openSUSE Updates June 2016

updates@lists.opensuse.org

2 participants
127 discussions

openSUSE-SU-2016:1467-1: moderate: Security update for gdk-pixbuf

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for gdk-pixbuf ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:1467-1 Rating: moderate References: #948790 #948791 #958963 Cross-References: CVE-2015-7552 CVE-2015-7673 CVE-2015-7674 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for gdk-pixbuf fixes the following issues: - CVE-2015-7552: Fixed various overflows in image handling (boo#958963). - CVE-2015-7673: Fixed an overflow and DoS with a TGA file (boo#948790). - CVE-2015-7674: Fixed overflow when scaling a gif (boo#948791). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-669=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): gdk-pixbuf-debugsource-2.31.6-4.1 gdk-pixbuf-devel-2.31.6-4.1 gdk-pixbuf-devel-debuginfo-2.31.6-4.1 gdk-pixbuf-query-loaders-2.31.6-4.1 gdk-pixbuf-query-loaders-debuginfo-2.31.6-4.1 libgdk_pixbuf-2_0-0-2.31.6-4.1 libgdk_pixbuf-2_0-0-debuginfo-2.31.6-4.1 typelib-1_0-GdkPixbuf-2_0-2.31.6-4.1 - openSUSE Leap 42.1 (x86_64): gdk-pixbuf-devel-32bit-2.31.6-4.1 gdk-pixbuf-devel-debuginfo-32bit-2.31.6-4.1 gdk-pixbuf-query-loaders-32bit-2.31.6-4.1 gdk-pixbuf-query-loaders-debuginfo-32bit-2.31.6-4.1 libgdk_pixbuf-2_0-0-32bit-2.31.6-4.1 libgdk_pixbuf-2_0-0-debuginfo-32bit-2.31.6-4.1 - openSUSE Leap 42.1 (noarch): gdk-pixbuf-lang-2.31.6-4.1 References: https://www.suse.com/security/cve/CVE-2015-7552.html https://www.suse.com/security/cve/CVE-2015-7673.html https://www.suse.com/security/cve/CVE-2015-7674.html https://bugzilla.suse.com/948790 https://bugzilla.suse.com/948791 https://bugzilla.suse.com/958963

5 years, 3 months

openSUSE-RU-2016:1466-1: moderate: Recommended update for mgp

by maintenance＠opensuse.org

openSUSE Recommended Update: Recommended update for mgp ______________________________________________________________________________ Announcement ID: openSUSE-RU-2016:1466-1 Rating: moderate References: #980768 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mgp fixes the following issues: - Implement the alpha channel support for fix the rendering bug of images with transparent color (boo#980768) Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-675=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): mgp-1.13a-119.1 mgp-debuginfo-1.13a-119.1 mgp-debugsource-1.13a-119.1 References: https://bugzilla.suse.com/980768

5 years, 3 months

openSUSE-SU-2016:1464-1: moderate: Security update for p7zip

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for p7zip ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:1464-1 Rating: moderate References: #979823 Cross-References: CVE-2016-2335 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for p7zip fixes the following issues: - add p7zip-9.20.1-CVE-2016-2335.patch to fix 7zip UDF CInArchive::ReadFileItem code execution vulnerability [boo#979823], [CVE-2016-2335] Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2016-673=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): p7zip-9.20.1-12.6.1 p7zip-debuginfo-9.20.1-12.6.1 p7zip-debugsource-9.20.1-12.6.1 References: https://www.suse.com/security/cve/CVE-2016-2335.html https://bugzilla.suse.com/979823

5 years, 3 months

openSUSE-SU-2016:1463-1: moderate: Security update for libarchive

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for libarchive ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:1463-1 Rating: moderate References: #979005 Cross-References: CVE-2016-1541 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libarchive fixes the following issue: - Fix a heap-based buffer overflow (CVE-2016-1541, bsc#979005) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2016-670=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): bsdtar-3.1.2-7.8.1 bsdtar-debuginfo-3.1.2-7.8.1 libarchive-debugsource-3.1.2-7.8.1 libarchive-devel-3.1.2-7.8.1 libarchive13-3.1.2-7.8.1 libarchive13-debuginfo-3.1.2-7.8.1 - openSUSE 13.2 (x86_64): libarchive13-32bit-3.1.2-7.8.1 libarchive13-debuginfo-32bit-3.1.2-7.8.1 References: https://www.suse.com/security/cve/CVE-2016-1541.html https://bugzilla.suse.com/979005

5 years, 3 months

openSUSE-SU-2016:1462-1: moderate: Security update for virtualbox

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for virtualbox ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:1462-1 Rating: moderate References: #908383 #939299 #953018 #964765 Cross-References: CVE-2016-0678 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: Virtualbox was updated to 5.0.20 to fix the following issues: Version bump to 5.0.20 (released 2016-04-28 by Oracle) This is a maintenance release. The following items were fixed and/or added: * NAT Network: File VBoxNetNAT no longer requires suid * Storage: fixed a regression causing write requests from the BIOS to cause a Guru Meditation with the LsiLogic SCSI controller (5.0.18 regression; bug #15317) * Storage: several emulation fixes in the BusLogic SCSI controller emulation * NAT Network: support TCP in DNS proxy (same problem as in bug #14736 for NAT) * NAT: rework handling of port-forwarding rules (bug #13570) * NAT: rewrite host resolver to handle more query types and make it asynchronous so that a stalled lookup doesn't block all NAT traffic * Snapshots: don't crash when restoring a snapshot which has more network adapters than the current state (ie when the snapshot uses ICH9 and the current state uses PIIX3) * Guest Control: various bugfixes for the copyfrom and copyto commands / API (bug #14336) * VBoxManage: list processor features on list hostinfo (bug #15334) * Linux hosts: fix for Linux 4.5 if CONFIG_NET_CLS_ACT is enabled (bug #15327) * Windows Additions: fixed performance issues with PowerPoint 2010 and the WDDM graphics drivers if Aero is disabled Bugfixes: - Apply proper fix for boo#964765 that causes guest VMs using NAT Network attachments to fail to get network access. The basic problem is that file /usr/lib/virtualbox/VBoxNetNAT needs to have suid privilege, and the spec file was failing to set the appropriate permissions. - Implement VirtualBox version 5.0.18 in openSUSE 13.2. Previous to this point, oS 13.2 had been using 4.3.X, which was the VB series when 13.2 was released. This policy has been changed so that a fix for CVE-2016-0678 can be included in 13.2. Bug report b.o.o #97366 discusses this vulnerability. This submission also fixes the bug in VB 5.0.18 that prevents proper operation for guest VMs configured to use LsiLogic adapter for disks. See ticket: https://www.virtualbox.org/ticket/15317 for a description of the problem, and changeset: https://www.virtualbox.org/changeset/60565/vbox for the fix, which is implemented in file "changeset_60565.diff". Version bump to 5.0.18 (released 2016-04-18 by Oracle) This is a maintenance release. The following items were fixed and/or added: * GUI: position off-screen windows to be fully visible again on relaunch in consistence with default-behavior (bug #15226) * GUI: fixed the View menu / Full-screen Mode behavior on Mac OS X El Capitan * GUI: fixed a test which allowed to encrypt a hard disk with an empty password * GUI: fixed a crash under certain conditions during VM shutdown * GUI: fixed the size of the VM list scrollbar in the VM selector when entering a group * PC speaker passthrough: fixes (Linux hosts only; bug #627) * Drag and drop: several fixes * SATA: fixed hotplug flag handling when EFI is used * Storage: fixed handling of encrypted disk images with SCSI controllers (bug #14812) * Storage: fixed possible crash with Solaris 7 if the BusLogic SCSI controller is used * USB: properly purge non-ASCII characters from USB strings (bugs #8801, #15222) * NAT Network: fixed 100% CPU load in VBoxNetNAT on Mac OS X under certain circumstances (bug #15223) * ACPI: fixed ACPI tables to make the display color management settings available again for older Windows versions (4.3.22 regression) * Guest Control: fixed VBoxManage copyfrom command (bug #14336) * Snapshots: fixed several problems when removing older snapshots (bug #15206) * VBoxManage: fixed --verbose output of the guestcontrol command * Windows hosts: hardening fixes required for recent Windows 10 insider builds (bugs #15245, #15296) * Windows hosts: fixed support of jumbo frames in with bridged networking (5.0.16 regression; bug #15209) * Windows hosts: don't prevent receiving multicast traffic if host-only adapters are installed (bug #8698) * Linux hosts: added support for the new naming scheme of NVME disks when creating raw disks * Solaris hosts / guests: properly sign the kernel modules (bug #12608) * Linux hosts / guests: Linux 4.5 fixes (bug #15251) * Linux hosts / guests: Linux 4.6 fixes (bug #15298) * Linux Additions: added a kernel graphics driver to support graphics when X.Org does not have root rights (bug #14732) * Linux/Solaris Additions: fixed several issues causing Linux/Solatis guests using software rendering when 3D acceleration is available * Windows Additions: fixed a hang with PowerPoint 2010 and the WDDM drivers if Aero is disabled Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2016-672=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): python-virtualbox-5.0.20-46.1 python-virtualbox-debuginfo-5.0.20-46.1 virtualbox-5.0.20-46.1 virtualbox-debuginfo-5.0.20-46.1 virtualbox-debugsource-5.0.20-46.1 virtualbox-devel-5.0.20-46.1 virtualbox-guest-kmp-default-5.0.20_k3.16.7_35-46.1 virtualbox-guest-kmp-default-debuginfo-5.0.20_k3.16.7_35-46.1 virtualbox-guest-kmp-desktop-5.0.20_k3.16.7_35-46.1 virtualbox-guest-kmp-desktop-debuginfo-5.0.20_k3.16.7_35-46.1 virtualbox-guest-tools-5.0.20-46.1 virtualbox-guest-tools-debuginfo-5.0.20-46.1 virtualbox-guest-x11-5.0.20-46.1 virtualbox-guest-x11-debuginfo-5.0.20-46.1 virtualbox-host-kmp-default-5.0.20_k3.16.7_35-46.1 virtualbox-host-kmp-default-debuginfo-5.0.20_k3.16.7_35-46.1 virtualbox-host-kmp-desktop-5.0.20_k3.16.7_35-46.1 virtualbox-host-kmp-desktop-debuginfo-5.0.20_k3.16.7_35-46.1 virtualbox-qt-5.0.20-46.1 virtualbox-qt-debuginfo-5.0.20-46.1 virtualbox-websrv-5.0.20-46.1 virtualbox-websrv-debuginfo-5.0.20-46.1 - openSUSE 13.2 (noarch): virtualbox-guest-desktop-icons-5.0.20-46.1 virtualbox-host-source-5.0.20-46.1 - openSUSE 13.2 (i586): virtualbox-guest-kmp-pae-5.0.20_k3.16.7_35-46.1 virtualbox-guest-kmp-pae-debuginfo-5.0.20_k3.16.7_35-46.1 virtualbox-host-kmp-pae-5.0.20_k3.16.7_35-46.1 virtualbox-host-kmp-pae-debuginfo-5.0.20_k3.16.7_35-46.1 References: https://www.suse.com/security/cve/CVE-2016-0678.html https://bugzilla.suse.com/908383 https://bugzilla.suse.com/939299 https://bugzilla.suse.com/953018 https://bugzilla.suse.com/964765

5 years, 3 months

openSUSE-SU-2016:1461-1: moderate: Security update for dosfstools

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for dosfstools ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:1461-1 Rating: moderate References: #912607 #980364 #980377 Cross-References: CVE-2015-8872 CVE-2016-4804 Affected Products: openSUSE Leap 42.1 openSUSE 13.2 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for dosfstools fixes the following issues: - fixed buffer overflows based on insufficient size of variable for storing FAT size (CVE-2016-4804, boo#980377) * dosfstools-3.0.26-read-fat-overflow.patch - fixed memory corruption when setting FAT12 entries (CVE-2015-8872, boo#980364) * dosfstools-3.0.26-off-by-2.patch - Fix attempt to rename root dir in fsck due to uninitialized fields [boo#912607] - Drop gpg-offline build-time requirement; this is now handled by the local source validator Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-671=1 - openSUSE 13.2: zypper in -t patch openSUSE-2016-671=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): dosfstools-3.0.26-6.1 dosfstools-debuginfo-3.0.26-6.1 dosfstools-debugsource-3.0.26-6.1 - openSUSE 13.2 (i586 x86_64): dosfstools-3.0.26-3.8.1 dosfstools-debuginfo-3.0.26-3.8.1 dosfstools-debugsource-3.0.26-3.8.1 References: https://www.suse.com/security/cve/CVE-2015-8872.html https://www.suse.com/security/cve/CVE-2016-4804.html https://bugzilla.suse.com/912607 https://bugzilla.suse.com/980364 https://bugzilla.suse.com/980377

5 years, 3 months

openSUSE-RU-2016:1460-1: moderate: Recommended update for python-glanceclient

by maintenance＠opensuse.org

openSUSE Recommended Update: Recommended update for python-glanceclient ______________________________________________________________________________ Announcement ID: openSUSE-RU-2016:1460-1 Rating: moderate References: #975302 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-glanceclient fixes an exception when running the command 'glance image-show "image_id"'. This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-674=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (noarch): python-glanceclient-0.15.0-4.1 python-glanceclient-test-0.15.0-4.1 References: https://bugzilla.suse.com/975302

5 years, 3 months

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

openSUSE Updates June 2016