openSUSE Security Update: Security update for libmspack
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0746-1
Rating: low
References: #1130489 #1141680
Cross-References: CVE-2019-1010305
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for libmspack fixes the following issues:
Security issue fixed:
- CVE-2019-1010305: Fixed a buffer overflow triggered by a crafted chm
file which could have led to information disclosure (bsc#1141680).
Other issue addressed:
- Enable build-time tests (bsc#1130489)
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-746=1
Package List:
- openSUSE Leap 15.1 (i586 x86_64):
libmspack-debugsource-0.6-lp151.4.3.1
libmspack-devel-0.6-lp151.4.3.1
libmspack0-0.6-lp151.4.3.1
libmspack0-debuginfo-0.6-lp151.4.3.1
mspack-tools-0.6-lp151.4.3.1
mspack-tools-debuginfo-0.6-lp151.4.3.1
- openSUSE Leap 15.1 (x86_64):
libmspack0-32bit-0.6-lp151.4.3.1
libmspack0-32bit-debuginfo-0.6-lp151.4.3.1
References:
https://www.suse.com/security/cve/CVE-2019-1010305.htmlhttps://bugzilla.suse.com/1130489https://bugzilla.suse.com/1141680
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for freetds
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0741-1
Rating: moderate
References: #1141132
Cross-References: CVE-2019-13508
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for freetds to 1.1.36 fixes the following issues:
Security issue fixed:
- CVE-2019-13508: Fixed a heap overflow that could have been caused by
malicious servers sending UDT types over protocol version 5.0
(bsc#1141132).
Non-security issues fixed:
- Enabled Kerberos support
- Version update to 1.1.36:
* Default TDS protocol version is now "auto"
* Improved UTF-8 performances
* TDS Pool Server is enabled
* MARS support is enabled
* NTLMv2 is enabled
* See NEWS and ChangeLog for a complete list of changes
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-741=1
Package List:
- openSUSE Leap 15.1 (i586 x86_64):
freetds-config-1.1.36-lp151.3.3.1
freetds-debuginfo-1.1.36-lp151.3.3.1
freetds-debugsource-1.1.36-lp151.3.3.1
freetds-devel-1.1.36-lp151.3.3.1
freetds-doc-1.1.36-lp151.3.3.1
freetds-tools-1.1.36-lp151.3.3.1
freetds-tools-debuginfo-1.1.36-lp151.3.3.1
libct4-1.1.36-lp151.3.3.1
libct4-debuginfo-1.1.36-lp151.3.3.1
libsybdb5-1.1.36-lp151.3.3.1
libsybdb5-debuginfo-1.1.36-lp151.3.3.1
libtdsodbc0-1.1.36-lp151.3.3.1
libtdsodbc0-debuginfo-1.1.36-lp151.3.3.1
References:
https://www.suse.com/security/cve/CVE-2019-13508.htmlhttps://bugzilla.suse.com/1141132
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for trousers
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0744-1
Rating: moderate
References: #1157651
Cross-References: CVE-2019-18898
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for trousers fixes the following issues:
- CVE-2019-18898: Fixed a local symlink attack where a rogue tss user
could have gain ownership of arbitrary files in the system during
installation/update of the trousers package (bsc#1157651).
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-744=1
Package List:
- openSUSE Leap 15.1 (i586 x86_64):
libtspi1-0.3.14-lp151.4.6.1
libtspi1-debuginfo-0.3.14-lp151.4.6.1
trousers-0.3.14-lp151.4.6.1
trousers-debuginfo-0.3.14-lp151.4.6.1
trousers-debugsource-0.3.14-lp151.4.6.1
trousers-devel-0.3.14-lp151.4.6.1
- openSUSE Leap 15.1 (x86_64):
libtspi1-32bit-0.3.14-lp151.4.6.1
libtspi1-32bit-debuginfo-0.3.14-lp151.4.6.1
References:
https://www.suse.com/security/cve/CVE-2019-18898.htmlhttps://bugzilla.suse.com/1157651
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for jasper
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0734-1
Rating: low
References: #1092115
Cross-References: CVE-2018-9154
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for jasper fixes the following issues:
- CVE-2018-9154: Fixed a potential denial of service in
jpc_dec_process_sot() (bsc#1092115).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-734=1
Package List:
- openSUSE Leap 15.1 (i586 x86_64):
jasper-2.0.14-lp151.4.6.1
jasper-debuginfo-2.0.14-lp151.4.6.1
jasper-debugsource-2.0.14-lp151.4.6.1
libjasper-devel-2.0.14-lp151.4.6.1
libjasper4-2.0.14-lp151.4.6.1
libjasper4-debuginfo-2.0.14-lp151.4.6.1
- openSUSE Leap 15.1 (x86_64):
libjasper4-32bit-2.0.14-lp151.4.6.1
libjasper4-32bit-debuginfo-2.0.14-lp151.4.6.1
References:
https://www.suse.com/security/cve/CVE-2018-9154.htmlhttps://bugzilla.suse.com/1092115
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for mariadb-connector-c
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0738-1
Rating: important
References: #1171550
Cross-References: CVE-2020-13249
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for mariadb-connector-c fixes the following issues:
Security issue fixed:
- CVE-2020-13249: Fixed an improper validation of OK packets received from
clients (bsc#1171550).
Non-security issues fixed:
- Update to release 3.1.8 (bsc#1171550)
* CONC-304: Rename the static library to libmariadb.a and other
libmariadb files in a consistent manner
* CONC-441: Default user name for C/C is wrong if login user is
different from effective user
* CONC-449: Check $MARIADB_HOME/my.cnf in addition to $MYSQL_HOME/my.cnf
* CONC-457: mysql_list_processes crashes in unpack_fields
* CONC-458: mysql_get_timeout_value crashes when used improper
* CONC-464: Fix static build for auth_gssapi_client plugin
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-738=1
Package List:
- openSUSE Leap 15.1 (i586 x86_64):
libmariadb-devel-3.1.8-lp151.3.12.1
libmariadb-devel-debuginfo-3.1.8-lp151.3.12.1
libmariadb3-3.1.8-lp151.3.12.1
libmariadb3-debuginfo-3.1.8-lp151.3.12.1
libmariadb_plugins-3.1.8-lp151.3.12.1
libmariadb_plugins-debuginfo-3.1.8-lp151.3.12.1
libmariadbprivate-3.1.8-lp151.3.12.1
libmariadbprivate-debuginfo-3.1.8-lp151.3.12.1
mariadb-connector-c-debugsource-3.1.8-lp151.3.12.1
- openSUSE Leap 15.1 (x86_64):
libmariadb3-32bit-3.1.8-lp151.3.12.1
libmariadb3-32bit-debuginfo-3.1.8-lp151.3.12.1
References:
https://www.suse.com/security/cve/CVE-2020-13249.htmlhttps://bugzilla.suse.com/1171550
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for sysstat
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0736-1
Rating: low
References: #1159104
Cross-References: CVE-2019-19725
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for sysstat fixes the following issues:
- CVE-2019-19725: Fixed double free in check_file_actlst in sa_common.c
(bsc#1159104).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-736=1
Package List:
- openSUSE Leap 15.1 (x86_64):
sysstat-12.0.2-lp151.3.15.1
sysstat-debuginfo-12.0.2-lp151.3.15.1
sysstat-debugsource-12.0.2-lp151.3.15.1
sysstat-isag-12.0.2-lp151.3.15.1
References:
https://www.suse.com/security/cve/CVE-2019-19725.htmlhttps://bugzilla.suse.com/1159104
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for libxslt
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0731-1
Rating: moderate
References: #1140095 #1140101 #1154609
Cross-References: CVE-2019-13117 CVE-2019-13118 CVE-2019-18197
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for libxslt fixes the following issues:
Security issues fixed:
- CVE-2019-13118: Fixed a read of uninitialized stack data (bsc#1140101).
- CVE-2019-13117: Fixed a uninitialized read which allowed to discern
whether a byte on the stack contains certain special characters
(bsc#1140095).
- CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have
led to information disclosure (bsc#1154609).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-731=1
Package List:
- openSUSE Leap 15.1 (i586 x86_64):
libxslt-debugsource-1.1.32-lp151.3.6.1
libxslt-devel-1.1.32-lp151.3.6.1
libxslt-tools-1.1.32-lp151.3.6.1
libxslt-tools-debuginfo-1.1.32-lp151.3.6.1
libxslt1-1.1.32-lp151.3.6.1
libxslt1-debuginfo-1.1.32-lp151.3.6.1
- openSUSE Leap 15.1 (x86_64):
libxslt-devel-32bit-1.1.32-lp151.3.6.1
libxslt-python-1.1.32-lp151.3.6.1
libxslt-python-debuginfo-1.1.32-lp151.3.6.1
libxslt-python-debugsource-1.1.32-lp151.3.6.1
libxslt1-32bit-1.1.32-lp151.3.6.1
libxslt1-32bit-debuginfo-1.1.32-lp151.3.6.1
References:
https://www.suse.com/security/cve/CVE-2019-13117.htmlhttps://www.suse.com/security/cve/CVE-2019-13118.htmlhttps://www.suse.com/security/cve/CVE-2019-18197.htmlhttps://bugzilla.suse.com/1140095https://bugzilla.suse.com/1140101https://bugzilla.suse.com/1154609
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for dom4j
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0719-1
Rating: important
References: #1169760
Cross-References: CVE-2020-10683
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for dom4j fixes the following issues:
- CVE-2020-10683: Fixed an XML External Entity vulnerability in default
SAX parser (bsc#1169760).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-719=1
Package List:
- openSUSE Leap 15.1 (noarch):
dom4j-1.6.1-lp151.6.3.1
dom4j-demo-1.6.1-lp151.6.3.1
dom4j-javadoc-1.6.1-lp151.6.3.1
dom4j-manual-1.6.1-lp151.6.3.1
References:
https://www.suse.com/security/cve/CVE-2020-10683.htmlhttps://bugzilla.suse.com/1169760
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for memcached
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0721-1
Rating: moderate
References: #1133817 #1149110
Cross-References: CVE-2019-11596 CVE-2019-15026
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for memcached fixes the following issues:
Security issue fixed:
- CVE-2019-11596: Fixed a NULL pointer dereference in process_lru_command
(bsc#1133817).
- CVE-2019-15026: Fixed a stack-based buffer over-read (bsc#1149110).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-721=1
Package List:
- openSUSE Leap 15.1 (x86_64):
memcached-1.5.6-lp151.4.3.1
memcached-debuginfo-1.5.6-lp151.4.3.1
memcached-debugsource-1.5.6-lp151.4.3.1
memcached-devel-1.5.6-lp151.4.3.1
References:
https://www.suse.com/security/cve/CVE-2019-11596.htmlhttps://www.suse.com/security/cve/CVE-2019-15026.htmlhttps://bugzilla.suse.com/1133817https://bugzilla.suse.com/1149110
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for dovecot23
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0720-1
Rating: important
References: #1171456 #1171457 #1171458
Cross-References: CVE-2020-10957 CVE-2020-10958 CVE-2020-10967
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for dovecot23 to 2.3.10 fixes the following issues:
Security issues fixed:
- CVE-2020-10957: Fixed a crash caused by malformed NOOP commands
(bsc#1171457).
- CVE-2020-10958: Fixed a use-after-free when receiving too many newlines
(bsc#1171458).
- CVE-2020-10967: Fixed a crash in the lmtp and submission components
caused by mails with empty quoted localparts (bsc#1171456).
Non-security issues fixed:
- The update to 2.3.10 fixes several bugs. Please refer to
https://dovecot.org/doc/NEWS for a complete list of changes.
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-720=1
Package List:
- openSUSE Leap 15.1 (x86_64):
dovecot23-2.3.10-lp151.2.9.1
dovecot23-backend-mysql-2.3.10-lp151.2.9.1
dovecot23-backend-mysql-debuginfo-2.3.10-lp151.2.9.1
dovecot23-backend-pgsql-2.3.10-lp151.2.9.1
dovecot23-backend-pgsql-debuginfo-2.3.10-lp151.2.9.1
dovecot23-backend-sqlite-2.3.10-lp151.2.9.1
dovecot23-backend-sqlite-debuginfo-2.3.10-lp151.2.9.1
dovecot23-debuginfo-2.3.10-lp151.2.9.1
dovecot23-debugsource-2.3.10-lp151.2.9.1
dovecot23-devel-2.3.10-lp151.2.9.1
dovecot23-fts-2.3.10-lp151.2.9.1
dovecot23-fts-debuginfo-2.3.10-lp151.2.9.1
dovecot23-fts-lucene-2.3.10-lp151.2.9.1
dovecot23-fts-lucene-debuginfo-2.3.10-lp151.2.9.1
dovecot23-fts-solr-2.3.10-lp151.2.9.1
dovecot23-fts-solr-debuginfo-2.3.10-lp151.2.9.1
dovecot23-fts-squat-2.3.10-lp151.2.9.1
dovecot23-fts-squat-debuginfo-2.3.10-lp151.2.9.1
References:
https://www.suse.com/security/cve/CVE-2020-10957.htmlhttps://www.suse.com/security/cve/CVE-2020-10958.htmlhttps://www.suse.com/security/cve/CVE-2020-10967.htmlhttps://bugzilla.suse.com/1171456https://bugzilla.suse.com/1171457https://bugzilla.suse.com/1171458
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org