SUSE 5151 Published by

The following updates has been released for openSUSE:

openSUSE-SU-2018:1419-1: moderate: Security update for bash
openSUSE-SU-2018:1420-1: important: Security update for the Linux Kernel
openSUSE-SU-2018:1421-1: moderate: Recommended update for GraphicsMagick
openSUSE-SU-2018:1422-1: moderate: Security update for icu



openSUSE-SU-2018:1419-1: moderate: Security update for bash

openSUSE Security Update: Security update for bash
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:1419-1
Rating: moderate
References: #1000396 #1001299 #1086247
Cross-References: CVE-2016-0634 CVE-2016-7543
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves two vulnerabilities and has one
errata is now available.

Description:

This update for bash fixes the following issues:

Security issues fixed:

- CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable
was fixed (bsc#1001299)
- CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed
(bsc#1000396)

Non-security issues fixed:

- Fix repeating self-calling of traps due the combination of a
non-interactive shell, a trap handler for SIGINT, an external process in
the trap handler, and a SIGINT within the trap after the external
process runs. (bsc#1086247)

This update was imported from the SUSE:SLE-12-SP2:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-516=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

bash-4.3-83.6.1
bash-debuginfo-4.3-83.6.1
bash-debugsource-4.3-83.6.1
bash-devel-4.3-83.6.1
bash-loadables-4.3-83.6.1
bash-loadables-debuginfo-4.3-83.6.1
libreadline6-6.3-83.6.1
libreadline6-debuginfo-6.3-83.6.1
readline-devel-6.3-83.6.1

- openSUSE Leap 42.3 (x86_64):

bash-debuginfo-32bit-4.3-83.6.1
libreadline6-32bit-6.3-83.6.1
libreadline6-debuginfo-32bit-6.3-83.6.1
readline-devel-32bit-6.3-83.6.1

- openSUSE Leap 42.3 (noarch):

bash-doc-4.3-83.6.1
bash-lang-4.3-83.6.1
readline-doc-6.3-83.6.1


References:

https://www.suse.com/security/cve/CVE-2016-0634.html
https://www.suse.com/security/cve/CVE-2016-7543.html
https://bugzilla.suse.com/1000396
https://bugzilla.suse.com/1001299
https://bugzilla.suse.com/1086247

--


openSUSE-SU-2018:1420-1: important: Security update for the Linux Kernel

openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:1420-1
Rating: important
References: #1087082 #1088273
Cross-References: CVE-2018-3639
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves one vulnerability and has one errata
is now available.

Description:



The openSUSE Leap 15.0 kernel was updated to receive various security and
bugfixes.

The following security bugs were fixed:

- CVE-2018-3639: Systems with microprocessors utilizing speculative
execution and speculative execution of memory reads before the addresses
of all prior memory writes are known may allow unauthorized disclosure
of information to an attacker with local user access via a side-channel
analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1087082).

A new boot commandline option was introduced,
"spec_store_bypass_disable", which can have following values:

- auto: Kernel detects whether your CPU model contains an implementation
of Speculative Store Bypass and picks the most appropriate mitigation.
- on: disable Speculative Store Bypass
- off: enable Speculative Store Bypass
- prctl: Control Speculative Store Bypass per thread via prctl.
Speculative Store Bypass is enabled for a process by default. The
state of the control is inherited on fork.
- seccomp: Same as "prctl" above, but all seccomp threads will disable
SSB unless they explicitly opt out.

The default is "seccomp", meaning programs need explicit opt-in into the
mitigation.

Status can be queried via the
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing:

- "Vulnerable"
- "Mitigation: Speculative Store Bypass disabled"
- "Mitigation: Speculative Store Bypass disabled via prctl"
- "Mitigation: Speculative Store Bypass disabled via prctl and seccomp"

The following non-security bugs were fixed:

- allow_unsupported: add module tainting on feature use (FATE#323394).
- powerpc/64/kexec: fix race in kexec when XIVE is shutdown (bsc#1088273).
- reiserfs: mark read-write mode unsupported (FATE#323394).
- reiserfs: package in separate KMP (FATE#323394).


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-515=1



Package List:

- openSUSE Leap 15.0 (x86_64):

kernel-debug-4.12.14-lp150.12.4.1
kernel-debug-base-4.12.14-lp150.12.4.1
kernel-debug-base-debuginfo-4.12.14-lp150.12.4.1
kernel-debug-debuginfo-4.12.14-lp150.12.4.1
kernel-debug-debugsource-4.12.14-lp150.12.4.1
kernel-debug-devel-4.12.14-lp150.12.4.1
kernel-debug-devel-debuginfo-4.12.14-lp150.12.4.1
kernel-default-4.12.14-lp150.12.4.1
kernel-default-base-4.12.14-lp150.12.4.1
kernel-default-base-debuginfo-4.12.14-lp150.12.4.1
kernel-default-debuginfo-4.12.14-lp150.12.4.1
kernel-default-debugsource-4.12.14-lp150.12.4.1
kernel-default-devel-4.12.14-lp150.12.4.1
kernel-default-devel-debuginfo-4.12.14-lp150.12.4.1
kernel-kvmsmall-4.12.14-lp150.12.4.1
kernel-kvmsmall-base-4.12.14-lp150.12.4.1
kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.4.1
kernel-kvmsmall-debuginfo-4.12.14-lp150.12.4.1
kernel-kvmsmall-debugsource-4.12.14-lp150.12.4.1
kernel-kvmsmall-devel-4.12.14-lp150.12.4.1
kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.4.1
kernel-obs-build-4.12.14-lp150.12.4.1
kernel-obs-build-debugsource-4.12.14-lp150.12.4.1
kernel-obs-qa-4.12.14-lp150.12.4.1
kernel-syms-4.12.14-lp150.12.4.1

- openSUSE Leap 15.0 (noarch):

kernel-devel-4.12.14-lp150.12.4.1
kernel-docs-4.12.14-lp150.12.4.1
kernel-docs-html-4.12.14-lp150.12.4.1
kernel-macros-4.12.14-lp150.12.4.1
kernel-source-4.12.14-lp150.12.4.1
kernel-source-vanilla-4.12.14-lp150.12.4.1


References:

https://www.suse.com/security/cve/CVE-2018-3639.html
https://bugzilla.suse.com/1087082
https://bugzilla.suse.com/1088273

--


openSUSE-SU-2018:1421-1: moderate: Recommended update for GraphicsMagick

openSUSE Security Update: Recommended update for GraphicsMagick
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:1421-1
Rating: moderate
References: #1094352
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that contains security fixes can now be installed.

Description:



GraphicsMagick was updated to 1.3.29:

* Security Fixes:

- GraphicsMagick is now participating in Google's oss-fuzz project
- JNG: Require that the embedded JPEG image have the same dimensions as
the JNG image as provided by JHDR. Avoids a heap write overflow.
- MNG: Arbitrarily limit the number of loops which may be requested by
the MNG LOOP chunk to 512 loops, and provide the '-define
mng:maximum-loops=value' option in case the user wants to change the
limit. This fixes a denial of service caused by large LOOP
specifications.

* Bug fixes:

- DICOM: Pre/post rescale functions are temporarily disabled (until the
implementation is fixed).
- JPEG: Fix regression in last release in which reading some JPEG files
produces the error "Improper call to JPEG library in state 201".
- ICON: Some DIB-based Windows ICON files were reported as corrupt to an
unexpectedly missing opacity mask image.
- In-memory Blob I/O: Don't implicitly increase the allocation size due
to seek offsets.
- MNG: Detect and handle failure to allocate global PLTE. Fix divide by
zero.
- DrawGetStrokeDashArray(): Check for failure to allocate memory.
- BlobToImage(): Now produces useful exception reports to cover the
cases where 'magick' was not set and the file format could not be
deduced from its header.

* API Updates:

- Wand API: Added MagickIsPaletteImage(), MagickIsOpaqueImage(),
MagickIsMonochromeImage(), MagickIsGrayImage(), MagickHasColormap()
based on contributions by Troy Patteson.
- New structure ImageExtra added and Image 'clip_mask' member is
replaced by 'extra' which points to private ImageExtra allocation. The
ImageGetClipMask() function now provides access to the clip mask image.
- New structure DrawInfoExtra and DrawInfo 'clip_path' is replaced by
'extra' which points to private DrawInfoExtra allocation. The
DrawInfoGetClipPath() function now provides access to the clip path.
- New core library functions: GetImageCompositeMask(),
CompositeMaskImage(), CompositePathImage(), SetImageCompositeMask(),
ImageGetClipMask(), ImageGetCompositeMask(), DrawInfoGetClipPath(),
DrawInfoGetCompositePath()
- Deprecated core library functions: RegisterStaticModules(),
UnregisterStaticModules().

* Feature improvements:
- Static modules (in static library or shared library without
dynamically loadable modules) are now lazy-loaded using the same
external interface as the lazy-loader for dynamic modules. This
results in more similarity between the builds and reduces the fixed
initialization overhead by only initializing the modules which are
used.
- SVG: The quality of SVG support has been significantly improved due to
the efforts of Greg Wolfe.
- FreeType/TTF rendering: Rendering fixes for opacity.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-518=1



Package List:

- openSUSE Leap 15.0 (x86_64):

GraphicsMagick-1.3.29-lp150.3.3.1
GraphicsMagick-debuginfo-1.3.29-lp150.3.3.1
GraphicsMagick-debugsource-1.3.29-lp150.3.3.1
GraphicsMagick-devel-1.3.29-lp150.3.3.1
libGraphicsMagick++-Q16-12-1.3.29-lp150.3.3.1
libGraphicsMagick++-Q16-12-debuginfo-1.3.29-lp150.3.3.1
libGraphicsMagick++-devel-1.3.29-lp150.3.3.1
libGraphicsMagick-Q16-3-1.3.29-lp150.3.3.1
libGraphicsMagick-Q16-3-debuginfo-1.3.29-lp150.3.3.1
libGraphicsMagick3-config-1.3.29-lp150.3.3.1
libGraphicsMagickWand-Q16-2-1.3.29-lp150.3.3.1
libGraphicsMagickWand-Q16-2-debuginfo-1.3.29-lp150.3.3.1
perl-GraphicsMagick-1.3.29-lp150.3.3.1
perl-GraphicsMagick-debuginfo-1.3.29-lp150.3.3.1


References:

https://bugzilla.suse.com/1094352

--


openSUSE-SU-2018:1422-1: moderate: Security update for icu

openSUSE Security Update: Security update for icu
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:1422-1
Rating: moderate
References: #1034674 #1034678 #1067203 #1072193 #1077999
#1087932 #929629 #990636
Cross-References: CVE-2014-8146 CVE-2014-8147 CVE-2016-6293
CVE-2017-14952 CVE-2017-15422 CVE-2017-17484
CVE-2017-7867 CVE-2017-7868
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes 8 vulnerabilities is now available.

Description:

icu was updated to fix two security issues.

These security issues were fixed:
- CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in
the Unicode Bidirectional Algorithm implementation in ICU4C in
International Components for Unicode (ICU) used an integer data type
that is inconsistent with a header file, which allowed remote attackers
to cause a denial of service (incorrect malloc followed by invalid free)
or possibly execute arbitrary code via crafted text (bsc#929629).
- CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in
the Unicode Bidirectional Algorithm implementation in ICU4C in
International Components for Unicode (ICU) did not properly track
directionally isolated pieces of text, which allowed remote attackers to
cause a denial of service (heap-based buffer overflow) or possibly
execute arbitrary code via crafted text (bsc#929629).
- CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in
common/uloc.cpp in International Components for Unicode (ICU) for C/C++
did not ensure that there is a '\0' character at the end of a certain
temporary array, which allowed remote attackers to cause a denial of
service (out-of-bounds read) or possibly have unspecified other impact
via a call with a long httpAcceptLanguage argument (bsc#990636).
- CVE-2017-7868: International Components for Unicode (ICU) for C/C++
2017-02-13 has an out-of-bounds write caused by a heap-based buffer
overflow related to the utf8TextAccess function in common/utext.cpp and
the utext_moveIndex32* function (bsc#1034674)
- CVE-2017-7867: International Components for Unicode (ICU) for C/C++
2017-02-13 has an out-of-bounds write caused by a heap-based buffer
overflow related to the utf8TextAccess function in common/utext.cpp and
the utext_setNativeIndex* function (bsc#1034678)
- CVE-2017-14952: Double free in i18n/zonemeta.cpp in International
Components for Unicode (ICU) for C/C++ allowed remote attackers to
execute arbitrary code via a crafted string, aka a "redundant UVector
entry clean up function call" issue (bnc#1067203)
- CVE-2017-17484: The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in
International Components for Unicode (ICU) for C/C++ mishandled
ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allowed remote
attackers to cause a denial of service (stack-based buffer overflow and
application crash) or possibly have unspecified other impact via a
crafted string, as demonstrated by ZNC (bnc#1072193)
- CVE-2017-15422: An integer overflow in icu during persian calendar date
processing could lead to incorrect years shown (bnc#1077999)

This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-517=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

icu-52.1-18.1
icu-data-52.1-18.1
icu-debuginfo-52.1-18.1
icu-debugsource-52.1-18.1
libicu-devel-52.1-18.1
libicu-doc-52.1-18.1
libicu52_1-52.1-18.1
libicu52_1-data-52.1-18.1
libicu52_1-debuginfo-52.1-18.1

- openSUSE Leap 42.3 (x86_64):

libicu-devel-32bit-52.1-18.1
libicu52_1-32bit-52.1-18.1
libicu52_1-debuginfo-32bit-52.1-18.1


References:

https://www.suse.com/security/cve/CVE-2014-8146.html
https://www.suse.com/security/cve/CVE-2014-8147.html
https://www.suse.com/security/cve/CVE-2016-6293.html
https://www.suse.com/security/cve/CVE-2017-14952.html
https://www.suse.com/security/cve/CVE-2017-15422.html
https://www.suse.com/security/cve/CVE-2017-17484.html
https://www.suse.com/security/cve/CVE-2017-7867.html
https://www.suse.com/security/cve/CVE-2017-7868.html
https://bugzilla.suse.com/1034674
https://bugzilla.suse.com/1034678
https://bugzilla.suse.com/1067203
https://bugzilla.suse.com/1072193
https://bugzilla.suse.com/1077999
https://bugzilla.suse.com/1087932
https://bugzilla.suse.com/929629
https://bugzilla.suse.com/990636

--