openSUSE Security Update: Security update for curl
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0908-1
Rating: important
References: #1173027
Cross-References: CVE-2020-8177
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for curl fixes the following issues:
- CVE-2020-8177: Fixed an issue where curl could have been tricked by a
malicious server to overwrite a local file when using the -J option
(bsc#1173027).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-908=1
Package List:
- openSUSE Leap 15.1 (i586 x86_64):
curl-7.60.0-lp151.5.12.1
curl-debuginfo-7.60.0-lp151.5.12.1
curl-debugsource-7.60.0-lp151.5.12.1
curl-mini-7.60.0-lp151.5.12.1
curl-mini-debuginfo-7.60.0-lp151.5.12.1
curl-mini-debugsource-7.60.0-lp151.5.12.1
libcurl-devel-7.60.0-lp151.5.12.1
libcurl-mini-devel-7.60.0-lp151.5.12.1
libcurl4-7.60.0-lp151.5.12.1
libcurl4-debuginfo-7.60.0-lp151.5.12.1
libcurl4-mini-7.60.0-lp151.5.12.1
libcurl4-mini-debuginfo-7.60.0-lp151.5.12.1
- openSUSE Leap 15.1 (x86_64):
libcurl-devel-32bit-7.60.0-lp151.5.12.1
libcurl4-32bit-7.60.0-lp151.5.12.1
libcurl4-32bit-debuginfo-7.60.0-lp151.5.12.1
References:
https://www.suse.com/security/cve/CVE-2020-8177.htmlhttps://bugzilla.suse.com/1173027
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for squid
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0914-1
Rating: important
References: #1173304
Cross-References: CVE-2020-14059
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for squid fixes the following issues:
squid was updated to version 4.12
Security issue fixed:
- CVE-2020-14059: Fixed an issue where a client could potentially deny the
service of a server during TLS Handshake (bsc#1173304).
Other issues addressed:
- Reverted to slow search for new SMP shm pages due to a regression
- Fixed an issue where negative responses were never cached
- Fixed stall if transaction was overwriting a recently active cache entry
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2020-914=1
Package List:
- openSUSE Leap 15.2 (x86_64):
squid-4.12-lp152.2.3.1
squid-debuginfo-4.12-lp152.2.3.1
squid-debugsource-4.12-lp152.2.3.1
References:
https://www.suse.com/security/cve/CVE-2020-14059.htmlhttps://bugzilla.suse.com/1173304
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for mutt
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0915-1
Rating: important
References: #1172906 #1172935 #1173197
Cross-References: CVE-2020-14093 CVE-2020-14154 CVE-2020-14954
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for mutt fixes the following issues:
- CVE-2020-14954: Fixed a response injection due to a STARTTLS buffering
issue which was affecting IMAP, SMTP, and POP3 (bsc#1173197).
- CVE-2020-14093: Fixed a potential IMAP Man-in-the-Middle attack via a
PREAUTH response (bsc#1172906, bsc#1172935).
- CVE-2020-14154: Fixed an issue where Mutt was ignoring an expired
certificate and was proceeding with a connection (bsc#1172906,
bsc#1172935).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2020-915=1
Package List:
- openSUSE Leap 15.2 (x86_64):
mutt-1.10.1-lp152.3.3.1
mutt-debuginfo-1.10.1-lp152.3.3.1
mutt-debugsource-1.10.1-lp152.3.3.1
- openSUSE Leap 15.2 (noarch):
mutt-doc-1.10.1-lp152.3.3.1
mutt-lang-1.10.1-lp152.3.3.1
References:
https://www.suse.com/security/cve/CVE-2020-14093.htmlhttps://www.suse.com/security/cve/CVE-2020-14154.htmlhttps://www.suse.com/security/cve/CVE-2020-14954.htmlhttps://bugzilla.suse.com/1172906https://bugzilla.suse.com/1172935https://bugzilla.suse.com/1173197
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for unbound
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0912-1
Rating: important
References: #1157268 #1171889
Cross-References: CVE-2019-18934 CVE-2020-12662 CVE-2020-12663
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for unbound fixes the following issues:
- CVE-2020-12662: Fixed an issue where unbound could have been tricked
into amplifying an incoming query into a large number of queries
directed to a target (bsc#1171889).
- CVE-2020-12663: Fixed an issue where malformed answers from upstream
name servers could have been used to make unbound unresponsive
(bsc#1171889).
- CVE-2019-18934: Fixed a vulnerability in the IPSec module which could
have allowed code execution after receiving a special crafted answer
(bsc#1157268).
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-912=1
Package List:
- openSUSE Leap 15.1 (i586 x86_64):
libunbound-devel-mini-1.6.8-lp151.8.3.1
libunbound-devel-mini-debuginfo-1.6.8-lp151.8.3.1
libunbound-devel-mini-debugsource-1.6.8-lp151.8.3.1
- openSUSE Leap 15.1 (noarch):
unbound-munin-1.6.8-lp151.8.3.1
- openSUSE Leap 15.1 (x86_64):
libunbound2-1.6.8-lp151.8.3.1
libunbound2-debuginfo-1.6.8-lp151.8.3.1
unbound-1.6.8-lp151.8.3.1
unbound-anchor-1.6.8-lp151.8.3.1
unbound-anchor-debuginfo-1.6.8-lp151.8.3.1
unbound-debuginfo-1.6.8-lp151.8.3.1
unbound-debugsource-1.6.8-lp151.8.3.1
unbound-devel-1.6.8-lp151.8.3.1
unbound-python-1.6.8-lp151.8.3.1
unbound-python-debuginfo-1.6.8-lp151.8.3.1
References:
https://www.suse.com/security/cve/CVE-2019-18934.htmlhttps://www.suse.com/security/cve/CVE-2020-12662.htmlhttps://www.suse.com/security/cve/CVE-2020-12663.htmlhttps://bugzilla.suse.com/1157268https://bugzilla.suse.com/1171889
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for squid
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0910-1
Rating: important
References: #1173304
Cross-References: CVE-2020-14059
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for squid fixes the following issues:
squid was updated to version 4.12
Security issue fixed:
- CVE-2020-14059: Fixed an issue where a client could potentially deny the
service of a server during TLS Handshake (bsc#1173304).
Other issues addressed:
- Reverted to slow search for new SMP shm pages due to a regression
- Fixed an issue where negative responses were never cached
- Fixed stall if transaction was overwriting a recently active cache entry
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-910=1
Package List:
- openSUSE Leap 15.1 (x86_64):
squid-4.12-lp151.2.21.1
squid-debuginfo-4.12-lp151.2.21.1
squid-debugsource-4.12-lp151.2.21.1
References:
https://www.suse.com/security/cve/CVE-2020-14059.htmlhttps://bugzilla.suse.com/1173304
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for unbound
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0913-1
Rating: important
References: #1157268 #1171889
Cross-References: CVE-2019-18934 CVE-2020-12662 CVE-2020-12663
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for unbound fixes the following issues:
- CVE-2020-12662: Fixed an issue where unbound could have been tricked
into amplifying an incoming query into a large number of queries
directed to a target (bsc#1171889).
- CVE-2020-12663: Fixed an issue where malformed answers from upstream
name servers could have been used to make unbound unresponsive
(bsc#1171889).
- CVE-2019-18934: Fixed a vulnerability in the IPSec module which could
have allowed code execution after receiving a special crafted answer
(bsc#1157268).
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2020-913=1
Package List:
- openSUSE Leap 15.2 (i586 x86_64):
libunbound-devel-mini-1.6.8-lp152.9.3.1
libunbound-devel-mini-debuginfo-1.6.8-lp152.9.3.1
libunbound-devel-mini-debugsource-1.6.8-lp152.9.3.1
- openSUSE Leap 15.2 (noarch):
unbound-munin-1.6.8-lp152.9.3.1
- openSUSE Leap 15.2 (x86_64):
libunbound2-1.6.8-lp152.9.3.1
libunbound2-debuginfo-1.6.8-lp152.9.3.1
unbound-1.6.8-lp152.9.3.1
unbound-anchor-1.6.8-lp152.9.3.1
unbound-anchor-debuginfo-1.6.8-lp152.9.3.1
unbound-debuginfo-1.6.8-lp152.9.3.1
unbound-debugsource-1.6.8-lp152.9.3.1
unbound-devel-1.6.8-lp152.9.3.1
unbound-python-1.6.8-lp152.9.3.1
unbound-python-debuginfo-1.6.8-lp152.9.3.1
References:
https://www.suse.com/security/cve/CVE-2019-18934.htmlhttps://www.suse.com/security/cve/CVE-2020-12662.htmlhttps://www.suse.com/security/cve/CVE-2020-12663.htmlhttps://bugzilla.suse.com/1157268https://bugzilla.suse.com/1171889
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for tomcat
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0911-1
Rating: important
References: #1172405
Cross-References: CVE-2020-8022
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for tomcat fixes the following issues:
- CVE-2020-8022: Fixed a local root exploit due to improper permissions
(bsc#1172405)
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-911=1
Package List:
- openSUSE Leap 15.1 (noarch):
tomcat-9.0.35-lp151.3.21.1
tomcat-admin-webapps-9.0.35-lp151.3.21.1
tomcat-docs-webapp-9.0.35-lp151.3.21.1
tomcat-el-3_0-api-9.0.35-lp151.3.21.1
tomcat-embed-9.0.35-lp151.3.21.1
tomcat-javadoc-9.0.35-lp151.3.21.1
tomcat-jsp-2_3-api-9.0.35-lp151.3.21.1
tomcat-jsvc-9.0.35-lp151.3.21.1
tomcat-lib-9.0.35-lp151.3.21.1
tomcat-servlet-4_0-api-9.0.35-lp151.3.21.1
tomcat-webapps-9.0.35-lp151.3.21.1
References:
https://www.suse.com/security/cve/CVE-2020-8022.htmlhttps://bugzilla.suse.com/1172405
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for graphviz
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0906-1
Rating: moderate
References: #1132091
Cross-References: CVE-2019-11023
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for graphviz fixes the following issues:
Security issue fixed:
- CVE-2019-11023: Fixed a denial of service vulnerability, which was
caused by a NULL pointer dereference in agroot() (bsc#1132091).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2020-906=1
Package List:
- openSUSE Leap 15.2 (i586 x86_64):
graphviz-2.40.1-lp152.7.4.2
graphviz-addons-debuginfo-2.40.1-lp152.7.4.2
graphviz-addons-debugsource-2.40.1-lp152.7.4.2
graphviz-debuginfo-2.40.1-lp152.7.4.2
graphviz-debugsource-2.40.1-lp152.7.4.2
graphviz-devel-2.40.1-lp152.7.4.2
graphviz-doc-2.40.1-lp152.7.4.2
graphviz-gd-2.40.1-lp152.7.4.2
graphviz-gd-debuginfo-2.40.1-lp152.7.4.2
graphviz-gnome-2.40.1-lp152.7.4.2
graphviz-gnome-debuginfo-2.40.1-lp152.7.4.2
graphviz-guile-2.40.1-lp152.7.4.2
graphviz-guile-debuginfo-2.40.1-lp152.7.4.2
graphviz-gvedit-2.40.1-lp152.7.4.2
graphviz-gvedit-debuginfo-2.40.1-lp152.7.4.2
graphviz-java-2.40.1-lp152.7.4.2
graphviz-java-debuginfo-2.40.1-lp152.7.4.2
graphviz-lua-2.40.1-lp152.7.4.2
graphviz-lua-debuginfo-2.40.1-lp152.7.4.2
graphviz-perl-2.40.1-lp152.7.4.2
graphviz-perl-debuginfo-2.40.1-lp152.7.4.2
graphviz-php-2.40.1-lp152.7.4.2
graphviz-php-debuginfo-2.40.1-lp152.7.4.2
graphviz-plugins-core-2.40.1-lp152.7.4.2
graphviz-plugins-core-debuginfo-2.40.1-lp152.7.4.2
graphviz-python-2.40.1-lp152.7.4.2
graphviz-python-debuginfo-2.40.1-lp152.7.4.2
graphviz-ruby-2.40.1-lp152.7.4.2
graphviz-ruby-debuginfo-2.40.1-lp152.7.4.2
graphviz-smyrna-2.40.1-lp152.7.4.2
graphviz-smyrna-debuginfo-2.40.1-lp152.7.4.2
graphviz-tcl-2.40.1-lp152.7.4.2
graphviz-tcl-debuginfo-2.40.1-lp152.7.4.2
libgraphviz6-2.40.1-lp152.7.4.2
libgraphviz6-debuginfo-2.40.1-lp152.7.4.2
References:
https://www.suse.com/security/cve/CVE-2019-11023.htmlhttps://bugzilla.suse.com/1132091
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for mutt
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0903-1
Rating: important
References: #1172906 #1172935 #1173197
Cross-References: CVE-2020-14093 CVE-2020-14154 CVE-2020-14954
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for mutt fixes the following issues:
- CVE-2020-14954: Fixed a response injection due to a STARTTLS buffering
issue which was affecting IMAP, SMTP, and POP3 (bsc#1173197).
- CVE-2020-14093: Fixed a potential IMAP Man-in-the-Middle attack via a
PREAUTH response (bsc#1172906, bsc#1172935).
- CVE-2020-14154: Fixed an issue where Mutt was ignoring an expired
certificate and was proceeding with a connection (bsc#1172906,
bsc#1172935).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-903=1
Package List:
- openSUSE Leap 15.1 (noarch):
mutt-doc-1.10.1-lp151.2.3.1
mutt-lang-1.10.1-lp151.2.3.1
- openSUSE Leap 15.1 (x86_64):
mutt-1.10.1-lp151.2.3.1
mutt-debuginfo-1.10.1-lp151.2.3.1
mutt-debugsource-1.10.1-lp151.2.3.1
References:
https://www.suse.com/security/cve/CVE-2020-14093.htmlhttps://www.suse.com/security/cve/CVE-2020-14154.htmlhttps://www.suse.com/security/cve/CVE-2020-14954.htmlhttps://bugzilla.suse.com/1172906https://bugzilla.suse.com/1172935https://bugzilla.suse.com/1173197
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0902-1
Rating: important
References: #1173107 #1173187 #1173188 #1173251 #1173254
#1173292
Cross-References: CVE-2020-6509
Affected Products:
openSUSE Backports SLE-15-SP1
______________________________________________________________________________
An update that solves one vulnerability and has 5 fixes is
now available.
Description:
This update for chromium fixes the following issues:
Update to 83.0.4103.116 boo#1173251:
* CVE-2020-6509: Use after free in extensions
- Add patch to work with new ffmpeg (bsc#1173292)
- Add multimedia fix for disabled location and also try one additional
patch from Debian on the same issue boo#1173107
- Disable wayland integration on openSUSE Leap 15.x (boo#1173187
boo#1173188 boo#1173254)
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2020-902=1
Package List:
- openSUSE Backports SLE-15-SP1 (aarch64 x86_64):
chromedriver-83.0.4103.116-bp151.3.91.1
chromium-83.0.4103.116-bp151.3.91.1
References:
https://www.suse.com/security/cve/CVE-2020-6509.htmlhttps://bugzilla.suse.com/1173107https://bugzilla.suse.com/1173187https://bugzilla.suse.com/1173188https://bugzilla.suse.com/1173251https://bugzilla.suse.com/1173254https://bugzilla.suse.com/1173292
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org