Mailinglist Archive: opensuse-factory (745 mails)

< Previous Next >
[opensuse-factory] New Tumbleweed snapshot 20180128 released!

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20180128

When you reply to report some issues, make sure to change the subject.
It is not helpful to keep the release announcement subject in a thread
while discussing a specific problem.

Packages changed:
clamav (0.99.2 -> 0.99.3)
libdvdnav (5.0.3 -> 6.0.0)
libdvdread (5.0.3 -> 6.0.0)
vm-install (0.9.04 -> 0.10.01)
xen
yast2-http-server (3.2.2 -> 4.0.0)

=== Details ===

==== clamav ====
Version update (0.99.2 -> 0.99.3)
Subpackages: libclamav7

- Update to security release 0.99.3 (bsc#1077732)
* CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability)
* CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability)
* CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument Vulnerability)
- these vulnerabilities could have allowed an unauthenticated,
remote attacker to cause a denial of service (DoS) condition
or potentially execute arbitrary code on an affected device.
* CVE-2017-12374 (ClamAV use-after-free Vulnerabilities)
* CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability)
* CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability)
* CVE-2017-12380 (ClamAV Null Dereference Vulnerability)
- these vulnerabilities could have allowed an unauthenticated,
remote attacker to cause a denial of service (DoS) condition on an affected
device.
* CVE-2017-6420 (bsc#1052448)
- this vulnerability allowed remote attackers to cause a denial of service
(use-after-free) via a crafted PE file with WWPack compression.
* CVE-2017-6419 (bsc#1052449)
- ClamAV allowed remote attackers to cause a denial of service
(heap-based buffer overflow and application crash) or possibly
have unspecified other impact via a crafted CHM file.
* CVE-2017-11423 (bsc#1049423)
- The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha
allowed remote attackers to cause a denial of service
(stack-based buffer over-read and application crash) via a crafted CAB file.
* CVE-2017-6418 (bsc#1052466)
- ClamAV 0.99.2 allowed remote attackers to cause a denial
of service (out-of-bounds read) via a crafted e-mail message.
- drop clamav-0.99.2-openssl-1.1.patch (upstream)

==== libdvdnav ====
Version update (5.0.3 -> 6.0.0)

- Update to version 6.0.0:
* fix crashes on some DVD on describe_title call
* fix various crashes related to PGC validity
* fix compilation issues
* fix API return codes
- Add gpg signature

==== libdvdread ====
Version update (5.0.3 -> 6.0.0)
Subpackages: libdvdread-devel libdvdread4

- Update to version 6.0.0:
* restrict the number of symbols to be exposed to the
shared-object
* remove dvdinput_error function
* improve compatibility with some DVDs (notably the eOne ones)
* fix write after free in ifoFree functions
* fix possible buffer overflow in open
* additional checks on DVDReadBytes arguments
* fix leaks
- Removed libdvdread-no-internal-crypto.patch because it's not
applied anymore.

==== vm-install ====
Version update (0.9.04 -> 0.10.01)

- Full conversion of source to python3 from python2. (bsc#1047602)
- Graphical components now require Gtk3
- Version 0.10.01

==== xen ====
Subpackages: xen-doc-html xen-libs xen-tools xen-tools-domU

- Fix python3 deprecated atoi call (bsc#1067224)
pygrub-python3-conversion.patch
- Drop xenmon-python3-conversion.patch

==== yast2-http-server ====
Version update (3.2.2 -> 4.0.0)

- Replace SuSEFirewall2 by firewalld. (fate#323460)
- 4.0.0


--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages