openSUSE Updates May 2017

updates@lists.opensuse.org

2 participants
112 discussions

openSUSE-SU-2017:1460-1: moderate: Security update for libraw

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for libraw ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1460-1 Rating: moderate References: #1039209 #1039210 #1039379 #1039380 Cross-References: CVE-2017-6886 CVE-2017-6887 CVE-2017-6889 CVE-2017-6890 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libraw fixes the following issues: * CVE-2017-6890: A boundary error within the "foveon_load_camf()" function was fixed. [boo#1039209] * CVE-2017-6889: An integer overflow error within the "foveon_load_camf()" function was fixed. [boo#1039210] * CVE-2017-6887: A memory corruption via e.g. a specially crafted KDC file parse_tiff_ifd() was fixed. [boo#1039379] * CVE-2017-6886: A memory corruption in parse_tiff_ifd() function was fixed. [boo#1039380] Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-640=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): libraw-debugsource-0.17.1-2.3.1 libraw-devel-0.17.1-2.3.1 libraw-devel-static-0.17.1-2.3.1 libraw-tools-0.17.1-2.3.1 libraw-tools-debuginfo-0.17.1-2.3.1 libraw15-0.17.1-2.3.1 libraw15-debuginfo-0.17.1-2.3.1 References: https://www.suse.com/security/cve/CVE-2017-6886.html https://www.suse.com/security/cve/CVE-2017-6887.html https://www.suse.com/security/cve/CVE-2017-6889.html https://www.suse.com/security/cve/CVE-2017-6890.html https://bugzilla.suse.com/1039209 https://bugzilla.suse.com/1039210 https://bugzilla.suse.com/1039379 https://bugzilla.suse.com/1039380

4 years, 2 months

openSUSE-SU-2017:1459-1: moderate: Security update for miniupnpc

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for miniupnpc ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1459-1 Rating: moderate References: #1038601 Cross-References: CVE-2017-8798 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for miniupnpc fixes the following issues: - CVE-2017-8798: Integer signedness error in miniupnpc allows remote attackers to cause a denial of service condition via specially crafted HTTP response (boo#1038601) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-638=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): libminiupnpc-devel-1.9-7.3.1 libminiupnpc10-1.9-7.3.1 libminiupnpc10-debuginfo-1.9-7.3.1 miniupnpc-1.9-7.3.1 miniupnpc-debuginfo-1.9-7.3.1 python-miniupnpc-1.9-7.3.1 python-miniupnpc-debuginfo-1.9-7.3.1 - openSUSE Leap 42.2 (x86_64): libminiupnpc10-32bit-1.9-7.3.1 libminiupnpc10-debuginfo-32bit-1.9-7.3.1 References: https://www.suse.com/security/cve/CVE-2017-8798.html https://bugzilla.suse.com/1038601

4 years, 2 months

openSUSE-RU-2017:1458-1: moderate: Recommended update for virtualbox

by maintenance＠opensuse.org

openSUSE Recommended Update: Recommended update for virtualbox ______________________________________________________________________________ Announcement ID: openSUSE-RU-2017:1458-1 Rating: moderate References: #1040641 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for virtualbox fixes the following issues: - fix support for usage with kernel 4.12 (bsc#1040641) - Use upstream method for VBoxManage extpack install Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-637=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (x86_64): python-virtualbox-5.1.22-19.18.1 python-virtualbox-debuginfo-5.1.22-19.18.1 virtualbox-5.1.22-19.18.1 virtualbox-debuginfo-5.1.22-19.18.1 virtualbox-debugsource-5.1.22-19.18.1 virtualbox-devel-5.1.22-19.18.1 virtualbox-guest-kmp-default-5.1.22_k4.4.62_18.6-19.18.1 virtualbox-guest-kmp-default-debuginfo-5.1.22_k4.4.62_18.6-19.18.1 virtualbox-guest-tools-5.1.22-19.18.1 virtualbox-guest-tools-debuginfo-5.1.22-19.18.1 virtualbox-guest-x11-5.1.22-19.18.1 virtualbox-guest-x11-debuginfo-5.1.22-19.18.1 virtualbox-host-kmp-default-5.1.22_k4.4.62_18.6-19.18.1 virtualbox-host-kmp-default-debuginfo-5.1.22_k4.4.62_18.6-19.18.1 virtualbox-qt-5.1.22-19.18.1 virtualbox-qt-debuginfo-5.1.22-19.18.1 virtualbox-vnc-5.1.22-19.18.1 virtualbox-websrv-5.1.22-19.18.1 virtualbox-websrv-debuginfo-5.1.22-19.18.1 - openSUSE Leap 42.2 (noarch): virtualbox-guest-desktop-icons-5.1.22-19.18.1 virtualbox-guest-source-5.1.22-19.18.1 virtualbox-host-source-5.1.22-19.18.1 References: https://bugzilla.suse.com/1040641

4 years, 2 months

openSUSE-RU-2017:1457-1: moderate: Recommended update for rubygem-jquery-ui-rails

by maintenance＠opensuse.org

openSUSE Recommended Update: Recommended update for rubygem-jquery-ui-rails ______________________________________________________________________________ Announcement ID: openSUSE-RU-2017:1457-1 Rating: moderate References: Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: rubygem-jquery-ui-rails was updated to 6.0.1 fixing multiple issues. * Fix "define is not defined" issue in `core.js` * Update to jQuery UI 1.12.1 Also see the installed History.md for more information. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-641=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): ruby2.1-rubygem-jquery-ui-rails-6.0.1-5.3.1 ruby2.1-rubygem-jquery-ui-rails-doc-6.0.1-5.3.1 References:

4 years, 2 months

openSUSE-RU-2017:1456-1: moderate: Recommended update for vsftpd

by maintenance＠opensuse.org

openSUSE Recommended Update: Recommended update for vsftpd ______________________________________________________________________________ Announcement ID: openSUSE-RU-2017:1456-1 Rating: moderate References: #1021387 #1024961 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for vsftpd provides the following fixes: - Fix interoperability with ftp clients when vsftpd is configured with option "use_localtime=YES". (bsc#1024961) - Fix several issues related to SSL/TLS support. (bsc#1021387) This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-639=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): vsftpd-3.0.2-21.3.1 vsftpd-debuginfo-3.0.2-21.3.1 vsftpd-debugsource-3.0.2-21.3.1 References: https://bugzilla.suse.com/1021387 https://bugzilla.suse.com/1024961

4 years, 2 months

openSUSE-SU-2017:1455-1: important: Security update for sudo

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1455-1 Rating: important References: #1015351 #1024145 #1039361 #981124 Cross-References: CVE-2017-1000367 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for sudo fixes the following issues: CVE-2017-1000367: - Due to incorrect assumptions in /proc/[pid]/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. [bsc#1039361] - Fix FQDN for hostname. [bsc#1024145] - Filter netgroups, they aren't handled by SSSD. [bsc#1015351] - Fix problems related to "krb5_ccname" option [bsc#981124] This update was imported from the SUSE:SLE-12-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-636=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): sudo-1.8.10p3-9.3.1 sudo-debuginfo-1.8.10p3-9.3.1 sudo-debugsource-1.8.10p3-9.3.1 sudo-devel-1.8.10p3-9.3.1 sudo-test-1.8.10p3-9.3.1 References: https://www.suse.com/security/cve/CVE-2017-1000367.html https://bugzilla.suse.com/1015351 https://bugzilla.suse.com/1024145 https://bugzilla.suse.com/1039361 https://bugzilla.suse.com/981124

4 years, 2 months

openSUSE-RU-2017:1453-1: Recommended update for clamav-database

by maintenance＠opensuse.org

openSUSE Recommended Update: Recommended update for clamav-database ______________________________________________________________________________ Announcement ID: openSUSE-RU-2017:1453-1 Rating: low References: Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for clamav-database fixes the following issues: - Database refresh May 29th 2017. This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-635=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (noarch): clamav-database-201705290005-54.33.1 References:

4 years, 2 months

openSUSE-RU-2017:1440-1: Recommended update for site-config

by maintenance＠opensuse.org

openSUSE Recommended Update: Recommended update for site-config ______________________________________________________________________________ Announcement ID: openSUSE-RU-2017:1440-1 Rating: low References: #1040211 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for site-config fixes the following issues: - Site-Config used the wrong command for exporting variables in csh-based shells. (boo#1040211) Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-633=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): site-config-0.2-16.3.1 References: https://bugzilla.suse.com/1040211

4 years, 2 months

openSUSE-RU-2017:1439-1: moderate: Recommended update for ktorrent

by maintenance＠opensuse.org

openSUSE Recommended Update: Recommended update for ktorrent ______________________________________________________________________________ Announcement ID: openSUSE-RU-2017:1439-1 Rating: moderate References: #1040379 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ktorrent fixes the following issue: - ktorrent would crash when the scheduler plugin is activated or used. (boo#1040379) Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-634=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (x86_64): ktorrent-5.0.1-5.3.2 ktorrent-debuginfo-5.0.1-5.3.2 ktorrent-debugsource-5.0.1-5.3.2 - openSUSE Leap 42.2 (noarch): ktorrent-lang-5.0.1-5.3.2 References: https://bugzilla.suse.com/1040379

4 years, 2 months

openSUSE-RU-2017:1435-1: Recommended update for ncompress

by maintenance＠opensuse.org

openSUSE Recommended Update: Recommended update for ncompress ______________________________________________________________________________ Announcement ID: openSUSE-RU-2017:1435-1 Rating: low References: #1040046 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ncompress fixes the following issues: - Fixed endian define. (boo#1040046) Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2017-632=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64): ncompress-4.2.4.4-5.1 - SUSE Package Hub for SUSE Linux Enterprise 12 (s390x x86_64): ncompress-debuginfo-4.2.4.4-5.1 ncompress-debugsource-4.2.4.4-5.1 References: https://bugzilla.suse.com/1040046

4 years, 2 months

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

openSUSE Updates May 2017