openSUSE Security Update: Security update for pdns
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:4262-1
Rating: moderate
References: #1114157
Cross-References: CVE-2018-10851
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for pdns fixes the following issues:
Security issues fixed:
- CVE-2018-10851: Fixed denial of service via crafted zone record or
crafted answer (bsc#1114157).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-1594=1
Package List:
- openSUSE Leap 42.3 (x86_64):
pdns-4.0.3-15.2
pdns-backend-geoip-4.0.3-15.2
pdns-backend-geoip-debuginfo-4.0.3-15.2
pdns-backend-godbc-4.0.3-15.2
pdns-backend-godbc-debuginfo-4.0.3-15.2
pdns-backend-ldap-4.0.3-15.2
pdns-backend-ldap-debuginfo-4.0.3-15.2
pdns-backend-lua-4.0.3-15.2
pdns-backend-lua-debuginfo-4.0.3-15.2
pdns-backend-mydns-4.0.3-15.2
pdns-backend-mydns-debuginfo-4.0.3-15.2
pdns-backend-mysql-4.0.3-15.2
pdns-backend-mysql-debuginfo-4.0.3-15.2
pdns-backend-postgresql-4.0.3-15.2
pdns-backend-postgresql-debuginfo-4.0.3-15.2
pdns-backend-remote-4.0.3-15.2
pdns-backend-remote-debuginfo-4.0.3-15.2
pdns-backend-sqlite3-4.0.3-15.2
pdns-backend-sqlite3-debuginfo-4.0.3-15.2
pdns-debuginfo-4.0.3-15.2
pdns-debugsource-4.0.3-15.2
References:
https://www.suse.com/security/cve/CVE-2018-10851.htmlhttps://bugzilla.suse.com/1114157
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for libnettle
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:4260-1
Rating: moderate
References: #1118086
Cross-References: CVE-2018-16869
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libnettle fixes the following issues:
Security issues fixed:
- CVE-2018-16869: Fixed a leaky data conversion exposing a manager oracle
(bsc#1118086)
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1597=1
Package List:
- openSUSE Leap 15.0 (i586 x86_64):
libhogweed4-3.4-lp150.3.3.1
libhogweed4-debuginfo-3.4-lp150.3.3.1
libnettle-debugsource-3.4-lp150.3.3.1
libnettle-devel-3.4-lp150.3.3.1
libnettle6-3.4-lp150.3.3.1
libnettle6-debuginfo-3.4-lp150.3.3.1
nettle-3.4-lp150.3.3.1
nettle-debuginfo-3.4-lp150.3.3.1
- openSUSE Leap 15.0 (x86_64):
libhogweed4-32bit-3.4-lp150.3.3.1
libhogweed4-32bit-debuginfo-3.4-lp150.3.3.1
libnettle-devel-32bit-3.4-lp150.3.3.1
libnettle6-32bit-3.4-lp150.3.3.1
libnettle6-32bit-debuginfo-3.4-lp150.3.3.1
References:
https://www.suse.com/security/cve/CVE-2018-16869.htmlhttps://bugzilla.suse.com/1118086
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for bluez
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:4259-1
Rating: moderate
References: #1013721 #1013732
Cross-References: CVE-2016-9800 CVE-2016-9801
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for bluez fixes the following issues:
Security issues fixed:
- CVE-2016-9800: Fixed a buffer overflow in pin_code_reply_dump function
(bsc#1013721)
- CVE-2016-9801: Fixed a buffer overflow in set_ext_ctrl function
(bsc#1013732)
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1596=1
Package List:
- openSUSE Leap 15.0 (i586 x86_64):
bluez-5.48-lp150.4.6.1
bluez-cups-5.48-lp150.4.6.1
bluez-cups-debuginfo-5.48-lp150.4.6.1
bluez-debuginfo-5.48-lp150.4.6.1
bluez-debugsource-5.48-lp150.4.6.1
bluez-devel-5.48-lp150.4.6.1
bluez-test-5.48-lp150.4.6.1
bluez-test-debuginfo-5.48-lp150.4.6.1
libbluetooth3-5.48-lp150.4.6.1
libbluetooth3-debuginfo-5.48-lp150.4.6.1
- openSUSE Leap 15.0 (x86_64):
bluez-devel-32bit-5.48-lp150.4.6.1
libbluetooth3-32bit-5.48-lp150.4.6.1
libbluetooth3-32bit-debuginfo-5.48-lp150.4.6.1
- openSUSE Leap 15.0 (noarch):
bluez-auto-enable-devices-5.48-lp150.4.6.1
References:
https://www.suse.com/security/cve/CVE-2016-9800.htmlhttps://www.suse.com/security/cve/CVE-2016-9801.htmlhttps://bugzilla.suse.com/1013721https://bugzilla.suse.com/1013732
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for git
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:4257-1
Rating: moderate
References: #1117257
Cross-References: CVE-2018-19486
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for git fixes the following issues:
Security issue fixed:
- CVE-2018-19486: Fixed git that executed commands from the current
working directory (as if '.' were at the end of $PATH) in certain cases
involving the run_command() API and run-command.c, because there was
(bsc#1117257).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1599=1
Package List:
- openSUSE Leap 15.0 (i586 x86_64):
git-2.16.4-lp150.2.9.1
git-arch-2.16.4-lp150.2.9.1
git-core-2.16.4-lp150.2.9.1
git-core-debuginfo-2.16.4-lp150.2.9.1
git-credential-gnome-keyring-2.16.4-lp150.2.9.1
git-credential-gnome-keyring-debuginfo-2.16.4-lp150.2.9.1
git-credential-libsecret-2.16.4-lp150.2.9.1
git-credential-libsecret-debuginfo-2.16.4-lp150.2.9.1
git-cvs-2.16.4-lp150.2.9.1
git-daemon-2.16.4-lp150.2.9.1
git-daemon-debuginfo-2.16.4-lp150.2.9.1
git-debuginfo-2.16.4-lp150.2.9.1
git-debugsource-2.16.4-lp150.2.9.1
git-email-2.16.4-lp150.2.9.1
git-gui-2.16.4-lp150.2.9.1
git-p4-2.16.4-lp150.2.9.1
git-svn-2.16.4-lp150.2.9.1
git-svn-debuginfo-2.16.4-lp150.2.9.1
git-web-2.16.4-lp150.2.9.1
gitk-2.16.4-lp150.2.9.1
- openSUSE Leap 15.0 (noarch):
git-doc-2.16.4-lp150.2.9.1
References:
https://www.suse.com/security/cve/CVE-2018-19486.htmlhttps://bugzilla.suse.com/1117257
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for tiff
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:4256-1
Rating: moderate
References: #1017693 #1054594 #1115717 #990460
Cross-References: CVE-2016-10092 CVE-2016-10093 CVE-2016-10094
CVE-2016-6223 CVE-2017-12944 CVE-2018-19210
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
This update for tiff fixes the following issues:
Security issues fixed:
- CVE-2018-19210: Fixed NULL pointer dereference in the
TIFFWriteDirectorySec function (bsc#1115717).
- CVE-2017-12944: Fixed denial of service issue in the
TIFFReadDirEntryArray function (bsc#1054594).
- CVE-2016-10094: Fixed heap-based buffer overflow in the _tiffWriteProc
function (bsc#1017693).
- CVE-2016-10093: Fixed heap-based buffer overflow in the _TIFFmemcpy
function (bsc#1017693).
- CVE-2016-10092: Fixed heap-based buffer overflow in the TIFFReverseBits
function (bsc#1017693).
- CVE-2016-6223: Fixed out-of-bounds read on memory-mapped files in
TIFFReadRawStrip1() and TIFFReadRawTile1() (bsc#990460).
This update was imported from the SUSE:SLE-12:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-1598=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
libtiff-devel-4.0.9-43.1
libtiff5-4.0.9-43.1
libtiff5-debuginfo-4.0.9-43.1
tiff-4.0.9-43.1
tiff-debuginfo-4.0.9-43.1
tiff-debugsource-4.0.9-43.1
- openSUSE Leap 42.3 (x86_64):
libtiff-devel-32bit-4.0.9-43.1
libtiff5-32bit-4.0.9-43.1
libtiff5-debuginfo-32bit-4.0.9-43.1
References:
https://www.suse.com/security/cve/CVE-2016-10092.htmlhttps://www.suse.com/security/cve/CVE-2016-10093.htmlhttps://www.suse.com/security/cve/CVE-2016-10094.htmlhttps://www.suse.com/security/cve/CVE-2016-6223.htmlhttps://www.suse.com/security/cve/CVE-2017-12944.htmlhttps://www.suse.com/security/cve/CVE-2018-19210.htmlhttps://bugzilla.suse.com/1017693https://bugzilla.suse.com/1054594https://bugzilla.suse.com/1115717https://bugzilla.suse.com/990460
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for go1.10
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:4255-1
Rating: important
References: #1082409 #1098017 #1113978 #1118897 #1118898
#1118899 #1119634 #1119706
Cross-References: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that solves three vulnerabilities and has 5 fixes
is now available.
Description:
This update for go1.10 fixes the following issues:
Security vulnerabilities fixed:
- CVE-2018-16873 (bsc#1118897): cmd/go: remote command execution during
"go get -u".
- CVE-2018-16874 (bsc#1118898): cmd/go: directory traversal in "go get"
via curly braces in import paths
- CVE-2018-16875 (bsc#1118899): crypto/x509: CPU denial of service
Other issues fixed:
- Fix build error with PIE linker flags on ppc64le. (bsc#1113978,
bsc#1098017)
- Review dependencies (requires, recommends and supports) (bsc#1082409)
- Make profile.d/go.sh no longer set GOROOT=, in order to make switching
between versions no longer break. This ends up removing the need for
go.sh entirely (because GOPATH is also set automatically) (boo#1119634)
- Fix a regression that broke go get for import path patterns containing
"..." (bsc#1119706)
This update was imported from the SUSE:SLE-12:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-1593=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
go1.10-1.10.7-5.1
go1.10-doc-1.10.7-5.1
- openSUSE Leap 42.3 (x86_64):
go1.10-race-1.10.7-5.1
References:
https://www.suse.com/security/cve/CVE-2018-16873.htmlhttps://www.suse.com/security/cve/CVE-2018-16874.htmlhttps://www.suse.com/security/cve/CVE-2018-16875.htmlhttps://bugzilla.suse.com/1082409https://bugzilla.suse.com/1098017https://bugzilla.suse.com/1113978https://bugzilla.suse.com/1118897https://bugzilla.suse.com/1118898https://bugzilla.suse.com/1118899https://bugzilla.suse.com/1119634https://bugzilla.suse.com/1119706
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for ovmf
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:4254-1
Rating: moderate
References: #1115916 #1115917
Cross-References: CVE-2017-5731 CVE-2017-5732 CVE-2017-5733
CVE-2017-5734 CVE-2017-5735 CVE-2018-3613
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
This update for ovmf fixes the following issues:
Security issues fixed:
- CVE-2018-3613: Fixed AuthVariable Timestamp zeroing issue on
APPEND_WRITE (bsc#1115916).
- CVE-2017-5731: Fixed privilege escalation via processing of malformed
files in TianoCompress.c (bsc#1115917).
- CVE-2017-5732: Fixed privilege escalation via processing of malformed
files in BaseUefiDecompressLib.c (bsc#1115917).
- CVE-2017-5733: Fixed privilege escalation via heap-based buffer overflow
in MakeTable() function (bsc#1115917).
- CVE-2017-5734: Fixed privilege escalation via stack-based buffer
overflow in MakeTable() function (bsc#1115917).
- CVE-2017-5735: Fixed privilege escalation via heap-based buffer overflow
in Decode() function (bsc#1115917).
This update was imported from the SUSE:SLE-12-SP3:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-1591=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
ovmf-2017+git1492060560.b6d11d7c46-13.1
ovmf-tools-2017+git1492060560.b6d11d7c46-13.1
- openSUSE Leap 42.3 (noarch):
qemu-ovmf-ia32-2017+git1492060560.b6d11d7c46-13.1
qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-13.1
- openSUSE Leap 42.3 (x86_64):
qemu-ovmf-x86_64-debug-2017+git1492060560.b6d11d7c46-13.1
References:
https://www.suse.com/security/cve/CVE-2017-5731.htmlhttps://www.suse.com/security/cve/CVE-2017-5732.htmlhttps://www.suse.com/security/cve/CVE-2017-5733.htmlhttps://www.suse.com/security/cve/CVE-2017-5734.htmlhttps://www.suse.com/security/cve/CVE-2017-5735.htmlhttps://www.suse.com/security/cve/CVE-2018-3613.htmlhttps://bugzilla.suse.com/1115916https://bugzilla.suse.com/1115917
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for tcpdump
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:4252-1
Rating: moderate
References: #1117267
Cross-References: CVE-2018-19519
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for tcpdump fixes the following security issue:
- CVE-2018-19519: Fixed a stack-based buffer over-read in the print_prefix
function (bsc#1117267)
This update was imported from the SUSE:SLE-12:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-1589=1
Package List:
- openSUSE Leap 42.3 (x86_64):
tcpdump-4.9.2-12.1
tcpdump-debuginfo-4.9.2-12.1
tcpdump-debugsource-4.9.2-12.1
References:
https://www.suse.com/security/cve/CVE-2018-19519.htmlhttps://bugzilla.suse.com/1117267
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org