openSUSE Security Update: Security update for ceph
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:1470-1
Rating: important
References: #1051598 #1054061 #1056125 #1056967 #1059458
#1060904 #1061461 #1063014 #1066182 #1066502
#1067088 #1067119 #1067705 #1070357 #1071386
#1074301 #1079076 #1080788 #1081379 #1081600
#1086340 #1087269 #1087493
Cross-References: CVE-2017-16818 CVE-2018-7262
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that solves two vulnerabilities and has 21 fixes
is now available.
Description:
This update for ceph fixes the following issues:
Security issues fixed:
- CVE-2018-7262: rgw: malformed http headers can crash rgw (bsc#1081379).
- CVE-2017-16818: User reachable asserts allow for DoS (bsc#1063014).
Bug fixes:
- bsc#1061461: OSDs keep generating coredumps after adding new OSD node to
cluster.
- bsc#1079076: RGW openssl fixes.
- bsc#1067088: Upgrade to SES5 restarted all nodes, majority of OSDs
aborts during start.
- bsc#1056125: Some OSDs are down when doing performance testing on rbd
image in EC Pool.
- bsc#1087269: allow_ec_overwrites option not in command options list.
- bsc#1051598: Fix mountpoint check for systemctl enable --runtime.
- bsc#1070357: Zabbix mgr module doesn't recover from HEALTH_ERR.
- bsc#1066502: After upgrading a single OSD from SES 4 to SES 5 the OSDs
do not rejoin the cluster.
- bsc#1067119: Crushtool decompile creates wrong device entries (device 20
device20) for not existing / deleted OSDs.
- bsc#1060904: Loglevel misleading during keystone authentication.
- bsc#1056967: Monitors goes down after pool creation on cluster with 120
OSDs.
- bsc#1067705: Issues with RGW Multi-Site Federation between SES5 and RH
Ceph Storage 2.
- bsc#1059458: Stopping / restarting rados gateway as part of deepsea
stage.4 executions causes core-dump of radosgw.
- bsc#1087493: Commvault cannot reconnect to storage after restarting
haproxy.
- bsc#1066182: Container synchronization between two Ceph clusters failed.
- bsc#1081600: Crash in civetweb/RGW.
- bsc#1054061: NFS-GANESHA service failing while trying to list mountpoint
on client.
- bsc#1074301: OSDs keep aborting: SnapMapper failed asserts.
- bsc#1086340: XFS metadata corruption on rbd-nbd mapped image with
journaling feature enabled.
- bsc#1080788: fsid mismatch when creating additional OSDs.
- bsc#1071386: Metadata spill onto block.slow.
This update was imported from the SUSE:SLE-12-SP3:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-541=1
Package List:
- openSUSE Leap 42.3 (x86_64):
ceph-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-base-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-base-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-common-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-common-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-debugsource-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-fuse-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-fuse-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-mds-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-mds-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-mgr-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-mgr-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-mon-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-mon-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-osd-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-osd-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-radosgw-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-radosgw-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-resource-agents-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-test-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-test-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-test-debugsource-12.2.5+git.1524775272.5e7ea8cf03-9.1
libcephfs-devel-12.2.5+git.1524775272.5e7ea8cf03-9.1
libcephfs2-12.2.5+git.1524775272.5e7ea8cf03-9.1
libcephfs2-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
librados-devel-12.2.5+git.1524775272.5e7ea8cf03-9.1
librados-devel-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
librados2-12.2.5+git.1524775272.5e7ea8cf03-9.1
librados2-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
libradosstriper-devel-12.2.5+git.1524775272.5e7ea8cf03-9.1
libradosstriper1-12.2.5+git.1524775272.5e7ea8cf03-9.1
libradosstriper1-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
librbd-devel-12.2.5+git.1524775272.5e7ea8cf03-9.1
librbd1-12.2.5+git.1524775272.5e7ea8cf03-9.1
librbd1-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
librgw-devel-12.2.5+git.1524775272.5e7ea8cf03-9.1
librgw2-12.2.5+git.1524775272.5e7ea8cf03-9.1
librgw2-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
python-ceph-compat-12.2.5+git.1524775272.5e7ea8cf03-9.1
python-cephfs-12.2.5+git.1524775272.5e7ea8cf03-9.1
python-cephfs-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
python-rados-12.2.5+git.1524775272.5e7ea8cf03-9.1
python-rados-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
python-rbd-12.2.5+git.1524775272.5e7ea8cf03-9.1
python-rbd-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
python-rgw-12.2.5+git.1524775272.5e7ea8cf03-9.1
python-rgw-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
python3-ceph-argparse-12.2.5+git.1524775272.5e7ea8cf03-9.1
python3-cephfs-12.2.5+git.1524775272.5e7ea8cf03-9.1
python3-cephfs-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
python3-rados-12.2.5+git.1524775272.5e7ea8cf03-9.1
python3-rados-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
python3-rbd-12.2.5+git.1524775272.5e7ea8cf03-9.1
python3-rbd-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
python3-rgw-12.2.5+git.1524775272.5e7ea8cf03-9.1
python3-rgw-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
rados-objclass-devel-12.2.5+git.1524775272.5e7ea8cf03-9.1
rbd-fuse-12.2.5+git.1524775272.5e7ea8cf03-9.1
rbd-fuse-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
rbd-mirror-12.2.5+git.1524775272.5e7ea8cf03-9.1
rbd-mirror-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
rbd-nbd-12.2.5+git.1524775272.5e7ea8cf03-9.1
rbd-nbd-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
References:
https://www.suse.com/security/cve/CVE-2017-16818.htmlhttps://www.suse.com/security/cve/CVE-2018-7262.htmlhttps://bugzilla.suse.com/1051598https://bugzilla.suse.com/1054061https://bugzilla.suse.com/1056125https://bugzilla.suse.com/1056967https://bugzilla.suse.com/1059458https://bugzilla.suse.com/1060904https://bugzilla.suse.com/1061461https://bugzilla.suse.com/1063014https://bugzilla.suse.com/1066182https://bugzilla.suse.com/1066502https://bugzilla.suse.com/1067088https://bugzilla.suse.com/1067119https://bugzilla.suse.com/1067705https://bugzilla.suse.com/1070357https://bugzilla.suse.com/1071386https://bugzilla.suse.com/1074301https://bugzilla.suse.com/1079076https://bugzilla.suse.com/1080788https://bugzilla.suse.com/1081379https://bugzilla.suse.com/1081600https://bugzilla.suse.com/1086340https://bugzilla.suse.com/1087269https://bugzilla.suse.com/1087493
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for perl-DBD-mysql
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:1463-1
Rating: moderate
References: #1047059 #1047095
Cross-References: CVE-2017-10788 CVE-2017-10789
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for perl-DBD-mysql fixes the following issues:
- CVE-2017-10789: The DBD::mysql module when with mysql_ssl=1 setting
enabled, means that SSL is optional (even though this setting's
documentation has a \"your communication with the server will be
encrypted\" statement), which could lead man-in-the-middle attackers to
spoof servers via a cleartext-downgrade attack, a related issue to
CVE-2015-3152. (bsc#1047059)
- CVE-2017-10788: The DBD::mysql module through 4.043 for Perl allows
remote attackers to cause a denial of service (use-after-free and
application crash) or possibly have unspecified other impact by
triggering (1) certain error responses from a MySQL server or (2) a loss
of a network connection to a MySQL server. The use-after-free defect was
introduced by relying on incorrect Oracle mysql_stmt_close documentation
and code examples. (bsc#1047095)
This update was imported from the SUSE:SLE-12:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-539=1
Package List:
- openSUSE Leap 42.3 (x86_64):
perl-DBD-mysql-4.021-18.3.1
perl-DBD-mysql-debuginfo-4.021-18.3.1
perl-DBD-mysql-debugsource-4.021-18.3.1
References:
https://www.suse.com/security/cve/CVE-2017-10788.htmlhttps://www.suse.com/security/cve/CVE-2017-10789.htmlhttps://bugzilla.suse.com/1047059https://bugzilla.suse.com/1047095
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for pdns
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:1462-1
Rating: low
References: #1092540
Cross-References: CVE-2018-1046
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
pdns was updated to 4.1.2.
Security fixes:
* Dnsreplay: bail out on a too small outgoing buffer (CVE-2018-1046
bsc#1092540)
Improvements:
* API: increase serial after dnssec related updates
* Auth: lower ‘packet too short’ loglevel
* Make check-zone error on rows that have content but shouldn’t
* Auth: avoid an isane amount of new backend connections during an axfr
* Report unparseable data in stoul invalid_argument exception
* Backport: recheck serial when axfr is done
* Backport: add tcp support for alias
Bug Fixes:
* Auth: allocate new statements after reconnecting to postgresql
* Auth-bindbackend: only compare ips in ismaster() (Kees Monshouwer)
* Rather than crash, sheepishly report no file/linenum
* Document undocumented config vars
* Backport #6276 (auth 4.1.x): prevent cname + other data with dnsupdate
Misc fixes:
* Move includes around to avoid boost L conflict
* Backport: update edns option code list
* Auth: link dnspcap2protobuf against librt when needed
* Fix a warning on botan >= 2.5.0
* Auth 4.1.x: unbreak build
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Package Hub for SUSE Linux Enterprise 12:
zypper in -t patch openSUSE-2018-538=1
Package List:
- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):
pdns-4.1.2-8.1
pdns-backend-godbc-4.1.2-8.1
pdns-backend-ldap-4.1.2-8.1
pdns-backend-lua-4.1.2-8.1
pdns-backend-mydns-4.1.2-8.1
pdns-backend-mysql-4.1.2-8.1
pdns-backend-postgresql-4.1.2-8.1
pdns-backend-remote-4.1.2-8.1
pdns-backend-sqlite3-4.1.2-8.1
References:
https://www.suse.com/security/cve/CVE-2018-1046.htmlhttps://bugzilla.suse.com/1092540
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for enigmail
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:1454-1
Rating: moderate
References: #1094781
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.0
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for enigmail to version 2.0.6 fixes the following issues:
Security issues fixed:
- Replies to a partially encrypted message may have revealed protected
information: no longer display PGP/MIME message part followed by
unencrypted data (boo#1094781)
- Signature could be spoofed via Inline-PGP in HTML Mails
The following bugs were fixed:
- Filter actions could forget selected mail folder names
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-535=1
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-535=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
enigmail-2.0.6-18.1
- openSUSE Leap 15.0 (x86_64):
enigmail-2.0.6-lp150.2.9.1
References:
https://bugzilla.suse.com/1094781
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for enigmail
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:1451-1
Rating: moderate
References: #1094781
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for enigmail to version 2.0.6 fixes the following issues:
Security issues fixed:
- Replies to a partially encrypted message may have revealed protected
information: no longer display PGP/MIME message part followed by
unencrypted data (boo#1094781)
- Signature could be spoofed via Inline-PGP in HTML Mails
The following bugs were fixed:
- Filter actions could forget selected mail folder names
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Package Hub for SUSE Linux Enterprise 12:
zypper in -t patch openSUSE-2018-535=1
Package List:
- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):
enigmail-2.0.6-15.1
References:
https://bugzilla.suse.com/1094781
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for pdns
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:1442-1
Rating: moderate
References: #1092540
Cross-References: CVE-2018-1046
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for pdns fixes the following issues:
Security issues fixed:
- CVE-2018-1046: Fix an issue with replaying a specially crafted PCAP file
that can trigger a stack-based buffer overflow, leading to a crash and
potentially arbitrary code execution (bsc#1092540).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-532=1
Package List:
- openSUSE Leap 15.0 (x86_64):
pdns-4.1.2-lp150.3.3.1
pdns-backend-geoip-4.1.2-lp150.3.3.1
pdns-backend-geoip-debuginfo-4.1.2-lp150.3.3.1
pdns-backend-godbc-4.1.2-lp150.3.3.1
pdns-backend-godbc-debuginfo-4.1.2-lp150.3.3.1
pdns-backend-ldap-4.1.2-lp150.3.3.1
pdns-backend-ldap-debuginfo-4.1.2-lp150.3.3.1
pdns-backend-lua-4.1.2-lp150.3.3.1
pdns-backend-lua-debuginfo-4.1.2-lp150.3.3.1
pdns-backend-mydns-4.1.2-lp150.3.3.1
pdns-backend-mydns-debuginfo-4.1.2-lp150.3.3.1
pdns-backend-mysql-4.1.2-lp150.3.3.1
pdns-backend-mysql-debuginfo-4.1.2-lp150.3.3.1
pdns-backend-postgresql-4.1.2-lp150.3.3.1
pdns-backend-postgresql-debuginfo-4.1.2-lp150.3.3.1
pdns-backend-remote-4.1.2-lp150.3.3.1
pdns-backend-remote-debuginfo-4.1.2-lp150.3.3.1
pdns-backend-sqlite3-4.1.2-lp150.3.3.1
pdns-backend-sqlite3-debuginfo-4.1.2-lp150.3.3.1
pdns-debuginfo-4.1.2-lp150.3.3.1
pdns-debugsource-4.1.2-lp150.3.3.1
References:
https://www.suse.com/security/cve/CVE-2018-1046.htmlhttps://bugzilla.suse.com/1092540
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for jasper
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:1440-1
Rating: low
References: #1087020
Cross-References: CVE-2018-9055
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for jasper fixes the following issues:
- CVE-2018-9055: denial of service via a reachable assertion in the
function jpc_firstone in libjasper/jpc/jpc_math.c could lead to
denial of service. (bsc#1087020)
This update was imported from the SUSE:SLE-12:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-531=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
jasper-1.900.14-182.1
jasper-debuginfo-1.900.14-182.1
jasper-debugsource-1.900.14-182.1
libjasper-devel-1.900.14-182.1
libjasper1-1.900.14-182.1
libjasper1-debuginfo-1.900.14-182.1
- openSUSE Leap 42.3 (x86_64):
libjasper1-32bit-1.900.14-182.1
libjasper1-debuginfo-32bit-1.900.14-182.1
References:
https://www.suse.com/security/cve/CVE-2018-9055.htmlhttps://bugzilla.suse.com/1087020
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for GraphicsMagick
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:1439-1
Rating: moderate
References: #1094204
Cross-References: CVE-2017-18271
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for GraphicsMagick fixes the following issues:
- CVE-2017-18271: An infinite loop in the function ReadMIFFImage in
coders/miff.c, which allows attackers to cause a denial of service was
fixed. (boo#1094204)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-533=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
GraphicsMagick-1.3.25-90.1
GraphicsMagick-debuginfo-1.3.25-90.1
GraphicsMagick-debugsource-1.3.25-90.1
GraphicsMagick-devel-1.3.25-90.1
libGraphicsMagick++-Q16-12-1.3.25-90.1
libGraphicsMagick++-Q16-12-debuginfo-1.3.25-90.1
libGraphicsMagick++-devel-1.3.25-90.1
libGraphicsMagick-Q16-3-1.3.25-90.1
libGraphicsMagick-Q16-3-debuginfo-1.3.25-90.1
libGraphicsMagick3-config-1.3.25-90.1
libGraphicsMagickWand-Q16-2-1.3.25-90.1
libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-90.1
perl-GraphicsMagick-1.3.25-90.1
perl-GraphicsMagick-debuginfo-1.3.25-90.1
References:
https://www.suse.com/security/cve/CVE-2017-18271.htmlhttps://bugzilla.suse.com/1094204
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for opencv
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:1438-1
Rating: important
References: #1074312 #1074313 #1074487 #1075017 #1075019
Cross-References: CVE-2017-1000450 CVE-2017-17760 CVE-2017-18009
CVE-2018-5268 CVE-2018-5269
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that fixes 5 vulnerabilities is now available.
Description:
This update for opencv fixes the following issues:
- CVE-2018-5268: Fixed a heap-based buffer overflow in
incv::Jpeg2KDecoder::readComponent8u in
modules/imgcodecs/src/grfmt_jpeg2000.cppwhen parsing a crafted image
file. (boo#1075017)
- CVE-2017-17760: Fixed an buffer overflow in function
cv::PxMDecoder::readData (boo#1074313)
- CVE-2017-18009: Fixed a heap-based buffer over-read in function
cv::HdrDecoder::checkSignature (boo#1074312)
- CVE-2017-1000450: Functions FillUniColor and FillUniGray do not check
the input length which could lead to out of bounds writes and crashes
(boo#1074487)
- CVE-2018-5269: Fixed an assertion failure happens in
cv::RBaseStream::setPos inmodules/imgcodecs/src/bitstrm.cpp because of
an incorrect integer cast (bsc#1075019).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-534=1
Package List:
- openSUSE Leap 42.3 (x86_64):
libopencv-qt56_3-3.1.0-4.11.1
libopencv-qt56_3-debuginfo-3.1.0-4.11.1
libopencv3_1-3.1.0-4.11.1
libopencv3_1-debuginfo-3.1.0-4.11.1
opencv-3.1.0-4.11.1
opencv-debuginfo-3.1.0-4.11.1
opencv-debugsource-3.1.0-4.11.1
opencv-devel-3.1.0-4.11.1
opencv-doc-3.1.0-4.11.1
opencv-qt5-3.1.0-4.11.1
opencv-qt5-debuginfo-3.1.0-4.11.1
opencv-qt5-debugsource-3.1.0-4.11.1
opencv-qt5-devel-3.1.0-4.11.1
opencv-qt5-doc-3.1.0-4.11.1
python-opencv-3.1.0-4.11.1
python-opencv-debuginfo-3.1.0-4.11.1
python-opencv-qt5-3.1.0-4.11.1
python-opencv-qt5-debuginfo-3.1.0-4.11.1
python3-opencv-3.1.0-4.11.1
python3-opencv-debuginfo-3.1.0-4.11.1
python3-opencv-qt5-3.1.0-4.11.1
python3-opencv-qt5-debuginfo-3.1.0-4.11.1
References:
https://www.suse.com/security/cve/CVE-2017-1000450.htmlhttps://www.suse.com/security/cve/CVE-2017-17760.htmlhttps://www.suse.com/security/cve/CVE-2017-18009.htmlhttps://www.suse.com/security/cve/CVE-2018-5268.htmlhttps://www.suse.com/security/cve/CVE-2018-5269.htmlhttps://bugzilla.suse.com/1074312https://bugzilla.suse.com/1074313https://bugzilla.suse.com/1074487https://bugzilla.suse.com/1075017https://bugzilla.suse.com/1075019
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org