openSUSE Security Update: Security update for openssl
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:2957-1
Rating: moderate
References: #1089039 #1101246 #1101470 #1104789 #1106197
#997043
Cross-References: CVE-2018-0737
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that solves one vulnerability and has 5 fixes is
now available.
Description:
This update for openssl fixes the following issues:
These security issues were fixed:
- Prevent One&Done side-channel attack on RSA that allowed physically near
attackers to use EM emanations to recover information (bsc#1104789)
- CVE-2018-0737: The RSA Key generation algorithm has been shown to be
vulnerable to a cache timing side channel attack. An attacker with
sufficient access to mount cache timing attacks during the RSA key
generation process could have recovered the private key (bsc#1089039)
These non-security issues were fixed:
- Add openssl(cli) Provide so the packages that require the openssl binary
can require this instead of the new openssl meta package (bsc#1101470)
- Fixed path to the engines which are under /lib64 on SLE-12 (bsc#1101246,
bsc#997043)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-1091=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
libopenssl-devel-1.0.2j-29.1
libopenssl1_0_0-1.0.2j-29.1
libopenssl1_0_0-debuginfo-1.0.2j-29.1
libopenssl1_0_0-hmac-1.0.2j-29.1
openssl-1.0.2j-29.1
openssl-cavs-1.0.2j-29.1
openssl-cavs-debuginfo-1.0.2j-29.1
openssl-debuginfo-1.0.2j-29.1
openssl-debugsource-1.0.2j-29.1
- openSUSE Leap 42.3 (noarch):
openssl-doc-1.0.2j-29.1
- openSUSE Leap 42.3 (x86_64):
libopenssl-devel-32bit-1.0.2j-29.1
libopenssl1_0_0-32bit-1.0.2j-29.1
libopenssl1_0_0-debuginfo-32bit-1.0.2j-29.1
libopenssl1_0_0-hmac-32bit-1.0.2j-29.1
References:
https://www.suse.com/security/cve/CVE-2018-0737.htmlhttps://bugzilla.suse.com/1089039https://bugzilla.suse.com/1101246https://bugzilla.suse.com/1101470https://bugzilla.suse.com/1104789https://bugzilla.suse.com/1106197https://bugzilla.suse.com/997043
openSUSE Recommended Update: Recommended update for kdump
______________________________________________________________________________
Announcement ID: openSUSE-RU-2018:2954-1
Rating: important
References: #1002617 #1058202 #1081646 #1091186 #1101730
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that has 5 recommended fixes can now be installed.
Description:
This update for kdump fixes the following issues:
- Block initrd-parse-etc.service until dump is saved (bsc#1091186).
- Always copy timezone data into kdumprd (bsc#1081646).
- Bail out of kdump_check_net if no default interface is found
(bsc#1058202).
- fadump: avoid multipath optimizations that break regular boot
(bsc#1101730).
- cmdline: split kdump cmdline purpose wise (bsc#1101730).
- fadump: fix network bring up issue during default boot (bsc#1101730).
This update was imported from the SUSE:SLE-12-SP3:Update update project.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-1086=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
kdump-0.8.16-5.9.1
kdump-debuginfo-0.8.16-5.9.1
kdump-debugsource-0.8.16-5.9.1
References:
https://bugzilla.suse.com/1002617https://bugzilla.suse.com/1058202https://bugzilla.suse.com/1081646https://bugzilla.suse.com/1091186https://bugzilla.suse.com/1101730
openSUSE Recommended Update: Recommended update for openldap2
______________________________________________________________________________
Announcement ID: openSUSE-RU-2018:2953-1
Rating: moderate
References: #1089640
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for openldap2 provides the following fix:
- Fix slapd segfaults in mdb_env_reader_dest. (bsc#1089640)
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1085=1
Package List:
- openSUSE Leap 15.0 (i586 x86_64):
libldap-2_4-2-2.4.46-lp150.8.3.1
libldap-2_4-2-debuginfo-2.4.46-lp150.8.3.1
openldap2-2.4.46-lp150.8.3.1
openldap2-back-meta-2.4.46-lp150.8.3.1
openldap2-back-meta-debuginfo-2.4.46-lp150.8.3.1
openldap2-back-perl-2.4.46-lp150.8.3.1
openldap2-back-perl-debuginfo-2.4.46-lp150.8.3.1
openldap2-back-sock-2.4.46-lp150.8.3.1
openldap2-back-sock-debuginfo-2.4.46-lp150.8.3.1
openldap2-back-sql-2.4.46-lp150.8.3.1
openldap2-back-sql-debuginfo-2.4.46-lp150.8.3.1
openldap2-client-2.4.46-lp150.8.3.1
openldap2-client-debuginfo-2.4.46-lp150.8.3.1
openldap2-contrib-2.4.46-lp150.8.3.1
openldap2-contrib-debuginfo-2.4.46-lp150.8.3.1
openldap2-debuginfo-2.4.46-lp150.8.3.1
openldap2-debugsource-2.4.46-lp150.8.3.1
openldap2-devel-2.4.46-lp150.8.3.1
openldap2-devel-static-2.4.46-lp150.8.3.1
openldap2-ppolicy-check-password-1.2-lp150.8.3.1
openldap2-ppolicy-check-password-debuginfo-1.2-lp150.8.3.1
- openSUSE Leap 15.0 (x86_64):
libldap-2_4-2-32bit-2.4.46-lp150.8.3.1
libldap-2_4-2-32bit-debuginfo-2.4.46-lp150.8.3.1
openldap2-devel-32bit-2.4.46-lp150.8.3.1
- openSUSE Leap 15.0 (noarch):
libldap-data-2.4.46-lp150.8.3.1
openldap2-doc-2.4.46-lp150.8.3.1
References:
https://bugzilla.suse.com/1089640
openSUSE Recommended Update: Recommended update for snapper
______________________________________________________________________________
Announcement ID: openSUSE-RU-2018:2952-1
Rating: moderate
References: #1096208 #1096401
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________
An update that has two recommended fixes can now be
installed.
Description:
This update for snapper fixes the following issues:
- Fixed logging during shutdown of snapperd to avoid core dumps.
(bsc#1096401)
- Fix fails to build with new Boost library due to missing pthread library
during link. (bsc#1096208)
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1089=1
Package List:
- openSUSE Leap 15.0 (i586 x86_64):
libsnapper-devel-0.5.6-lp150.3.6.1
libsnapper4-0.5.6-lp150.3.6.1
libsnapper4-debuginfo-0.5.6-lp150.3.6.1
pam_snapper-0.5.6-lp150.3.6.1
pam_snapper-debuginfo-0.5.6-lp150.3.6.1
snapper-0.5.6-lp150.3.6.1
snapper-debuginfo-0.5.6-lp150.3.6.1
snapper-debugsource-0.5.6-lp150.3.6.1
- openSUSE Leap 15.0 (noarch):
snapper-zypp-plugin-0.5.6-lp150.3.6.1
References:
https://bugzilla.suse.com/1096208https://bugzilla.suse.com/1096401
openSUSE Recommended Update: Recommended update for multiple yast2 packages
______________________________________________________________________________
Announcement ID: openSUSE-RU-2018:2951-1
Rating: moderate
References: #1087957 #1099691
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________
An update that has two recommended fixes can now be
installed.
Description:
This update adds functionality to multiple YaST packages:
- Enhance the search function of the QT version of the YaST2 control
center (fate#321043, bsc#1099691)
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1090=1
Package List:
- openSUSE Leap 15.0 (i586 x86_64):
yast2-country-4.0.23-lp150.2.6.1
yast2-country-data-4.0.23-lp150.2.6.1
yast2-kdump-4.0.4-lp150.2.3.1
yast2-nis-client-4.0.3-lp150.2.3.1
yast2-nis-client-debuginfo-4.0.3-lp150.2.3.1
yast2-nis-client-debugsource-4.0.3-lp150.2.3.1
yast2-tune-4.0.1-lp150.2.3.1
yast2-vm-4.0.2-lp150.2.3.1
- openSUSE Leap 15.0 (x86_64):
yast2-control-center-4.0.4-lp150.2.3.1
yast2-control-center-debugsource-4.0.4-lp150.2.3.1
yast2-control-center-qt-4.0.4-lp150.2.3.1
yast2-control-center-qt-debuginfo-4.0.4-lp150.2.3.1
yast2-sound-4.0.1-lp150.2.3.1
yast2-sound-debuginfo-4.0.1-lp150.2.3.1
yast2-sound-debugsource-4.0.1-lp150.2.3.1
yast2-squid-4.0.2-lp150.2.3.1
yast2-squid-debuginfo-4.0.2-lp150.2.3.1
yast2-squid-debugsource-4.0.2-lp150.2.3.1
- openSUSE Leap 15.0 (noarch):
yast2-apparmor-4.0.5-lp150.2.3.1
yast2-dhcp-server-4.0.1-lp150.2.3.1
yast2-dns-server-4.0.3-lp150.2.6.1
yast2-fcoe-client-4.0.1-lp150.2.3.1
yast2-firewall-4.0.26-lp150.2.3.1
yast2-iscsi-lio-server-4.0.11-lp150.2.3.1
yast2-mail-4.0.4-lp150.2.3.1
yast2-multipath-4.0.1-lp150.2.3.1
yast2-nfs-common-4.0.1-lp150.2.3.1
yast2-nfs-server-4.0.1-lp150.2.3.1
yast2-nis-server-4.0.1-lp150.2.3.1
yast2-online-update-4.0.1-lp150.2.3.1
yast2-online-update-configuration-4.0.1-lp150.2.3.1
yast2-online-update-frontend-4.0.1-lp150.2.3.1
yast2-proxy-4.0.2-lp150.2.6.1
yast2-rdp-4.0.2-lp150.2.3.1
yast2-samba-server-4.0.2-lp150.2.3.1
yast2-sudo-4.0.0-lp150.2.3.1
yast2-sysconfig-4.0.1-lp150.2.3.1
yast2-tftp-server-4.0.3-lp150.2.3.1
References:
https://bugzilla.suse.com/1087957https://bugzilla.suse.com/1099691
openSUSE Optional Update: Optional update to add python3-llfuse
______________________________________________________________________________
Announcement ID: openSUSE-OU-2018:2950-1
Rating: low
References: #1095725
Affected Products:
openSUSE Leap 15.0
openSUSE Backports SLE-15
______________________________________________________________________________
An update that has one optional fix can now be installed.
Description:
This update makes available python-llfuse.
The package is required when using the mount subcommand of borg, part of
Borg backup. (boo#1095725)
Patch Instructions:
To install this openSUSE Optional Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1084=1
- openSUSE Backports SLE-15:
zypper in -t patch openSUSE-2018-1084=1
Package List:
- openSUSE Leap 15.0 (x86_64):
python-llfuse-debuginfo-1.3.5-lp150.2.1
python-llfuse-debugsource-1.3.5-lp150.2.1
python2-llfuse-1.3.5-lp150.2.1
python2-llfuse-debuginfo-1.3.5-lp150.2.1
python3-llfuse-1.3.5-lp150.2.1
python3-llfuse-debuginfo-1.3.5-lp150.2.1
- openSUSE Leap 15.0 (noarch):
python-llfuse-docs-1.3.5-lp150.2.1
- openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):
python2-llfuse-1.3.5-bp150.2.1
python3-llfuse-1.3.5-bp150.2.1
- openSUSE Backports SLE-15 (noarch):
python-llfuse-docs-1.3.5-bp150.2.1
References:
https://bugzilla.suse.com/1095725
openSUSE Recommended Update: Recommended update for grub2
______________________________________________________________________________
Announcement ID: openSUSE-RU-2018:2949-1
Rating: moderate
References: #1063443 #1084508 #1088830 #1089493 #1102515
#1105163 #1106381
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________
An update that has 7 recommended fixes can now be installed.
Description:
This update for grub2 provides the following fixes:
- Fix overflow in sector count calculation. (bsc#1105163)
- Fix config_directory on btrfs to follow path scheme. (bsc#1063443)
- Fix setparams doesn't work as expected in boot-last-label. (bsc#1088830)
- Suggest instead of libburnia-tools to not pull in tcl/tk and half of the
x11 stack automatically. (bsc#1102515)
- Fix broken network interface with random address and same name.
(bsc#1084508)
- Fix outputting invalid btrfs subvolume path on non btrfs filesystem due
to bogus return code handling. (bsc#1106381)
- Fix boot issues with iSCSI on s390x (boo#1089493)
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1088=1
Package List:
- openSUSE Leap 15.0 (i586 x86_64):
grub2-2.02-lp150.13.4.1
grub2-branding-upstream-2.02-lp150.13.4.1
grub2-debuginfo-2.02-lp150.13.4.1
grub2-debugsource-2.02-lp150.13.4.1
grub2-i386-pc-2.02-lp150.13.4.1
- openSUSE Leap 15.0 (x86_64):
grub2-x86_64-efi-2.02-lp150.13.4.1
grub2-x86_64-xen-2.02-lp150.13.4.1
- openSUSE Leap 15.0 (noarch):
grub2-snapper-plugin-2.02-lp150.13.4.1
grub2-systemd-sleep-plugin-2.02-lp150.13.4.1
- openSUSE Leap 15.0 (i586):
grub2-i386-efi-2.02-lp150.13.4.1
grub2-i386-xen-2.02-lp150.13.4.1
References:
https://bugzilla.suse.com/1063443https://bugzilla.suse.com/1084508https://bugzilla.suse.com/1088830https://bugzilla.suse.com/1089493https://bugzilla.suse.com/1102515https://bugzilla.suse.com/1105163https://bugzilla.suse.com/1106381
openSUSE Recommended Update: Recommended update for hwdata
______________________________________________________________________________
Announcement ID: openSUSE-RU-2018:2948-1
Rating: moderate
References: #1106523
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.0
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for hwdata contains updated hardware identification and
configuration data (boo#1106523).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-1083=1
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1083=1
Package List:
- openSUSE Leap 42.3 (noarch):
hwdata-0.314-12.1
- openSUSE Leap 15.0 (noarch):
hwdata-0.314-lp150.2.3.1
References:
https://bugzilla.suse.com/1106523
openSUSE Recommended Update: Recommended update for pidentd
______________________________________________________________________________
Announcement ID: openSUSE-RU-2018:2947-1
Rating: important
References: #1101107 #1101600
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________
An update that has two recommended fixes can now be
installed.
Description:
This update for pidentd fixes the following issues:
- IPv6 support was accidentally dropped when upgrading to 3.0.19. This
update reenables IPv6 support. (bsc#1101600)
- Drop uname -r of buildhost from binary for reproducible builds
(bsc#1101107)
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1087=1
Package List:
- openSUSE Leap 15.0 (x86_64):
pidentd-3.0.19-lp150.3.3.1
pidentd-debuginfo-3.0.19-lp150.3.3.1
pidentd-debugsource-3.0.19-lp150.3.3.1
References:
https://bugzilla.suse.com/1101107https://bugzilla.suse.com/1101600
openSUSE Recommended Update: Security update for opera
______________________________________________________________________________
Announcement ID: openSUSE-RU-2018:2944-1
Rating: moderate
References: #1110016
Affected Products:
openSUSE Leap 42.3:NonFree
openSUSE Leap 15.0:NonFree
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for Opera to version 56.0.3051.31 contains the following
changes:
- Various bug fixes in the browser engine and the user interface
(boo#1110016)
- Chromium engine updated to 69.0.3497.100
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:NonFree:
zypper in -t patch openSUSE-2018-1082=1
- openSUSE Leap 15.0:NonFree:
zypper in -t patch openSUSE-2018-1082=1
Package List:
- openSUSE Leap 42.3:NonFree (x86_64):
opera-56.0.3051.31-71.1
- openSUSE Leap 15.0:NonFree (x86_64):
opera-56.0.3051.31-lp150.2.6.1
References:
https://bugzilla.suse.com/1110016