openSUSE Updates September 2019

updates@lists.opensuse.org

2 participants
184 discussions

openSUSE-RU-2019:2210-1: moderate: Recommended update for sbd

by maintenance＠opensuse.org

openSUSE Recommended Update: Recommended update for sbd ______________________________________________________________________________ Announcement ID: openSUSE-RU-2019:2210-1 Rating: moderate References: #1128059 #1134496 #1140065 Affected Products: openSUSE Leap 15.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for sbd fixes the following issues: - sbd-cluster: Fix 100% CPU usage when CMAP connection is lost. (bsc#1140065, SOC-8774) - Update to version 1.4.0+20190514.e9be8d9: - sbd-inquisitor: Avoid flooding logs with messages that hint the default/configured timeout action. (bsc#1134496) - Update to version 1.4.0+20190416.5e3283c: - sbd-inquisitor: Overhaul device-list-parser. - sbd-inquisitor: Free timeout action on bail out. - sbd-md: Prevent unrealistic overflow on sector io calc. - Update to version 1.4.0+20190326.c38c5e6: - sbd-pacemaker: Bail out of status earlier. - sbd-pacemaker: Make handling of cib-connection loss more robust. - Update to version 1.4.0+20190311.0159a3c: - sbd-cluster: Finalize CMAP connection if disconnected from cluster. (bsc#1128059) - Update from 1.4.0+20190123.1829c40 to version 1.4.0+20190201.f949aa8: - Fail earlier on invalid servants. This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-2210=1 Package List: - openSUSE Leap 15.0 (x86_64): sbd-1.4.0+20190514.e9be8d9-lp150.10.1 sbd-debuginfo-1.4.0+20190514.e9be8d9-lp150.10.1 sbd-debugsource-1.4.0+20190514.e9be8d9-lp150.10.1 References: https://bugzilla.suse.com/1128059 https://bugzilla.suse.com/1134496 https://bugzilla.suse.com/1140065

1 year, 12 months

openSUSE-SU-2019:2211-1: moderate: Security update for phpMyAdmin

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for phpMyAdmin ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:2211-1 Rating: moderate References: #1150914 Cross-References: CVE-2019-12922 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for phpMyAdmin to 4.9.1 fixes the following issues: Security issue fixed: - CVE-2019-12922: Fixed CSRF issue that allowed deletion of any server in the Setup page. (boo#1150914) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2019-2211=1 - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-2211=1 - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2019-2211=1 - openSUSE Backports SLE-15: zypper in -t patch openSUSE-2019-2211=1 - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2019-2211=1 Package List: - openSUSE Leap 15.1 (noarch): phpMyAdmin-4.9.1-lp151.2.6.1 - openSUSE Leap 15.0 (noarch): phpMyAdmin-4.9.1-lp150.34.1 - openSUSE Backports SLE-15-SP1 (noarch): phpMyAdmin-4.9.1-bp151.3.6.1 - openSUSE Backports SLE-15 (noarch): phpMyAdmin-4.9.1-bp150.34.1 - SUSE Package Hub for SUSE Linux Enterprise 12 (noarch): phpMyAdmin-4.9.1-34.1 References: https://www.suse.com/security/cve/CVE-2019-12922.html https://bugzilla.suse.com/1150914

1 year, 12 months

openSUSE-RU-2019:2209-1: moderate: Recommended update for crmsh

by maintenance＠opensuse.org

openSUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: openSUSE-RU-2019:2209-1 Rating: moderate References: #1093564 #1116559 #1120554 #1120555 #1120587 #1123187 #1129380 #1129383 #1129719 #1130715 #1135696 Affected Products: openSUSE Leap 15.0 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update for crmsh contains the following fixes: Specific hb_report issues fixed: - Collect output of "sbd dump" and "sbd list". (bsc#1129383) - Using Tempfile class to manage tempfiles. - Handle UnicodeDecodeError on special position. (bsc#1130715) - Analysis.txt includes warning, error, critical messages. (bsc#1135696) Update from 4.0.0+git.1542103310.dd114188 to version 4.0.0+git.1553262403.5da14dfa5 includes: * Add timestamp for DEBUG messages. (bsc#1129380) * Check if command and related files exists. (bsc#1129719) * Add "promotable", "promoted-max" and "promoted-node-max" constants in clone meta attributes. * Fix #425 The ID attribute is not required for select and select_attributes. * Set kind for order constraints, not score. (bsc#1123187) * low: utils: add support for dpkg. * low: utils: add support for apt-get. * low: utils: convert string contstants to bytes. * Warning messages start with like "WARNING:" instead of "!". (bsc#1120587, bsc#1120586) * crmsh crashed when using configure->template->apply. (bsc#1120554, bsc#1120555) * Increase log level for verification. (bsc#1116559) * Fix UnicodeEncodeError while print. (bsc#1093564) This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-2209=1 Package List: - openSUSE Leap 15.0 (noarch): crmsh-4.0.0+git.1553262403.5da14df5-lp150.2.13.1 crmsh-scripts-4.0.0+git.1553262403.5da14df5-lp150.2.13.1 crmsh-test-4.0.0+git.1553262403.5da14df5-lp150.2.13.1 References: https://bugzilla.suse.com/1093564 https://bugzilla.suse.com/1116559 https://bugzilla.suse.com/1120554 https://bugzilla.suse.com/1120555 https://bugzilla.suse.com/1120587 https://bugzilla.suse.com/1123187 https://bugzilla.suse.com/1129380 https://bugzilla.suse.com/1129383 https://bugzilla.suse.com/1129719 https://bugzilla.suse.com/1130715 https://bugzilla.suse.com/1135696

1 year, 12 months

openSUSE-SU-2019:2211-1: moderate: Security update for phpMyAdmin

by opensuse-security＠opensuse.org

1 year, 12 months

openSUSE-SU-2019:2206-1: moderate: Security update for mosquitto

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for mosquitto ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:2206-1 Rating: moderate References: #1151494 Cross-References: CVE-2019-11779 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mosquitto fixes the following issues: - CVE-2019-11779: Fixed insufficient parsing of SUBSCRIBE packets that could lead to a stack overflow (bsc#1151494). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2019-2206=1 Package List: - openSUSE Leap 15.1 (x86_64): libmosquitto1-1.5.7-lp151.2.3.1 libmosquitto1-debuginfo-1.5.7-lp151.2.3.1 libmosquittopp1-1.5.7-lp151.2.3.1 libmosquittopp1-debuginfo-1.5.7-lp151.2.3.1 mosquitto-1.5.7-lp151.2.3.1 mosquitto-clients-1.5.7-lp151.2.3.1 mosquitto-clients-debuginfo-1.5.7-lp151.2.3.1 mosquitto-debuginfo-1.5.7-lp151.2.3.1 mosquitto-debugsource-1.5.7-lp151.2.3.1 mosquitto-devel-1.5.7-lp151.2.3.1 References: https://www.suse.com/security/cve/CVE-2019-11779.html https://bugzilla.suse.com/1151494

1 year, 12 months

openSUSE-SU-2019:2203-1: moderate: Security update for rust

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for rust ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:2203-1 Rating: moderate References: #1096945 #1100691 #1133283 #1134978 Cross-References: CVE-2018-1000622 CVE-2019-12083 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for rust fixes the following issues: Rust was updated to version 1.36.0. Security issues fixed: - CVE-2019-12083: a standard method can be overridden violating Rust's safety guarantees and causing memory unsafety (bsc#1134978) - CVE-2018-1000622: rustdoc loads plugins from world writable directory allowing for arbitrary code execution (bsc#1100691) This update was imported from SUSE:SLE-15:Update. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2019-2203=1 Package List: - openSUSE Leap 15.1 (i586 x86_64): cargo-1.36.0-lp151.5.4.1 clippy-1.36.0-lp151.5.4.1 rls-1.36.0-lp151.5.4.1 rust-1.36.0-lp151.5.4.1 rust-analysis-1.36.0-lp151.5.4.1 rust-doc-1.36.0-lp151.5.4.1 rust-gdb-1.36.0-lp151.5.4.1 rust-std-static-1.36.0-lp151.5.4.1 rustfmt-1.36.0-lp151.5.4.1 - openSUSE Leap 15.1 (noarch): cargo-doc-1.36.0-lp151.5.4.1 rust-src-1.36.0-lp151.5.4.1 - openSUSE Leap 15.1 (x86_64): rust-cbindgen-0.8.7-lp151.2.2 rust-cbindgen-debuginfo-0.8.7-lp151.2.2 References: https://www.suse.com/security/cve/CVE-2018-1000622.html https://www.suse.com/security/cve/CVE-2019-12083.html https://bugzilla.suse.com/1096945 https://bugzilla.suse.com/1100691 https://bugzilla.suse.com/1133283 https://bugzilla.suse.com/1134978

1 year, 12 months

openSUSE-OU-2019:2202-1: Optional update for php7-APCu

by maintenance＠opensuse.org

openSUSE Optional Update: Optional update for php7-APCu ______________________________________________________________________________ Announcement ID: openSUSE-OU-2019:2202-1 Rating: low References: Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that has 0 optional fixes can now be installed. Description: This update for php7-APCu fixes the following issues: - Add new package php7-APCu in version 5.1.15 Patch Instructions: To install this openSUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2019-2202=1 Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64): php7-APCu-5.1.15-2.1 References:

1 year, 12 months

openSUSE-SU-2019:2200-1: important: Security update for nmap

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for nmap ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:2200-1 Rating: important References: #1135350 #1148742 Cross-References: CVE-2017-18594 CVE-2018-15173 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nmap fixes the following issues: Security issue fixed: - CVE-2017-18594: Fixed a denial of service condition due to a double free when an SSH connection fails. (bsc#1148742) Non-security issue fixed: - Fixed a regression in the version scanner caused, by the fix for CVE-2018-15173. (bsc#1135350) This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2019-2200=1 Package List: - openSUSE Leap 15.1 (x86_64): ncat-7.70-lp151.3.9.1 ncat-debuginfo-7.70-lp151.3.9.1 ndiff-7.70-lp151.3.9.1 nmap-7.70-lp151.3.9.1 nmap-debuginfo-7.70-lp151.3.9.1 nmap-debugsource-7.70-lp151.3.9.1 nping-7.70-lp151.3.9.1 nping-debuginfo-7.70-lp151.3.9.1 zenmap-7.70-lp151.3.9.1 References: https://www.suse.com/security/cve/CVE-2017-18594.html https://www.suse.com/security/cve/CVE-2018-15173.html https://bugzilla.suse.com/1135350 https://bugzilla.suse.com/1148742

1 year, 12 months

openSUSE-SU-2019:2199-1: important: Security update for ibus

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for ibus ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:2199-1 Rating: important References: #1150011 Cross-References: CVE-2019-14822 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ibus fixes the following issues: - CVE-2019-14822: Fixed misconfiguration of the DBus server allows to unprivileged user could monitor and send method calls to the ibus bus of another user (bsc#1150011). This update was imported from the SUSE:SLE-15-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2019-2199=1 Package List: - openSUSE Leap 15.1 (i586 x86_64): ibus-1.5.19-lp151.2.3.1 ibus-debuginfo-1.5.19-lp151.2.3.1 ibus-debugsource-1.5.19-lp151.2.3.1 ibus-devel-1.5.19-lp151.2.3.1 ibus-gtk-1.5.19-lp151.2.3.1 ibus-gtk-debuginfo-1.5.19-lp151.2.3.1 ibus-gtk3-1.5.19-lp151.2.3.1 ibus-gtk3-debuginfo-1.5.19-lp151.2.3.1 libibus-1_0-5-1.5.19-lp151.2.3.1 libibus-1_0-5-debuginfo-1.5.19-lp151.2.3.1 typelib-1_0-IBus-1_0-1.5.19-lp151.2.3.1 - openSUSE Leap 15.1 (x86_64): ibus-gtk-32bit-1.5.19-lp151.2.3.1 ibus-gtk-32bit-debuginfo-1.5.19-lp151.2.3.1 ibus-gtk3-32bit-1.5.19-lp151.2.3.1 ibus-gtk3-32bit-debuginfo-1.5.19-lp151.2.3.1 libibus-1_0-5-32bit-1.5.19-lp151.2.3.1 libibus-1_0-5-32bit-debuginfo-1.5.19-lp151.2.3.1 python-ibus-1.5.19-lp151.2.3.1 - openSUSE Leap 15.1 (noarch): ibus-lang-1.5.19-lp151.2.3.1 References: https://www.suse.com/security/cve/CVE-2019-14822.html https://bugzilla.suse.com/1150011

1 year, 12 months

openSUSE-SU-2019:2198-1: important: Security update for nmap

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for nmap ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:2198-1 Rating: important References: #1135350 #1148742 Cross-References: CVE-2017-18594 CVE-2018-15173 Affected Products: openSUSE Leap 15.0 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nmap fixes the following issues: Security issue fixed: - CVE-2017-18594: Fixed a denial of service condition due to a double free when an SSH connection fails. (bsc#1148742) Non-security issue fixed: - Fixed a regression in the version scanner caused, by the fix for CVE-2018-15173. (bsc#1135350) This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-2198=1 Package List: - openSUSE Leap 15.0 (x86_64): ncat-7.70-lp150.2.9.1 ncat-debuginfo-7.70-lp150.2.9.1 ndiff-7.70-lp150.2.9.1 nmap-7.70-lp150.2.9.1 nmap-debuginfo-7.70-lp150.2.9.1 nmap-debugsource-7.70-lp150.2.9.1 nping-7.70-lp150.2.9.1 nping-debuginfo-7.70-lp150.2.9.1 zenmap-7.70-lp150.2.9.1 References: https://www.suse.com/security/cve/CVE-2017-18594.html https://www.suse.com/security/cve/CVE-2018-15173.html https://bugzilla.suse.com/1135350 https://bugzilla.suse.com/1148742

1 year, 12 months

Jump to page:

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

openSUSE Updates September 2019