openSUSE Security Update: Security update for SDL2
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:2224-1
Rating: moderate
References: #1141844 #1142031
Cross-References: CVE-2019-13616 CVE-2019-13626
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for SDL2 fixes the following issues:
Security issues fixed:
- CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in
video/SDL_blit_N.c (bsc#1141844).
- CVE-2019-13626: Fixed integer overflow in IMA_ADPCM_decode() in
audio/SDL_wave.c (bsc#1142031).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-2224=1
Package List:
- openSUSE Leap 15.0 (i586 x86_64):
SDL2-debugsource-2.0.8-lp150.2.9.1
libSDL2-2_0-0-2.0.8-lp150.2.9.1
libSDL2-2_0-0-debuginfo-2.0.8-lp150.2.9.1
libSDL2-devel-2.0.8-lp150.2.9.1
- openSUSE Leap 15.0 (x86_64):
libSDL2-2_0-0-32bit-2.0.8-lp150.2.9.1
libSDL2-2_0-0-32bit-debuginfo-2.0.8-lp150.2.9.1
libSDL2-devel-32bit-2.0.8-lp150.2.9.1
References:
https://www.suse.com/security/cve/CVE-2019-13616.htmlhttps://www.suse.com/security/cve/CVE-2019-13626.htmlhttps://bugzilla.suse.com/1141844https://bugzilla.suse.com/1142031
openSUSE Security Update: Security update for SDL2
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:2226-1
Rating: moderate
References: #1141844 #1142031
Cross-References: CVE-2019-13616 CVE-2019-13626
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for SDL2 fixes the following issues:
Security issues fixed:
- CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in
video/SDL_blit_N.c (bsc#1141844).
- CVE-2019-13626: Fixed integer overflow in IMA_ADPCM_decode() in
audio/SDL_wave.c (bsc#1142031).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2019-2226=1
Package List:
- openSUSE Leap 15.1 (i586 x86_64):
SDL2-debugsource-2.0.8-lp151.4.6.1
libSDL2-2_0-0-2.0.8-lp151.4.6.1
libSDL2-2_0-0-debuginfo-2.0.8-lp151.4.6.1
libSDL2-devel-2.0.8-lp151.4.6.1
- openSUSE Leap 15.1 (x86_64):
libSDL2-2_0-0-32bit-2.0.8-lp151.4.6.1
libSDL2-2_0-0-32bit-debuginfo-2.0.8-lp151.4.6.1
libSDL2-devel-32bit-2.0.8-lp151.4.6.1
References:
https://www.suse.com/security/cve/CVE-2019-13616.htmlhttps://www.suse.com/security/cve/CVE-2019-13626.htmlhttps://bugzilla.suse.com/1141844https://bugzilla.suse.com/1142031
openSUSE Security Update: Security update for python-numpy
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:2225-1
Rating: moderate
References: #1149203
Cross-References: CVE-2019-6446
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for python-numpy fixes the following issues:
Non-security issues fixed:
- Updated to upstream version 1.16.1. (bsc#1149203) (jsc#SLE-8532)
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-2225=1
Package List:
- openSUSE Leap 15.0 (x86_64):
python-numpy-debuginfo-1.16.1-lp150.8.1
python-numpy-debugsource-1.16.1-lp150.8.1
python-numpy_1_16_1-gnu-hpc-debuginfo-1.16.1-lp150.8.1
python-numpy_1_16_1-gnu-hpc-debugsource-1.16.1-lp150.8.1
python2-numpy-1.16.1-lp150.8.1
python2-numpy-debuginfo-1.16.1-lp150.8.1
python2-numpy-devel-1.16.1-lp150.8.1
python2-numpy-gnu-hpc-1.16.1-lp150.8.1
python2-numpy-gnu-hpc-devel-1.16.1-lp150.8.1
python2-numpy_1_16_1-gnu-hpc-1.16.1-lp150.8.1
python2-numpy_1_16_1-gnu-hpc-debuginfo-1.16.1-lp150.8.1
python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp150.8.1
python3-numpy-1.16.1-lp150.8.1
python3-numpy-debuginfo-1.16.1-lp150.8.1
python3-numpy-devel-1.16.1-lp150.8.1
python3-numpy-gnu-hpc-1.16.1-lp150.8.1
python3-numpy-gnu-hpc-devel-1.16.1-lp150.8.1
python3-numpy_1_16_1-gnu-hpc-1.16.1-lp150.8.1
python3-numpy_1_16_1-gnu-hpc-debuginfo-1.16.1-lp150.8.1
python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp150.8.1
References:
https://www.suse.com/security/cve/CVE-2019-6446.htmlhttps://bugzilla.suse.com/1149203
openSUSE Security Update: Security update for python-numpy
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:2227-1
Rating: moderate
References: #1149203
Cross-References: CVE-2019-6446
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for python-numpy fixes the following issues:
Non-security issues fixed:
- Updated to upstream version 1.16.1. (bsc#1149203) (jsc#SLE-8532)
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2019-2227=1
Package List:
- openSUSE Leap 15.1 (x86_64):
python-numpy-debuginfo-1.16.1-lp151.5.3.1
python-numpy-debugsource-1.16.1-lp151.5.3.1
python-numpy_1_16_1-gnu-hpc-debuginfo-1.16.1-lp151.5.3.1
python-numpy_1_16_1-gnu-hpc-debugsource-1.16.1-lp151.5.3.1
python2-numpy-1.16.1-lp151.5.3.1
python2-numpy-debuginfo-1.16.1-lp151.5.3.1
python2-numpy-devel-1.16.1-lp151.5.3.1
python2-numpy-gnu-hpc-1.16.1-lp151.5.3.1
python2-numpy-gnu-hpc-devel-1.16.1-lp151.5.3.1
python2-numpy_1_16_1-gnu-hpc-1.16.1-lp151.5.3.1
python2-numpy_1_16_1-gnu-hpc-debuginfo-1.16.1-lp151.5.3.1
python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp151.5.3.1
python3-numpy-1.16.1-lp151.5.3.1
python3-numpy-debuginfo-1.16.1-lp151.5.3.1
python3-numpy-devel-1.16.1-lp151.5.3.1
python3-numpy-gnu-hpc-1.16.1-lp151.5.3.1
python3-numpy-gnu-hpc-devel-1.16.1-lp151.5.3.1
python3-numpy_1_16_1-gnu-hpc-1.16.1-lp151.5.3.1
python3-numpy_1_16_1-gnu-hpc-debuginfo-1.16.1-lp151.5.3.1
python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp151.5.3.1
References:
https://www.suse.com/security/cve/CVE-2019-6446.htmlhttps://bugzilla.suse.com/1149203
openSUSE Security Update: Security update for ghostscript
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:2222-1
Rating: important
References: #1129180 #1129186 #1134156 #1140359 #1146882
#1146884
Cross-References: CVE-2019-12973 CVE-2019-14811 CVE-2019-14812
CVE-2019-14813 CVE-2019-14817 CVE-2019-3835
CVE-2019-3839
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________
An update that fixes 7 vulnerabilities is now available.
Description:
This update for ghostscript fixes the following issues:
Security issues fixed:
- CVE-2019-3835: Fixed an unauthorized file system access caused by an
available superexec operator. (bsc#1129180)
- CVE-2019-3839: Fixed an unauthorized file system access caused by
available privileged operators. (bsc#1134156)
- CVE-2019-12973: Fixed a denial-of-service vulnerability in the OpenJPEG
function opj_t1_encode_cblks. (bsc#1140359)
- CVE-2019-14811: Fixed a safer mode bypass by .forceput exposure in
.pdf_hook_DSC_Creator. (bsc#1146882)
- CVE-2019-14812: Fixed a safer mode bypass by .forceput exposure in
setuserparams. (bsc#1146882)
- CVE-2019-14813: Fixed a safer mode bypass by .forceput exposure in
setsystemparams. (bsc#1146882)
- CVE-2019-14817: Fixed a safer mode bypass by .forceput exposure in
.pdfexectoken and other procedures. (bsc#1146884)
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-2222=1
Package List:
- openSUSE Leap 15.0 (i586 x86_64):
ghostscript-9.27-lp150.2.23.1
ghostscript-debuginfo-9.27-lp150.2.23.1
ghostscript-debugsource-9.27-lp150.2.23.1
ghostscript-devel-9.27-lp150.2.23.1
ghostscript-mini-9.27-lp150.2.23.1
ghostscript-mini-debuginfo-9.27-lp150.2.23.1
ghostscript-mini-debugsource-9.27-lp150.2.23.1
ghostscript-mini-devel-9.27-lp150.2.23.1
ghostscript-x11-9.27-lp150.2.23.1
ghostscript-x11-debuginfo-9.27-lp150.2.23.1
References:
https://www.suse.com/security/cve/CVE-2019-12973.htmlhttps://www.suse.com/security/cve/CVE-2019-14811.htmlhttps://www.suse.com/security/cve/CVE-2019-14812.htmlhttps://www.suse.com/security/cve/CVE-2019-14813.htmlhttps://www.suse.com/security/cve/CVE-2019-14817.htmlhttps://www.suse.com/security/cve/CVE-2019-3835.htmlhttps://www.suse.com/security/cve/CVE-2019-3839.htmlhttps://bugzilla.suse.com/1129180https://bugzilla.suse.com/1129186https://bugzilla.suse.com/1134156https://bugzilla.suse.com/1140359https://bugzilla.suse.com/1146882https://bugzilla.suse.com/1146884
openSUSE Security Update: Security update for varnish
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:2221-1
Rating: moderate
References: #1149382
Cross-References: CVE-2019-15892
Affected Products:
openSUSE Backports SLE-15-SP1
openSUSE Backports SLE-15
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for varnish fixes the following issues:
Security issue fixed:
- CVE-2019-15892: Fixed a potential denial of service by sending crafted
HTTP/1 requests (boo#1149382).
Non-security issues fixed:
- Updated the package to release 6.2.1.
- Added a thread pool watchdog which will restart the worker process if
scheduling tasks onto worker threads appears stuck. The new parameter
"thread_pool_watchdog" configures it.
- Disabled error for clobbering, which caused bogus error in varnishtest.
This update was imported from the openSUSE:Leap:15.0:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2019-2221=1
- openSUSE Backports SLE-15:
zypper in -t patch openSUSE-2019-2221=1
Package List:
- openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):
libvarnishapi2-6.2.1-bp151.4.3.1
libvarnishapi2-debuginfo-6.2.1-bp151.4.3.1
varnish-6.2.1-bp151.4.3.1
varnish-debuginfo-6.2.1-bp151.4.3.1
varnish-debugsource-6.2.1-bp151.4.3.1
varnish-devel-6.2.1-bp151.4.3.1
- openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):
libvarnishapi2-6.2.1-bp150.3.3.1
varnish-6.2.1-bp150.3.3.1
varnish-devel-6.2.1-bp150.3.3.1
References:
https://www.suse.com/security/cve/CVE-2019-15892.htmlhttps://bugzilla.suse.com/1149382
openSUSE Security Update: Security update for ghostscript
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:2223-1
Rating: important
References: #1129180 #1129186 #1134156 #1140359 #1146882
#1146884
Cross-References: CVE-2019-12973 CVE-2019-14811 CVE-2019-14812
CVE-2019-14813 CVE-2019-14817 CVE-2019-3835
CVE-2019-3839
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes 7 vulnerabilities is now available.
Description:
This update for ghostscript fixes the following issues:
Security issues fixed:
- CVE-2019-3835: Fixed an unauthorized file system access caused by an
available superexec operator. (bsc#1129180)
- CVE-2019-3839: Fixed an unauthorized file system access caused by
available privileged operators. (bsc#1134156)
- CVE-2019-12973: Fixed a denial-of-service vulnerability in the OpenJPEG
function opj_t1_encode_cblks. (bsc#1140359)
- CVE-2019-14811: Fixed a safer mode bypass by .forceput exposure in
.pdf_hook_DSC_Creator. (bsc#1146882)
- CVE-2019-14812: Fixed a safer mode bypass by .forceput exposure in
setuserparams. (bsc#1146882)
- CVE-2019-14813: Fixed a safer mode bypass by .forceput exposure in
setsystemparams. (bsc#1146882)
- CVE-2019-14817: Fixed a safer mode bypass by .forceput exposure in
.pdfexectoken and other procedures. (bsc#1146884)
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2019-2223=1
Package List:
- openSUSE Leap 15.1 (i586 x86_64):
ghostscript-9.27-lp151.3.6.1
ghostscript-debuginfo-9.27-lp151.3.6.1
ghostscript-debugsource-9.27-lp151.3.6.1
ghostscript-devel-9.27-lp151.3.6.1
ghostscript-mini-9.27-lp151.3.6.1
ghostscript-mini-debuginfo-9.27-lp151.3.6.1
ghostscript-mini-debugsource-9.27-lp151.3.6.1
ghostscript-mini-devel-9.27-lp151.3.6.1
ghostscript-x11-9.27-lp151.3.6.1
ghostscript-x11-debuginfo-9.27-lp151.3.6.1
References:
https://www.suse.com/security/cve/CVE-2019-12973.htmlhttps://www.suse.com/security/cve/CVE-2019-14811.htmlhttps://www.suse.com/security/cve/CVE-2019-14812.htmlhttps://www.suse.com/security/cve/CVE-2019-14813.htmlhttps://www.suse.com/security/cve/CVE-2019-14817.htmlhttps://www.suse.com/security/cve/CVE-2019-3835.htmlhttps://www.suse.com/security/cve/CVE-2019-3839.htmlhttps://bugzilla.suse.com/1129180https://bugzilla.suse.com/1129186https://bugzilla.suse.com/1134156https://bugzilla.suse.com/1140359https://bugzilla.suse.com/1146882https://bugzilla.suse.com/1146884
openSUSE Recommended Update: Recommended update for makedumpfile
______________________________________________________________________________
Announcement ID: openSUSE-RU-2019:2220-1
Rating: moderate
References: #1123015 #1138451
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that has two recommended fixes can now be
installed.
Description:
This update for makedumpfile provides the following fix:
- Update larger VA size changes to work across codestreams. (bsc#1123015,
bsc#1138451)
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2019-2220=1
Package List:
- openSUSE Leap 15.1 (i586 x86_64):
makedumpfile-1.6.3-lp151.8.3.1
makedumpfile-debuginfo-1.6.3-lp151.8.3.1
makedumpfile-debugsource-1.6.3-lp151.8.3.1
References:
https://bugzilla.suse.com/1123015https://bugzilla.suse.com/1138451
openSUSE Recommended Update: Recommended update for libcdio
______________________________________________________________________________
Announcement ID: openSUSE-RU-2019:2218-1
Rating: moderate
References: #1094761
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for libcdio fixes the following issues:
- Fix warning when BigEndian and LittleEndian sizes do not match.
(bsc#1094761)
- Fix that libcdio doesn't bail out when processing non-compliant ISO
files.
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2019-2218=1
Package List:
- openSUSE Leap 15.1 (i586 x86_64):
libcdio++0-0.94-lp151.7.3.1
libcdio++0-debuginfo-0.94-lp151.7.3.1
libcdio-debugsource-0.94-lp151.7.3.1
libcdio-devel-0.94-lp151.7.3.1
libcdio16-0.94-lp151.7.3.1
libcdio16-debuginfo-0.94-lp151.7.3.1
libiso9660-10-0.94-lp151.7.3.1
libiso9660-10-debuginfo-0.94-lp151.7.3.1
libudf0-0.94-lp151.7.3.1
libudf0-debuginfo-0.94-lp151.7.3.1
- openSUSE Leap 15.1 (x86_64):
cdio-utils-0.94-lp151.7.3.1
cdio-utils-debuginfo-0.94-lp151.7.3.1
cdio-utils-debugsource-0.94-lp151.7.3.1
libcdio++0-32bit-0.94-lp151.7.3.1
libcdio++0-32bit-debuginfo-0.94-lp151.7.3.1
libcdio16-32bit-0.94-lp151.7.3.1
libcdio16-32bit-debuginfo-0.94-lp151.7.3.1
libiso9660-10-32bit-0.94-lp151.7.3.1
libiso9660-10-32bit-debuginfo-0.94-lp151.7.3.1
libudf0-32bit-0.94-lp151.7.3.1
libudf0-32bit-debuginfo-0.94-lp151.7.3.1
References:
https://bugzilla.suse.com/1094761