openSUSE Recommended Update: Recommended update for bluez-qt
______________________________________________________________________________
Announcement ID: openSUSE-RU-2018:3477-1
Rating: moderate
References: #1112598
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for bluez-qt resolves the following issue:
- Bluetooth could not be enabled from the KDE Plasma Applet due to a
misplaced udev file (boo#1112598)
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Package Hub for SUSE Linux Enterprise 12:
zypper in -t patch openSUSE-2018-1283=1
Package List:
- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):
bluez-qt-debugsource-5.26.0-6.1
bluez-qt-debugsource-5.32.0-6.1
bluez-qt-devel-5.26.0-6.1
bluez-qt-devel-5.32.0-6.1
bluez-qt-imports-5.26.0-6.1
bluez-qt-imports-5.32.0-6.1
bluez-qt-imports-debuginfo-5.26.0-6.1
bluez-qt-imports-debuginfo-5.32.0-6.1
bluez-qt-udev-5.26.0-6.1
bluez-qt-udev-5.32.0-6.1
libKF5BluezQt6-5.26.0-6.1
libKF5BluezQt6-5.32.0-6.1
libKF5BluezQt6-debuginfo-5.26.0-6.1
libKF5BluezQt6-debuginfo-5.32.0-6.1
References:
https://bugzilla.suse.com/1112598
openSUSE Recommended Update: Recommended update for vpp
______________________________________________________________________________
Announcement ID: openSUSE-RU-2018:3475-1
Rating: moderate
References: #1112540
Affected Products:
openSUSE Leap 15.0
openSUSE Backports SLE-15
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for vpp fixes the following issues:
- Do not install 80-vpp.conf; it modifies system-wide settings and it is
not needed since VPP 17.08 (boo#1112540)
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1286=1
- openSUSE Backports SLE-15:
zypper in -t patch openSUSE-2018-1286=1
Package List:
- openSUSE Leap 15.0 (x86_64):
libvpp0-18.01-lp150.4.3.1
libvpp0-debuginfo-18.01-lp150.4.3.1
vpp-18.01-lp150.4.3.1
vpp-api-java-18.01-lp150.4.3.1
vpp-api-lua-18.01-lp150.4.3.1
vpp-api-python-18.01-lp150.4.3.1
vpp-debuginfo-18.01-lp150.4.3.1
vpp-debugsource-18.01-lp150.4.3.1
vpp-devel-18.01-lp150.4.3.1
vpp-plugins-18.01-lp150.4.3.1
vpp-plugins-debuginfo-18.01-lp150.4.3.1
- openSUSE Backports SLE-15 (x86_64):
libvpp0-18.01-bp150.2.3.1
libvpp0-debuginfo-18.01-bp150.2.3.1
vpp-18.01-bp150.2.3.1
vpp-api-java-18.01-bp150.2.3.1
vpp-api-lua-18.01-bp150.2.3.1
vpp-api-python-18.01-bp150.2.3.1
vpp-debuginfo-18.01-bp150.2.3.1
vpp-debugsource-18.01-bp150.2.3.1
vpp-devel-18.01-bp150.2.3.1
vpp-plugins-18.01-bp150.2.3.1
vpp-plugins-debuginfo-18.01-bp150.2.3.1
References:
https://bugzilla.suse.com/1112540
openSUSE Recommended Update: Recommended update for Salt
______________________________________________________________________________
Announcement ID: openSUSE-RU-2018:3474-1
Rating: moderate
References: #1095651 #1104491 #1106164 #1107333 #1108557
#1108834 #1108969 #1108995 #1109893
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________
An update that has 9 recommended fixes can now be installed.
Description:
This update fixes the following issues:
- Improved IPv6 address handling (bsc#1108557)
- Better handling for zypper exiting with exit code ZYPPER_EXIT_NO_REPOS
(bsc#1108834, bsc#1109893)
- Fix for dependency problem with pip (bsc#1104491)
- Fix loosen azure sdk dependencies in azurearm cloud driver (bsc#1107333)
- Fix for Python3 issue in zypper (bsc#1108995)
- Allow running salt-cloud in GCE using instance credentials (bsc#1108969)
- Improved handling of Python unicode literals in YAML parsing
(bsc#1095651)
- Fix for Salt "acl.present" and "acl.absent" states to make them
successfully work recursively when "recurse=True". (bsc#1106164)
- Fix for Python3 byte/unicode mismatch and additional minor bugfixes to
x509 module.
- Integration of MSI authentication for azurearm
- Compound list targeting wrongly returned with minions specified in "not".
- Fixes the x509 module to work, when using the sign_remote_certificate
functionality.
- Fix for SUSE Expanded Support os grain detection (returned "Redhat"
instead of "Centos")
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1290=1
Package List:
- openSUSE Leap 15.0 (x86_64):
python2-salt-2018.3.0-lp150.3.14.1
python3-salt-2018.3.0-lp150.3.14.1
salt-2018.3.0-lp150.3.14.1
salt-api-2018.3.0-lp150.3.14.1
salt-cloud-2018.3.0-lp150.3.14.1
salt-doc-2018.3.0-lp150.3.14.1
salt-master-2018.3.0-lp150.3.14.1
salt-minion-2018.3.0-lp150.3.14.1
salt-proxy-2018.3.0-lp150.3.14.1
salt-ssh-2018.3.0-lp150.3.14.1
salt-syndic-2018.3.0-lp150.3.14.1
- openSUSE Leap 15.0 (noarch):
salt-bash-completion-2018.3.0-lp150.3.14.1
salt-fish-completion-2018.3.0-lp150.3.14.1
salt-zsh-completion-2018.3.0-lp150.3.14.1
References:
https://bugzilla.suse.com/1095651https://bugzilla.suse.com/1104491https://bugzilla.suse.com/1106164https://bugzilla.suse.com/1107333https://bugzilla.suse.com/1108557https://bugzilla.suse.com/1108834https://bugzilla.suse.com/1108969https://bugzilla.suse.com/1108995https://bugzilla.suse.com/1109893
openSUSE Security Update: Security update for webkit2gtk3
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:3473-1
Rating: moderate
References: #1075775 #1077535 #1079512 #1088182 #1088932
#1092278 #1092279 #1092280 #1095611 #1096060
#1096061 #1097693 #1101999 #1102530 #1104169
Cross-References: CVE-2017-13884 CVE-2017-13885 CVE-2017-7153
CVE-2017-7160 CVE-2017-7161 CVE-2017-7165
CVE-2018-11646 CVE-2018-11712 CVE-2018-11713
CVE-2018-12911 CVE-2018-4088 CVE-2018-4096
CVE-2018-4101 CVE-2018-4113 CVE-2018-4114
CVE-2018-4117 CVE-2018-4118 CVE-2018-4119
CVE-2018-4120 CVE-2018-4121 CVE-2018-4122
CVE-2018-4125 CVE-2018-4127 CVE-2018-4128
CVE-2018-4129 CVE-2018-4133 CVE-2018-4146
CVE-2018-4161 CVE-2018-4162 CVE-2018-4163
CVE-2018-4165 CVE-2018-4190 CVE-2018-4199
CVE-2018-4200 CVE-2018-4204 CVE-2018-4218
CVE-2018-4222 CVE-2018-4232 CVE-2018-4233
CVE-2018-4246
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that fixes 40 vulnerabilities is now available.
Description:
This update for webkit2gtk3 to version 2.20.3 fixes the issues:
The following security vulnerabilities were addressed:
- CVE-2018-12911: Fixed an off-by-one error in xdg_mime_get_simple_globs
(boo#1101999)
- CVE-2017-13884: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1075775).
- CVE-2017-13885: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1075775).
- CVE-2017-7153: An unspecified issue allowed remote attackers to spoof
user-interface information (about whether the entire content is derived
from a valid TLS session) via a crafted web site that sends a 401
Unauthorized redirect (bsc#1077535).
- CVE-2017-7160: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1075775).
- CVE-2017-7161: An unspecified issue allowed remote attackers to execute
arbitrary code via special characters that trigger command injection
(bsc#1075775, bsc#1077535).
- CVE-2017-7165: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1075775).
- CVE-2018-4088: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1075775).
- CVE-2018-4096: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1075775).
- CVE-2018-4200: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site that triggers a
WebCore::jsElementScrollHeightGetter use-after-free (bsc#1092280).
- CVE-2018-4204: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1092279).
- CVE-2018-4101: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1088182).
- CVE-2018-4113: An issue in the JavaScriptCore function in the "WebKit"
component allowed attackers to trigger an assertion failure by
leveraging improper array indexing (bsc#1088182)
- CVE-2018-4114: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1088182)
- CVE-2018-4117: An unspecified issue allowed remote attackers to bypass
the Same Origin Policy and obtain sensitive information via a crafted
web site (bsc#1088182, bsc#1102530).
- CVE-2018-4118: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1088182)
- CVE-2018-4119: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1088182)
- CVE-2018-4120: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1088182).
- CVE-2018-4121: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1092278).
- CVE-2018-4122: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1088182).
- CVE-2018-4125: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1088182).
- CVE-2018-4127: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1088182).
- CVE-2018-4128: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1088182).
- CVE-2018-4129: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1088182).
- CVE-2018-4146: An unspecified issue allowed attackers to cause a denial
of service (memory corruption) via a crafted web site (bsc#1088182).
- CVE-2018-4161: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1088182).
- CVE-2018-4162: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1088182).
- CVE-2018-4163: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1088182).
- CVE-2018-4165: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1088182).
- CVE-2018-4190: An unspecified issue allowed remote attackers to obtain
sensitive credential information that is transmitted during a CSS
mask-image fetch (bsc#1097693)
- CVE-2018-4199: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (buffer overflow and
application crash) via a crafted web site (bsc#1097693)
- CVE-2018-4218: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site that triggers an
@generatorState use-after-free (bsc#1097693)
- CVE-2018-4222: An unspecified issue allowed remote attackers to execute
arbitrary code via a crafted web site that leverages a
getWasmBufferFromValue
out-of-bounds read during WebAssembly compilation (bsc#1097693)
- CVE-2018-4232: An unspecified issue allowed remote attackers to
overwrite cookies via a crafted web site (bsc#1097693)
- CVE-2018-4233: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1097693)
- CVE-2018-4246: An unspecified issue allowed remote attackers to execute
arbitrary code via a crafted web site that leverages type confusion
(bsc#1104169)
- CVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL and
webkitFaviconDatabaseSetIconURLForPageURL mishandled an unset pageURL,
leading to an application crash (bsc#1095611)
- CVE-2018-4133: A Safari cross-site scripting (XSS) vulnerability allowed
remote attackers to inject arbitrary web script or HTML via a crafted
URL (bsc#1088182).
- CVE-2018-11713: The libsoup network backend of WebKit unexpectedly
failed to use system proxy settings for WebSocket connections. As a
result, users could be deanonymized by crafted web sites via a WebSocket
connection (bsc#1096060).
- CVE-2018-11712: The libsoup network backend of WebKit failed to perform
TLS certificate verification for WebSocket connections (bsc#1096061).
This update for webkit2gtk3 fixes the following issues:
- Fixed a crash when atk_object_ref_state_set is called on an AtkObject
that's being destroyed (bsc#1088932).
- Fixed crash when using Wayland with QXL/virtio (bsc#1079512)
- Disable Gigacage if mmap fails to allocate in Linux.
- Add user agent quirk for paypal website.
- Properly detect compiler flags, needed libs, and fallbacks for usage of
64-bit atomic operations.
- Fix a network process crash when trying to get cookies of about:blank
page.
- Fix UI process crash when closing the window under Wayland.
- Fix several crashes and rendering issues.
- Do TLS error checking on GTlsConnection::accept-certificate to finish
the load earlier in case of errors.
- Properly close the connection to the nested wayland compositor in the
Web Process.
- Avoid painting backing stores for zero-opacity layers.
- Fix downloads started by context menu failing in some websites due to
missing user agent HTTP header.
- Fix video unpause when GStreamerGL is disabled.
- Fix several GObject introspection annotations.
- Update user agent quiks to fix Outlook.com and Chase.com.
- Fix several crashes and rendering issues.
- Improve error message when Gigacage cannot allocate virtual memory.
- Add missing WebKitWebProcessEnumTypes.h to webkit-web-extension.h.
- Improve web process memory monitor thresholds.
- Fix a web process crash when the web view is created and destroyed
quickly.
- Fix a network process crash when load is cancelled while searching for
stored HTTP auth credentials.
- Fix the build when ENABLE_VIDEO, ENABLE_WEB_AUDIO and ENABLE_XSLT are
disabled.
- New API to retrieve and delete cookies with WebKitCookieManager.
- New web process API to detect when form is submitted via JavaScript.
- Several improvements and fixes in the touch/gestures support.
- Support for the “system” CSS font family.
- Complex text rendering improvements and fixes.
- More complete and spec compliant WebDriver implementation.
- Ensure DNS prefetching cannot be re-enabled if disabled by settings.
- Fix seek sometimes not working.
- Fix rendering of emojis that were using the wrong scale factor in some
cases.
- Fix rendering of combining enclosed keycap.
- Fix rendering scale of some layers in HiDPI.
- Fix a crash in Wayland when closing the web view.
- Fix crashes upower crashes when running inside a chroot or on systems
with broken dbus/upower.
- Fix memory leaks in GStreamer media backend when using GStreamer 1.14.
- Fix several crashes and rendering issues.
- Add ENABLE_ADDRESS_SANITIZER to make it easier to build with asan
support.
- Fix a crash a under Wayland when using mesa software rasterization.
- Make fullscreen video work again.
- Fix handling of missing GStreamer elements.
- Fix rendering when webm video is played twice.
- Fix kinetic scrolling sometimes jumping around.
- Fix build with ICU configured without collation support.
- WebSockets use system proxy settings now (requires libsoup 2.61.90).
- Show the context menu on long-press gesture.
- Add support for Shift + mouse scroll to scroll horizontally.
- Fix zoom gesture to actually zoom instead of changing the page scale.
- Implement support for Graphics ARIA roles.
- Make sleep inhibitors work under Flatpak.
- Add get element CSS value command to WebDriver.
- Fix a crash aftter a swipe gesture.
- Fix several crashes and rendering issues.
- Fix crashes due to duplicated symbols in libjavascriptcoregtk and
libwebkit2gtk.
- Fix parsing of timeout values in WebDriver.
- Implement get timeouts command in WebDriver.
- Fix deadlock in GStreamer video sink during shutdown when accelerated
compositing is disabled.
- Fix several crashes and rendering issues.
- Add web process API to detect when form is submitted via JavaScript.
- Add new API to replace webkit_form_submission_request_get_text_fields()
that is now deprecated.
- Add WebKitWebView::web-process-terminated signal and deprecate
web-process-crashed.
- Fix rendering issues when editing text areas.
- Use FastMalloc based GstAllocator for GStreamer.
- Fix web process crash at startup in bmalloc.
- Fix several memory leaks in GStreamer media backend.
- WebKitWebDriver process no longer links to libjavascriptcoregtk.
- Fix several crashes and rendering issues.
- Add new API to add, retrieve and delete cookies via WebKitCookieManager.
- Add functions to WebSettings to convert font sizes between points and
pixels.
- Ensure cookie operations take effect when they happen before a web
process has been spawned.
- Automatically adjust font size when GtkSettings:gtk-xft-dpi changes.
- Add initial resource load statistics support.
- Add API to expose availability of certain editing commands in
WebKitEditorState.
- Add API to query whether a WebKitNavigationAction is a redirect
or not.
- Improve complex text rendering.
- Add support for the "system" CSS font family.
- Disable USE_GSTREAMER_GL
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-1288=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
libjavascriptcoregtk-4_0-18-2.20.3-11.1
libjavascriptcoregtk-4_0-18-debuginfo-2.20.3-11.1
libwebkit2gtk-4_0-37-2.20.3-11.1
libwebkit2gtk-4_0-37-debuginfo-2.20.3-11.1
typelib-1_0-JavaScriptCore-4_0-2.20.3-11.1
typelib-1_0-WebKit2-4_0-2.20.3-11.1
typelib-1_0-WebKit2WebExtension-4_0-2.20.3-11.1
webkit-jsc-4-2.20.3-11.1
webkit-jsc-4-debuginfo-2.20.3-11.1
webkit2gtk-4_0-injected-bundles-2.20.3-11.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.20.3-11.1
webkit2gtk3-debugsource-2.20.3-11.1
webkit2gtk3-devel-2.20.3-11.1
webkit2gtk3-plugin-process-gtk2-2.20.3-11.1
webkit2gtk3-plugin-process-gtk2-debuginfo-2.20.3-11.1
- openSUSE Leap 42.3 (noarch):
libwebkit2gtk3-lang-2.20.3-11.1
- openSUSE Leap 42.3 (x86_64):
libjavascriptcoregtk-4_0-18-32bit-2.20.3-11.1
libjavascriptcoregtk-4_0-18-debuginfo-32bit-2.20.3-11.1
libwebkit2gtk-4_0-37-32bit-2.20.3-11.1
libwebkit2gtk-4_0-37-debuginfo-32bit-2.20.3-11.1
References:
https://www.suse.com/security/cve/CVE-2017-13884.htmlhttps://www.suse.com/security/cve/CVE-2017-13885.htmlhttps://www.suse.com/security/cve/CVE-2017-7153.htmlhttps://www.suse.com/security/cve/CVE-2017-7160.htmlhttps://www.suse.com/security/cve/CVE-2017-7161.htmlhttps://www.suse.com/security/cve/CVE-2017-7165.htmlhttps://www.suse.com/security/cve/CVE-2018-11646.htmlhttps://www.suse.com/security/cve/CVE-2018-11712.htmlhttps://www.suse.com/security/cve/CVE-2018-11713.htmlhttps://www.suse.com/security/cve/CVE-2018-12911.htmlhttps://www.suse.com/security/cve/CVE-2018-4088.htmlhttps://www.suse.com/security/cve/CVE-2018-4096.htmlhttps://www.suse.com/security/cve/CVE-2018-4101.htmlhttps://www.suse.com/security/cve/CVE-2018-4113.htmlhttps://www.suse.com/security/cve/CVE-2018-4114.htmlhttps://www.suse.com/security/cve/CVE-2018-4117.htmlhttps://www.suse.com/security/cve/CVE-2018-4118.htmlhttps://www.suse.com/security/cve/CVE-2018-4119.htmlhttps://www.suse.com/security/cve/CVE-2018-4120.htmlhttps://www.suse.com/security/cve/CVE-2018-4121.htmlhttps://www.suse.com/security/cve/CVE-2018-4122.htmlhttps://www.suse.com/security/cve/CVE-2018-4125.htmlhttps://www.suse.com/security/cve/CVE-2018-4127.htmlhttps://www.suse.com/security/cve/CVE-2018-4128.htmlhttps://www.suse.com/security/cve/CVE-2018-4129.htmlhttps://www.suse.com/security/cve/CVE-2018-4133.htmlhttps://www.suse.com/security/cve/CVE-2018-4146.htmlhttps://www.suse.com/security/cve/CVE-2018-4161.htmlhttps://www.suse.com/security/cve/CVE-2018-4162.htmlhttps://www.suse.com/security/cve/CVE-2018-4163.htmlhttps://www.suse.com/security/cve/CVE-2018-4165.htmlhttps://www.suse.com/security/cve/CVE-2018-4190.htmlhttps://www.suse.com/security/cve/CVE-2018-4199.htmlhttps://www.suse.com/security/cve/CVE-2018-4200.htmlhttps://www.suse.com/security/cve/CVE-2018-4204.htmlhttps://www.suse.com/security/cve/CVE-2018-4218.htmlhttps://www.suse.com/security/cve/CVE-2018-4222.htmlhttps://www.suse.com/security/cve/CVE-2018-4232.htmlhttps://www.suse.com/security/cve/CVE-2018-4233.htmlhttps://www.suse.com/security/cve/CVE-2018-4246.htmlhttps://bugzilla.suse.com/1075775https://bugzilla.suse.com/1077535https://bugzilla.suse.com/1079512https://bugzilla.suse.com/1088182https://bugzilla.suse.com/1088932https://bugzilla.suse.com/1092278https://bugzilla.suse.com/1092279https://bugzilla.suse.com/1092280https://bugzilla.suse.com/1095611https://bugzilla.suse.com/1096060https://bugzilla.suse.com/1096061https://bugzilla.suse.com/1097693https://bugzilla.suse.com/1101999https://bugzilla.suse.com/1102530https://bugzilla.suse.com/1104169
openSUSE Recommended Update: Recommended update for bluez-qt
______________________________________________________________________________
Announcement ID: openSUSE-RU-2018:3472-1
Rating: moderate
References: #1112598
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.0
openSUSE Backports SLE-15
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for bluez-qt resolves the following issue:
- Bluetooth could not be enabled from the KDE Plasma Applet due to a
misplaced udev file (boo#1112598)
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-1283=1
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1283=1
- openSUSE Backports SLE-15:
zypper in -t patch openSUSE-2018-1283=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
bluez-qt-debugsource-5.32.0-2.3.1
bluez-qt-devel-5.32.0-2.3.1
bluez-qt-imports-5.32.0-2.3.1
bluez-qt-imports-debuginfo-5.32.0-2.3.1
bluez-qt-udev-5.32.0-2.3.1
libKF5BluezQt6-5.32.0-2.3.1
libKF5BluezQt6-debuginfo-5.32.0-2.3.1
- openSUSE Leap 15.0 (x86_64):
bluez-qt-debuginfo-5.45.0-lp150.2.3.1
bluez-qt-debugsource-5.45.0-lp150.2.3.1
bluez-qt-devel-5.45.0-lp150.2.3.1
bluez-qt-imports-5.45.0-lp150.2.3.1
bluez-qt-imports-debuginfo-5.45.0-lp150.2.3.1
bluez-qt-udev-5.45.0-lp150.2.3.1
libKF5BluezQt6-5.45.0-lp150.2.3.1
libKF5BluezQt6-debuginfo-5.45.0-lp150.2.3.1
- openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):
bluez-qt-debuginfo-5.45.0-bp150.3.4.1
bluez-qt-debugsource-5.45.0-bp150.3.4.1
bluez-qt-devel-5.45.0-bp150.3.4.1
bluez-qt-imports-5.45.0-bp150.3.4.1
bluez-qt-imports-debuginfo-5.45.0-bp150.3.4.1
bluez-qt-udev-5.45.0-bp150.3.4.1
libKF5BluezQt6-5.45.0-bp150.3.4.1
libKF5BluezQt6-debuginfo-5.45.0-bp150.3.4.1
References:
https://bugzilla.suse.com/1112598
openSUSE Recommended Update: Recommended update for gettext-runtime
______________________________________________________________________________
Announcement ID: openSUSE-RU-2018:3471-1
Rating: moderate
References: #1106843
Affected Products:
openSUSE Backports SLE-15
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for gettext-runtime provides the following fix:
- Reset the length of message string after a line has been removed to fix
a crash in msgfmt when writing java source code and the .po file has a
POT-Creation-Date header. (bsc#1106843)
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15:
zypper in -t patch openSUSE-2018-1289=1
Package List:
- openSUSE Backports SLE-15 (aarch64 ppc64le x86_64):
gettext-csharp-0.19.8.1-bp150.2.3.1
References:
https://bugzilla.suse.com/1106843
openSUSE Recommended Update: Recommended update for rkhunter
______________________________________________________________________________
Announcement ID: openSUSE-RU-2018:3469-1
Rating: moderate
References: #1111770
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.0
openSUSE Backports SLE-15
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for rkhunter fixes the following issues:
- Upgrade to the latest available version 1.4.6
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-1287=1
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1287=1
- openSUSE Backports SLE-15:
zypper in -t patch openSUSE-2018-1287=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
rkhunter-1.4.6-12.3.1
- openSUSE Leap 15.0 (x86_64):
rkhunter-1.4.6-lp150.2.3.1
- openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):
rkhunter-1.4.6-bp150.3.3.1
References:
https://bugzilla.suse.com/1111770
openSUSE Recommended Update: Recommended update for patterns-lxqt
______________________________________________________________________________
Announcement ID: openSUSE-RU-2018:3468-1
Rating: moderate
References: #1084751
Affected Products:
openSUSE Leap 15.0
openSUSE Backports SLE-15
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for patterns-lxqt fixes the following issues:
- The LXQt icons may have been missing due to the oxygen icon theme
missing from the pattern (boo#1084751)
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1285=1
- openSUSE Backports SLE-15:
zypper in -t patch openSUSE-2018-1285=1
Package List:
- openSUSE Leap 15.0 (x86_64):
patterns-lxqt-lxqt-20170319-lp150.2.7.1
- openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):
patterns-lxqt-lxqt-20170319-bp150.4.3.1
References:
https://bugzilla.suse.com/1084751
openSUSE Recommended Update: Recommended update for calibre
______________________________________________________________________________
Announcement ID: openSUSE-RU-2018:3466-1
Rating: low
References: #1112569
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for calibre adds support for the Kobo Forma device
(boo#1112569).
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1282=1
Package List:
- openSUSE Leap 15.0 (x86_64):
calibre-3.27.1-lp150.3.12.1
calibre-debuginfo-3.27.1-lp150.3.12.1
calibre-debugsource-3.27.1-lp150.3.12.1
References:
https://bugzilla.suse.com/1112569
openSUSE Security Update: Security update for tomcat
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:3453-1
Rating: moderate
References: #1110850
Cross-References: CVE-2018-11784
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for tomcat fixes the following issues:
- CVE-2018-11784: When the default servlet in Apache Tomcat returned a
redirect to a directory (e.g. redirecting to '/foo/' when the user
requested '/foo') a specially crafted URL could be used to cause the
redirect to be generated to any URI of the attackers choice.
(bsc#1110850)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-1276=1
Package List:
- openSUSE Leap 42.3 (noarch):
tomcat-8.0.53-18.1
tomcat-admin-webapps-8.0.53-18.1
tomcat-docs-webapp-8.0.53-18.1
tomcat-el-3_0-api-8.0.53-18.1
tomcat-embed-8.0.53-18.1
tomcat-javadoc-8.0.53-18.1
tomcat-jsp-2_3-api-8.0.53-18.1
tomcat-jsvc-8.0.53-18.1
tomcat-lib-8.0.53-18.1
tomcat-servlet-3_1-api-8.0.53-18.1
tomcat-webapps-8.0.53-18.1
References:
https://www.suse.com/security/cve/CVE-2018-11784.htmlhttps://bugzilla.suse.com/1110850