Mailinglist Archive: opensuse-updates (145 mails)

< Previous Next >
openSUSE-SU-2018:1119-1: moderate: Security update for quassel
openSUSE Security Update: Security update for quassel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:1119-1
Rating: moderate
References: #1069468 #1090495
Cross-References: CVE-2018-1000178 CVE-2018-1000179
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for quassel fixes the following issues:

Security fixes (boo#1090495):

- CVE-2018-1000178: A heap metadata corruption in qdatastream could have
been exploited to launch an unauthenticated remote code execution

- CVE-2018-1000179: A remote attacker could have caused a Denial of
Service attack by initiating login attempts before the core got
initialized

The following tracked packaging change is included:

- boo#1069468: no longer use /var/adm/fillup-templates

This update also includes various small bug fixes in the upstream 0.12.4
release.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-409=1



Package List:

- openSUSE Leap 42.3 (x86_64):

quassel-base-0.12.5-5.3.1
quassel-client-0.12.5-5.3.1
quassel-client-debuginfo-0.12.5-5.3.1
quassel-client-qt5-0.12.5-5.3.1
quassel-client-qt5-debuginfo-0.12.5-5.3.1
quassel-core-0.12.5-5.3.1
quassel-core-debuginfo-0.12.5-5.3.1
quassel-debugsource-0.12.5-5.3.1
quassel-mono-0.12.5-5.3.1
quassel-mono-debuginfo-0.12.5-5.3.1


References:

https://www.suse.com/security/cve/CVE-2018-1000178.html
https://www.suse.com/security/cve/CVE-2018-1000179.html
https://bugzilla.suse.com/1069468
https://bugzilla.suse.com/1090495


< Previous Next >
This Thread
  • No further messages