfo-4.1.27-24.1
kernel-xen-debuginfo-4.1.27-24.1
kernel-xen-debugsource-4.1.27-24.1
kernel-xen-devel-4.1.27-24.1
- openSUSE Leap 42.1 (i586 x86_64):
kernel-default-4.1.27-24.1
kernel-default-base-4.1.27-24.1
kernel-default-base-debuginfo-4.1.27-24.1
kernel-default-debuginfo-4.1.27-24.1
kernel-default-debugsource-4.1.27-24.1
kernel-default-devel-4.1.27-24.1
kernel-obs-build-4.1.27-24.2
kernel-obs-build-debugsource-4.1.27-24.2
kernel-obs-qa-4.1.27-24.1
kernel-obs-qa-xen-4.1.27-24.1
kernel-syms-4.1.27-24.1
- openSUSE Leap 42.1 (noarch):
kernel-devel-4.1.27-24.1
kernel-docs-4.1.27-24.2
kernel-docs-html-4.1.27-24.2
kernel-docs-pdf-4.1.27-24.2
kernel-macros-4.1.27-24.1
kernel-source-4.1.27-24.1
kernel-source-vanilla-4.1.27-24.1
- openSUSE Leap 42.1 (i686):
kernel-pae-4.1.27-24.1
kernel-pae-base-4.1.27-24.1
kernel-pae-base-debuginfo-4.1.27-24.1
kernel-pae-debuginfo-4.1.27-24.1
kernel-pae-debugsource-4.1.27-24.1
kernel-pae-devel-4.1.27-24.1
References:
https://www.suse.com/security/cve/CVE-2016-4470.html
https://www.suse.com/security/cve/CVE-2016-4794.html
https://www.suse.com/security/cve/CVE-2016-4997.html
https://www.suse.com/security/cve/CVE-2016-5829.html
https://bugzilla.suse.com/970114
https://bugzilla.suse.com/970275
https://bugzilla.suse.com/978469
https://bugzilla.suse.com/980265
https://bugzilla.suse.com/983977
https://bugzilla.suse.com/984755
https://bugzilla.suse.com/986362
https://bugzilla.suse.com/986530
https://bugzilla.suse.com/986572
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2016:1795-1: important: Security update for flash-player
by opensuse-security@opensuse.org 13 Jul '16
by opensuse-security@opensuse.org 13 Jul '16
13 Jul '16
openSUSE Security Update: Security update for flash-player
______________________________________________________________________________
Announcement ID: openSUSE-SU-2016:1795-1
Rating: important
References: #988579
Cross-References: CVE-2016-4172 CVE-2016-4173 CVE-2016-4174
CVE-2016-4175 CVE-2016-4176 CVE-2016-4177
CVE-2016-4178 CVE-2016-4179 CVE-2016-4180
CVE-2016-4181 CVE-2016-4182 CVE-2016-4183
CVE-2016-4184 CVE-2016-4185 CVE-2016-4186
CVE-2016-4187 CVE-2016-4188 CVE-2016-4189
CVE-2016-4190 CVE-2016-4217 CVE-2016-4218
CVE-2016-4219 CVE-2016-4220 CVE-2016-4221
CVE-2016-4222 CVE-2016-4223 CVE-2016-4224
CVE-2016-4225 CVE-2016-4226 CVE-2016-4227
CVE-2016-4228 CVE-2016-4229 CVE-2016-4230
CVE-2016-4231 CVE-2016-4232 CVE-2016-4233
CVE-2016-4234 CVE-2016-4235 CVE-2016-4236
CVE-2016-4237 CVE-2016-4238 CVE-2016-4239
CVE-2016-4240 CVE-2016-4241 CVE-2016-4242
CVE-2016-4243 CVE-2016-4244 CVE-2016-4245
CVE-2016-4246 CVE-2016-4247 CVE-2016-4248
CVE-2016-4249
Affected Products:
openSUSE 13.2 NonFree
______________________________________________________________________________
An update that fixes 52 vulnerabilities is now available.
Description:
Adobe Flash Player was updated to 11.2.202.632 to fix many security issues
tracked under the upstream advisory APSB16-25, allowing remote attackers
to execute arbitrary code when delivering specially crafted Flash content.
The following vulnerabilities were fixed:
- CVE-2016-4172: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4173: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4174: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4175: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4176: stack corruption vulnerability that could lead to code
execution
- CVE-2016-4177: stack corruption vulnerability that could lead to code
execution
- CVE-2016-4178: security bypass vulnerability that could lead to
information disclosure
- CVE-2016-4179: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4180: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4181: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4182: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4183: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4184: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4185: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4186: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4187: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4188: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4189: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4190: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4217: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4218: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4219: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4220: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4221: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4222: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4223: type confusion vulnerability that could lead to code
execution
- CVE-2016-4224: type confusion vulnerability that could lead to code
execution
- CVE-2016-4225: type confusion vulnerability that could lead to code
execution
- CVE-2016-4226: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4227: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4228: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4229: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4230: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4231: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4232: memory leak vulnerability
- CVE-2016-4233: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4234: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4235: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4236: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4237: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4238: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4239: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4240: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4241: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4242: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4243: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4244: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4245: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4246: memory corruption vulnerability that could lead to code
execution
- CVE-2016-4247: race condition vulnerability that could lead to
information disclosure
- CVE-2016-4248: use-after-free vulnerability that could lead to code
execution
- CVE-2016-4249: heap buffer overflow vulnerability that could lead to
code execution
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.2 NonFree:
zypper in -t patch openSUSE-2016-866=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.2 NonFree (i586 x86_64):
flash-player-11.2.202.632-2.103.1
flash-player-gnome-11.2.202.632-2.103.1
flash-player-kde4-11.2.202.632-2.103.1
References:
https://www.suse.com/security/cve/CVE-2016-4172.html
https://www.suse.com/security/cve/CVE-2016-4173.html
https://www.suse.com/security/cve/CVE-2016-4174.html
https://www.suse.com/security/cve/CVE-2016-4175.html
https://www.suse.com/security/cve/CVE-2016-4176.html
https://www.suse.com/security/cve/CVE-2016-4177.html
https://www.suse.com/security/cve/CVE-2016-4178.html
https://www.suse.com/security/cve/CVE-2016-4179.html
https://www.suse.com/security/cve/CVE-2016-4180.html
https://www.suse.com/security/cve/CVE-2016-4181.html
https://www.suse.com/security/cve/CVE-2016-4182.html
https://www.suse.com/security/cve/CVE-2016-4183.html
https://www.suse.com/security/cve/CVE-2016-4184.html
https://www.suse.com/security/cve/CVE-2016-4185.html
https://www.suse.com/security/cve/CVE-2016-4186.html
https://www.suse.com/security/cve/CVE-2016-4187.html
https://www.suse.com/security/cve/CVE-2016-4188.html
https://www.suse.com/security/cve/CVE-2016-4189.html
https://www.suse.com/security/cve/CVE-2016-4190.html
https://www.suse.com/security/cve/CVE-2016-4217.html
https://www.suse.com/security/cve/CVE-2016-4218.html
https://www.suse.com/security/cve/CVE-2016-4219.html
https://www.suse.com/security/cve/CVE-2016-4220.html
https://www.suse.com/security/cve/CVE-2016-4221.html
https://www.suse.com/security/cve/CVE-2016-4222.html
https://www.suse.com/security/cve/CVE-2016-4223.html
https://www.suse.com/security/cve/CVE-2016-4224.html
https://www.suse.com/security/cve/CVE-2016-4225.html
https://www.suse.com/security/cve/CVE-2016-4226.html
https://www.suse.com/security/cve/CVE-2016-4227.html
https://www.suse.com/security/cve/CVE-2016-4228.html
https://www.suse.com/security/cve/CVE-2016-4229.html
https://www.suse.com/security/cve/CVE-2016-4230.html
https://www.suse.com/security/cve/CVE-2016-4231.html
https://www.suse.com/security/cve/CVE-2016-4232.html
https://www.suse.com/security/cve/CVE-2016-4233.html
https://www.suse.com/security/cve/CVE-2016-4234.html
https://www.suse.com/security/cve/CVE-2016-4235.html
https://www.suse.com/security/cve/CVE-2016-4236.html
https://www.suse.com/security/cve/CVE-2016-4237.html
https://www.suse.com/security/cve/CVE-2016-4238.html
https://www.suse.com/security/cve/CVE-2016-4239.html
https://www.suse.com/security/cve/CVE-2016-4240.html
https://www.suse.com/security/cve/CVE-2016-4241.html
https://www.suse.com/security/cve/CVE-2016-4242.html
https://www.suse.com/security/cve/CVE-2016-4243.html
https://www.suse.com/security/cve/CVE-2016-4244.html
https://www.suse.com/security/cve/CVE-2016-4245.html
https://www.suse.com/security/cve/CVE-2016-4246.html
https://www.suse.com/security/cve/CVE-2016-4247.html
https://www.suse.com/security/cve/CVE-2016-4248.html
https://www.suse.com/security/cve/CVE-2016-4249.html
https://bugzilla.suse.com/988579
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2016:1785-1: important: Security update for kvm
by opensuse-security@opensuse.org 11 Jul '16
by opensuse-security@opensuse.org 11 Jul '16
11 Jul '16
SUSE Security Update: Security update for kvm
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:1785-1
Rating: important
References: #895528 #901508 #928393 #934069 #936132 #940929
#944463 #945404 #945987 #945989 #947159 #958491
#958917 #959005 #960334 #960725 #961332 #961333
#961358 #961556 #961691 #962320 #963782 #964413
#967969 #969350 #970036 #970037 #975128 #975136
#975700 #976109 #978158 #978160 #980711 #980723
Cross-References: CVE-2014-3615 CVE-2014-3689 CVE-2014-9718
CVE-2015-3214 CVE-2015-5239 CVE-2015-5278
CVE-2015-5279 CVE-2015-5745 CVE-2015-6855
CVE-2015-7295 CVE-2015-7549 CVE-2015-8504
CVE-2015-8558 CVE-2015-8613 CVE-2015-8619
CVE-2015-8743 CVE-2016-1568 CVE-2016-1714
CVE-2016-1922 CVE-2016-1981 CVE-2016-2198
CVE-2016-2538 CVE-2016-2841 CVE-2016-2857
CVE-2016-2858 CVE-2016-3710 CVE-2016-3712
CVE-2016-4001 CVE-2016-4002 CVE-2016-4020
CVE-2016-4037 CVE-2016-4439 CVE-2016-4441
Affected Products:
SUSE Linux Enterprise Server 11-SP4
______________________________________________________________________________
An update that solves 33 vulnerabilities and has three
fixes is now available.
Description:
kvm was updated to fix 33 security issues.
These security issues were fixed:
- CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711)
- CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723)
- CVE-2016-3710: Fixed VGA emulation based OOB access with potential for
guest escape (bsc#978158)
- CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit
(bsc#978160)
- CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109)
- CVE-2016-2538: Fixed potential OOB access in USB net device emulation
(bsc#967969)
- CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350)
- CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number
generator (bsc#970036)
- CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037)
- CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic
(bsc#975128)
- CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller
(bsc#975136)
- CVE-2016-4020: Fixed possible host data leakage to guest from TPR access
(bsc#975700)
- CVE-2015-3214: Fixed OOB read in i8254 PIC (bsc#934069)
- CVE-2014-9718: Fixed the handling of malformed or short ide PRDTs to
avoid any opportunity for guest to cause DoS by abusing that interface
(bsc#928393)
- CVE-2014-3689: Fixed insufficient parameter validation in rectangle
functions (bsc#901508)
- CVE-2014-3615: The VGA emulator in QEMU allowed local guest users to
read host memory by setting the display to a high resolution
(bsc#895528).
- CVE-2015-5239: Integer overflow in vnc_client_read() and
protocol_client_msg() (bsc#944463).
- CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989).
- CVE-2015-5279: Heap-based buffer overflow in the ne2000_receive function
in hw/net/ne2000.c in QEMU allowed guest OS users to cause a denial of
service (instance crash) or possibly execute arbitrary code via vectors
related to receiving packets (bsc#945987).
- CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929).
- CVE-2015-6855: hw/ide/core.c in QEMU did not properly restrict the
commands accepted by an ATAPI device, which allowed guest users to cause
a denial of service or possibly have unspecified other impact via
certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command
to an empty drive, which triggers a divide-by-zero error and instance
crash (bsc#945404).
- CVE-2015-7295: hw/virtio/virtio.c in the Virtual Network Device
(virtio-net) support in QEMU, when big or mergeable receive buffers are
not supported, allowed remote attackers to cause a denial of service
(guest network consumption) via a flood of jumbo frames on the (1)
tuntap or (2) macvtap interface (bsc#947159).
- CVE-2015-7549: PCI null pointer dereferences (bsc#958917).
- CVE-2015-8504: VNC floating point exception (bsc#958491).
- CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS
(bsc#959005).
- CVE-2015-8613: Wrong sized memset in megasas command handler
(bsc#961358).
- CVE-2015-8619: Potential DoS for long HMP sendkey command argument
(bsc#960334).
- CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions
(bsc#960725).
- CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332).
- CVE-2016-1714: Potential OOB memory access in processing firmware
configuration (bsc#961691).
- CVE-2016-1922: NULL pointer dereference when processing hmp i/o command
(bsc#962320).
- CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation
by malicious privileged user within guest (bsc#963782).
- CVE-2016-2198: Malicious privileged guest user were able to cause DoS by
writing to read-only EHCI capabilities registers (bsc#964413).
This non-security issue was fixed:
- Fix case of IDE interface needing busy status set before flush
(bsc#936132)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-kvm-12645=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11-SP4 (i586 s390x x86_64):
kvm-1.4.2-44.1
References:
https://www.suse.com/security/cve/CVE-2014-3615.html
https://www.suse.com/security/cve/CVE-2014-3689.html
https://www.suse.com/security/cve/CVE-2014-9718.html
https://www.suse.com/security/cve/CVE-2015-3214.html
https://www.suse.com/security/cve/CVE-2015-5239.html
https://www.suse.com/security/cve/CVE-2015-5278.html
https://www.suse.com/security/cve/CVE-2015-5279.html
https://www.suse.com/security/cve/CVE-2015-5745.html
https://www.suse.com/security/cve/CVE-2015-6855.html
https://www.suse.com/security/cve/CVE-2015-7295.html
https://www.suse.com/security/cve/CVE-2015-7549.html
https://www.suse.com/security/cve/CVE-2015-8504.html
https://www.suse.com/security/cve/CVE-2015-8558.html
https://www.suse.com/security/cve/CVE-2015-8613.html
https://www.suse.com/security/cve/CVE-2015-8619.html
https://www.suse.com/security/cve/CVE-2015-8743.html
https://www.suse.com/security/cve/CVE-2016-1568.html
https://www.suse.com/security/cve/CVE-2016-1714.html
https://www.suse.com/security/cve/CVE-2016-1922.html
https://www.suse.com/security/cve/CVE-2016-1981.html
https://www.suse.com/security/cve/CVE-2016-2198.html
https://www.suse.com/security/cve/CVE-2016-2538.html
https://www.suse.com/security/cve/CVE-2016-2841.html
https://www.suse.com/security/cve/CVE-2016-2857.html
https://www.suse.com/security/cve/CVE-2016-2858.html
https://www.suse.com/security/cve/CVE-2016-3710.html
https://www.suse.com/security/cve/CVE-2016-3712.html
https://www.suse.com/security/cve/CVE-2016-4001.html
https://www.suse.com/security/cve/CVE-2016-4002.html
https://www.suse.com/security/cve/CVE-2016-4020.html
https://www.suse.com/security/cve/CVE-2016-4037.html
https://www.suse.com/security/cve/CVE-2016-4439.html
https://www.suse.com/security/cve/CVE-2016-4441.html
https://bugzilla.suse.com/895528
https://bugzilla.suse.com/901508
https://bugzilla.suse.com/928393
https://bugzilla.suse.com/934069
https://bugzilla.suse.com/936132
https://bugzilla.suse.com/940929
https://bugzilla.suse.com/944463
https://bugzilla.suse.com/945404
https://bugzilla.suse.com/945987
https://bugzilla.suse.com/945989
https://bugzilla.suse.com/947159
https://bugzilla.suse.com/958491
https://bugzilla.suse.com/958917
https://bugzilla.suse.com/959005
https://bugzilla.suse.com/960334
https://bugzilla.suse.com/960725
https://bugzilla.suse.com/961332
https://bugzilla.suse.com/961333
https://bugzilla.suse.com/961358
https://bugzilla.suse.com/961556
https://bugzilla.suse.com/961691
https://bugzilla.suse.com/962320
https://bugzilla.suse.com/963782
https://bugzilla.suse.com/964413
https://bugzilla.suse.com/967969
https://bugzilla.suse.com/969350
https://bugzilla.suse.com/970036
https://bugzilla.suse.com/970037
https://bugzilla.suse.com/975128
https://bugzilla.suse.com/975136
https://bugzilla.suse.com/975700
https://bugzilla.suse.com/976109
https://bugzilla.suse.com/978158
https://bugzilla.suse.com/978160
https://bugzilla.suse.com/980711
https://bugzilla.suse.com/980723
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2016:1784-1: important: Security update for ImageMagick
by opensuse-security@opensuse.org 11 Jul '16
by opensuse-security@opensuse.org 11 Jul '16
11 Jul '16
SUSE Security Update: Security update for ImageMagick
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:1784-1
Rating: important
References: #983232 #983234 #983253 #983259 #983292 #983305
#983308 #983521 #983523 #983527 #983533 #983739
#983746 #983752 #983774 #983794 #983796 #983799
#983803 #984014 #984018 #984023 #984028 #984032
#984035 #984135 #984137 #984142 #984144 #984145
#984149 #984150 #984160 #984166 #984172 #984179
#984181 #984183 #984184 #984185 #984186 #984187
#984191 #984193 #984370 #984372 #984373 #984374
#984375 #984379 #984394 #984398 #984400 #984401
#984404 #984406 #984408 #984409 #984427 #984433
#984436 #985442 #985448 #985451 #985456 #985460
#986608 #986609
Cross-References: CVE-2014-9805 CVE-2014-9806 CVE-2014-9807
CVE-2014-9808 CVE-2014-9809 CVE-2014-9810
CVE-2014-9811 CVE-2014-9812 CVE-2014-9813
CVE-2014-9814 CVE-2014-9815 CVE-2014-9816
CVE-2014-9817 CVE-2014-9818 CVE-2014-9819
CVE-2014-9820 CVE-2014-9821 CVE-2014-9822
CVE-2014-9823 CVE-2014-9824 CVE-2014-9825
CVE-2014-9826 CVE-2014-9828 CVE-2014-9829
CVE-2014-9830 CVE-2014-9831 CVE-2014-9832
CVE-2014-9833 CVE-2014-9834 CVE-2014-9835
CVE-2014-9836 CVE-2014-9837 CVE-2014-9838
CVE-2014-9839 CVE-2014-9840 CVE-2014-9841
CVE-2014-9842 CVE-2014-9843 CVE-2014-9844
CVE-2014-9845 CVE-2014-9846 CVE-2014-9847
CVE-2014-9848 CVE-2014-9849 CVE-2014-9850
CVE-2014-9851 CVE-2014-9852 CVE-2014-9853
CVE-2014-9854 CVE-2015-8894 CVE-2015-8895
CVE-2015-8896 CVE-2015-8897 CVE-2015-8898
CVE-2015-8900 CVE-2015-8901 CVE-2015-8902
CVE-2015-8903 CVE-2016-4562 CVE-2016-4563
CVE-2016-4564 CVE-2016-5687 CVE-2016-5688
CVE-2016-5689 CVE-2016-5690 CVE-2016-5691
CVE-2016-5841 CVE-2016-5842
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP1
SUSE Linux Enterprise Software Development Kit 12-SP1
SUSE Linux Enterprise Server 12-SP1
SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________
An update that fixes 68 vulnerabilities is now available.
Description:
ImageMagick was updated to fix 66 security issues.
These security issues were fixed:
- CVE-2014-9810: SEGV in dpx file handler. (bsc#983803).
- CVE-2014-9811: Crash in xwd file handler (bsc#984032).
- CVE-2014-9812: NULL pointer dereference in ps file handling (bsc#984137).
- CVE-2014-9813: Crash on corrupted viff file (bsc#984035).
- CVE-2014-9814: NULL pointer dereference in wpg file handling
(bsc#984193).
- CVE-2014-9815: Crash on corrupted wpg file (bsc#984372).
- CVE-2014-9816: Out of bound access in viff image (bsc#984398).
- CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400).
- CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181).
- CVE-2014-9819: Heap overflow in palm files (bsc#984142).
- CVE-2014-9830: Handling of corrupted sun file (bsc#984135).
- CVE-2014-9831: Handling of corrupted wpg file (bsc#984375).
- CVE-2014-9850: Incorrect thread limit logic (bsc#984149).
- CVE-2014-9851: Crash when parsing resource block (bsc#984160).
- CVE-2014-9852: Incorrect usage of object after it has been destroyed
(bsc#984191).
- CVE-2014-9853: Memory leak in rle file handling (bsc#984408).
- CVE-2015-8902: PDB file DoS (CPU consumption) (bsc#983253).
- CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259).
- CVE-2015-8900: HDR file DoS (endless loop) (bsc#983232).
- CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234).
- CVE-2016-5688: Various invalid memory reads in ImageMagick WPG
(bsc#985442).
- CVE-2014-9834: Heap overflow in pict file (bsc#984436).
- CVE-2014-9806: Prevent leak of file descriptor due to corrupted file.
(bsc#983774).
- CVE-2016-5687: Out of bounds read in DDS coder (bsc#985448).
- CVE-2014-9838: Out of memory crash in magick/cache.c (bsc#984370).
- CVE-2014-9854: Filling memory during identification of TIFF image
(bsc#984184).
- CVE-2015-8898: Prevent null pointer access in magick/constitute.c
(bsc#983746).
- CVE-2014-9833: Heap overflow in psd file (bsc#984406).
- CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523).
- CVE-2015-8895: Integer and Buffer overflow in coders/icon.c (bsc#983527).
- CVE-2015-8896: Double free / integer truncation issue in
coders/pict.c:2000 (bsc#983533).
- CVE-2015-8897: Out of bounds error in SpliceImage (bsc#983739).
- CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451).
- CVE-2016-5691: Checks for pixel.red/green/blue in dcm coder (bsc#985456).
- CVE-2014-9836: Crash in xpm file handling (bsc#984023).
- CVE-2014-9808: SEGV due to corrupted dpc images. (bsc#983796).
- CVE-2014-9821: Avoid heap overflow in pnm files. (bsc#984014).
- CVE-2014-9820: Heap overflow in xpm files (bsc#984150).
- CVE-2014-9823: Heap overflow in palm file (bsc#984401).
- CVE-2014-9822: Heap overflow in quantum file (bsc#984187).
- CVE-2014-9825: Heap overflow in corrupted psd file (bsc#984427).
- CVE-2014-9824: Heap overflow in psd file (bsc#984185).
- CVE-2014-9809: SEGV due to corrupted xwd images. (bsc#983799).
- CVE-2014-9826: Incorrect error handling in sun files (bsc#984186).
- CVE-2014-9843: Incorrect boundary checks in DecodePSDPixels (bsc#984179).
- CVE-2014-9842: Memory leak in psd handling (bsc#984374).
- CVE-2014-9841: Throwing of exceptions in psd handling (bsc#984172).
- CVE-2014-9840: Out of bound access in palm file (bsc#984433).
- CVE-2014-9847: Incorrect handling of "previous" image in the JNG decoder
(bsc#984144).
- CVE-2014-9846: Added checks to prevent overflow in rle file.
(bsc#983521).
- CVE-2014-9845: Crash due to corrupted dib file (bsc#984394).
- CVE-2014-9844: Out of bound issue in rle file (bsc#984373).
- CVE-2014-9849: Crash in png coder (bsc#984018).
- CVE-2014-9848: Memory leak in quantum management (bsc#984404).
- CVE-2014-9807: Double free in pdb coder. (bsc#983794).
- CVE-2014-9829: Out of bound access in sun file (bsc#984409).
- CVE-2014-9832: Heap overflow in pcx file (bsc#984183).
- CVE-2014-9805: SEGV due to a corrupted pnm file. (bsc#983752).
- CVE-2016-4564: The DrawImage function in MagickCore/draw.c in
ImageMagick made an incorrect function call in attempting to locate the
next token, which allowed remote attackers to cause a denial of service
(buffer overflow and application crash) or possibly have unspecified
other impact via a crafted file (bsc#983308).
- CVE-2016-4563: The TraceStrokePolygon function in MagickCore/draw.c in
ImageMagick mishandled the relationship between the BezierQuantum value
and certain strokes data, which allowed remote attackers to cause a
denial of service (buffer overflow and application crash) or possibly
have unspecified other impact via a crafted file (bsc#983305).
- CVE-2016-4562: The DrawDashPolygon function in MagickCore/draw.c in
ImageMagick mishandled calculations of certain vertices integer data,
which allowed remote attackers to cause a denial of service (buffer
overflow and application crash) or possibly have unspecified other
impact via a crafted file (bsc#983292).
- CVE-2014-9839: Theoretical out of bound access in
magick/colormap-private.h (bsc#984379).
- CVE-2016-5689: NULL ptr dereference in dcm coder (bsc#985460).
- CVE-2014-9837: Additional PNM sanity checks (bsc#984166).
- CVE-2014-9835: Heap overflow in wpf file (bsc#984145).
- CVE-2014-9828: Corrupted (too many colors) psd file (bsc#984028).
- CVE-2016-5841: Integer overflow could have read to RCE (bnc#986609).
- CVE-2016-5842: Out-of-bounds read in MagickCore/property.c:1396 could
have lead to memory leak (bnc#986608).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP1:
zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1041=1
- SUSE Linux Enterprise Software Development Kit 12-SP1:
zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1041=1
- SUSE Linux Enterprise Server 12-SP1:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1041=1
- SUSE Linux Enterprise Desktop 12-SP1:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1041=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64):
ImageMagick-6.8.8.1-30.2
ImageMagick-debuginfo-6.8.8.1-30.2
ImageMagick-debugsource-6.8.8.1-30.2
libMagick++-6_Q16-3-6.8.8.1-30.2
libMagick++-6_Q16-3-debuginfo-6.8.8.1-30.2
libMagickCore-6_Q16-1-32bit-6.8.8.1-30.2
libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-30.2
- SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):
ImageMagick-6.8.8.1-30.2
ImageMagick-debuginfo-6.8.8.1-30.2
ImageMagick-debugsource-6.8.8.1-30.2
ImageMagick-devel-6.8.8.1-30.2
libMagick++-6_Q16-3-6.8.8.1-30.2
libMagick++-6_Q16-3-debuginfo-6.8.8.1-30.2
libMagick++-devel-6.8.8.1-30.2
perl-PerlMagick-6.8.8.1-30.2
perl-PerlMagick-debuginfo-6.8.8.1-30.2
- SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
ImageMagick-debuginfo-6.8.8.1-30.2
ImageMagick-debugsource-6.8.8.1-30.2
libMagickCore-6_Q16-1-6.8.8.1-30.2
libMagickCore-6_Q16-1-debuginfo-6.8.8.1-30.2
libMagickWand-6_Q16-1-6.8.8.1-30.2
libMagickWand-6_Q16-1-debuginfo-6.8.8.1-30.2
- SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
ImageMagick-6.8.8.1-30.2
ImageMagick-debuginfo-6.8.8.1-30.2
ImageMagick-debugsource-6.8.8.1-30.2
libMagick++-6_Q16-3-6.8.8.1-30.2
libMagick++-6_Q16-3-debuginfo-6.8.8.1-30.2
libMagickCore-6_Q16-1-32bit-6.8.8.1-30.2
libMagickCore-6_Q16-1-6.8.8.1-30.2
libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-30.2
libMagickCore-6_Q16-1-debuginfo-6.8.8.1-30.2
libMagickWand-6_Q16-1-6.8.8.1-30.2
libMagickWand-6_Q16-1-debuginfo-6.8.8.1-30.2
References:
https://www.suse.com/security/cve/CVE-2014-9805.html
https://www.suse.com/security/cve/CVE-2014-9806.html
https://www.suse.com/security/cve/CVE-2014-9807.html
https://www.suse.com/security/cve/CVE-2014-9808.html
https://www.suse.com/security/cve/CVE-2014-9809.html
https://www.suse.com/security/cve/CVE-2014-9810.html
https://www.suse.com/security/cve/CVE-2014-9811.html
https://www.suse.com/security/cve/CVE-2014-9812.html
https://www.suse.com/security/cve/CVE-2014-9813.html
https://www.suse.com/security/cve/CVE-2014-9814.html
https://www.suse.com/security/cve/CVE-2014-9815.html
https://www.suse.com/security/cve/CVE-2014-9816.html
https://www.suse.com/security/cve/CVE-2014-9817.html
https://www.suse.com/security/cve/CVE-2014-9818.html
https://www.suse.com/security/cve/CVE-2014-9819.html
https://www.suse.com/security/cve/CVE-2014-9820.html
https://www.suse.com/security/cve/CVE-2014-9821.html
https://www.suse.com/security/cve/CVE-2014-9822.html
https://www.suse.com/security/cve/CVE-2014-9823.html
https://www.suse.com/security/cve/CVE-2014-9824.html
https://www.suse.com/security/cve/CVE-2014-9825.html
https://www.suse.com/security/cve/CVE-2014-9826.html
https://www.suse.com/security/cve/CVE-2014-9828.html
https://www.suse.com/security/cve/CVE-2014-9829.html
https://www.suse.com/security/cve/CVE-2014-9830.html
https://www.suse.com/security/cve/CVE-2014-9831.html
https://www.suse.com/security/cve/CVE-2014-9832.html
https://www.suse.com/security/cve/CVE-2014-9833.html
https://www.suse.com/security/cve/CVE-2014-9834.html
https://www.suse.com/security/cve/CVE-2014-9835.html
https://www.suse.com/security/cve/CVE-2014-9836.html
https://www.suse.com/security/cve/CVE-2014-9837.html
https://www.suse.com/security/cve/CVE-2014-9838.html
https://www.suse.com/security/cve/CVE-2014-9839.html
https://www.suse.com/security/cve/CVE-2014-9840.html
https://www.suse.com/security/cve/CVE-2014-9841.html
https://www.suse.com/security/cve/CVE-2014-9842.html
https://www.suse.com/security/cve/CVE-2014-9843.html
https://www.suse.com/security/cve/CVE-2014-9844.html
https://www.suse.com/security/cve/CVE-2014-9845.html
https://www.suse.com/security/cve/CVE-2014-9846.html
https://www.suse.com/security/cve/CVE-2014-9847.html
https://www.suse.com/security/cve/CVE-2014-9848.html
https://www.suse.com/security/cve/CVE-2014-9849.html
https://www.suse.com/security/cve/CVE-2014-9850.html
https://www.suse.com/security/cve/CVE-2014-9851.html
https://www.suse.com/security/cve/CVE-2014-9852.html
https://www.suse.com/security/cve/CVE-2014-9853.html
https://www.suse.com/security/cve/CVE-2014-9854.html
https://www.suse.com/security/cve/CVE-2015-8894.html
https://www.suse.com/security/cve/CVE-2015-8895.html
https://www.suse.com/security/cve/CVE-2015-8896.html
https://www.suse.com/security/cve/CVE-2015-8897.html
https://www.suse.com/security/cve/CVE-2015-8898.html
https://www.suse.com/security/cve/CVE-2015-8900.html
https://www.suse.com/security/cve/CVE-2015-8901.html
https://www.suse.com/security/cve/CVE-2015-8902.html
https://www.suse.com/security/cve/CVE-2015-8903.html
https://www.suse.com/security/cve/CVE-2016-4562.html
https://www.suse.com/security/cve/CVE-2016-4563.html
https://www.suse.com/security/cve/CVE-2016-4564.html
https://www.suse.com/security/cve/CVE-2016-5687.html
https://www.suse.com/security/cve/CVE-2016-5688.html
https://www.suse.com/security/cve/CVE-2016-5689.html
https://www.suse.com/security/cve/CVE-2016-5690.html
https://www.suse.com/security/cve/CVE-2016-5691.html
https://www.suse.com/security/cve/CVE-2016-5841.html
https://www.suse.com/security/cve/CVE-2016-5842.html
https://bugzilla.suse.com/983232
https://bugzilla.suse.com/983234
https://bugzilla.suse.com/983253
https://bugzilla.suse.com/983259
https://bugzilla.suse.com/983292
https://bugzilla.suse.com/983305
https://bugzilla.suse.com/983308
https://bugzilla.suse.com/983521
https://bugzilla.suse.com/983523
https://bugzilla.suse.com/983527
https://bugzilla.suse.com/983533
https://bugzilla.suse.com/983739
https://bugzilla.suse.com/983746
https://bugzilla.suse.com/983752
https://bugzilla.suse.com/983774
https://bugzilla.suse.com/983794
https://bugzilla.suse.com/983796
https://bugzilla.suse.com/983799
https://bugzilla.suse.com/983803
https://bugzilla.suse.com/984014
https://bugzilla.suse.com/984018
https://bugzilla.suse.com/984023
https://bugzilla.suse.com/984028
https://bugzilla.suse.com/984032
https://bugzilla.suse.com/984035
https://bugzilla.suse.com/984135
https://bugzilla.suse.com/984137
https://bugzilla.suse.com/984142
https://bugzilla.suse.com/984144
https://bugzilla.suse.com/984145
https://bugzilla.suse.com/984149
https://bugzilla.suse.com/984150
https://bugzilla.suse.com/984160
https://bugzilla.suse.com/984166
https://bugzilla.suse.com/984172
https://bugzilla.suse.com/984179
https://bugzilla.suse.com/984181
https://bugzilla.suse.com/984183
https://bugzilla.suse.com/984184
https://bugzilla.suse.com/984185
https://bugzilla.suse.com/984186
https://bugzilla.suse.com/984187
https://bugzilla.suse.com/984191
https://bugzilla.suse.com/984193
https://bugzilla.suse.com/984370
https://bugzilla.suse.com/984372
https://bugzilla.suse.com/984373
https://bugzilla.suse.com/984374
https://bugzilla.suse.com/984375
https://bugzilla.suse.com/984379
https://bugzilla.suse.com/984394
https://bugzilla.suse.com/984398
https://bugzilla.suse.com/984400
https://bugzilla.suse.com/984401
https://bugzilla.suse.com/984404
https://bugzilla.suse.com/984406
https://bugzilla.suse.com/984408
https://bugzilla.suse.com/984409
https://bugzilla.suse.com/984427
https://bugzilla.suse.com/984433
https://bugzilla.suse.com/984436
https://bugzilla.suse.com/985442
https://bugzilla.suse.com/985448
https://bugzilla.suse.com/985451
https://bugzilla.suse.com/985456
https://bugzilla.suse.com/985460
https://bugzilla.suse.com/986608
https://bugzilla.suse.com/986609
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2016:1783-1: important: Security update for GraphicsMagick
by opensuse-security@opensuse.org 11 Jul '16
by opensuse-security@opensuse.org 11 Jul '16
11 Jul '16
SUSE Security Update: Security update for GraphicsMagick
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:1783-1
Rating: important
References: #965853 #983234 #983259 #983309 #983455 #983521
#983523 #983533 #983752 #983794 #983796 #983799
#983803 #984028 #984032 #984035 #984135 #984142
#984144 #984145 #984150 #984166 #984181 #984193
#984372 #984373 #984375 #984379 #984394 #984398
#984400 #984408 #984409 #984433 #984436 #985442
Cross-References: CVE-2014-9805 CVE-2014-9807 CVE-2014-9808
CVE-2014-9809 CVE-2014-9810 CVE-2014-9811
CVE-2014-9813 CVE-2014-9814 CVE-2014-9815
CVE-2014-9816 CVE-2014-9817 CVE-2014-9818
CVE-2014-9819 CVE-2014-9820 CVE-2014-9828
CVE-2014-9829 CVE-2014-9830 CVE-2014-9831
CVE-2014-9834 CVE-2014-9835 CVE-2014-9837
CVE-2014-9839 CVE-2014-9840 CVE-2014-9844
CVE-2014-9845 CVE-2014-9846 CVE-2014-9847
CVE-2014-9853 CVE-2015-8894 CVE-2015-8896
CVE-2015-8901 CVE-2015-8903 CVE-2016-2317
CVE-2016-2318 CVE-2016-5240 CVE-2016-5241
CVE-2016-5688
Affected Products:
SUSE Studio Onsite 1.3
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that fixes 37 vulnerabilities is now available.
Description:
GraphicsMagick was updated to fix 37 security issues.
These security issues were fixed:
- CVE-2014-9810: SEGV in dpx file handler (bsc#983803).
- CVE-2014-9811: Crash in xwd file handler (bsc#984032).
- CVE-2014-9813: Crash on corrupted viff file (bsc#984035).
- CVE-2014-9814: NULL pointer dereference in wpg file handling
(bsc#984193).
- CVE-2014-9815: Crash on corrupted wpg file (bsc#984372).
- CVE-2014-9816: Out of bound access in viff image (bsc#984398).
- CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400).
- CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181).
- CVE-2014-9819: Heap overflow in palm files (bsc#984142).
- CVE-2014-9830: Handling of corrupted sun file (bsc#984135).
- CVE-2014-9831: Handling of corrupted wpg file (bsc#984375).
- CVE-2014-9837: Additional PNM sanity checks (bsc#984166).
- CVE-2014-9834: Heap overflow in pict file (bsc#984436).
- CVE-2014-9853: Memory leak in rle file handling (bsc#984408).
- CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259).
- CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234).
- CVE-2016-5688: Various invalid memory reads in ImageMagick WPG
(bsc#985442).
- CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523).
- CVE-2015-8896: Double free / integer truncation issue in
coders/pict.c:2000 (bsc#983533).
- CVE-2014-9807: Double free in pdb coder. (bsc#983794).
- CVE-2014-9828: Corrupted (too many colors) psd file (bsc#984028).
- CVE-2014-9805: SEGV due to a corrupted pnm file (bsc#983752).
- CVE-2014-9808: SEGV due to corrupted dpc images (bsc#983796).
- CVE-2014-9820: Heap overflow in xpm files (bsc#984150).
- CVE-2014-9839: Theoretical out of bound access in
magick/colormap-private.h (bsc#984379).
- CVE-2014-9809: SEGV due to corrupted xwd images. (bsc#983799).
- CVE-2016-5240: SVG converting issue resulting in DoS (endless loop)
(bsc#983309).
- CVE-2014-9840: Out of bound access in palm file (bsc#984433).
- CVE-2014-9847: Incorrect handling of "previous" image in the JNG decoder
(bsc#984144).
- CVE-2016-5241: Arithmetic exception (div by 0) in SVG conversion
(bsc#983455).
- CVE-2014-9845: Crash due to corrupted dib file (bsc#984394).
- CVE-2014-9844: Out of bound issue in rle file (bsc#984373).
- CVE-2014-9835: Heap overflow in wpf file (bsc#984145).
- CVE-2014-9829: Out of bound access in sun file (bsc#984409).
- CVE-2014-9846: Added checks to prevent overflow in rle file.
(bsc#983521).
- CVE-2016-2317: Multiple vulnerabilities when parsing and processing SVG
files (bsc#965853).
- CVE-2016-2318: Multiple vulnerabilities when parsing and processing SVG
files (bsc#965853).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Studio Onsite 1.3:
zypper in -t patch slestso13-GraphicsMagick-12644=1
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-GraphicsMagick-12644=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-GraphicsMagick-12644=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Studio Onsite 1.3 (x86_64):
GraphicsMagick-1.2.5-4.41.1
libGraphicsMagick2-1.2.5-4.41.1
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):
GraphicsMagick-1.2.5-4.41.1
libGraphicsMagick2-1.2.5-4.41.1
perl-GraphicsMagick-1.2.5-4.41.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
GraphicsMagick-debuginfo-1.2.5-4.41.1
GraphicsMagick-debugsource-1.2.5-4.41.1
References:
https://www.suse.com/security/cve/CVE-2014-9805.html
https://www.suse.com/security/cve/CVE-2014-9807.html
https://www.suse.com/security/cve/CVE-2014-9808.html
https://www.suse.com/security/cve/CVE-2014-9809.html
https://www.suse.com/security/cve/CVE-2014-9810.html
https://www.suse.com/security/cve/CVE-2014-9811.html
https://www.suse.com/security/cve/CVE-2014-9813.html
https://www.suse.com/security/cve/CVE-2014-9814.html
https://www.suse.com/security/cve/CVE-2014-9815.html
https://www.suse.com/security/cve/CVE-2014-9816.html
https://www.suse.com/security/cve/CVE-2014-9817.html
https://www.suse.com/security/cve/CVE-2014-9818.html
https://www.suse.com/security/cve/CVE-2014-9819.html
https://www.suse.com/security/cve/CVE-2014-9820.html
https://www.suse.com/security/cve/CVE-2014-9828.html
https://www.suse.com/security/cve/CVE-2014-9829.html
https://www.suse.com/security/cve/CVE-2014-9830.html
https://www.suse.com/security/cve/CVE-2014-9831.html
https://www.suse.com/security/cve/CVE-2014-9834.html
https://www.suse.com/security/cve/CVE-2014-9835.html
https://www.suse.com/security/cve/CVE-2014-9837.html
https://www.suse.com/security/cve/CVE-2014-9839.html
https://www.suse.com/security/cve/CVE-2014-9840.html
https://www.suse.com/security/cve/CVE-2014-9844.html
https://www.suse.com/security/cve/CVE-2014-9845.html
https://www.suse.com/security/cve/CVE-2014-9846.html
https://www.suse.com/security/cve/CVE-2014-9847.html
https://www.suse.com/security/cve/CVE-2014-9853.html
https://www.suse.com/security/cve/CVE-2015-8894.html
https://www.suse.com/security/cve/CVE-2015-8896.html
https://www.suse.com/security/cve/CVE-2015-8901.html
https://www.suse.com/security/cve/CVE-2015-8903.html
https://www.suse.com/security/cve/CVE-2016-2317.html
https://www.suse.com/security/cve/CVE-2016-2318.html
https://www.suse.com/security/cve/CVE-2016-5240.html
https://www.suse.com/security/cve/CVE-2016-5241.html
https://www.suse.com/security/cve/CVE-2016-5688.html
https://bugzilla.suse.com/965853
https://bugzilla.suse.com/983234
https://bugzilla.suse.com/983259
https://bugzilla.suse.com/983309
https://bugzilla.suse.com/983455
https://bugzilla.suse.com/983521
https://bugzilla.suse.com/983523
https://bugzilla.suse.com/983533
https://bugzilla.suse.com/983752
https://bugzilla.suse.com/983794
https://bugzilla.suse.com/983796
https://bugzilla.suse.com/983799
https://bugzilla.suse.com/983803
https://bugzilla.suse.com/984028
https://bugzilla.suse.com/984032
https://bugzilla.suse.com/984035
https://bugzilla.suse.com/984135
https://bugzilla.suse.com/984142
https://bugzilla.suse.com/984144
https://bugzilla.suse.com/984145
https://bugzilla.suse.com/984150
https://bugzilla.suse.com/984166
https://bugzilla.suse.com/984181
https://bugzilla.suse.com/984193
https://bugzilla.suse.com/984372
https://bugzilla.suse.com/984373
https://bugzilla.suse.com/984375
https://bugzilla.suse.com/984379
https://bugzilla.suse.com/984394
https://bugzilla.suse.com/984398
https://bugzilla.suse.com/984400
https://bugzilla.suse.com/984408
https://bugzilla.suse.com/984409
https://bugzilla.suse.com/984433
https://bugzilla.suse.com/984436
https://bugzilla.suse.com/985442
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2016:1782-1: important: Security update for ImageMagick
by opensuse-security@opensuse.org 11 Jul '16
by opensuse-security@opensuse.org 11 Jul '16
11 Jul '16
SUSE Security Update: Security update for ImageMagick
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:1782-1
Rating: important
References: #983234 #983253 #983259 #983292 #983305 #983308
#983521 #983523 #983533 #983739 #983746 #983752
#983774 #983794 #983796 #983799 #983803 #984018
#984023 #984028 #984032 #984035 #984135 #984137
#984142 #984144 #984145 #984150 #984160 #984166
#984181 #984184 #984185 #984186 #984187 #984193
#984370 #984372 #984373 #984374 #984375 #984379
#984394 #984398 #984400 #984401 #984408 #984409
#984433 #984436 #985442 #985448 #985451 #985456
#985460 #986608 #986609
Cross-References: CVE-2014-9805 CVE-2014-9806 CVE-2014-9807
CVE-2014-9808 CVE-2014-9809 CVE-2014-9810
CVE-2014-9811 CVE-2014-9812 CVE-2014-9813
CVE-2014-9814 CVE-2014-9815 CVE-2014-9816
CVE-2014-9817 CVE-2014-9818 CVE-2014-9819
CVE-2014-9820 CVE-2014-9822 CVE-2014-9823
CVE-2014-9824 CVE-2014-9826 CVE-2014-9828
CVE-2014-9829 CVE-2014-9830 CVE-2014-9831
CVE-2014-9834 CVE-2014-9835 CVE-2014-9836
CVE-2014-9837 CVE-2014-9838 CVE-2014-9839
CVE-2014-9840 CVE-2014-9842 CVE-2014-9844
CVE-2014-9845 CVE-2014-9846 CVE-2014-9847
CVE-2014-9849 CVE-2014-9851 CVE-2014-9853
CVE-2014-9854 CVE-2015-8894 CVE-2015-8896
CVE-2015-8897 CVE-2015-8898 CVE-2015-8901
CVE-2015-8902 CVE-2015-8903 CVE-2016-4562
CVE-2016-4563 CVE-2016-4564 CVE-2016-5687
CVE-2016-5688 CVE-2016-5689 CVE-2016-5690
CVE-2016-5691 CVE-2016-5841 CVE-2016-5842
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that fixes 57 vulnerabilities is now available.
Description:
ImageMagick was updated to fix 55 security issues.
These security issues were fixed:
- CVE-2014-9810: SEGV in dpx file handler (bsc#983803).
- CVE-2014-9811: Crash in xwd file handler (bsc#984032).
- CVE-2014-9812: NULL pointer dereference in ps file handling (bsc#984137).
- CVE-2014-9813: Crash on corrupted viff file (bsc#984035).
- CVE-2014-9814: NULL pointer dereference in wpg file handling
(bsc#984193).
- CVE-2014-9815: Crash on corrupted wpg file (bsc#984372).
- CVE-2014-9816: Out of bound access in viff image (bsc#984398).
- CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400).
- CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181).
- CVE-2014-9819: Heap overflow in palm files (bsc#984142).
- CVE-2014-9830: Handling of corrupted sun file (bsc#984135).
- CVE-2014-9831: Handling of corrupted wpg file (bsc#984375).
- CVE-2014-9836: Crash in xpm file handling (bsc#984023).
- CVE-2014-9851: Crash when parsing resource block (bsc#984160).
- CVE-2016-5689: NULL ptr dereference in dcm coder (bsc#985460).
- CVE-2014-9853: Memory leak in rle file handling (bsc#984408).
- CVE-2015-8902: PDB file DoS (CPU consumption) (bsc#983253).
- CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259).
- CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234).
- CVE-2014-9834: Heap overflow in pict file (bsc#984436).
- CVE-2014-9806: Prevent file descriptr leak due to corrupted file
(bsc#983774).
- CVE-2014-9838: Out of memory crash in magick/cache.c (bsc#984370).
- CVE-2014-9854: Filling memory during identification of TIFF image
(bsc#984184).
- CVE-2015-8898: Prevent null pointer access in magick/constitute.c
(bsc#983746).
- CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523).
- CVE-2015-8896: Double free / integer truncation issue in
coders/pict.c:2000 (bsc#983533).
- CVE-2015-8897: Out of bounds error in SpliceImage (bsc#983739).
- CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451).
- CVE-2016-5691: Checks for pixel.red/green/blue in dcm coder (bsc#985456).
- CVE-2014-9805: SEGV due to a corrupted pnm file. (bsc#983752).
- CVE-2014-9808: SEGV due to corrupted dpc images. (bsc#983796).
- CVE-2014-9820: heap overflow in xpm files (bsc#984150).
- CVE-2014-9823: heap overflow in palm file (bsc#984401).
- CVE-2014-9822: heap overflow in quantum file (bsc#984187).
- CVE-2014-9839: Theoretical out of bound access in
magick/colormap-private.h (bsc#984379).
- CVE-2014-9824: Heap overflow in psd file (bsc#984185).
- CVE-2014-9809: Fix a SEGV due to corrupted xwd images. (bsc#983799).
- CVE-2014-9826: Incorrect error handling in sun files (bsc#984186).
- CVE-2014-9842: Memory leak in psd handling (bsc#984374).
- CVE-2016-5687: Out of bounds read in DDS coder (bsc#985448).
- CVE-2014-9840: Out of bound access in palm file (bsc#984433).
- CVE-2014-9847: Incorrect handling of "previous" image in the JNG decoder
(bsc#984144).
- CVE-2014-9846: Added checks to prevent overflow in rle file.
(bsc#983521).
- CVE-2014-9845: Crash due to corrupted dib file (bsc#984394).
- CVE-2014-9844: Out of bound issue in rle file (bsc#984373).
- CVE-2014-9849: Crash in png coder (bsc#984018).
- CVE-2016-5688: Various invalid memory reads in ImageMagick WPG
(bsc#985442).
- CVE-2014-9807: Fix a double free in pdb coder. (bsc#983794).
- CVE-2014-9829: Out of bound access in sun file (bsc#984409).
- CVE-2016-4564: The DrawImage function in MagickCore/draw.c in
ImageMagick made an incorrect function call in attempting to locate the
next token, which allowed remote attackers to cause a denial of service
(buffer overflow and application crash) or possibly have unspecified
other impact via a crafted file (bsc#983308).
- CVE-2016-4563: The TraceStrokePolygon function in MagickCore/draw.c in
ImageMagick mishandled the relationship between the BezierQuantum value
and certain strokes data, which allowed remote attackers to cause a
denial of service (buffer overflow and application crash) or possibly
have unspecified other impact via a crafted file (bsc#983305).
- CVE-2016-4562: The DrawDashPolygon function in MagickCore/draw.c in
ImageMagick mishandled calculations of certain vertices integer data,
which allowed remote attackers to cause a denial of service (buffer
overflow and application crash) or possibly have unspecified other
impact via a crafted file (bsc#983292).
- CVE-2014-9837: Additional PNM sanity checks (bsc#984166).
- CVE-2014-9835: Heap overflow in wpf file (bsc#984145).
- CVE-2014-9828: Corrupted (too many colors) psd file (bsc#984028).
- CVE-2016-5841: Integer overflow could have read to RCE (bnc#986609).
- CVE-2016-5842: Out-of-bounds read in MagickCore/property.c:1396 could
have lead to memory leak (bnc#986608).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-ImageMagick-12643=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-ImageMagick-12643=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-ImageMagick-12643=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):
ImageMagick-6.4.3.6-7.45.1
ImageMagick-devel-6.4.3.6-7.45.1
libMagick++-devel-6.4.3.6-7.45.1
libMagick++1-6.4.3.6-7.45.1
libMagickWand1-6.4.3.6-7.45.1
perl-PerlMagick-6.4.3.6-7.45.1
- SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64):
libMagickWand1-32bit-6.4.3.6-7.45.1
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
libMagickCore1-6.4.3.6-7.45.1
- SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64):
libMagickCore1-32bit-6.4.3.6-7.45.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
ImageMagick-debuginfo-6.4.3.6-7.45.1
ImageMagick-debugsource-6.4.3.6-7.45.1
References:
https://www.suse.com/security/cve/CVE-2014-9805.html
https://www.suse.com/security/cve/CVE-2014-9806.html
https://www.suse.com/security/cve/CVE-2014-9807.html
https://www.suse.com/security/cve/CVE-2014-9808.html
https://www.suse.com/security/cve/CVE-2014-9809.html
https://www.suse.com/security/cve/CVE-2014-9810.html
https://www.suse.com/security/cve/CVE-2014-9811.html
https://www.suse.com/security/cve/CVE-2014-9812.html
https://www.suse.com/security/cve/CVE-2014-9813.html
https://www.suse.com/security/cve/CVE-2014-9814.html
https://www.suse.com/security/cve/CVE-2014-9815.html
https://www.suse.com/security/cve/CVE-2014-9816.html
https://www.suse.com/security/cve/CVE-2014-9817.html
https://www.suse.com/security/cve/CVE-2014-9818.html
https://www.suse.com/security/cve/CVE-2014-9819.html
https://www.suse.com/security/cve/CVE-2014-9820.html
https://www.suse.com/security/cve/CVE-2014-9822.html
https://www.suse.com/security/cve/CVE-2014-9823.html
https://www.suse.com/security/cve/CVE-2014-9824.html
https://www.suse.com/security/cve/CVE-2014-9826.html
https://www.suse.com/security/cve/CVE-2014-9828.html
https://www.suse.com/security/cve/CVE-2014-9829.html
https://www.suse.com/security/cve/CVE-2014-9830.html
https://www.suse.com/security/cve/CVE-2014-9831.html
https://www.suse.com/security/cve/CVE-2014-9834.html
https://www.suse.com/security/cve/CVE-2014-9835.html
https://www.suse.com/security/cve/CVE-2014-9836.html
https://www.suse.com/security/cve/CVE-2014-9837.html
https://www.suse.com/security/cve/CVE-2014-9838.html
https://www.suse.com/security/cve/CVE-2014-9839.html
https://www.suse.com/security/cve/CVE-2014-9840.html
https://www.suse.com/security/cve/CVE-2014-9842.html
https://www.suse.com/security/cve/CVE-2014-9844.html
https://www.suse.com/security/cve/CVE-2014-9845.html
https://www.suse.com/security/cve/CVE-2014-9846.html
https://www.suse.com/security/cve/CVE-2014-9847.html
https://www.suse.com/security/cve/CVE-2014-9849.html
https://www.suse.com/security/cve/CVE-2014-9851.html
https://www.suse.com/security/cve/CVE-2014-9853.html
https://www.suse.com/security/cve/CVE-2014-9854.html
https://www.suse.com/security/cve/CVE-2015-8894.html
https://www.suse.com/security/cve/CVE-2015-8896.html
https://www.suse.com/security/cve/CVE-2015-8897.html
https://www.suse.com/security/cve/CVE-2015-8898.html
https://www.suse.com/security/cve/CVE-2015-8901.html
https://www.suse.com/security/cve/CVE-2015-8902.html
https://www.suse.com/security/cve/CVE-2015-8903.html
https://www.suse.com/security/cve/CVE-2016-4562.html
https://www.suse.com/security/cve/CVE-2016-4563.html
https://www.suse.com/security/cve/CVE-2016-4564.html
https://www.suse.com/security/cve/CVE-2016-5687.html
https://www.suse.com/security/cve/CVE-2016-5688.html
https://www.suse.com/security/cve/CVE-2016-5689.html
https://www.suse.com/security/cve/CVE-2016-5690.html
https://www.suse.com/security/cve/CVE-2016-5691.html
https://www.suse.com/security/cve/CVE-2016-5841.html
https://www.suse.com/security/cve/CVE-2016-5842.html
https://bugzilla.suse.com/983234
https://bugzilla.suse.com/983253
https://bugzilla.suse.com/983259
https://bugzilla.suse.com/983292
https://bugzilla.suse.com/983305
https://bugzilla.suse.com/983308
https://bugzilla.suse.com/983521
https://bugzilla.suse.com/983523
https://bugzilla.suse.com/983533
https://bugzilla.suse.com/983739
https://bugzilla.suse.com/983746
https://bugzilla.suse.com/983752
https://bugzilla.suse.com/983774
https://bugzilla.suse.com/983794
https://bugzilla.suse.com/983796
https://bugzilla.suse.com/983799
https://bugzilla.suse.com/983803
https://bugzilla.suse.com/984018
https://bugzilla.suse.com/984023
https://bugzilla.suse.com/984028
https://bugzilla.suse.com/984032
https://bugzilla.suse.com/984035
https://bugzilla.suse.com/984135
https://bugzilla.suse.com/984137
https://bugzilla.suse.com/984142
https://bugzilla.suse.com/984144
https://bugzilla.suse.com/984145
https://bugzilla.suse.com/984150
https://bugzilla.suse.com/984160
https://bugzilla.suse.com/984166
https://bugzilla.suse.com/984181
https://bugzilla.suse.com/984184
https://bugzilla.suse.com/984185
https://bugzilla.suse.com/984186
https://bugzilla.suse.com/984187
https://bugzilla.suse.com/984193
https://bugzilla.suse.com/984370
https://bugzilla.suse.com/984372
https://bugzilla.suse.com/984373
https://bugzilla.suse.com/984374
https://bugzilla.suse.com/984375
https://bugzilla.suse.com/984379
https://bugzilla.suse.com/984394
https://bugzilla.suse.com/984398
https://bugzilla.suse.com/984400
https://bugzilla.suse.com/984401
https://bugzilla.suse.com/984408
https://bugzilla.suse.com/984409
https://bugzilla.suse.com/984433
https://bugzilla.suse.com/984436
https://bugzilla.suse.com/985442
https://bugzilla.suse.com/985448
https://bugzilla.suse.com/985451
https://bugzilla.suse.com/985456
https://bugzilla.suse.com/985460
https://bugzilla.suse.com/986608
https://bugzilla.suse.com/986609
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0