openSUSE Security Update: Security update for libraw
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:1460-1
Rating: moderate
References: #1039209 #1039210 #1039379 #1039380
Cross-References: CVE-2017-6886 CVE-2017-6887 CVE-2017-6889
CVE-2017-6890
Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for libraw fixes the following issues:
* CVE-2017-6890: A boundary error within the "foveon_load_camf()" function
was fixed. [boo#1039209]
* CVE-2017-6889: An integer overflow error within the "foveon_load_camf()"
function was fixed. [boo#1039210]
* CVE-2017-6887: A memory corruption via e.g. a specially crafted KDC file
parse_tiff_ifd() was fixed. [boo#1039379]
* CVE-2017-6886: A memory corruption in parse_tiff_ifd() function was
fixed. [boo#1039380]
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-640=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.2 (i586 x86_64):
libraw-debugsource-0.17.1-2.3.1
libraw-devel-0.17.1-2.3.1
libraw-devel-static-0.17.1-2.3.1
libraw-tools-0.17.1-2.3.1
libraw-tools-debuginfo-0.17.1-2.3.1
libraw15-0.17.1-2.3.1
libraw15-debuginfo-0.17.1-2.3.1
References:
https://www.suse.com/security/cve/CVE-2017-6886.htmlhttps://www.suse.com/security/cve/CVE-2017-6887.htmlhttps://www.suse.com/security/cve/CVE-2017-6889.htmlhttps://www.suse.com/security/cve/CVE-2017-6890.htmlhttps://bugzilla.suse.com/1039209https://bugzilla.suse.com/1039210https://bugzilla.suse.com/1039379https://bugzilla.suse.com/1039380
openSUSE Security Update: Security update for miniupnpc
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:1459-1
Rating: moderate
References: #1038601
Cross-References: CVE-2017-8798
Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for miniupnpc fixes the following issues:
- CVE-2017-8798: Integer signedness error in miniupnpc allows remote
attackers to cause a denial of service condition via specially crafted
HTTP response (boo#1038601)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-638=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.2 (i586 x86_64):
libminiupnpc-devel-1.9-7.3.1
libminiupnpc10-1.9-7.3.1
libminiupnpc10-debuginfo-1.9-7.3.1
miniupnpc-1.9-7.3.1
miniupnpc-debuginfo-1.9-7.3.1
python-miniupnpc-1.9-7.3.1
python-miniupnpc-debuginfo-1.9-7.3.1
- openSUSE Leap 42.2 (x86_64):
libminiupnpc10-32bit-1.9-7.3.1
libminiupnpc10-debuginfo-32bit-1.9-7.3.1
References:
https://www.suse.com/security/cve/CVE-2017-8798.htmlhttps://bugzilla.suse.com/1038601
openSUSE Recommended Update: Recommended update for virtualbox
______________________________________________________________________________
Announcement ID: openSUSE-RU-2017:1458-1
Rating: moderate
References: #1040641
Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for virtualbox fixes the following issues:
- fix support for usage with kernel 4.12 (bsc#1040641)
- Use upstream method for VBoxManage extpack install
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-637=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.2 (x86_64):
python-virtualbox-5.1.22-19.18.1
python-virtualbox-debuginfo-5.1.22-19.18.1
virtualbox-5.1.22-19.18.1
virtualbox-debuginfo-5.1.22-19.18.1
virtualbox-debugsource-5.1.22-19.18.1
virtualbox-devel-5.1.22-19.18.1
virtualbox-guest-kmp-default-5.1.22_k4.4.62_18.6-19.18.1
virtualbox-guest-kmp-default-debuginfo-5.1.22_k4.4.62_18.6-19.18.1
virtualbox-guest-tools-5.1.22-19.18.1
virtualbox-guest-tools-debuginfo-5.1.22-19.18.1
virtualbox-guest-x11-5.1.22-19.18.1
virtualbox-guest-x11-debuginfo-5.1.22-19.18.1
virtualbox-host-kmp-default-5.1.22_k4.4.62_18.6-19.18.1
virtualbox-host-kmp-default-debuginfo-5.1.22_k4.4.62_18.6-19.18.1
virtualbox-qt-5.1.22-19.18.1
virtualbox-qt-debuginfo-5.1.22-19.18.1
virtualbox-vnc-5.1.22-19.18.1
virtualbox-websrv-5.1.22-19.18.1
virtualbox-websrv-debuginfo-5.1.22-19.18.1
- openSUSE Leap 42.2 (noarch):
virtualbox-guest-desktop-icons-5.1.22-19.18.1
virtualbox-guest-source-5.1.22-19.18.1
virtualbox-host-source-5.1.22-19.18.1
References:
https://bugzilla.suse.com/1040641
openSUSE Recommended Update: Recommended update for rubygem-jquery-ui-rails
______________________________________________________________________________
Announcement ID: openSUSE-RU-2017:1457-1
Rating: moderate
References:
Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________
An update that has 0 recommended fixes can now be installed.
Description:
rubygem-jquery-ui-rails was updated to 6.0.1 fixing multiple issues.
* Fix "define is not defined" issue in `core.js`
* Update to jQuery UI 1.12.1
Also see the installed History.md for more information.
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-641=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.2 (i586 x86_64):
ruby2.1-rubygem-jquery-ui-rails-6.0.1-5.3.1
ruby2.1-rubygem-jquery-ui-rails-doc-6.0.1-5.3.1
References:
openSUSE Recommended Update: Recommended update for vsftpd
______________________________________________________________________________
Announcement ID: openSUSE-RU-2017:1456-1
Rating: moderate
References: #1021387 #1024961
Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________
An update that has two recommended fixes can now be
installed.
Description:
This update for vsftpd provides the following fixes:
- Fix interoperability with ftp clients when vsftpd is configured with
option "use_localtime=YES". (bsc#1024961)
- Fix several issues related to SSL/TLS support. (bsc#1021387)
This update was imported from the SUSE:SLE-12:Update update project.
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-639=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.2 (i586 x86_64):
vsftpd-3.0.2-21.3.1
vsftpd-debuginfo-3.0.2-21.3.1
vsftpd-debugsource-3.0.2-21.3.1
References:
https://bugzilla.suse.com/1021387https://bugzilla.suse.com/1024961
openSUSE Security Update: Security update for sudo
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:1455-1
Rating: important
References: #1015351 #1024145 #1039361 #981124
Cross-References: CVE-2017-1000367
Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________
An update that solves one vulnerability and has three fixes
is now available.
Description:
This update for sudo fixes the following issues:
CVE-2017-1000367:
- Due to incorrect assumptions in /proc/[pid]/stat parsing, a local
attacker can pretend that his tty is any file on the filesystem, thus
gaining arbitrary file write access on SELinux-enabled systems.
[bsc#1039361]
- Fix FQDN for hostname. [bsc#1024145]
- Filter netgroups, they aren't handled by SSSD. [bsc#1015351]
- Fix problems related to "krb5_ccname" option [bsc#981124]
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-636=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.2 (i586 x86_64):
sudo-1.8.10p3-9.3.1
sudo-debuginfo-1.8.10p3-9.3.1
sudo-debugsource-1.8.10p3-9.3.1
sudo-devel-1.8.10p3-9.3.1
sudo-test-1.8.10p3-9.3.1
References:
https://www.suse.com/security/cve/CVE-2017-1000367.htmlhttps://bugzilla.suse.com/1015351https://bugzilla.suse.com/1024145https://bugzilla.suse.com/1039361https://bugzilla.suse.com/981124
openSUSE Recommended Update: Recommended update for clamav-database
______________________________________________________________________________
Announcement ID: openSUSE-RU-2017:1453-1
Rating: low
References:
Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________
An update that has 0 recommended fixes can now be installed.
Description:
This update for clamav-database fixes the following issues:
- Database refresh May 29th 2017.
This update was imported from the SUSE:SLE-12:Update update project.
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-635=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.2 (noarch):
clamav-database-201705290005-54.33.1
References:
openSUSE Recommended Update: Recommended update for site-config
______________________________________________________________________________
Announcement ID: openSUSE-RU-2017:1440-1
Rating: low
References: #1040211
Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for site-config fixes the following issues:
- Site-Config used the wrong command for exporting variables in csh-based
shells. (boo#1040211)
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-633=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.2 (i586 x86_64):
site-config-0.2-16.3.1
References:
https://bugzilla.suse.com/1040211
openSUSE Recommended Update: Recommended update for ktorrent
______________________________________________________________________________
Announcement ID: openSUSE-RU-2017:1439-1
Rating: moderate
References: #1040379
Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for ktorrent fixes the following issue:
- ktorrent would crash when the scheduler plugin is activated or used.
(boo#1040379)
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-634=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.2 (x86_64):
ktorrent-5.0.1-5.3.2
ktorrent-debuginfo-5.0.1-5.3.2
ktorrent-debugsource-5.0.1-5.3.2
- openSUSE Leap 42.2 (noarch):
ktorrent-lang-5.0.1-5.3.2
References:
https://bugzilla.suse.com/1040379
openSUSE Recommended Update: Recommended update for ncompress
______________________________________________________________________________
Announcement ID: openSUSE-RU-2017:1435-1
Rating: low
References: #1040046
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for ncompress fixes the following issues:
- Fixed endian define. (boo#1040046)
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Package Hub for SUSE Linux Enterprise 12:
zypper in -t patch openSUSE-2017-632=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):
ncompress-4.2.4.4-5.1
- SUSE Package Hub for SUSE Linux Enterprise 12 (s390x x86_64):
ncompress-debuginfo-4.2.4.4-5.1
ncompress-debugsource-4.2.4.4-5.1
References:
https://bugzilla.suse.com/1040046