SUSE 5152 Published by

The following updates has been released for SUSE:

openSUSE-SU-2018:4122-1: important: Security update for Chromium
openSUSE-SU-2018:4124-1: moderate: Security update for phpMyAdmin
openSUSE-SU-2018:4125-1: moderate: Security update for phpMyAdmin
openSUSE-SU-2018:4132-1: important: Security update for the Linux Kernel
openSUSE-SU-2018:4133-1: important: Security update for the Linux Kernel



openSUSE-SU-2018:4122-1: important: Security update for Chromium

openSUSE Security Update: Security update for Chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:4122-1
Rating: important
References: #1119364
Cross-References: CVE-2018-17481
Affected Products:
openSUSE Leap 15.0
openSUSE Backports SLE-15
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update to Chromium 71.0.3578.98 fixes on security issue.

- CVE-2018-17481: Use after free in PDFium - a follow-up fix to Chromiun
70 (boo#1119364)


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1546=1

- openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2018-1546=1



Package List:

- openSUSE Leap 15.0 (x86_64):

chromedriver-71.0.3578.98-lp150.2.33.1
chromedriver-debuginfo-71.0.3578.98-lp150.2.33.1
chromium-71.0.3578.98-lp150.2.33.1
chromium-debuginfo-71.0.3578.98-lp150.2.33.1
chromium-debugsource-71.0.3578.98-lp150.2.33.1

- openSUSE Backports SLE-15 (aarch64 x86_64):

chromedriver-71.0.3578.98-bp150.2.26.1
chromedriver-debuginfo-71.0.3578.98-bp150.2.26.1
chromium-71.0.3578.98-bp150.2.26.1
chromium-debuginfo-71.0.3578.98-bp150.2.26.1
chromium-debugsource-71.0.3578.98-bp150.2.26.1


References:

https://www.suse.com/security/cve/CVE-2018-17481.html
https://bugzilla.suse.com/1119364

--


openSUSE-SU-2018:4124-1: moderate: Security update for phpMyAdmin

openSUSE Security Update: Security update for phpMyAdmin
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:4124-1
Rating: moderate
References: #1119245
Cross-References: CVE-2018-19968 CVE-2018-19969 CVE-2018-19970

Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.0
openSUSE Backports SLE-15
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for phpMyAdmin fixes security issues and bugs.

Security issues addressed in the 4.8.4 release (bsc#1119245):

- CVE-2018-19968: Local file inclusion through transformation feature
- CVE-2018-19969: XSRF/CSRF vulnerability
- CVE-2018-19970: XSS vulnerability in navigation tree

This update also contains the following upstream bug fixes and
improvements:

- Ensure that database names with a dot ('.') are handled properly when
DisableIS is true
- Fix for message "Error while copying database (pma__column_info)"
- Move operation causes "SELECT * FROM `undefined`" error
- When logging with $cfg['AuthLog'] to syslog, successful login messages
were not logged when $cfg['AuthLogSuccess'] was true
- Multiple errors and regressions with Designer


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1547=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1547=1

- openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2018-1547=1



Package List:

- openSUSE Leap 42.3 (noarch):

phpMyAdmin-4.8.4-24.1

- openSUSE Leap 15.0 (noarch):

phpMyAdmin-4.8.4-lp150.2.12.1

- openSUSE Backports SLE-15 (noarch):

phpMyAdmin-4.8.4-bp150.3.6.1


References:

https://www.suse.com/security/cve/CVE-2018-19968.html
https://www.suse.com/security/cve/CVE-2018-19969.html
https://www.suse.com/security/cve/CVE-2018-19970.html
https://bugzilla.suse.com/1119245

--


openSUSE-SU-2018:4125-1: moderate: Security update for phpMyAdmin

openSUSE Security Update: Security update for phpMyAdmin
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:4125-1
Rating: moderate
References: #1119245
Cross-References: CVE-2018-19968 CVE-2018-19969 CVE-2018-19970

Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for phpMyAdmin fixes security issues and bugs.

Security issues addressed in the 4.8.4 release (bsc#1119245):

- CVE-2018-19968: Local file inclusion through transformation feature
- CVE-2018-19969: XSRF/CSRF vulnerability
- CVE-2018-19970: XSS vulnerability in navigation tree

This update also contains the following upstream bug fixes and
improvements:

- Ensure that database names with a dot ('.') are handled properly when
DisableIS is true
- Fix for message "Error while copying database (pma__column_info)"
- Move operation causes "SELECT * FROM `undefined`" error
- When logging with $cfg['AuthLog'] to syslog, successful login messages
were not logged when $cfg['AuthLogSuccess'] was true
- Multiple errors and regressions with Designer


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2018-1547=1



Package List:

- SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):

phpMyAdmin-4.8.4-32.1


References:

https://www.suse.com/security/cve/CVE-2018-19968.html
https://www.suse.com/security/cve/CVE-2018-19969.html
https://www.suse.com/security/cve/CVE-2018-19970.html
https://bugzilla.suse.com/1119245

--


openSUSE-SU-2018:4132-1: important: Security update for the Linux Kernel

openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:4132-1
Rating: important
References: #1012382 #1027457 #1042286 #1046264 #1066223
#1094973 #1102439 #1103624 #1104731 #1106105
#1106237 #1106240 #1107385 #1108145 #1109330
#1109806 #1111062 #1111809 #1112246 #1112963
#1113412 #1113766 #1114190 #1114475 #1114763
#1114839 #1115433 #1115440 #1115709 #1116285
#1116497 #1116924 #1116950 #1117562 #985031

Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that contains security fixes can now be installed.

Description:


The openSUSE Leap 42.3 kernel was updated to 4.4.165-81.1 to receive
various bugfixes.


Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1549=1



Package List:

- openSUSE Leap 42.3 (noarch):

kernel-devel-4.4.165-81.1
kernel-docs-4.4.165-81.1
kernel-docs-html-4.4.165-81.1
kernel-docs-pdf-4.4.165-81.1
kernel-macros-4.4.165-81.1
kernel-source-4.4.165-81.1
kernel-source-vanilla-4.4.165-81.1

- openSUSE Leap 42.3 (x86_64):

kernel-debug-4.4.165-81.1
kernel-debug-base-4.4.165-81.1
kernel-debug-base-debuginfo-4.4.165-81.1
kernel-debug-debuginfo-4.4.165-81.1
kernel-debug-debugsource-4.4.165-81.1
kernel-debug-devel-4.4.165-81.1
kernel-debug-devel-debuginfo-4.4.165-81.1
kernel-default-4.4.165-81.1
kernel-default-base-4.4.165-81.1
kernel-default-base-debuginfo-4.4.165-81.1
kernel-default-debuginfo-4.4.165-81.1
kernel-default-debugsource-4.4.165-81.1
kernel-default-devel-4.4.165-81.1
kernel-obs-build-4.4.165-81.1
kernel-obs-build-debugsource-4.4.165-81.1
kernel-obs-qa-4.4.165-81.1
kernel-syms-4.4.165-81.1
kernel-vanilla-4.4.165-81.1
kernel-vanilla-base-4.4.165-81.1
kernel-vanilla-base-debuginfo-4.4.165-81.1
kernel-vanilla-debuginfo-4.4.165-81.1
kernel-vanilla-debugsource-4.4.165-81.1
kernel-vanilla-devel-4.4.165-81.1


References:

https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1027457
https://bugzilla.suse.com/1042286
https://bugzilla.suse.com/1046264
https://bugzilla.suse.com/1066223
https://bugzilla.suse.com/1094973
https://bugzilla.suse.com/1102439
https://bugzilla.suse.com/1103624
https://bugzilla.suse.com/1104731
https://bugzilla.suse.com/1106105
https://bugzilla.suse.com/1106237
https://bugzilla.suse.com/1106240
https://bugzilla.suse.com/1107385
https://bugzilla.suse.com/1108145
https://bugzilla.suse.com/1109330
https://bugzilla.suse.com/1109806
https://bugzilla.suse.com/1111062
https://bugzilla.suse.com/1111809
https://bugzilla.suse.com/1112246
https://bugzilla.suse.com/1112963
https://bugzilla.suse.com/1113412
https://bugzilla.suse.com/1113766
https://bugzilla.suse.com/1114190
https://bugzilla.suse.com/1114475
https://bugzilla.suse.com/1114763
https://bugzilla.suse.com/1114839
https://bugzilla.suse.com/1115433
https://bugzilla.suse.com/1115440
https://bugzilla.suse.com/1115709
https://bugzilla.suse.com/1116285
https://bugzilla.suse.com/1116497
https://bugzilla.suse.com/1116924
https://bugzilla.suse.com/1116950
https://bugzilla.suse.com/1117562
https://bugzilla.suse.com/985031

--


openSUSE-SU-2018:4133-1: important: Security update for the Linux Kernel

openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:4133-1
Rating: important
References: #1051510 #1055120 #1061840 #1065600 #1065729
#1068273 #1078248 #1082555 #1082653 #1083647
#1085535 #1089350 #1097755 #1104824 #1105428
#1106105 #1106237 #1106240 #1107256 #1107385
#1107866 #1108468 #1109772 #1109806 #1110006
#1110998 #1111062 #1111174 #1111183 #1111696
#1111809 #1112963 #1113295 #1113412 #1113501
#1113677 #1113722 #1113769 #1113780 #1114015
#1114178 #1114279 #1114385 #1114576 #1114577
#1114578 #1114580 #1114581 #1114582 #1114584
#1114839 #1115074 #1115269 #1115431 #1115433
#1115440 #1115567 #1115709 #1115976 #1116692
#1116693 #1116698 #1116699 #1116700 #1116701
#1116862 #1116863 #1116876 #1116877 #1116878
#1116891 #1116895 #1116899 #1116950 #1117168
#1117172 #1117174 #1117181 #1117184 #1117188
#1117189 #1117349 #1117561 #1117788 #1117789
#1117790 #1117791 #1117792 #1117794 #1117795
#1117796 #1117798 #1117799 #1117801 #1117802
#1117803 #1117804 #1117805 #1117806 #1117807
#1117808 #1117815 #1117816 #1117817 #1117818
#1117819 #1117820 #1117821 #1117822 #1118136
#1118137 #1118138 #1118140
Cross-References: CVE-2018-18281
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves one vulnerability and has 112 fixes
is now available.

Description:


The openSUSE Leap 15.0 kernel was updated to 4.12.14-lp150.12.28.1 to
receive various security and bugfixes.


The following security bugs were fixed:

- CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping
pagetable locks. If a syscall such as ftruncate() removes entries from
the pagetables of a task that is in the middle of mremap(), a stale TLB
entry can remain for a short time that permits access to a physical page
after it has been released back to the page allocator and reused.
(bnc#1113769).


Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1548=1



Package List:

- openSUSE Leap 15.0 (noarch):

kernel-devel-4.12.14-lp150.12.28.1
kernel-docs-4.12.14-lp150.12.28.1
kernel-docs-html-4.12.14-lp150.12.28.1
kernel-macros-4.12.14-lp150.12.28.1
kernel-source-4.12.14-lp150.12.28.1
kernel-source-vanilla-4.12.14-lp150.12.28.1

- openSUSE Leap 15.0 (x86_64):

kernel-debug-4.12.14-lp150.12.28.1
kernel-debug-base-4.12.14-lp150.12.28.1
kernel-debug-base-debuginfo-4.12.14-lp150.12.28.1
kernel-debug-debuginfo-4.12.14-lp150.12.28.1
kernel-debug-debugsource-4.12.14-lp150.12.28.1
kernel-debug-devel-4.12.14-lp150.12.28.1
kernel-debug-devel-debuginfo-4.12.14-lp150.12.28.1
kernel-default-4.12.14-lp150.12.28.1
kernel-default-base-4.12.14-lp150.12.28.1
kernel-default-base-debuginfo-4.12.14-lp150.12.28.1
kernel-default-debuginfo-4.12.14-lp150.12.28.1
kernel-default-debugsource-4.12.14-lp150.12.28.1
kernel-default-devel-4.12.14-lp150.12.28.1
kernel-default-devel-debuginfo-4.12.14-lp150.12.28.1
kernel-kvmsmall-4.12.14-lp150.12.28.1
kernel-kvmsmall-base-4.12.14-lp150.12.28.1
kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.28.1
kernel-kvmsmall-debuginfo-4.12.14-lp150.12.28.1
kernel-kvmsmall-debugsource-4.12.14-lp150.12.28.1
kernel-kvmsmall-devel-4.12.14-lp150.12.28.1
kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.28.1
kernel-obs-build-4.12.14-lp150.12.28.1
kernel-obs-build-debugsource-4.12.14-lp150.12.28.1
kernel-obs-qa-4.12.14-lp150.12.28.1
kernel-syms-4.12.14-lp150.12.28.1
kernel-vanilla-4.12.14-lp150.12.28.1
kernel-vanilla-base-4.12.14-lp150.12.28.1
kernel-vanilla-base-debuginfo-4.12.14-lp150.12.28.1
kernel-vanilla-debuginfo-4.12.14-lp150.12.28.1
kernel-vanilla-debugsource-4.12.14-lp150.12.28.1
kernel-vanilla-devel-4.12.14-lp150.12.28.1
kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.28.1


References:

https://www.suse.com/security/cve/CVE-2018-18281.html
https://bugzilla.suse.com/1051510
https://bugzilla.suse.com/1055120
https://bugzilla.suse.com/1061840
https://bugzilla.suse.com/1065600
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1068273
https://bugzilla.suse.com/1078248
https://bugzilla.suse.com/1082555
https://bugzilla.suse.com/1082653
https://bugzilla.suse.com/1083647
https://bugzilla.suse.com/1085535
https://bugzilla.suse.com/1089350
https://bugzilla.suse.com/1097755
https://bugzilla.suse.com/1104824
https://bugzilla.suse.com/1105428
https://bugzilla.suse.com/1106105
https://bugzilla.suse.com/1106237
https://bugzilla.suse.com/1106240
https://bugzilla.suse.com/1107256
https://bugzilla.suse.com/1107385
https://bugzilla.suse.com/1107866
https://bugzilla.suse.com/1108468
https://bugzilla.suse.com/1109772
https://bugzilla.suse.com/1109806
https://bugzilla.suse.com/1110006
https://bugzilla.suse.com/1110998
https://bugzilla.suse.com/1111062
https://bugzilla.suse.com/1111174
https://bugzilla.suse.com/1111183
https://bugzilla.suse.com/1111696
https://bugzilla.suse.com/1111809
https://bugzilla.suse.com/1112963
https://bugzilla.suse.com/1113295
https://bugzilla.suse.com/1113412
https://bugzilla.suse.com/1113501
https://bugzilla.suse.com/1113677
https://bugzilla.suse.com/1113722
https://bugzilla.suse.com/1113769
https://bugzilla.suse.com/1113780
https://bugzilla.suse.com/1114015
https://bugzilla.suse.com/1114178
https://bugzilla.suse.com/1114279
https://bugzilla.suse.com/1114385
https://bugzilla.suse.com/1114576
https://bugzilla.suse.com/1114577
https://bugzilla.suse.com/1114578
https://bugzilla.suse.com/1114580
https://bugzilla.suse.com/1114581
https://bugzilla.suse.com/1114582
https://bugzilla.suse.com/1114584
https://bugzilla.suse.com/1114839
https://bugzilla.suse.com/1115074
https://bugzilla.suse.com/1115269
https://bugzilla.suse.com/1115431
https://bugzilla.suse.com/1115433
https://bugzilla.suse.com/1115440
https://bugzilla.suse.com/1115567
https://bugzilla.suse.com/1115709
https://bugzilla.suse.com/1115976
https://bugzilla.suse.com/1116692
https://bugzilla.suse.com/1116693
https://bugzilla.suse.com/1116698
https://bugzilla.suse.com/1116699
https://bugzilla.suse.com/1116700
https://bugzilla.suse.com/1116701
https://bugzilla.suse.com/1116862
https://bugzilla.suse.com/1116863
https://bugzilla.suse.com/1116876
https://bugzilla.suse.com/1116877
https://bugzilla.suse.com/1116878
https://bugzilla.suse.com/1116891
https://bugzilla.suse.com/1116895
https://bugzilla.suse.com/1116899
https://bugzilla.suse.com/1116950
https://bugzilla.suse.com/1117168
https://bugzilla.suse.com/1117172
https://bugzilla.suse.com/1117174
https://bugzilla.suse.com/1117181
https://bugzilla.suse.com/1117184
https://bugzilla.suse.com/1117188
https://bugzilla.suse.com/1117189
https://bugzilla.suse.com/1117349
https://bugzilla.suse.com/1117561
https://bugzilla.suse.com/1117788
https://bugzilla.suse.com/1117789
https://bugzilla.suse.com/1117790
https://bugzilla.suse.com/1117791
https://bugzilla.suse.com/1117792
https://bugzilla.suse.com/1117794
https://bugzilla.suse.com/1117795
https://bugzilla.suse.com/1117796
https://bugzilla.suse.com/1117798
https://bugzilla.suse.com/1117799
https://bugzilla.suse.com/1117801
https://bugzilla.suse.com/1117802
https://bugzilla.suse.com/1117803
https://bugzilla.suse.com/1117804
https://bugzilla.suse.com/1117805
https://bugzilla.suse.com/1117806
https://bugzilla.suse.com/1117807
https://bugzilla.suse.com/1117808
https://bugzilla.suse.com/1117815
https://bugzilla.suse.com/1117816
https://bugzilla.suse.com/1117817
https://bugzilla.suse.com/1117818
https://bugzilla.suse.com/1117819
https://bugzilla.suse.com/1117820
https://bugzilla.suse.com/1117821
https://bugzilla.suse.com/1117822
https://bugzilla.suse.com/1118136
https://bugzilla.suse.com/1118137
https://bugzilla.suse.com/1118138
https://bugzilla.suse.com/1118140

--