SUSE 5153 Published by

The following updates has been released for openSUSE:

openSUSE-SU-2018:3200-1: important: Security update for libssh
openSUSE-SU-2018:3202-1: important: Security update for the Linux Kernel
openSUSE-SU-2018:3203-1: moderate: Security update for ImageMagick
openSUSE-SU-2018:3204-1: moderate: Security update for GraphicsMagick
openSUSE-SU-2018:3211-1: moderate: Security update for samba
openSUSE-SU-2018:3213-1: important: Security update for texlive
openSUSE-SU-2018:3218-1: moderate: Security update for axis



openSUSE-SU-2018:3200-1: important: Security update for libssh

openSUSE Security Update: Security update for libssh
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3200-1
Rating: important
References: #1108020
Cross-References: CVE-2018-10933
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for libssh fixes the following issues:

- CVE-2018-10933: Fixed a server mode authentication bypass (bsc#1108020).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1180=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

libssh-debugsource-0.7.5-lp150.5.3.1
libssh-devel-0.7.5-lp150.5.3.1
libssh-devel-doc-0.7.5-lp150.5.3.1
libssh4-0.7.5-lp150.5.3.1
libssh4-debuginfo-0.7.5-lp150.5.3.1

- openSUSE Leap 15.0 (x86_64):

libssh4-32bit-0.7.5-lp150.5.3.1
libssh4-32bit-debuginfo-0.7.5-lp150.5.3.1


References:

https://www.suse.com/security/cve/CVE-2018-10933.html
https://bugzilla.suse.com/1108020

--


openSUSE-SU-2018:3202-1: important: Security update for the Linux Kernel

openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3202-1
Rating: important
References: #1012382 #1044189 #1050549 #1063026 #1065600
#1066223 #1082519 #1082863 #1082979 #1084427
#1084536 #1088087 #1089343 #1090535 #1094244
#1094555 #1094562 #1095344 #1095753 #1096052
#1096547 #1099597 #1099810 #1100056 #1100059
#1100060 #1100061 #1100062 #1102495 #1102715
#1102870 #1102875 #1102877 #1102879 #1102882
#1102896 #1103156 #1103269 #1103308 #1103405
#1105428 #1105795 #1106095 #1106105 #1106240
#1106293 #1106434 #1106512 #1106594 #1106934
#1107318 #1107829 #1107924 #1108096 #1108170
#1108240 #1108315 #1108399 #1108803 #1108823
#1109333 #1109336 #1109337 #1109441 #1109806
#1110006 #1110297 #1110337 #1110363 #1110468
#1110600 #1110601 #1110602 #1110603 #1110604
#1110605 #1110606 #1110611 #1110612 #1110613
#1110614 #1110615 #1110616 #1110618 #1110619
#1110930 #1111363
Cross-References: CVE-2018-13096 CVE-2018-13097 CVE-2018-13098
CVE-2018-13099 CVE-2018-13100 CVE-2018-14613
CVE-2018-14617 CVE-2018-14633 CVE-2018-16276
CVE-2018-16597 CVE-2018-17182 CVE-2018-7480
CVE-2018-7757
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves 13 vulnerabilities and has 74 fixes
is now available.

Description:



The openSUSE Leap 42.3 kernel was updated to 4.4.159 to receive various
security and bugfixes.

The following security bugs were fixed:

- CVE-2018-13096: A denial of service (out-of-bounds memory access and
BUG) can occur upon encountering an abnormal bitmap size when mounting a
crafted f2fs image (bnc#1100062).
- CVE-2018-13097: There is an out-of-bounds read or a divide-by-zero error
for an incorrect user_block_count in a corrupted f2fs image, leading to
a denial of service (BUG) (bnc#1100061).
- CVE-2018-13098: A denial of service (slab out-of-bounds read and BUG)
can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is
set in an inode (bnc#1100060).
- CVE-2018-13099: A denial of service (out-of-bounds memory access and
BUG) can occur for a modified f2fs filesystem image in which an inline
inode contains an invalid reserved blkaddr (bnc#1100059).
- CVE-2018-13100: An issue was discovered in fs/f2fs/super.c which did not
properly validate secs_per_zone in a corrupted f2fs image, as
demonstrated by a divide-by-zero error (bnc#1100056).
- CVE-2018-14613: There is an invalid pointer dereference in
io_ctl_map_page() when mounting and operating a crafted btrfs image,
because of a lack of block group item validation in check_leaf_item in
fs/btrfs/tree-checker.c (bnc#1102896).
- CVE-2018-14617: There is a NULL pointer dereference and panic in
hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is
purportedly a hard link) in an hfs+ filesystem that has malformed
catalog data, and is mounted read-only without a metadata directory
(bnc#1102870).
- CVE-2018-14633: A security flaw was found in the
chap_server_compute_md5() function in the ISCSI target code in the Linux
kernel in a way an authentication request from an ISCSI initiator is
processed. An unauthenticated remote attacker can cause a stack buffer
overflow and smash up to 17 bytes of the stack. The attack requires the
iSCSI target to be enabled on the victim host. Depending on how the
target's code was built (i.e. depending on a compiler, compile flags and
hardware architecture) an attack may lead to a system crash and thus to
a denial-of-service or possibly to a non-authorized access to data
exported by an iSCSI target. Due to the nature of the flaw, privilege
escalation cannot be fully ruled out, although we believe it is highly
unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be
vulnerable (bnc#1107829).
- CVE-2018-16276: Local attackers could use user access read/writes with
incorrect bounds checking in the yurex USB driver to crash the kernel or
potentially escalate privileges (bnc#1106095).
- CVE-2018-16597: Incorrect access checking in overlayfs mounts could be
used by local attackers to modify or truncate files in the underlying
filesystem (bnc#1106512).
- CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c
mishandled sequence number overflows. An attacker can trigger a
use-after-free (and possibly gain privileges) via certain thread
creation, map, unmap, invalidation, and dereference operations
(bnc#1108399).
- CVE-2018-7480: The blkcg_init_queue function in block/blk-cgroup.c
allowed local users to cause a denial of service (double free) or
possibly have unspecified other impact by triggering a creation failure
(bnc#1082863).
- CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in
drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial
of service (memory consumption) via many read accesses to files in the
/sys/class/sas_phy directory, as demonstrated by the
/sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536).


Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1184=1



Package List:

- openSUSE Leap 42.3 (x86_64):

kernel-debug-4.4.159-73.1
kernel-debug-base-4.4.159-73.1
kernel-debug-base-debuginfo-4.4.159-73.1
kernel-debug-debuginfo-4.4.159-73.1
kernel-debug-debugsource-4.4.159-73.1
kernel-debug-devel-4.4.159-73.1
kernel-debug-devel-debuginfo-4.4.159-73.1
kernel-default-4.4.159-73.1
kernel-default-base-4.4.159-73.1
kernel-default-base-debuginfo-4.4.159-73.1
kernel-default-debuginfo-4.4.159-73.1
kernel-default-debugsource-4.4.159-73.1
kernel-default-devel-4.4.159-73.1
kernel-obs-build-4.4.159-73.1
kernel-obs-build-debugsource-4.4.159-73.1
kernel-obs-qa-4.4.159-73.1
kernel-syms-4.4.159-73.1
kernel-vanilla-4.4.159-73.1
kernel-vanilla-base-4.4.159-73.1
kernel-vanilla-base-debuginfo-4.4.159-73.1
kernel-vanilla-debuginfo-4.4.159-73.1
kernel-vanilla-debugsource-4.4.159-73.1
kernel-vanilla-devel-4.4.159-73.1

- openSUSE Leap 42.3 (noarch):

kernel-devel-4.4.159-73.1
kernel-docs-4.4.159-73.2
kernel-docs-html-4.4.159-73.2
kernel-docs-pdf-4.4.159-73.2
kernel-macros-4.4.159-73.1
kernel-source-4.4.159-73.1
kernel-source-vanilla-4.4.159-73.1


References:

https://www.suse.com/security/cve/CVE-2018-13096.html
https://www.suse.com/security/cve/CVE-2018-13097.html
https://www.suse.com/security/cve/CVE-2018-13098.html
https://www.suse.com/security/cve/CVE-2018-13099.html
https://www.suse.com/security/cve/CVE-2018-13100.html
https://www.suse.com/security/cve/CVE-2018-14613.html
https://www.suse.com/security/cve/CVE-2018-14617.html
https://www.suse.com/security/cve/CVE-2018-14633.html
https://www.suse.com/security/cve/CVE-2018-16276.html
https://www.suse.com/security/cve/CVE-2018-16597.html
https://www.suse.com/security/cve/CVE-2018-17182.html
https://www.suse.com/security/cve/CVE-2018-7480.html
https://www.suse.com/security/cve/CVE-2018-7757.html
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1044189
https://bugzilla.suse.com/1050549
https://bugzilla.suse.com/1063026
https://bugzilla.suse.com/1065600
https://bugzilla.suse.com/1066223
https://bugzilla.suse.com/1082519
https://bugzilla.suse.com/1082863
https://bugzilla.suse.com/1082979
https://bugzilla.suse.com/1084427
https://bugzilla.suse.com/1084536
https://bugzilla.suse.com/1088087
https://bugzilla.suse.com/1089343
https://bugzilla.suse.com/1090535
https://bugzilla.suse.com/1094244
https://bugzilla.suse.com/1094555
https://bugzilla.suse.com/1094562
https://bugzilla.suse.com/1095344
https://bugzilla.suse.com/1095753
https://bugzilla.suse.com/1096052
https://bugzilla.suse.com/1096547
https://bugzilla.suse.com/1099597
https://bugzilla.suse.com/1099810
https://bugzilla.suse.com/1100056
https://bugzilla.suse.com/1100059
https://bugzilla.suse.com/1100060
https://bugzilla.suse.com/1100061
https://bugzilla.suse.com/1100062
https://bugzilla.suse.com/1102495
https://bugzilla.suse.com/1102715
https://bugzilla.suse.com/1102870
https://bugzilla.suse.com/1102875
https://bugzilla.suse.com/1102877
https://bugzilla.suse.com/1102879
https://bugzilla.suse.com/1102882
https://bugzilla.suse.com/1102896
https://bugzilla.suse.com/1103156
https://bugzilla.suse.com/1103269
https://bugzilla.suse.com/1103308
https://bugzilla.suse.com/1103405
https://bugzilla.suse.com/1105428
https://bugzilla.suse.com/1105795
https://bugzilla.suse.com/1106095
https://bugzilla.suse.com/1106105
https://bugzilla.suse.com/1106240
https://bugzilla.suse.com/1106293
https://bugzilla.suse.com/1106434
https://bugzilla.suse.com/1106512
https://bugzilla.suse.com/1106594
https://bugzilla.suse.com/1106934
https://bugzilla.suse.com/1107318
https://bugzilla.suse.com/1107829
https://bugzilla.suse.com/1107924
https://bugzilla.suse.com/1108096
https://bugzilla.suse.com/1108170
https://bugzilla.suse.com/1108240
https://bugzilla.suse.com/1108315
https://bugzilla.suse.com/1108399
https://bugzilla.suse.com/1108803
https://bugzilla.suse.com/1108823
https://bugzilla.suse.com/1109333
https://bugzilla.suse.com/1109336
https://bugzilla.suse.com/1109337
https://bugzilla.suse.com/1109441
https://bugzilla.suse.com/1109806
https://bugzilla.suse.com/1110006
https://bugzilla.suse.com/1110297
https://bugzilla.suse.com/1110337
https://bugzilla.suse.com/1110363
https://bugzilla.suse.com/1110468
https://bugzilla.suse.com/1110600
https://bugzilla.suse.com/1110601
https://bugzilla.suse.com/1110602
https://bugzilla.suse.com/1110603
https://bugzilla.suse.com/1110604
https://bugzilla.suse.com/1110605
https://bugzilla.suse.com/1110606
https://bugzilla.suse.com/1110611
https://bugzilla.suse.com/1110612
https://bugzilla.suse.com/1110613
https://bugzilla.suse.com/1110614
https://bugzilla.suse.com/1110615
https://bugzilla.suse.com/1110616
https://bugzilla.suse.com/1110618
https://bugzilla.suse.com/1110619
https://bugzilla.suse.com/1110930
https://bugzilla.suse.com/1111363

--


openSUSE-SU-2018:3203-1: moderate: Security update for ImageMagick

openSUSE Security Update: Security update for ImageMagick
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3203-1
Rating: moderate
References: #1050129 #1105592 #1106989 #1107604 #1107609
#1107612 #1107616 #1107619 #1108282 #1108283

Cross-References: CVE-2017-11532 CVE-2018-16413 CVE-2018-16640
CVE-2018-16642 CVE-2018-16643 CVE-2018-16644
CVE-2018-16645 CVE-2018-16749 CVE-2018-16750

Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves 9 vulnerabilities and has one errata
is now available.

Description:

This update for ImageMagick fixes the following security issues:

- CVE-2017-11532: Prevent a memory leak vulnerability in the
WriteMPCImage() function in coders/mpc.c via a crafted file allowing for
DoS (bsc#1050129)
- CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function
(bsc#1108283)
- CVE-2018-16749: Added missing NULL check in ReadOneJNGImage that allowed
an attacker to cause a denial of service (WriteBlob assertion failure
and application exit) via a crafted file (bsc#1108282)
- CVE-2018-16642: The function InsertRow allowed remote attackers to cause
a denial of service via a crafted image file due to an out-of-bounds
write (bsc#1107616)
- CVE-2018-16640: Prevent memory leak in the function ReadOneJNGImage
(bsc#1107619)
- CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage, ReadCALSImage,
and ReadPICTImage did check the return value of the fputc function,
which allowed remote attackers to cause a denial of service via a
crafted image file (bsc#1107612)
- CVE-2018-16644: Added missing check for length in the functions
ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause
a denial of service via a crafted image (bsc#1107609)
- CVE-2018-16645: Prevent excessive memory allocation issue in the
functions ReadBMPImage and ReadDIBImage, which allowed remote attackers
to cause a denial
of service via a crafted image file (bsc#1107604)
- CVE-2018-16413: Prevent heap-based buffer over-read in the
PushShortPixel function leading to DoS (bsc#1106989)

This update also relaxes the restrictions of use of Postscript like
formats to "write" only. (bsc#1105592)

This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1181=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

ImageMagick-6.8.8.1-70.2
ImageMagick-debuginfo-6.8.8.1-70.2
ImageMagick-debugsource-6.8.8.1-70.2
ImageMagick-devel-6.8.8.1-70.2
ImageMagick-extra-6.8.8.1-70.2
ImageMagick-extra-debuginfo-6.8.8.1-70.2
libMagick++-6_Q16-3-6.8.8.1-70.2
libMagick++-6_Q16-3-debuginfo-6.8.8.1-70.2
libMagick++-devel-6.8.8.1-70.2
libMagickCore-6_Q16-1-6.8.8.1-70.2
libMagickCore-6_Q16-1-debuginfo-6.8.8.1-70.2
libMagickWand-6_Q16-1-6.8.8.1-70.2
libMagickWand-6_Q16-1-debuginfo-6.8.8.1-70.2
perl-PerlMagick-6.8.8.1-70.2
perl-PerlMagick-debuginfo-6.8.8.1-70.2

- openSUSE Leap 42.3 (x86_64):

ImageMagick-devel-32bit-6.8.8.1-70.2
libMagick++-6_Q16-3-32bit-6.8.8.1-70.2
libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-70.2
libMagick++-devel-32bit-6.8.8.1-70.2
libMagickCore-6_Q16-1-32bit-6.8.8.1-70.2
libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-70.2
libMagickWand-6_Q16-1-32bit-6.8.8.1-70.2
libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-70.2

- openSUSE Leap 42.3 (noarch):

ImageMagick-doc-6.8.8.1-70.2


References:

https://www.suse.com/security/cve/CVE-2017-11532.html
https://www.suse.com/security/cve/CVE-2018-16413.html
https://www.suse.com/security/cve/CVE-2018-16640.html
https://www.suse.com/security/cve/CVE-2018-16642.html
https://www.suse.com/security/cve/CVE-2018-16643.html
https://www.suse.com/security/cve/CVE-2018-16644.html
https://www.suse.com/security/cve/CVE-2018-16645.html
https://www.suse.com/security/cve/CVE-2018-16749.html
https://www.suse.com/security/cve/CVE-2018-16750.html
https://bugzilla.suse.com/1050129
https://bugzilla.suse.com/1105592
https://bugzilla.suse.com/1106989
https://bugzilla.suse.com/1107604
https://bugzilla.suse.com/1107609
https://bugzilla.suse.com/1107612
https://bugzilla.suse.com/1107616
https://bugzilla.suse.com/1107619
https://bugzilla.suse.com/1108282
https://bugzilla.suse.com/1108283

--


openSUSE-SU-2018:3204-1: moderate: Security update for GraphicsMagick

openSUSE Security Update: Security update for GraphicsMagick
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3204-1
Rating: moderate
References: #1111069
Cross-References: CVE-2018-18024
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for GraphicsMagick fixes the following issues:

- CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function of
the coders/bmp.c file. Remote attackers could leverage this
vulnerability to cause a denial of service via a crafted bmp file.
(bsc#1111069)


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1183=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

GraphicsMagick-1.3.25-111.1
GraphicsMagick-debuginfo-1.3.25-111.1
GraphicsMagick-debugsource-1.3.25-111.1
GraphicsMagick-devel-1.3.25-111.1
libGraphicsMagick++-Q16-12-1.3.25-111.1
libGraphicsMagick++-Q16-12-debuginfo-1.3.25-111.1
libGraphicsMagick++-devel-1.3.25-111.1
libGraphicsMagick-Q16-3-1.3.25-111.1
libGraphicsMagick-Q16-3-debuginfo-1.3.25-111.1
libGraphicsMagick3-config-1.3.25-111.1
libGraphicsMagickWand-Q16-2-1.3.25-111.1
libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-111.1
perl-GraphicsMagick-1.3.25-111.1
perl-GraphicsMagick-debuginfo-1.3.25-111.1


References:

https://www.suse.com/security/cve/CVE-2018-18024.html
https://bugzilla.suse.com/1111069

--


openSUSE-SU-2018:3211-1: moderate: Security update for samba

openSUSE Security Update: Security update for samba
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3211-1
Rating: moderate
References: #1068059 #1087931 #1095057 #1102230 #1110943

Cross-References: CVE-2018-10919
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves one vulnerability and has four fixes
is now available.

Description:



Samba was updated to 4.6.15, bringing bug and security fixes. (bsc#1110943)

Following security issues were fixed:

- CVE-2018-10919: Fix unauthorized attribute access via searches.
(bsc#1095057);

Non-security bugs fixed:

- Fix ctdb_mutex_ceph_rados_helper deadlock (bsc#1102230).
- Allow idmap_rid to have primary group other than "Domain Users"
(bsc#1087931).
- winbind: avoid using fstrcpy in _dual_init_connection.
- Fix ntlm authentications with "winbind use default domain = yes"
(bsc#1068059).

This update was imported from the SUSE:SLE-12-SP3:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1195=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

ctdb-4.6.16+git.124.aee309c5c18-21.1
ctdb-debuginfo-4.6.16+git.124.aee309c5c18-21.1
ctdb-tests-4.6.16+git.124.aee309c5c18-21.1
ctdb-tests-debuginfo-4.6.16+git.124.aee309c5c18-21.1
libdcerpc-binding0-4.6.16+git.124.aee309c5c18-21.1
libdcerpc-binding0-debuginfo-4.6.16+git.124.aee309c5c18-21.1
libdcerpc-devel-4.6.16+git.124.aee309c5c18-21.1
libdcerpc-samr-devel-4.6.16+git.124.aee309c5c18-21.1
libdcerpc-samr0-4.6.16+git.124.aee309c5c18-21.1
libdcerpc-samr0-debuginfo-4.6.16+git.124.aee309c5c18-21.1
libdcerpc0-4.6.16+git.124.aee309c5c18-21.1
libdcerpc0-debuginfo-4.6.16+git.124.aee309c5c18-21.1
libndr-devel-4.6.16+git.124.aee309c5c18-21.1
libndr-krb5pac-devel-4.6.16+git.124.aee309c5c18-21.1
libndr-krb5pac0-4.6.16+git.124.aee309c5c18-21.1
libndr-krb5pac0-debuginfo-4.6.16+git.124.aee309c5c18-21.1
libndr-nbt-devel-4.6.16+git.124.aee309c5c18-21.1
libndr-nbt0-4.6.16+git.124.aee309c5c18-21.1
libndr-nbt0-debuginfo-4.6.16+git.124.aee309c5c18-21.1
libndr-standard-devel-4.6.16+git.124.aee309c5c18-21.1
libndr-standard0-4.6.16+git.124.aee309c5c18-21.1
libndr-standard0-debuginfo-4.6.16+git.124.aee309c5c18-21.1
libndr0-4.6.16+git.124.aee309c5c18-21.1
libndr0-debuginfo-4.6.16+git.124.aee309c5c18-21.1
libnetapi-devel-4.6.16+git.124.aee309c5c18-21.1
libnetapi0-4.6.16+git.124.aee309c5c18-21.1
libnetapi0-debuginfo-4.6.16+git.124.aee309c5c18-21.1
libsamba-credentials-devel-4.6.16+git.124.aee309c5c18-21.1
libsamba-credentials0-4.6.16+git.124.aee309c5c18-21.1
libsamba-credentials0-debuginfo-4.6.16+git.124.aee309c5c18-21.1
libsamba-errors-devel-4.6.16+git.124.aee309c5c18-21.1
libsamba-errors0-4.6.16+git.124.aee309c5c18-21.1
libsamba-errors0-debuginfo-4.6.16+git.124.aee309c5c18-21.1
libsamba-hostconfig-devel-4.6.16+git.124.aee309c5c18-21.1
libsamba-hostconfig0-4.6.16+git.124.aee309c5c18-21.1
libsamba-hostconfig0-debuginfo-4.6.16+git.124.aee309c5c18-21.1
libsamba-passdb-devel-4.6.16+git.124.aee309c5c18-21.1
libsamba-passdb0-4.6.16+git.124.aee309c5c18-21.1
libsamba-passdb0-debuginfo-4.6.16+git.124.aee309c5c18-21.1
libsamba-policy-devel-4.6.16+git.124.aee309c5c18-21.1
libsamba-policy0-4.6.16+git.124.aee309c5c18-21.1
libsamba-policy0-debuginfo-4.6.16+git.124.aee309c5c18-21.1
libsamba-util-devel-4.6.16+git.124.aee309c5c18-21.1
libsamba-util0-4.6.16+git.124.aee309c5c18-21.1
libsamba-util0-debuginfo-4.6.16+git.124.aee309c5c18-21.1
libsamdb-devel-4.6.16+git.124.aee309c5c18-21.1
libsamdb0-4.6.16+git.124.aee309c5c18-21.1
libsamdb0-debuginfo-4.6.16+git.124.aee309c5c18-21.1
libsmbclient-devel-4.6.16+git.124.aee309c5c18-21.1
libsmbclient0-4.6.16+git.124.aee309c5c18-21.1
libsmbclient0-debuginfo-4.6.16+git.124.aee309c5c18-21.1
libsmbconf-devel-4.6.16+git.124.aee309c5c18-21.1
libsmbconf0-4.6.16+git.124.aee309c5c18-21.1
libsmbconf0-debuginfo-4.6.16+git.124.aee309c5c18-21.1
libsmbldap-devel-4.6.16+git.124.aee309c5c18-21.1
libsmbldap0-4.6.16+git.124.aee309c5c18-21.1
libsmbldap0-debuginfo-4.6.16+git.124.aee309c5c18-21.1
libtevent-util-devel-4.6.16+git.124.aee309c5c18-21.1
libtevent-util0-4.6.16+git.124.aee309c5c18-21.1
libtevent-util0-debuginfo-4.6.16+git.124.aee309c5c18-21.1
libwbclient-devel-4.6.16+git.124.aee309c5c18-21.1
libwbclient0-4.6.16+git.124.aee309c5c18-21.1
libwbclient0-debuginfo-4.6.16+git.124.aee309c5c18-21.1
samba-4.6.16+git.124.aee309c5c18-21.1
samba-client-4.6.16+git.124.aee309c5c18-21.1
samba-client-debuginfo-4.6.16+git.124.aee309c5c18-21.1
samba-core-devel-4.6.16+git.124.aee309c5c18-21.1
samba-debuginfo-4.6.16+git.124.aee309c5c18-21.1
samba-debugsource-4.6.16+git.124.aee309c5c18-21.1
samba-libs-4.6.16+git.124.aee309c5c18-21.1
samba-libs-debuginfo-4.6.16+git.124.aee309c5c18-21.1
samba-pidl-4.6.16+git.124.aee309c5c18-21.1
samba-python-4.6.16+git.124.aee309c5c18-21.1
samba-python-debuginfo-4.6.16+git.124.aee309c5c18-21.1
samba-test-4.6.16+git.124.aee309c5c18-21.1
samba-test-debuginfo-4.6.16+git.124.aee309c5c18-21.1
samba-winbind-4.6.16+git.124.aee309c5c18-21.1
samba-winbind-debuginfo-4.6.16+git.124.aee309c5c18-21.1

- openSUSE Leap 42.3 (x86_64):

libdcerpc-binding0-32bit-4.6.16+git.124.aee309c5c18-21.1
libdcerpc-binding0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-21.1
libdcerpc-samr0-32bit-4.6.16+git.124.aee309c5c18-21.1
libdcerpc-samr0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-21.1
libdcerpc0-32bit-4.6.16+git.124.aee309c5c18-21.1
libdcerpc0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-21.1
libndr-krb5pac0-32bit-4.6.16+git.124.aee309c5c18-21.1
libndr-krb5pac0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-21.1
libndr-nbt0-32bit-4.6.16+git.124.aee309c5c18-21.1
libndr-nbt0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-21.1
libndr-standard0-32bit-4.6.16+git.124.aee309c5c18-21.1
libndr-standard0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-21.1
libndr0-32bit-4.6.16+git.124.aee309c5c18-21.1
libndr0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-21.1
libnetapi0-32bit-4.6.16+git.124.aee309c5c18-21.1
libnetapi0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-21.1
libsamba-credentials0-32bit-4.6.16+git.124.aee309c5c18-21.1
libsamba-credentials0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-21.1
libsamba-errors0-32bit-4.6.16+git.124.aee309c5c18-21.1
libsamba-errors0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-21.1
libsamba-hostconfig0-32bit-4.6.16+git.124.aee309c5c18-21.1
libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-21.1
libsamba-passdb0-32bit-4.6.16+git.124.aee309c5c18-21.1
libsamba-passdb0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-21.1
libsamba-policy0-32bit-4.6.16+git.124.aee309c5c18-21.1
libsamba-policy0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-21.1
libsamba-util0-32bit-4.6.16+git.124.aee309c5c18-21.1
libsamba-util0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-21.1
libsamdb0-32bit-4.6.16+git.124.aee309c5c18-21.1
libsamdb0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-21.1
libsmbclient0-32bit-4.6.16+git.124.aee309c5c18-21.1
libsmbclient0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-21.1
libsmbconf0-32bit-4.6.16+git.124.aee309c5c18-21.1
libsmbconf0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-21.1
libsmbldap0-32bit-4.6.16+git.124.aee309c5c18-21.1
libsmbldap0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-21.1
libtevent-util0-32bit-4.6.16+git.124.aee309c5c18-21.1
libtevent-util0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-21.1
libwbclient0-32bit-4.6.16+git.124.aee309c5c18-21.1
libwbclient0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-21.1
samba-ceph-4.6.16+git.124.aee309c5c18-21.1
samba-ceph-debuginfo-4.6.16+git.124.aee309c5c18-21.1
samba-client-32bit-4.6.16+git.124.aee309c5c18-21.1
samba-client-debuginfo-32bit-4.6.16+git.124.aee309c5c18-21.1
samba-libs-32bit-4.6.16+git.124.aee309c5c18-21.1
samba-libs-debuginfo-32bit-4.6.16+git.124.aee309c5c18-21.1
samba-winbind-32bit-4.6.16+git.124.aee309c5c18-21.1
samba-winbind-debuginfo-32bit-4.6.16+git.124.aee309c5c18-21.1

- openSUSE Leap 42.3 (noarch):

samba-doc-4.6.16+git.124.aee309c5c18-21.1


References:

https://www.suse.com/security/cve/CVE-2018-10919.html
https://bugzilla.suse.com/1068059
https://bugzilla.suse.com/1087931
https://bugzilla.suse.com/1095057
https://bugzilla.suse.com/1102230
https://bugzilla.suse.com/1110943

--


openSUSE-SU-2018:3213-1: important: Security update for texlive

openSUSE Security Update: Security update for texlive
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3213-1
Rating: important
References: #1109673
Cross-References: CVE-2018-17407
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for texlive fixes the following issue:

- CVE-2018-17407: Prevent buffer overflow when handling of Type 1 fonts
allowed arbitrary code execution when a malicious font was loaded by one
of the vulnerable tools: pdflatex, pdftex, dvips, or luatex
(bsc#1109673).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1196=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

libkpathsea6-6.2.3-lp150.9.6.1
libkpathsea6-debuginfo-6.2.3-lp150.9.6.1
libptexenc1-1.3.5-lp150.9.6.1
libptexenc1-debuginfo-1.3.5-lp150.9.6.1
libsynctex1-1.18-lp150.9.6.1
libsynctex1-debuginfo-1.18-lp150.9.6.1
libtexlua52-5-5.2.4-lp150.9.6.1
libtexlua52-5-debuginfo-5.2.4-lp150.9.6.1
libtexluajit2-2.1.0beta2-lp150.9.6.1
libtexluajit2-debuginfo-2.1.0beta2-lp150.9.6.1
texlive-2017.20170520-lp150.9.6.1
texlive-a2ping-bin-2017.20170520.svn27321-lp150.9.6.1
texlive-accfonts-bin-2017.20170520.svn12688-lp150.9.6.1
texlive-adhocfilelist-bin-2017.20170520.svn28038-lp150.9.6.1
texlive-afm2pl-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-afm2pl-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-aleph-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-aleph-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-amstex-bin-2017.20170520.svn3006-lp150.9.6.1
texlive-arara-bin-2017.20170520.svn29036-lp150.9.6.1
texlive-asymptote-bin-2017.20170520.svn43843-lp150.9.6.1
texlive-asymptote-bin-debuginfo-2017.20170520.svn43843-lp150.9.6.1
texlive-authorindex-bin-2017.20170520.svn18790-lp150.9.6.1
texlive-autosp-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-autosp-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-bibexport-bin-2017.20170520.svn16219-lp150.9.6.1
texlive-bibtex-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-bibtex-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-bibtex8-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-bibtex8-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-bibtexu-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-bibtexu-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-bin-devel-2017.20170520-lp150.9.6.1
texlive-bundledoc-bin-2017.20170520.svn17794-lp150.9.6.1
texlive-cachepic-bin-2017.20170520.svn15543-lp150.9.6.1
texlive-checkcites-bin-2017.20170520.svn25623-lp150.9.6.1
texlive-checklistings-bin-2017.20170520.svn38300-lp150.9.6.1
texlive-chktex-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-chktex-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-cjk-gs-integrate-bin-2017.20170520.svn37223-lp150.9.6.1
texlive-cjkutils-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-cjkutils-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-context-bin-2017.20170520.svn34112-lp150.9.6.1
texlive-convbkmk-bin-2017.20170520.svn30408-lp150.9.6.1
texlive-crossrefware-bin-2017.20170520.svn43866-lp150.9.6.1
texlive-cslatex-bin-2017.20170520.svn3006-lp150.9.6.1
texlive-csplain-bin-2017.20170520.svn33902-lp150.9.6.1
texlive-ctanify-bin-2017.20170520.svn24061-lp150.9.6.1
texlive-ctanupload-bin-2017.20170520.svn23866-lp150.9.6.1
texlive-ctie-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-ctie-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-cweb-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-cweb-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-cyrillic-bin-bin-2017.20170520.svn29741-lp150.9.6.1
texlive-de-macro-bin-2017.20170520.svn17399-lp150.9.6.1
texlive-debuginfo-2017.20170520-lp150.9.6.1
texlive-debugsource-2017.20170520-lp150.9.6.1
texlive-detex-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-detex-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-dosepsbin-bin-2017.20170520.svn24759-lp150.9.6.1
texlive-dtl-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-dtl-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-dtxgen-bin-2017.20170520.svn29031-lp150.9.6.1
texlive-dviasm-bin-2017.20170520.svn8329-lp150.9.6.1
texlive-dvicopy-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-dvicopy-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-dvidvi-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-dvidvi-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-dviinfox-bin-2017.20170520.svn44515-lp150.9.6.1
texlive-dviljk-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-dviljk-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-dvipdfmx-bin-2017.20170520.svn40273-lp150.9.6.1
texlive-dvipng-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-dvipng-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-dvipos-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-dvipos-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-dvips-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-dvips-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-dvisvgm-bin-2017.20170520.svn40987-lp150.9.6.1
texlive-dvisvgm-bin-debuginfo-2017.20170520.svn40987-lp150.9.6.1
texlive-ebong-bin-2017.20170520.svn21000-lp150.9.6.1
texlive-eplain-bin-2017.20170520.svn3006-lp150.9.6.1
texlive-epspdf-bin-2017.20170520.svn29050-lp150.9.6.1
texlive-epstopdf-bin-2017.20170520.svn18336-lp150.9.6.1
texlive-exceltex-bin-2017.20170520.svn25860-lp150.9.6.1
texlive-fig4latex-bin-2017.20170520.svn14752-lp150.9.6.1
texlive-findhyph-bin-2017.20170520.svn14758-lp150.9.6.1
texlive-fontinst-bin-2017.20170520.svn29741-lp150.9.6.1
texlive-fontools-bin-2017.20170520.svn25997-lp150.9.6.1
texlive-fontware-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-fontware-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-fragmaster-bin-2017.20170520.svn13663-lp150.9.6.1
texlive-getmap-bin-2017.20170520.svn34971-lp150.9.6.1
texlive-glossaries-bin-2017.20170520.svn37813-lp150.9.6.1
texlive-gregoriotex-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-gregoriotex-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-gsftopk-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-gsftopk-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-jadetex-bin-2017.20170520.svn3006-lp150.9.6.1
texlive-kotex-utils-bin-2017.20170520.svn32101-lp150.9.6.1
texlive-kpathsea-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-kpathsea-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-kpathsea-devel-6.2.3-lp150.9.6.1
texlive-lacheck-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-lacheck-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-latex-bin-bin-2017.20170520.svn14050-lp150.9.6.1
texlive-latex-git-log-bin-2017.20170520.svn30983-lp150.9.6.1
texlive-latex-papersize-bin-2017.20170520.svn42296-lp150.9.6.1
texlive-latex2man-bin-2017.20170520.svn13663-lp150.9.6.1
texlive-latex2nemeth-bin-2017.20170520.svn42300-lp150.9.6.1
texlive-latexdiff-bin-2017.20170520.svn16420-lp150.9.6.1
texlive-latexfileversion-bin-2017.20170520.svn25012-lp150.9.6.1
texlive-latexindent-bin-2017.20170520.svn32150-lp150.9.6.1
texlive-latexmk-bin-2017.20170520.svn10937-lp150.9.6.1
texlive-latexpand-bin-2017.20170520.svn27025-lp150.9.6.1
texlive-lcdftypetools-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-lcdftypetools-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-lilyglyphs-bin-2017.20170520.svn31696-lp150.9.6.1
texlive-listbib-bin-2017.20170520.svn26126-lp150.9.6.1
texlive-listings-ext-bin-2017.20170520.svn15093-lp150.9.6.1
texlive-lollipop-bin-2017.20170520.svn41465-lp150.9.6.1
texlive-ltxfileinfo-bin-2017.20170520.svn29005-lp150.9.6.1
texlive-ltximg-bin-2017.20170520.svn32346-lp150.9.6.1
texlive-lua2dox-bin-2017.20170520.svn29053-lp150.9.6.1
texlive-luaotfload-bin-2017.20170520.svn34647-lp150.9.6.1
texlive-luatex-bin-2017.20170520.svn44549-lp150.9.6.1
texlive-luatex-bin-debuginfo-2017.20170520.svn44549-lp150.9.6.1
texlive-lwarp-bin-2017.20170520.svn43292-lp150.9.6.1
texlive-m-tx-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-m-tx-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-make4ht-bin-2017.20170520.svn37750-lp150.9.6.1
texlive-makedtx-bin-2017.20170520.svn38769-lp150.9.6.1
texlive-makeindex-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-makeindex-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-match_parens-bin-2017.20170520.svn23500-lp150.9.6.1
texlive-mathspic-bin-2017.20170520.svn23661-lp150.9.6.1
texlive-metafont-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-metafont-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-metapost-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-metapost-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-mex-bin-2017.20170520.svn3006-lp150.9.6.1
texlive-mf2pt1-bin-2017.20170520.svn23406-lp150.9.6.1
texlive-mflua-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-mflua-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-mfware-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-mfware-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-mkgrkindex-bin-2017.20170520.svn14428-lp150.9.6.1
texlive-mkjobtexmf-bin-2017.20170520.svn8457-lp150.9.6.1
texlive-mkpic-bin-2017.20170520.svn33688-lp150.9.6.1
texlive-mltex-bin-2017.20170520.svn3006-lp150.9.6.1
texlive-mptopdf-bin-2017.20170520.svn18674-lp150.9.6.1
texlive-multibibliography-bin-2017.20170520.svn30534-lp150.9.6.1
texlive-musixtex-bin-2017.20170520.svn37026-lp150.9.6.1
texlive-musixtnt-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-musixtnt-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-omegaware-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-omegaware-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-patgen-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-patgen-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-pax-bin-2017.20170520.svn10843-lp150.9.6.1
texlive-pdfbook2-bin-2017.20170520.svn37537-lp150.9.6.1
texlive-pdfcrop-bin-2017.20170520.svn14387-lp150.9.6.1
texlive-pdfjam-bin-2017.20170520.svn17868-lp150.9.6.1
texlive-pdflatexpicscale-bin-2017.20170520.svn41779-lp150.9.6.1
texlive-pdftex-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-pdftex-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-pdftools-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-pdftools-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-pdfxup-bin-2017.20170520.svn40690-lp150.9.6.1
texlive-pedigree-perl-bin-2017.20170520.svn25962-lp150.9.6.1
texlive-perltex-bin-2017.20170520.svn16181-lp150.9.6.1
texlive-petri-nets-bin-2017.20170520.svn39165-lp150.9.6.1
texlive-pfarrei-bin-2017.20170520.svn29348-lp150.9.6.1
texlive-pkfix-bin-2017.20170520.svn13364-lp150.9.6.1
texlive-pkfix-helper-bin-2017.20170520.svn13663-lp150.9.6.1
texlive-platex-bin-2017.20170520.svn22859-lp150.9.6.1
texlive-pmx-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-pmx-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-pmxchords-bin-2017.20170520.svn32405-lp150.9.6.1
texlive-ps2pk-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-ps2pk-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-pst-pdf-bin-2017.20170520.svn7838-lp150.9.6.1
texlive-pst2pdf-bin-2017.20170520.svn29333-lp150.9.6.1
texlive-pstools-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-pstools-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-ptex-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-ptex-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-ptex-fontmaps-bin-2017.20170520.svn44206-lp150.9.6.1
texlive-ptex2pdf-bin-2017.20170520.svn29335-lp150.9.6.1
texlive-ptexenc-devel-1.3.5-lp150.9.6.1
texlive-purifyeps-bin-2017.20170520.svn13663-lp150.9.6.1
texlive-pygmentex-bin-2017.20170520.svn34996-lp150.9.6.1
texlive-pythontex-bin-2017.20170520.svn31638-lp150.9.6.1
texlive-rubik-bin-2017.20170520.svn32919-lp150.9.6.1
texlive-seetexk-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-seetexk-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-splitindex-bin-2017.20170520.svn29688-lp150.9.6.1
texlive-srcredact-bin-2017.20170520.svn38710-lp150.9.6.1
texlive-sty2dtx-bin-2017.20170520.svn21215-lp150.9.6.1
texlive-svn-multi-bin-2017.20170520.svn13663-lp150.9.6.1
texlive-synctex-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-synctex-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-synctex-devel-1.18-lp150.9.6.1
texlive-tetex-bin-2017.20170520.svn43957-lp150.9.6.1
texlive-tex-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-tex-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-tex4ebook-bin-2017.20170520.svn37771-lp150.9.6.1
texlive-tex4ht-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-tex4ht-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-texconfig-bin-2017.20170520.svn29741-lp150.9.6.1
texlive-texcount-bin-2017.20170520.svn13013-lp150.9.6.1
texlive-texdef-bin-2017.20170520.svn21802-lp150.9.6.1
texlive-texdiff-bin-2017.20170520.svn15506-lp150.9.6.1
texlive-texdirflatten-bin-2017.20170520.svn12782-lp150.9.6.1
texlive-texdoc-bin-2017.20170520.svn29741-lp150.9.6.1
texlive-texfot-bin-2017.20170520.svn33155-lp150.9.6.1
texlive-texliveonfly-bin-2017.20170520.svn24062-lp150.9.6.1
texlive-texloganalyser-bin-2017.20170520.svn13663-lp150.9.6.1
texlive-texlua-devel-5.2.4-lp150.9.6.1
texlive-texluajit-devel-2.1.0beta2-lp150.9.6.1
texlive-texosquery-bin-2017.20170520.svn43596-lp150.9.6.1
texlive-texsis-bin-2017.20170520.svn3006-lp150.9.6.1
texlive-texware-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-texware-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-thumbpdf-bin-2017.20170520.svn6898-lp150.9.6.1
texlive-tie-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-tie-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-tpic2pdftex-bin-2017.20170520.svn29741-lp150.9.6.1
texlive-ttfutils-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-ttfutils-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-typeoutfileinfo-bin-2017.20170520.svn25648-lp150.9.6.1
texlive-ulqda-bin-2017.20170520.svn13663-lp150.9.6.1
texlive-uplatex-bin-2017.20170520.svn26326-lp150.9.6.1
texlive-uptex-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-uptex-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-urlbst-bin-2017.20170520.svn23262-lp150.9.6.1
texlive-velthuis-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-velthuis-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-vlna-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-vlna-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-vpe-bin-2017.20170520.svn6897-lp150.9.6.1
texlive-web-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-web-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-xdvi-bin-2017.20170520.svn44143-lp150.9.6.1
texlive-xdvi-bin-debuginfo-2017.20170520.svn44143-lp150.9.6.1
texlive-xetex-bin-2017.20170520.svn44361-lp150.9.6.1
texlive-xetex-bin-debuginfo-2017.20170520.svn44361-lp150.9.6.1
texlive-xmltex-bin-2017.20170520.svn3006-lp150.9.6.1
texlive-yplan-bin-2017.20170520.svn34398-lp150.9.6.1

- openSUSE Leap 15.0 (noarch):

perl-biber-2017.20170520.svn30357-lp150.9.6.1
texlive-biber-bin-2017.20170520.svn42679-lp150.9.6.1
texlive-diadia-bin-2017.20170520.svn37645-lp150.9.6.1


References:

https://www.suse.com/security/cve/CVE-2018-17407.html
https://bugzilla.suse.com/1109673

--


openSUSE-SU-2018:3218-1: moderate: Security update for axis

openSUSE Security Update: Security update for axis
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3218-1
Rating: moderate
References: #1103658
Cross-References: CVE-2018-8032
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for axis fixes the following security issue:

- CVE-2018-8032: Prevent cross-site scripting (XSS) attack in the default
servlet/services (bsc#1103658).

This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1188=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1188=1



Package List:

- openSUSE Leap 42.3 (noarch):

axis-1.4-295.3.1
axis-javadoc-1.4-295.3.1
axis-manual-1.4-295.3.1

- openSUSE Leap 15.0 (noarch):

axis-1.4-lp150.4.3.1
axis-manual-1.4-lp150.4.3.1


References:

https://www.suse.com/security/cve/CVE-2018-8032.html
https://bugzilla.suse.com/1103658

--