SUSE 5153 Published by

The following updates has been released for openSUSE:

openSUSE-SU-2019:0207-1: moderate: Security update for php7
openSUSE-SU-2019:0208-1: important: Security update for runc
openSUSE-SU-2019:0212-1: moderate: Security update for pspp, spread-sheet-widget
openSUSE-SU-2019:0214-1: Security update for GraphicsMagick
openSUSE-SU-2019:0215-1: Security update for GraphicsMagick
openSUSE-SU-2019:0216-1: important: Security update for chromium



openSUSE-SU-2019:0207-1: moderate: Security update for php7

openSUSE Security Update: Security update for php7
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:0207-1
Rating: moderate
References: #1118832 #1123354 #1123522
Cross-References: CVE-2018-19935 CVE-2019-6977 CVE-2019-6978

Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for php7 fixes the following issues:

Security issue fixed:

- CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics
Library used in the imagecolormatch function (bsc#1123354).
- CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions
(bsc#1123522).
- CVE-2018-19935: Fixed a Denial of Service in php_imap.c which could be
triggered via an empty string in the message argument to imap_mail
(bsc#1118832).

This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-207=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

apache2-mod_php7-7.0.7-55.1
apache2-mod_php7-debuginfo-7.0.7-55.1
php7-7.0.7-55.1
php7-bcmath-7.0.7-55.1
php7-bcmath-debuginfo-7.0.7-55.1
php7-bz2-7.0.7-55.1
php7-bz2-debuginfo-7.0.7-55.1
php7-calendar-7.0.7-55.1
php7-calendar-debuginfo-7.0.7-55.1
php7-ctype-7.0.7-55.1
php7-ctype-debuginfo-7.0.7-55.1
php7-curl-7.0.7-55.1
php7-curl-debuginfo-7.0.7-55.1
php7-dba-7.0.7-55.1
php7-dba-debuginfo-7.0.7-55.1
php7-debuginfo-7.0.7-55.1
php7-debugsource-7.0.7-55.1
php7-devel-7.0.7-55.1
php7-dom-7.0.7-55.1
php7-dom-debuginfo-7.0.7-55.1
php7-enchant-7.0.7-55.1
php7-enchant-debuginfo-7.0.7-55.1
php7-exif-7.0.7-55.1
php7-exif-debuginfo-7.0.7-55.1
php7-fastcgi-7.0.7-55.1
php7-fastcgi-debuginfo-7.0.7-55.1
php7-fileinfo-7.0.7-55.1
php7-fileinfo-debuginfo-7.0.7-55.1
php7-firebird-7.0.7-55.1
php7-firebird-debuginfo-7.0.7-55.1
php7-fpm-7.0.7-55.1
php7-fpm-debuginfo-7.0.7-55.1
php7-ftp-7.0.7-55.1
php7-ftp-debuginfo-7.0.7-55.1
php7-gd-7.0.7-55.1
php7-gd-debuginfo-7.0.7-55.1
php7-gettext-7.0.7-55.1
php7-gettext-debuginfo-7.0.7-55.1
php7-gmp-7.0.7-55.1
php7-gmp-debuginfo-7.0.7-55.1
php7-iconv-7.0.7-55.1
php7-iconv-debuginfo-7.0.7-55.1
php7-imap-7.0.7-55.1
php7-imap-debuginfo-7.0.7-55.1
php7-intl-7.0.7-55.1
php7-intl-debuginfo-7.0.7-55.1
php7-json-7.0.7-55.1
php7-json-debuginfo-7.0.7-55.1
php7-ldap-7.0.7-55.1
php7-ldap-debuginfo-7.0.7-55.1
php7-mbstring-7.0.7-55.1
php7-mbstring-debuginfo-7.0.7-55.1
php7-mcrypt-7.0.7-55.1
php7-mcrypt-debuginfo-7.0.7-55.1
php7-mysql-7.0.7-55.1
php7-mysql-debuginfo-7.0.7-55.1
php7-odbc-7.0.7-55.1
php7-odbc-debuginfo-7.0.7-55.1
php7-opcache-7.0.7-55.1
php7-opcache-debuginfo-7.0.7-55.1
php7-openssl-7.0.7-55.1
php7-openssl-debuginfo-7.0.7-55.1
php7-pcntl-7.0.7-55.1
php7-pcntl-debuginfo-7.0.7-55.1
php7-pdo-7.0.7-55.1
php7-pdo-debuginfo-7.0.7-55.1
php7-pgsql-7.0.7-55.1
php7-pgsql-debuginfo-7.0.7-55.1
php7-phar-7.0.7-55.1
php7-phar-debuginfo-7.0.7-55.1
php7-posix-7.0.7-55.1
php7-posix-debuginfo-7.0.7-55.1
php7-pspell-7.0.7-55.1
php7-pspell-debuginfo-7.0.7-55.1
php7-readline-7.0.7-55.1
php7-readline-debuginfo-7.0.7-55.1
php7-shmop-7.0.7-55.1
php7-shmop-debuginfo-7.0.7-55.1
php7-snmp-7.0.7-55.1
php7-snmp-debuginfo-7.0.7-55.1
php7-soap-7.0.7-55.1
php7-soap-debuginfo-7.0.7-55.1
php7-sockets-7.0.7-55.1
php7-sockets-debuginfo-7.0.7-55.1
php7-sqlite-7.0.7-55.1
php7-sqlite-debuginfo-7.0.7-55.1
php7-sysvmsg-7.0.7-55.1
php7-sysvmsg-debuginfo-7.0.7-55.1
php7-sysvsem-7.0.7-55.1
php7-sysvsem-debuginfo-7.0.7-55.1
php7-sysvshm-7.0.7-55.1
php7-sysvshm-debuginfo-7.0.7-55.1
php7-tidy-7.0.7-55.1
php7-tidy-debuginfo-7.0.7-55.1
php7-tokenizer-7.0.7-55.1
php7-tokenizer-debuginfo-7.0.7-55.1
php7-wddx-7.0.7-55.1
php7-wddx-debuginfo-7.0.7-55.1
php7-xmlreader-7.0.7-55.1
php7-xmlreader-debuginfo-7.0.7-55.1
php7-xmlrpc-7.0.7-55.1
php7-xmlrpc-debuginfo-7.0.7-55.1
php7-xmlwriter-7.0.7-55.1
php7-xmlwriter-debuginfo-7.0.7-55.1
php7-xsl-7.0.7-55.1
php7-xsl-debuginfo-7.0.7-55.1
php7-zip-7.0.7-55.1
php7-zip-debuginfo-7.0.7-55.1
php7-zlib-7.0.7-55.1
php7-zlib-debuginfo-7.0.7-55.1

- openSUSE Leap 42.3 (noarch):

php7-pear-7.0.7-55.1
php7-pear-Archive_Tar-7.0.7-55.1


References:

https://www.suse.com/security/cve/CVE-2018-19935.html
https://www.suse.com/security/cve/CVE-2019-6977.html
https://www.suse.com/security/cve/CVE-2019-6978.html
https://bugzilla.suse.com/1118832
https://bugzilla.suse.com/1123354
https://bugzilla.suse.com/1123522

--


openSUSE-SU-2019:0208-1: important: Security update for runc

openSUSE Security Update: Security update for runc
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:0208-1
Rating: important
References: #1095817 #1118897 #1118898 #1118899 #1121967

Cross-References: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875
CVE-2019-5736
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves four vulnerabilities and has one
errata is now available.

Description:

This update for runc fixes the following issues:

Security vulnerablities addressed:

- CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to
avoid write attacks to the host runc binary, which could lead to a
container breakout (bsc#1121967)
- CVE-2018-16873: Fix a remote command execution during "go get -u"
(boo#1118897)
- CVE-2018-16874: Fix a directory traversal in "go get" via curly braces
in import paths (boo#1118898)
- CVE-2018-16875: Fix a CPU denial of service issue (boo#1118899)

Other changes and bug fixes:

- Update go requirements to >= go1.10
- Create a symlink in /usr/bin/runc to enable rootless Podman and Buildah.
- Make use of %license macro
- Remove 'go test' from %check section, as it has only ever caused us
problems and hasn't (as far as I remember) ever caught a
release-blocking issue. Smoke testing has been far more useful.
(boo#1095817)
- Upgrade to runc v1.0.0~rc6. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc6


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-208=1



Package List:

- openSUSE Leap 15.0 (x86_64):

runc-1.0.0~rc6-lp150.2.3.1
runc-debuginfo-1.0.0~rc6-lp150.2.3.1

- openSUSE Leap 15.0 (noarch):

runc-test-1.0.0~rc6-lp150.2.3.1


References:

https://www.suse.com/security/cve/CVE-2018-16873.html
https://www.suse.com/security/cve/CVE-2018-16874.html
https://www.suse.com/security/cve/CVE-2018-16875.html
https://www.suse.com/security/cve/CVE-2019-5736.html
https://bugzilla.suse.com/1095817
https://bugzilla.suse.com/1118897
https://bugzilla.suse.com/1118898
https://bugzilla.suse.com/1118899
https://bugzilla.suse.com/1121967

--


openSUSE-SU-2019:0212-1: moderate: Security update for pspp, spread-sheet-widget

openSUSE Security Update: Security update for pspp, spread-sheet-widget
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:0212-1
Rating: moderate
References: #1120061
Cross-References: CVE-2018-20230
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for pspp to version 1.2.0 fixes the following issues:

Security issue fixed:

- CVE-2018-20230: Fixed a heap-based buffer overflow in
read_bytes_internal function that could lead to denial-of-service
(bsc#1120061).

Other bug fixes and changes:

- Add upstream patch to avoid compiling with old Texinfo 4.13.
- New experimental command SAVE DATA COLLECTION to save MDD files.
- MTIME and YMDHMS variable formats now supported.
- Spread sheet rendering now done via spread-sheet-widget.

This update introduces a new package called spread-sheet-widget as
dependency.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-212=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

libspread-sheet-widget0-0.3-2.1
libspread-sheet-widget0-debuginfo-0.3-2.1
spread-sheet-widget-debugsource-0.3-2.1
spread-sheet-widget-devel-0.3-2.1

- openSUSE Leap 42.3 (x86_64):

pspp-1.2.0-11.1
pspp-debuginfo-1.2.0-11.1
pspp-debugsource-1.2.0-11.1
pspp-devel-1.2.0-11.1


References:

https://www.suse.com/security/cve/CVE-2018-20230.html
https://bugzilla.suse.com/1120061

--


openSUSE-SU-2019:0214-1: Security update for GraphicsMagick

openSUSE Security Update: Security update for GraphicsMagick
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:0214-1
Rating: low
References: #1124366
Cross-References: CVE-2019-7397
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for GraphicsMagick fixes the following issues:

Security issue fixed:

- CVE-2019-7397: Fixed a Memory leak in WritePDFImage function in pdf.c
(bsc#1124366).


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-214=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

GraphicsMagick-1.3.25-126.1
GraphicsMagick-debuginfo-1.3.25-126.1
GraphicsMagick-debugsource-1.3.25-126.1
GraphicsMagick-devel-1.3.25-126.1
libGraphicsMagick++-Q16-12-1.3.25-126.1
libGraphicsMagick++-Q16-12-debuginfo-1.3.25-126.1
libGraphicsMagick++-devel-1.3.25-126.1
libGraphicsMagick-Q16-3-1.3.25-126.1
libGraphicsMagick-Q16-3-debuginfo-1.3.25-126.1
libGraphicsMagick3-config-1.3.25-126.1
libGraphicsMagickWand-Q16-2-1.3.25-126.1
libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-126.1
perl-GraphicsMagick-1.3.25-126.1
perl-GraphicsMagick-debuginfo-1.3.25-126.1


References:

https://www.suse.com/security/cve/CVE-2019-7397.html
https://bugzilla.suse.com/1124366

--


openSUSE-SU-2019:0215-1: Security update for GraphicsMagick

openSUSE Security Update: Security update for GraphicsMagick
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:0215-1
Rating: low
References: #1124366
Cross-References: CVE-2019-7397
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for GraphicsMagick fixes the following issues:

Security issue fixed:

- CVE-2019-7397: Fixed a Memory leak in function WritePDFImage in pdf.c
(bsc#1124366)


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-215=1



Package List:

- openSUSE Leap 15.0 (x86_64):

GraphicsMagick-1.3.29-lp150.3.21.1
GraphicsMagick-debuginfo-1.3.29-lp150.3.21.1
GraphicsMagick-debugsource-1.3.29-lp150.3.21.1
GraphicsMagick-devel-1.3.29-lp150.3.21.1
libGraphicsMagick++-Q16-12-1.3.29-lp150.3.21.1
libGraphicsMagick++-Q16-12-debuginfo-1.3.29-lp150.3.21.1
libGraphicsMagick++-devel-1.3.29-lp150.3.21.1
libGraphicsMagick-Q16-3-1.3.29-lp150.3.21.1
libGraphicsMagick-Q16-3-debuginfo-1.3.29-lp150.3.21.1
libGraphicsMagick3-config-1.3.29-lp150.3.21.1
libGraphicsMagickWand-Q16-2-1.3.29-lp150.3.21.1
libGraphicsMagickWand-Q16-2-debuginfo-1.3.29-lp150.3.21.1
perl-GraphicsMagick-1.3.29-lp150.3.21.1
perl-GraphicsMagick-debuginfo-1.3.29-lp150.3.21.1


References:

https://www.suse.com/security/cve/CVE-2019-7397.html
https://bugzilla.suse.com/1124366

--


openSUSE-SU-2019:0216-1: important: Security update for chromium

openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:0216-1
Rating: important
References: #1123641 #1124936
Cross-References: CVE-2019-5754 CVE-2019-5755 CVE-2019-5756
CVE-2019-5757 CVE-2019-5758 CVE-2019-5759
CVE-2019-5760 CVE-2019-5761 CVE-2019-5762
CVE-2019-5763 CVE-2019-5764 CVE-2019-5765
CVE-2019-5766 CVE-2019-5767 CVE-2019-5768
CVE-2019-5769 CVE-2019-5770 CVE-2019-5771
CVE-2019-5772 CVE-2019-5773 CVE-2019-5774
CVE-2019-5775 CVE-2019-5776 CVE-2019-5777
CVE-2019-5778 CVE-2019-5779 CVE-2019-5780
CVE-2019-5781 CVE-2019-5782 CVE-2019-5784

Affected Products:
openSUSE Backports SLE-15
______________________________________________________________________________

An update that fixes 30 vulnerabilities is now available.

Description:

This update for Chromium to version 72.0.3626.96 fixes the following
issues:

Security issues fixed (bsc#1123641 and bsc#1124936):

- CVE-2019-5784: Inappropriate implementation in V8
- CVE-2019-5754: Inappropriate implementation in QUIC Networking.
- CVE-2019-5782: Inappropriate implementation in V8.
- CVE-2019-5755: Inappropriate implementation in V8.
- CVE-2019-5756: Use after free in PDFium.
- CVE-2019-5757: Type Confusion in SVG.
- CVE-2019-5758: Use after free in Blink.
- CVE-2019-5759: Use after free in HTML select elements.
- CVE-2019-5760: Use after free in WebRTC.
- CVE-2019-5761: Use after free in SwiftShader.
- CVE-2019-5762: Use after free in PDFium.
- CVE-2019-5763: Insufficient validation of untrusted input in V8.
- CVE-2019-5764: Use after free in WebRTC.
- CVE-2019-5765: Insufficient policy enforcement in the browser.
- CVE-2019-5766: Insufficient policy enforcement in Canvas.
- CVE-2019-5767: Incorrect security UI in WebAPKs.
- CVE-2019-5768: Insufficient policy enforcement in DevTools.
- CVE-2019-5769: Insufficient validation of untrusted input in Blink.
- CVE-2019-5770: Heap buffer overflow in WebGL.
- CVE-2019-5771: Heap buffer overflow in SwiftShader.
- CVE-2019-5772: Use after free in PDFium.
- CVE-2019-5773: Insufficient data validation in IndexedDB.
- CVE-2019-5774: Insufficient validation of untrusted input in
SafeBrowsing.
- CVE-2019-5775: Insufficient policy enforcement in Omnibox.
- CVE-2019-5776: Insufficient policy enforcement in Omnibox.
- CVE-2019-5777: Insufficient policy enforcement in Omnibox.
- CVE-2019-5778: Insufficient policy enforcement in Extensions.
- CVE-2019-5779: Insufficient policy enforcement in ServiceWorker.
- CVE-2019-5780: Insufficient policy enforcement.
- CVE-2019-5781: Insufficient policy enforcement in Omnibox.

For a full list of changes refer to
https://chromereleases.googleblog.com/2019/02/stable-channel-update-for-des
ktop.html

This update was imported from the openSUSE:Leap:15.0:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2019-216=1



Package List:

- openSUSE Backports SLE-15 (aarch64 x86_64):

chromedriver-72.0.3626.96-bp150.2.32.1
chromium-72.0.3626.96-bp150.2.32.1


References:

https://www.suse.com/security/cve/CVE-2019-5754.html
https://www.suse.com/security/cve/CVE-2019-5755.html
https://www.suse.com/security/cve/CVE-2019-5756.html
https://www.suse.com/security/cve/CVE-2019-5757.html
https://www.suse.com/security/cve/CVE-2019-5758.html
https://www.suse.com/security/cve/CVE-2019-5759.html
https://www.suse.com/security/cve/CVE-2019-5760.html
https://www.suse.com/security/cve/CVE-2019-5761.html
https://www.suse.com/security/cve/CVE-2019-5762.html
https://www.suse.com/security/cve/CVE-2019-5763.html
https://www.suse.com/security/cve/CVE-2019-5764.html
https://www.suse.com/security/cve/CVE-2019-5765.html
https://www.suse.com/security/cve/CVE-2019-5766.html
https://www.suse.com/security/cve/CVE-2019-5767.html
https://www.suse.com/security/cve/CVE-2019-5768.html
https://www.suse.com/security/cve/CVE-2019-5769.html
https://www.suse.com/security/cve/CVE-2019-5770.html
https://www.suse.com/security/cve/CVE-2019-5771.html
https://www.suse.com/security/cve/CVE-2019-5772.html
https://www.suse.com/security/cve/CVE-2019-5773.html
https://www.suse.com/security/cve/CVE-2019-5774.html
https://www.suse.com/security/cve/CVE-2019-5775.html
https://www.suse.com/security/cve/CVE-2019-5776.html
https://www.suse.com/security/cve/CVE-2019-5777.html
https://www.suse.com/security/cve/CVE-2019-5778.html
https://www.suse.com/security/cve/CVE-2019-5779.html
https://www.suse.com/security/cve/CVE-2019-5780.html
https://www.suse.com/security/cve/CVE-2019-5781.html
https://www.suse.com/security/cve/CVE-2019-5782.html
https://www.suse.com/security/cve/CVE-2019-5784.html
https://bugzilla.suse.com/1123641
https://bugzilla.suse.com/1124936

--