openSUSE Updates February 2018

updates@lists.opensuse.org

2 participants
111 discussions

openSUSE-SU-2018:0561-1: moderate: Security update for zziplib
by opensuse-security＠opensuse.org 28 Feb '18

28 Feb '18

openSUSE Security Update: Security update for zziplib ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:0561-1 Rating: moderate References: #1024532 #1024536 #1034539 #1078497 #1078701 #1079096 Cross-References: CVE-2018-6381 CVE-2018-6484 CVE-2018-6540 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. Description: This update for zziplib to 0.13.67 contains multiple bug and security fixes: - If an extension block is too small to hold an extension, do not use the information therein. - CVE-2018-6540: If the End of central directory record (EOCD) contains an Offset of start of central directory which is beyond the end of the file, reject the file. (bsc#1079096) - CVE-2018-6484: Reject the ZIP file and report it as corrupt if the size of the central directory and/or the offset of start of central directory point beyond the end of the ZIP file. (bsc#1078701) - CVE-2018-6381: If a file is uncompressed, compressed and uncompressed sizes should be identical. (bsc#1078497) This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-215=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): libzzip-0-13-0.13.67-13.3.1 libzzip-0-13-debuginfo-0.13.67-13.3.1 zziplib-debugsource-0.13.67-13.3.1 zziplib-devel-0.13.67-13.3.1 zziplib-devel-debuginfo-0.13.67-13.3.1 - openSUSE Leap 42.3 (x86_64): libzzip-0-13-32bit-0.13.67-13.3.1 libzzip-0-13-debuginfo-32bit-0.13.67-13.3.1 zziplib-devel-32bit-0.13.67-13.3.1 zziplib-devel-debuginfo-32bit-0.13.67-13.3.1 References: https://www.suse.com/security/cve/CVE-2018-6381.html https://www.suse.com/security/cve/CVE-2018-6484.html https://www.suse.com/security/cve/CVE-2018-6540.html https://bugzilla.suse.com/1024532 https://bugzilla.suse.com/1024536 https://bugzilla.suse.com/1034539 https://bugzilla.suse.com/1078497 https://bugzilla.suse.com/1078701 https://bugzilla.suse.com/1079096

1 0

openSUSE-SU-2018:0560-1: moderate: Security update for systemd
by opensuse-security＠opensuse.org 28 Feb '18

28 Feb '18

openSUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:0560-1 Rating: moderate References: #1057974 #1068588 #1071224 #1071311 #1075801 #1077925 Cross-References: CVE-2017-18078 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for systemd fixes the following issues: Security issue fixed: - CVE-2017-18078: tmpfiles: refuse to chown()/chmod() files which are hardlinked, unless protected_hardlinks sysctl is on. This could be used by local attackers to gain privileges (bsc#1077925) Non Security issues fixed: - core: use id unit when retrieving unit file state (#8038) (bsc#1075801) - cryptsetup-generator: run cryptsetup service before swap unit (#5480) - udev-rules: all values can contain escaped double quotes now (#6890) - strv: fix buffer size calculation in strv_join_quoted() - tmpfiles: change ownership of symlinks too - stdio-bridge: Correctly propagate error - stdio-bridge: remove dead code - remove bus-proxyd (bsc#1057974) - core/timer: Prevent timer looping when unit cannot start (bsc#1068588) - Make systemd-timesyncd use the openSUSE NTP servers by default Previously systemd-timesyncd used the Google Public NTP servers time{1..4}.google.com - Don't ship /usr/lib/systemd/system/tmp.mnt at all (bsc#1071224) But we still ship a copy in /var. Users who want to use tmpfs on /tmp are supposed to add a symlink in /etc/ pointing to the copy shipped in /var. To support the update path we automatically create the symlink if tmp.mount in use is located in /usr. - Enable systemd-networkd on Leap distros only (bsc#1071311) This update was imported from the SUSE:SLE-12-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-216=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): libsystemd0-228-44.1 libsystemd0-debuginfo-228-44.1 libsystemd0-mini-228-44.1 libsystemd0-mini-debuginfo-228-44.1 libudev-devel-228-44.1 libudev-mini-devel-228-44.1 libudev-mini1-228-44.1 libudev-mini1-debuginfo-228-44.1 libudev1-228-44.1 libudev1-debuginfo-228-44.1 nss-myhostname-228-44.1 nss-myhostname-debuginfo-228-44.1 nss-mymachines-228-44.1 nss-mymachines-debuginfo-228-44.1 systemd-228-44.1 systemd-debuginfo-228-44.1 systemd-debugsource-228-44.1 systemd-devel-228-44.1 systemd-logger-228-44.1 systemd-mini-228-44.1 systemd-mini-debuginfo-228-44.1 systemd-mini-debugsource-228-44.1 systemd-mini-devel-228-44.1 systemd-mini-sysvinit-228-44.1 systemd-sysvinit-228-44.1 udev-228-44.1 udev-debuginfo-228-44.1 udev-mini-228-44.1 udev-mini-debuginfo-228-44.1 - openSUSE Leap 42.3 (noarch): systemd-bash-completion-228-44.1 systemd-mini-bash-completion-228-44.1 - openSUSE Leap 42.3 (x86_64): libsystemd0-32bit-228-44.1 libsystemd0-debuginfo-32bit-228-44.1 libudev1-32bit-228-44.1 libudev1-debuginfo-32bit-228-44.1 nss-myhostname-32bit-228-44.1 nss-myhostname-debuginfo-32bit-228-44.1 systemd-32bit-228-44.1 systemd-debuginfo-32bit-228-44.1 References: https://www.suse.com/security/cve/CVE-2017-18078.html https://bugzilla.suse.com/1057974 https://bugzilla.suse.com/1068588 https://bugzilla.suse.com/1071224 https://bugzilla.suse.com/1071311 https://bugzilla.suse.com/1075801 https://bugzilla.suse.com/1077925

1 0

openSUSE-SU-2018:0544-1: important: Security update for lame
by opensuse-security＠opensuse.org 26 Feb '18

26 Feb '18

openSUSE Security Update: Security update for lame ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:0544-1 Rating: important References: #1082311 #1082317 #1082333 #1082340 #1082391 #1082392 #1082393 #1082395 #1082397 #1082399 #1082400 #1082401 Cross-References: CVE-2015-9100 CVE-2015-9101 CVE-2017-11720 CVE-2017-13712 CVE-2017-15019 CVE-2017-9410 CVE-2017-9411 CVE-2017-9412 CVE-2017-9869 CVE-2017-9870 CVE-2017-9871 CVE-2017-9872 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for lame fixes the following issues: Lame was updated to version 3.100: * Improved detection of MPEG audio data in RIFF WAVE files. sf#3545112 Invalid sampling detection * New switch --gain <decibel>, range -20.0 to +12.0, a more convenient way to apply Gain adjustment in decibels, than the use of --scale <factor>. * Fix for sf#3558466 Bug in path handling * Fix for sf#3567844 problem with Tag genre * Fix for sf#3565659 no progress indication with pipe input * Fix for sf#3544957 scale (empty) silent encode without warning * Fix for sf#3580176 environment variable LAMEOPT doesn't work anymore * Fix for sf#3608583 input file name displayed with wrong character encoding (on windows console with CP_UTF8) * Fix dereference NULL and Buffer not NULL terminated issues. (CVE-2017-15019 bsc#1082317 CVE-2017-13712 bsc#1082399 CVE-2015-9100 bsc#1082401) * Fix dereference of a null pointer possible in loop. * Make sure functions with SSE instructions maintain their own properly aligned stack. Thanks to Fabian Greffrath * Multiple Stack and Heap Corruptions from Malicious File. (CVE-2017-9872 bsc#1082391 CVE-2017-9871 bsc#1082392 CVE-2017-9870 bsc#1082393 CVE-2017-9869 bsc#1082395 CVE-2017-9411 bsc#1082397 CVE-2015-9101 bsc#1082400) * CVE-2017-11720: Fix a division by zero vulnerability. (bsc#1082311) * CVE-2017-9410: Fix fill_buffer_resample function in libmp3lame/util.c heap-based buffer over-read and ap (bsc#1082333) * CVE-2017-9411: Fix fill_buffer_resample function in libmp3lame/util.c invalid memory read and application crash (bsc#1082397) * CVE-2017-9412: FIx unpack_read_samples function in frontend/get_audio.c invalid memory read and application crash (bsc#1082340) * Fix clip detect scale suggestion unaware of scale input value * HIP decoder bug fixed: decoding mixed blocks of lower sample frequency Layer3 data resulted in internal buffer overflow. * Add lame_encode_buffer_interleaved_int() Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-214=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): lame-3.100-7.1 lame-debuginfo-3.100-7.1 lame-debugsource-3.100-7.1 lame-doc-3.100-7.1 lame-mp3rtp-3.100-7.1 lame-mp3rtp-debuginfo-3.100-7.1 libmp3lame-devel-3.100-7.1 libmp3lame0-3.100-7.1 libmp3lame0-debuginfo-3.100-7.1 - openSUSE Leap 42.3 (x86_64): libmp3lame0-32bit-3.100-7.1 libmp3lame0-debuginfo-32bit-3.100-7.1 References: https://www.suse.com/security/cve/CVE-2015-9100.html https://www.suse.com/security/cve/CVE-2015-9101.html https://www.suse.com/security/cve/CVE-2017-11720.html https://www.suse.com/security/cve/CVE-2017-13712.html https://www.suse.com/security/cve/CVE-2017-15019.html https://www.suse.com/security/cve/CVE-2017-9410.html https://www.suse.com/security/cve/CVE-2017-9411.html https://www.suse.com/security/cve/CVE-2017-9412.html https://www.suse.com/security/cve/CVE-2017-9869.html https://www.suse.com/security/cve/CVE-2017-9870.html https://www.suse.com/security/cve/CVE-2017-9871.html https://www.suse.com/security/cve/CVE-2017-9872.html https://bugzilla.suse.com/1082311 https://bugzilla.suse.com/1082317 https://bugzilla.suse.com/1082333 https://bugzilla.suse.com/1082340 https://bugzilla.suse.com/1082391 https://bugzilla.suse.com/1082392 https://bugzilla.suse.com/1082393 https://bugzilla.suse.com/1082395 https://bugzilla.suse.com/1082397 https://bugzilla.suse.com/1082399 https://bugzilla.suse.com/1082400 https://bugzilla.suse.com/1082401

1 0

openSUSE-SU-2018:0543-1: important: Security update for lame
by opensuse-security＠opensuse.org 26 Feb '18

26 Feb '18

openSUSE Security Update: Security update for lame ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:0543-1 Rating: important References: #1082311 #1082317 #1082333 #1082340 #1082391 #1082392 #1082393 #1082395 #1082397 #1082399 #1082400 #1082401 Cross-References: CVE-2015-9100 CVE-2015-9101 CVE-2017-11720 CVE-2017-13712 CVE-2017-15019 CVE-2017-9410 CVE-2017-9411 CVE-2017-9412 CVE-2017-9869 CVE-2017-9870 CVE-2017-9871 CVE-2017-9872 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for lame fixes the following issues: Lame was updated to version 3.100: * Improved detection of MPEG audio data in RIFF WAVE files. sf#3545112 Invalid sampling detection * New switch --gain <decibel>, range -20.0 to +12.0, a more convenient way to apply Gain adjustment in decibels, than the use of --scale <factor>. * Fix for sf#3558466 Bug in path handling * Fix for sf#3567844 problem with Tag genre * Fix for sf#3565659 no progress indication with pipe input * Fix for sf#3544957 scale (empty) silent encode without warning * Fix for sf#3580176 environment variable LAMEOPT doesn't work anymore * Fix for sf#3608583 input file name displayed with wrong character encoding (on windows console with CP_UTF8) * Fix dereference NULL and Buffer not NULL terminated issues. (CVE-2017-15019 bsc#1082317 CVE-2017-13712 bsc#1082399 CVE-2015-9100 bsc#1082401) * Fix dereference of a null pointer possible in loop. * Make sure functions with SSE instructions maintain their own properly aligned stack. Thanks to Fabian Greffrath * Multiple Stack and Heap Corruptions from Malicious File. (CVE-2017-9872 bsc#1082391 CVE-2017-9871 bsc#1082392 CVE-2017-9870 bsc#1082393 CVE-2017-9869 bsc#1082395 CVE-2017-9411 bsc#1082397 CVE-2015-9101 bsc#1082400) * CVE-2017-11720: Fix a division by zero vulnerability. (bsc#1082311) * CVE-2017-9410: Fix fill_buffer_resample function in libmp3lame/util.c heap-based buffer over-read and ap (bsc#1082333) * CVE-2017-9411: Fix fill_buffer_resample function in libmp3lame/util.c invalid memory read and application crash (bsc#1082397) * CVE-2017-9412: FIx unpack_read_samples function in frontend/get_audio.c invalid memory read and application crash (bsc#1082340) * Fix clip detect scale suggestion unaware of scale input value * HIP decoder bug fixed: decoding mixed blocks of lower sample frequency Layer3 data resulted in internal buffer overflow. * Add lame_encode_buffer_interleaved_int() Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2018-214=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64): lame-3.100-6.1 lame-debuginfo-3.100-6.1 lame-debugsource-3.100-6.1 lame-doc-3.100-6.1 lame-mp3rtp-3.100-6.1 lame-mp3rtp-debuginfo-3.100-6.1 libmp3lame-devel-3.100-6.1 libmp3lame0-3.100-6.1 libmp3lame0-debuginfo-3.100-6.1 References: https://www.suse.com/security/cve/CVE-2015-9100.html https://www.suse.com/security/cve/CVE-2015-9101.html https://www.suse.com/security/cve/CVE-2017-11720.html https://www.suse.com/security/cve/CVE-2017-13712.html https://www.suse.com/security/cve/CVE-2017-15019.html https://www.suse.com/security/cve/CVE-2017-9410.html https://www.suse.com/security/cve/CVE-2017-9411.html https://www.suse.com/security/cve/CVE-2017-9412.html https://www.suse.com/security/cve/CVE-2017-9869.html https://www.suse.com/security/cve/CVE-2017-9870.html https://www.suse.com/security/cve/CVE-2017-9871.html https://www.suse.com/security/cve/CVE-2017-9872.html https://bugzilla.suse.com/1082311 https://bugzilla.suse.com/1082317 https://bugzilla.suse.com/1082333 https://bugzilla.suse.com/1082340 https://bugzilla.suse.com/1082391 https://bugzilla.suse.com/1082392 https://bugzilla.suse.com/1082393 https://bugzilla.suse.com/1082395 https://bugzilla.suse.com/1082397 https://bugzilla.suse.com/1082399 https://bugzilla.suse.com/1082400 https://bugzilla.suse.com/1082401

1 0

openSUSE-SU-2018:0542-1: moderate: Security update for GraphicsMagick
by opensuse-security＠opensuse.org 26 Feb '18

26 Feb '18

openSUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:0542-1 Rating: moderate References: #1050132 #1072898 #1077737 Cross-References: CVE-2017-11533 CVE-2017-17500 CVE-2017-17682 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for GraphicsMagick fixes the following issues: Security issues fixed: - CVE-2017-11533: An infoleak by 1 byte due to heap-based buffer over-read in the WriteUILImage() in coders/uil.c was fixed (boo#1050132) - CVE-2017-17682: A large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allowed attackers to cause a denial of service (CPU exhaustion) (boo#1072898) - CVE-2017-17500: A heap-based buffer overread in the ImportRGBQuantumType was fixed that could lead to information leak or a crash (boo#1077737) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-213=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): GraphicsMagick-1.3.25-74.1 GraphicsMagick-debuginfo-1.3.25-74.1 GraphicsMagick-debugsource-1.3.25-74.1 GraphicsMagick-devel-1.3.25-74.1 libGraphicsMagick++-Q16-12-1.3.25-74.1 libGraphicsMagick++-Q16-12-debuginfo-1.3.25-74.1 libGraphicsMagick++-devel-1.3.25-74.1 libGraphicsMagick-Q16-3-1.3.25-74.1 libGraphicsMagick-Q16-3-debuginfo-1.3.25-74.1 libGraphicsMagick3-config-1.3.25-74.1 libGraphicsMagickWand-Q16-2-1.3.25-74.1 libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-74.1 perl-GraphicsMagick-1.3.25-74.1 perl-GraphicsMagick-debuginfo-1.3.25-74.1 References: https://www.suse.com/security/cve/CVE-2017-11533.html https://www.suse.com/security/cve/CVE-2017-17500.html https://www.suse.com/security/cve/CVE-2017-17682.html https://bugzilla.suse.com/1050132 https://bugzilla.suse.com/1072898 https://bugzilla.suse.com/1077737

1 0

openSUSE-OU-2018:0541-1: Optional update to add docker-img-store-setup
by maintenance＠opensuse.org 25 Feb '18

25 Feb '18

openSUSE Optional Update: Optional update to add docker-img-store-setup ______________________________________________________________________________ Announcement ID: openSUSE-OU-2018:0541-1 Rating: low References: #956085 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: By default Docker uses loopback mounted "devices" to store docker images and metadata. This default storage configuration (100 GB for image storage) leads to a rather lengthy start up phase of docker when initially launched. When docker is enabled by default, such as in the Amazon Container Service images for SUSE Linux Enterprise, the slow start up time of docker upon instance creation provides a sub optimal user experience. Additionally other services that depend on docker being operational may time out. The script and systemd unit file in the docker-img-store-setup package address the problem described above. The script creates a 100 GB device file that is then formatted with btrfs. The mounted device allows docker to use the btrfs storage driver and the start up process is very fast. This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-212=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (noarch): docker-img-store-setup-1.0.0-2.1 References: https://bugzilla.suse.com/956085

1 0

openSUSE-SU-2018:0540-1: moderate: Security update for wireshark
by opensuse-security＠opensuse.org 25 Feb '18

25 Feb '18

openSUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:0540-1 Rating: moderate References: #1082692 Cross-References: CVE-2018-7320 CVE-2018-7321 CVE-2018-7322 CVE-2018-7323 CVE-2018-7324 CVE-2018-7325 CVE-2018-7326 CVE-2018-7327 CVE-2018-7328 CVE-2018-7329 CVE-2018-7330 CVE-2018-7331 CVE-2018-7332 CVE-2018-7333 CVE-2018-7334 CVE-2018-7335 CVE-2018-7336 CVE-2018-7337 CVE-2018-7417 CVE-2018-7418 CVE-2018-7419 CVE-2018-7420 CVE-2018-7421 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes 23 vulnerabilities is now available. Description: This update for Wireshark to version 2.2.13 fixes a number of minor vulnerabilities that could be used to trigger dissector crashes or cause dissectors to go into large infinite loops by making Wireshark read specially crafted packages from the network or capture files: (boo#1082692): - CVE-2018-7335: The IEEE 802.11 dissector could crash - CVE-2018-7321, CVE-2018-7322, CVE-2018-7323, CVE-2018-7324, CVE-2018-7325, CVE-2018-7326, CVE-2018-7327, CVE-2018-7328, CVE-2018-7329, CVE-2018-7330, CVE-2018-7331, CVE-2018-7332, CVE-2018-7333, CVE-2018-7421: Multiple dissectors could go into large infinite loops - CVE-2018-7334: The UMTS MAC dissector could crash - CVE-2018-7337: The DOCSIS dissector could crash - CVE-2018-7336: The FCP dissector could crash - CVE-2018-7320: The SIGCOMP dissector could crash - CVE-2018-7420: The pcapng file parser could crash - CVE-2018-7417: The IPMI dissector could crash - CVE-2018-7418: The SIGCOMP dissector could crash - CVE-2018-7419: The NBAP disssector could crash This update also contains further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.13.html Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-210=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (x86_64): wireshark-2.2.13-35.1 wireshark-debuginfo-2.2.13-35.1 wireshark-debugsource-2.2.13-35.1 wireshark-devel-2.2.13-35.1 wireshark-ui-gtk-2.2.13-35.1 wireshark-ui-gtk-debuginfo-2.2.13-35.1 wireshark-ui-qt-2.2.13-35.1 wireshark-ui-qt-debuginfo-2.2.13-35.1 References: https://www.suse.com/security/cve/CVE-2018-7320.html https://www.suse.com/security/cve/CVE-2018-7321.html https://www.suse.com/security/cve/CVE-2018-7322.html https://www.suse.com/security/cve/CVE-2018-7323.html https://www.suse.com/security/cve/CVE-2018-7324.html https://www.suse.com/security/cve/CVE-2018-7325.html https://www.suse.com/security/cve/CVE-2018-7326.html https://www.suse.com/security/cve/CVE-2018-7327.html https://www.suse.com/security/cve/CVE-2018-7328.html https://www.suse.com/security/cve/CVE-2018-7329.html https://www.suse.com/security/cve/CVE-2018-7330.html https://www.suse.com/security/cve/CVE-2018-7331.html https://www.suse.com/security/cve/CVE-2018-7332.html https://www.suse.com/security/cve/CVE-2018-7333.html https://www.suse.com/security/cve/CVE-2018-7334.html https://www.suse.com/security/cve/CVE-2018-7335.html https://www.suse.com/security/cve/CVE-2018-7336.html https://www.suse.com/security/cve/CVE-2018-7337.html https://www.suse.com/security/cve/CVE-2018-7417.html https://www.suse.com/security/cve/CVE-2018-7418.html https://www.suse.com/security/cve/CVE-2018-7419.html https://www.suse.com/security/cve/CVE-2018-7420.html https://www.suse.com/security/cve/CVE-2018-7421.html https://bugzilla.suse.com/1082692

1 0

openSUSE-OU-2018:0539-1: Optional update to add cloud-netconfig
by maintenance＠opensuse.org 25 Feb '18

25 Feb '18

openSUSE Optional Update: Optional update to add cloud-netconfig ______________________________________________________________________________ Announcement ID: openSUSE-OU-2018:0539-1 Rating: low References: #1027212 #1055553 #1063292 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that has three optional fixes can now be installed. Description: This update adds the cloud-netconfig package, which provides scripts for automatically configuring multiple network interfaces in EC2 and Azure instances. This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-211=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (noarch): cloud-netconfig-azure-0.6-4.1 cloud-netconfig-ec2-0.6-4.1 References: https://bugzilla.suse.com/1027212 https://bugzilla.suse.com/1055553 https://bugzilla.suse.com/1063292

1 0

openSUSE-SU-2018:0538-1: important: Security update for php5
by opensuse-security＠opensuse.org 24 Feb '18

24 Feb '18

openSUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:0538-1 Rating: important References: #1080234 Cross-References: CVE-2016-10712 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php5 fixes the following issues: - CVE-2016-10712: In PHP all of the return values of stream_get_meta_data could be controlled if the input can be controlled (e.g., during file uploads). (bsc#1080234) This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-209=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): apache2-mod_php5-5.5.14-94.1 apache2-mod_php5-debuginfo-5.5.14-94.1 php5-5.5.14-94.1 php5-bcmath-5.5.14-94.1 php5-bcmath-debuginfo-5.5.14-94.1 php5-bz2-5.5.14-94.1 php5-bz2-debuginfo-5.5.14-94.1 php5-calendar-5.5.14-94.1 php5-calendar-debuginfo-5.5.14-94.1 php5-ctype-5.5.14-94.1 php5-ctype-debuginfo-5.5.14-94.1 php5-curl-5.5.14-94.1 php5-curl-debuginfo-5.5.14-94.1 php5-dba-5.5.14-94.1 php5-dba-debuginfo-5.5.14-94.1 php5-debuginfo-5.5.14-94.1 php5-debugsource-5.5.14-94.1 php5-devel-5.5.14-94.1 php5-dom-5.5.14-94.1 php5-dom-debuginfo-5.5.14-94.1 php5-enchant-5.5.14-94.1 php5-enchant-debuginfo-5.5.14-94.1 php5-exif-5.5.14-94.1 php5-exif-debuginfo-5.5.14-94.1 php5-fastcgi-5.5.14-94.1 php5-fastcgi-debuginfo-5.5.14-94.1 php5-fileinfo-5.5.14-94.1 php5-fileinfo-debuginfo-5.5.14-94.1 php5-firebird-5.5.14-94.1 php5-firebird-debuginfo-5.5.14-94.1 php5-fpm-5.5.14-94.1 php5-fpm-debuginfo-5.5.14-94.1 php5-ftp-5.5.14-94.1 php5-ftp-debuginfo-5.5.14-94.1 php5-gd-5.5.14-94.1 php5-gd-debuginfo-5.5.14-94.1 php5-gettext-5.5.14-94.1 php5-gettext-debuginfo-5.5.14-94.1 php5-gmp-5.5.14-94.1 php5-gmp-debuginfo-5.5.14-94.1 php5-iconv-5.5.14-94.1 php5-iconv-debuginfo-5.5.14-94.1 php5-imap-5.5.14-94.1 php5-imap-debuginfo-5.5.14-94.1 php5-intl-5.5.14-94.1 php5-intl-debuginfo-5.5.14-94.1 php5-json-5.5.14-94.1 php5-json-debuginfo-5.5.14-94.1 php5-ldap-5.5.14-94.1 php5-ldap-debuginfo-5.5.14-94.1 php5-mbstring-5.5.14-94.1 php5-mbstring-debuginfo-5.5.14-94.1 php5-mcrypt-5.5.14-94.1 php5-mcrypt-debuginfo-5.5.14-94.1 php5-mssql-5.5.14-94.1 php5-mssql-debuginfo-5.5.14-94.1 php5-mysql-5.5.14-94.1 php5-mysql-debuginfo-5.5.14-94.1 php5-odbc-5.5.14-94.1 php5-odbc-debuginfo-5.5.14-94.1 php5-opcache-5.5.14-94.1 php5-opcache-debuginfo-5.5.14-94.1 php5-openssl-5.5.14-94.1 php5-openssl-debuginfo-5.5.14-94.1 php5-pcntl-5.5.14-94.1 php5-pcntl-debuginfo-5.5.14-94.1 php5-pdo-5.5.14-94.1 php5-pdo-debuginfo-5.5.14-94.1 php5-pgsql-5.5.14-94.1 php5-pgsql-debuginfo-5.5.14-94.1 php5-phar-5.5.14-94.1 php5-phar-debuginfo-5.5.14-94.1 php5-posix-5.5.14-94.1 php5-posix-debuginfo-5.5.14-94.1 php5-pspell-5.5.14-94.1 php5-pspell-debuginfo-5.5.14-94.1 php5-readline-5.5.14-94.1 php5-readline-debuginfo-5.5.14-94.1 php5-shmop-5.5.14-94.1 php5-shmop-debuginfo-5.5.14-94.1 php5-snmp-5.5.14-94.1 php5-snmp-debuginfo-5.5.14-94.1 php5-soap-5.5.14-94.1 php5-soap-debuginfo-5.5.14-94.1 php5-sockets-5.5.14-94.1 php5-sockets-debuginfo-5.5.14-94.1 php5-sqlite-5.5.14-94.1 php5-sqlite-debuginfo-5.5.14-94.1 php5-suhosin-5.5.14-94.1 php5-suhosin-debuginfo-5.5.14-94.1 php5-sysvmsg-5.5.14-94.1 php5-sysvmsg-debuginfo-5.5.14-94.1 php5-sysvsem-5.5.14-94.1 php5-sysvsem-debuginfo-5.5.14-94.1 php5-sysvshm-5.5.14-94.1 php5-sysvshm-debuginfo-5.5.14-94.1 php5-tidy-5.5.14-94.1 php5-tidy-debuginfo-5.5.14-94.1 php5-tokenizer-5.5.14-94.1 php5-tokenizer-debuginfo-5.5.14-94.1 php5-wddx-5.5.14-94.1 php5-wddx-debuginfo-5.5.14-94.1 php5-xmlreader-5.5.14-94.1 php5-xmlreader-debuginfo-5.5.14-94.1 php5-xmlrpc-5.5.14-94.1 php5-xmlrpc-debuginfo-5.5.14-94.1 php5-xmlwriter-5.5.14-94.1 php5-xmlwriter-debuginfo-5.5.14-94.1 php5-xsl-5.5.14-94.1 php5-xsl-debuginfo-5.5.14-94.1 php5-zip-5.5.14-94.1 php5-zip-debuginfo-5.5.14-94.1 php5-zlib-5.5.14-94.1 php5-zlib-debuginfo-5.5.14-94.1 - openSUSE Leap 42.3 (noarch): php5-pear-5.5.14-94.1 References: https://www.suse.com/security/cve/CVE-2016-10712.html https://bugzilla.suse.com/1080234

1 0

openSUSE-SU-2018:0537-1: moderate: Security update for dhcp
by opensuse-security＠opensuse.org 24 Feb '18

24 Feb '18

openSUSE Security Update: Security update for dhcp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:0537-1 Rating: moderate References: #1023415 #1059061 #1073935 #1076119 #987170 Cross-References: CVE-2017-3144 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for dhcp fixes several issues. This security issue was fixed: - CVE-2017-3144: OMAPI code didn't free socket descriptors when empty message is received allowing DoS (bsc#1076119). These non-security issues were fixed: - Optimized if and when DNS client context and ports are initted (bsc#1073935) - Relax permission of dhclient-script for libguestfs (bsc#987170) - Modify dhclient-script to handle static route updates (bsc#1023415). - Use only the 12 least significant bits of an inbound packet's TCI value as the VLAN ID to fix some packages being wrongly discarded by the Linux packet filter. (bsc#1059061) This update was imported from the SUSE:SLE-12-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-207=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): dhcp-4.3.3-11.3.1 dhcp-client-4.3.3-11.3.1 dhcp-client-debuginfo-4.3.3-11.3.1 dhcp-debuginfo-4.3.3-11.3.1 dhcp-debugsource-4.3.3-11.3.1 dhcp-devel-4.3.3-11.3.1 dhcp-doc-4.3.3-11.3.1 dhcp-relay-4.3.3-11.3.1 dhcp-relay-debuginfo-4.3.3-11.3.1 dhcp-server-4.3.3-11.3.1 dhcp-server-debuginfo-4.3.3-11.3.1 References: https://www.suse.com/security/cve/CVE-2017-3144.html https://bugzilla.suse.com/1023415 https://bugzilla.suse.com/1059061 https://bugzilla.suse.com/1073935 https://bugzilla.suse.com/1076119 https://bugzilla.suse.com/987170

1 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

openSUSE Updates February 2018