The following updates has been released for SUSE:
openSUSE-SU-2018:3871-1: important: Security update for chromium
openSUSE-SU-2018:3872-1: important: Security update for chromium
openSUSE-SU-2018:3876-1: important: Security update for virtualbox
openSUSE-SU-2018:3871-1: important: Security update for chromium
openSUSE-SU-2018:3872-1: important: Security update for chromium
openSUSE-SU-2018:3876-1: important: Security update for virtualbox
openSUSE-SU-2018:3871-1: important: Security update for chromium
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:3871-1
Rating: important
References: #1116608
Cross-References: CVE-2018-17479
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.0
openSUSE Backports SLE-15
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for Chromium to version 70.0.3538.110 fixes the following
security issue:
- CVE-2018-17479: Use-after-free in GPU (boo#1116608)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-1446=1
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1446=1
- openSUSE Backports SLE-15:
zypper in -t patch openSUSE-2018-1446=1
Package List:
- openSUSE Leap 42.3 (x86_64):
chromedriver-70.0.3538.110-186.1
chromedriver-debuginfo-70.0.3538.110-186.1
chromium-70.0.3538.110-186.1
chromium-debuginfo-70.0.3538.110-186.1
chromium-debugsource-70.0.3538.110-186.1
- openSUSE Leap 15.0 (x86_64):
chromedriver-70.0.3538.110-lp150.2.26.1
chromedriver-debuginfo-70.0.3538.110-lp150.2.26.1
chromium-70.0.3538.110-lp150.2.26.1
chromium-debuginfo-70.0.3538.110-lp150.2.26.1
chromium-debugsource-70.0.3538.110-lp150.2.26.1
- openSUSE Backports SLE-15 (aarch64 x86_64):
chromedriver-70.0.3538.110-bp150.2.20.1
chromedriver-debuginfo-70.0.3538.110-bp150.2.20.1
chromium-70.0.3538.110-bp150.2.20.1
chromium-debuginfo-70.0.3538.110-bp150.2.20.1
chromium-debugsource-70.0.3538.110-bp150.2.20.1
References:
https://www.suse.com/security/cve/CVE-2018-17479.html
https://bugzilla.suse.com/1116608
--
openSUSE-SU-2018:3872-1: important: Security update for chromium
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:3872-1
Rating: important
References: #1116608
Cross-References: CVE-2018-17479
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for Chromium to version 70.0.3538.110 fixes the following
security issue:
- CVE-2018-17479: Use-after-free in GPU (boo#1116608)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Package Hub for SUSE Linux Enterprise 12:
zypper in -t patch openSUSE-2018-1446=1
Package List:
- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):
chromedriver-70.0.3538.110-77.1
chromedriver-debuginfo-70.0.3538.110-77.1
chromium-70.0.3538.110-77.1
chromium-debuginfo-70.0.3538.110-77.1
chromium-debugsource-70.0.3538.110-77.1
References:
https://www.suse.com/security/cve/CVE-2018-17479.html
https://bugzilla.suse.com/1116608
--
openSUSE-SU-2018:3876-1: important: Security update for virtualbox
openSUSE Security Update: Security update for virtualbox
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:3876-1
Rating: important
References: #1115041
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.0
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for virtualbox fixes the following issues:
virtualbox was updated to version 5.2.22 (released November 09 2018 by
Oracle).
Security issues fixed:
- Fixed a guest-to-host excape via the e1000 virtual network driver
(bsc#1115041).
Non-security issues fixed:
- Audio: Fixed a regression in the Core Audio backend causing a hang when
returning from host sleep when processing input buffers.
- Audio: Fixed a potential crash in the HDA emulation if a stream has no
valid mixer sink attached.
- Linux Additions: Disable 3D for recent guests using Wayland (bug #18116).
- Linux Additions: Fix for rebuilding kernel modules for new kernels on
RPM guests.
- Linux Additions: Further fixes for Linux 4.19.
- Linux Additions: Fixed errors rebuilding initrd files with dracut on EL
6 (bug 18055#).
- Linux Additions: Fixed 5.2.20 regression: guests not remembering the
screen size after shutdown and restart (bug #18078).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-1443=1
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1443=1
Package List:
- openSUSE Leap 42.3 (x86_64):
python-virtualbox-5.2.22-63.1
python-virtualbox-debuginfo-5.2.22-63.1
virtualbox-5.2.22-63.1
virtualbox-debuginfo-5.2.22-63.1
virtualbox-debugsource-5.2.22-63.1
virtualbox-devel-5.2.22-63.1
virtualbox-guest-kmp-default-5.2.22_k4.4.162_78-63.1
virtualbox-guest-kmp-default-debuginfo-5.2.22_k4.4.162_78-63.1
virtualbox-guest-tools-5.2.22-63.1
virtualbox-guest-tools-debuginfo-5.2.22-63.1
virtualbox-guest-x11-5.2.22-63.1
virtualbox-guest-x11-debuginfo-5.2.22-63.1
virtualbox-host-kmp-default-5.2.22_k4.4.162_78-63.1
virtualbox-host-kmp-default-debuginfo-5.2.22_k4.4.162_78-63.1
virtualbox-qt-5.2.22-63.1
virtualbox-qt-debuginfo-5.2.22-63.1
virtualbox-vnc-5.2.22-63.1
virtualbox-websrv-5.2.22-63.1
virtualbox-websrv-debuginfo-5.2.22-63.1
- openSUSE Leap 42.3 (noarch):
virtualbox-guest-desktop-icons-5.2.22-63.1
virtualbox-guest-source-5.2.22-63.1
virtualbox-host-source-5.2.22-63.1
- openSUSE Leap 15.0 (noarch):
virtualbox-guest-desktop-icons-5.2.22-lp150.4.23.1
virtualbox-guest-source-5.2.22-lp150.4.23.1
virtualbox-host-source-5.2.22-lp150.4.23.1
- openSUSE Leap 15.0 (x86_64):
python3-virtualbox-5.2.22-lp150.4.23.1
python3-virtualbox-debuginfo-5.2.22-lp150.4.23.1
virtualbox-5.2.22-lp150.4.23.1
virtualbox-debuginfo-5.2.22-lp150.4.23.1
virtualbox-debugsource-5.2.22-lp150.4.23.1
virtualbox-devel-5.2.22-lp150.4.23.1
virtualbox-guest-kmp-default-5.2.22_k4.12.14_lp150.12.25-lp150.4.23.1
virtualbox-guest-kmp-default-debuginfo-5.2.22_k4.12.14_lp150.12.25-lp150.4.23.1
virtualbox-guest-tools-5.2.22-lp150.4.23.1
virtualbox-guest-tools-debuginfo-5.2.22-lp150.4.23.1
virtualbox-guest-x11-5.2.22-lp150.4.23.1
virtualbox-guest-x11-debuginfo-5.2.22-lp150.4.23.1
virtualbox-host-kmp-default-5.2.22_k4.12.14_lp150.12.25-lp150.4.23.1
virtualbox-host-kmp-default-debuginfo-5.2.22_k4.12.14_lp150.12.25-lp150.4.23.1
virtualbox-qt-5.2.22-lp150.4.23.1
virtualbox-qt-debuginfo-5.2.22-lp150.4.23.1
virtualbox-vnc-5.2.22-lp150.4.23.1
virtualbox-websrv-5.2.22-lp150.4.23.1
virtualbox-websrv-debuginfo-5.2.22-lp150.4.23.1
References:
https://bugzilla.suse.com/1115041
--
