openSUSE Security Update: Security update for syncthing, syncthing-gtk ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:0045-1 Rating: moderate References: #1016161 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This updates syncthing to version 0.14.16 and fixes the following issues: The following security issue was fixed: - A remote device that was already accepted by syncthing could perform arbitrary reads and writes outside of the configured directories (boo#1016161) This update also contains a number of upstream improvements in the 0.14.14 version, including: - improved performance - UI improvements - prevention of data inconsistencies syncthing-gtk was updated to 0.9.2.3 to fix reading the configuration with non-ASCII locales. The new version is compatible with syncthing 0.14.x and includes various improvement and fixes. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-30=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (noarch): syncthing-gtk-0.9.2.3-3.1 syncthing-gtk-lang-0.9.2.3-3.1 - openSUSE Leap 42.2 (x86_64): syncthing-0.14.16-5.1 References: https://bugzilla.suse.com/1016161