openSUSE Security Update: Security update for GNU Health and it's dependencies ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:0009-1 Rating: moderate References: #1016817 #1016885 #1016886 Cross-References: CVE-2016-1241 CVE-2016-1242 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update provides version 3.0.5 of GNU Health including several fixes and improvements. - Update to ICD10 version 2016. - Fix error when printing prescription using review dates. - Fix error on summary report when no date of birth is assigned to the person. Additionally the following dependencies have been updated: tryton: - Update to 3.8.12. - Sanitize path in file open. (boo#1016886, CVE-2016-1242) - Prevent read of user password hash. (boo#1016885, CVE-2016-1241) trytond: - Update to 3.8.9. - Sanitize path in file open. (boo#1016886, CVE-2016-1242) - Prevent read of user password hash. (boo#1016885, CVE-2016-1241) trytond_account: - Update to 3.8.5. trytond_account_invoice: - Update to 3.8.4. trytond_stock: - Update to 3.8.4. trytond_stock_lot: - Update to 3.8.1. porteus: - Update to 3.8.5. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-6=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (noarch): gnuhealth-3.0.5-3.1 proteus-3.8.5-3.1 tryton-3.8.12-3.1 trytond-3.8.9-4.1 trytond_account-3.8.5-3.1 trytond_account_invoice-3.8.4-3.1 trytond_stock-3.8.4-3.1 trytond_stock_lot-3.8.1-3.1 References: https://www.suse.com/security/cve/CVE-2016-1241.html https://www.suse.com/security/cve/CVE-2016-1242.html https://bugzilla.suse.com/1016817 https://bugzilla.suse.com/1016885 https://bugzilla.suse.com/1016886