SUSE 5185 Published by

The following updates has been released for openSUSE:

openSUSE-SU-2019:0251-1: important: Security update for MozillaThunderbird
openSUSE-SU-2019:0252-1: important: Security update for docker-runc
openSUSE-SU-2019:0254-1: important: Security update for qemu
openSUSE-SU-2019:0255-1: important: Security update for systemd
openSUSE-SU-2019:0261-1: important: Security update for gvfs
openSUSE-SU-2019:0265-1: moderate: Security update for libqt5-qtbase



openSUSE-SU-2019:0251-1: important: Security update for MozillaThunderbird

openSUSE Security Update: Security update for MozillaThunderbird
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:0251-1
Rating: important
References: #1119105 #1122983 #1125330
Cross-References: CVE-2016-5824 CVE-2018-12405 CVE-2018-17466
CVE-2018-18335 CVE-2018-18356 CVE-2018-18492
CVE-2018-18493 CVE-2018-18494 CVE-2018-18498
CVE-2018-18500 CVE-2018-18501 CVE-2018-18505
CVE-2018-18509 CVE-2019-5785
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes 14 vulnerabilities is now available.

Description:

This update for MozillaThunderbird to version 60.5.1 fixes the following
issues:

Security vulnerabilities addressed (MSFA 2019-03 MSFA 2018-31 MFSA
2019-06 bsc#1122983 bsc#1119105 bsc#1125330):

- CVE-2018-18356: Fixed a Use-after-free in Skia.
- CVE-2019-5785: Fixed an Integer overflow in Skia.
- CVE-2018-18335: Fixed a Buffer overflow in Skia by default deactivating
Canvas 2D. This issue does not affect Linuc distributions.
- CVE-2018-18509: Fixed a flaw which during verification of certain S/MIME
signatures showing mistekenly that emails bring a valid sugnature.
- CVE-2018-18500: Use-after-free parsing HTML5 stream
- CVE-2018-18505: Privilege escalation through IPC channel messages
- CVE-2016-5824 DoS (use-after-free) via a crafted ics file
- CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR
60.5
- CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library
with TextureStorage11
- CVE-2018-18492: Use-after-free with select element
- CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia
- CVE-2018-18494: Same-origin policy violation using location attribute
and performance.getEntries to steal cross-origin URLs
- CVE-2018-18498: Integer overflow when calculating buffer sizes for images
- CVE-2018-12405: Memory safety bugs fixed in Firefox 64, 60.4, and
Thunderbird 60.4

Other bug fixes and changes:

- FileLink provider WeTransfer to upload large attachments
- Thunderbird now allows the addition of OpenSearch search engines from a
local XML file using a minimal user interface: [+] button to select a
file an add, [-] to remove.
- More search engines: Google and DuckDuckGo available by default in some
locales
- During account creation, Thunderbird will now detect servers using the
Microsoft Exchange protocol. It will offer the installation of a 3rd
party add-on (Owl) which supports that protocol.
- Thunderbird now compatible with other WebExtension-based FileLink
add-ons like the Dropbox add-on
- New WebExtensions FileLink API to facilitate add-ons
- Fix decoding problems for messages with less common charsets (cp932,
cp936)
- New messages in the drafts folder (and other special or virtual folders)
will no longer be included in the new messages notification
- Thunderbird 60 will migrate security databases (key3.db, cert8.db to
key4.db, cert9.db).
- Address book search and auto-complete slowness
- Plain text markup with * for bold, / for italics, _ for underline and |
for code did not work when the enclosed text contained non-ASCII
characters
- While composing a message, a link not removed when link location was
removed in the link properties panel
- Encoding problems when exporting address books or messages using the
system charset. Messages are now always exported using the UTF-8 encoding
- If the "Date" header of a message was invalid, Jan 1970 or Dec 1969 was
displayed. Now using date from "Received" header instead.
- Body search/filtering didn't reliably ignore content of tags
- Inappropriate warning "Thunderbird prevented the site
(addons.thunderbird.net) from asking you to install software on your
computer" when installing add-ons
- Incorrect display of correspondents column since own email address was
not always detected
- Spurious (encoded newline) inserted into drafts and sent email
- Double-clicking on a word in the Write window sometimes launched the
Advanced Property Editor or Link Properties dialog
- Fixed Cookie removal
- "Download rest of message" was not working if global inbox was used
- Fix Encoding problems for users (especially in Poland) when a file was
sent via a folder using "Sent to > Mail recipient" due to a problem in
the Thunderbird MAPI interface
- According to RFC 4616 and RFC 5721, passwords containing non-ASCII
characters are encoded using UTF-8 which can lead to problems with
non-compliant providers, for example office365.com. The SMTP LOGIN and
POP3 USER/PASS authentication methods are now using a Latin-1 encoding
again to work around this issue
- Fix shutdown crash/hang after entering an empty IMAP password

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-251=1



Package List:

- openSUSE Leap 15.0 (x86_64):

MozillaThunderbird-60.5.1-lp150.3.30.1
MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1
MozillaThunderbird-debuginfo-60.5.1-lp150.3.30.1
MozillaThunderbird-debugsource-60.5.1-lp150.3.30.1
MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1
MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1


References:

https://www.suse.com/security/cve/CVE-2016-5824.html
https://www.suse.com/security/cve/CVE-2018-12405.html
https://www.suse.com/security/cve/CVE-2018-17466.html
https://www.suse.com/security/cve/CVE-2018-18335.html
https://www.suse.com/security/cve/CVE-2018-18356.html
https://www.suse.com/security/cve/CVE-2018-18492.html
https://www.suse.com/security/cve/CVE-2018-18493.html
https://www.suse.com/security/cve/CVE-2018-18494.html
https://www.suse.com/security/cve/CVE-2018-18498.html
https://www.suse.com/security/cve/CVE-2018-18500.html
https://www.suse.com/security/cve/CVE-2018-18501.html
https://www.suse.com/security/cve/CVE-2018-18505.html
https://www.suse.com/security/cve/CVE-2018-18509.html
https://www.suse.com/security/cve/CVE-2019-5785.html
https://bugzilla.suse.com/1119105
https://bugzilla.suse.com/1122983
https://bugzilla.suse.com/1125330

--


openSUSE-SU-2019:0252-1: important: Security update for docker-runc

openSUSE Security Update: Security update for docker-runc
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:0252-1
Rating: important
References: #1121967
Cross-References: CVE-2019-5736
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for docker-runc fixes the following issues:

Security issue fixed:

- CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to
avoid write attacks to the host runc binary, which could lead to a
container breakout (bsc#1121967)

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-252=1



Package List:

- openSUSE Leap 15.0 (noarch):

docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1

- openSUSE Leap 15.0 (x86_64):

docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1
docker-runc-debuginfo-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1


References:

https://www.suse.com/security/cve/CVE-2019-5736.html
https://bugzilla.suse.com/1121967

--


openSUSE-SU-2019:0254-1: important: Security update for qemu

openSUSE Security Update: Security update for qemu
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:0254-1
Rating: important
References: #1063993 #1079730 #1100408 #1101982 #1112646
#1114957 #1116717 #1117275 #1119493 #1121600
#1123156 #1123179
Cross-References: CVE-2018-16872 CVE-2018-18954 CVE-2018-19364
CVE-2018-19489 CVE-2019-6778
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves 5 vulnerabilities and has 7 fixes is
now available.

Description:

This update for qemu fixes the following issues:

Security issues fixed:

- CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP
networking implementation (bsc#1123156).
- CVE-2018-16872: Fixed a host security vulnerability related to handling
symlinks in usb-mtp (bsc#1119493).
- CVE-2018-19489: Fixed a denial of service vulnerability in virtfs
(bsc#1117275).
- CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting
in a denial of service (bsc#1116717).
- CVE-2018-18954: Fixed a denial of service vulnerability related to
PowerPC PowerNV memory operations (bsc#1114957).

Non-security issues fixed:

- Improved disk performance for qemu on xen (bsc#1100408).
- Fixed xen offline migration (bsc#1079730, bsc#1101982, bsc#1063993).
- Fixed pwrite64/pread64/write to return 0 over -1 for a zero length NULL
buffer in qemu (bsc#1121600).
- Use /bin/bash to echo value into sys fs for ksm control (bsc#1112646).
- Return specification exception for unimplemented diag 308 subcodes
rather than a hardware error (bsc#1123179).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-254=1



Package List:

- openSUSE Leap 15.0 (noarch):

qemu-ipxe-1.0.0+-lp150.7.18.1
qemu-seabios-1.11.0-lp150.7.18.1
qemu-sgabios-8-lp150.7.18.1
qemu-vgabios-1.11.0-lp150.7.18.1

- openSUSE Leap 15.0 (x86_64):

qemu-2.11.2-lp150.7.18.1
qemu-arm-2.11.2-lp150.7.18.1
qemu-arm-debuginfo-2.11.2-lp150.7.18.1
qemu-block-curl-2.11.2-lp150.7.18.1
qemu-block-curl-debuginfo-2.11.2-lp150.7.18.1
qemu-block-dmg-2.11.2-lp150.7.18.1
qemu-block-dmg-debuginfo-2.11.2-lp150.7.18.1
qemu-block-gluster-2.11.2-lp150.7.18.1
qemu-block-gluster-debuginfo-2.11.2-lp150.7.18.1
qemu-block-iscsi-2.11.2-lp150.7.18.1
qemu-block-iscsi-debuginfo-2.11.2-lp150.7.18.1
qemu-block-rbd-2.11.2-lp150.7.18.1
qemu-block-rbd-debuginfo-2.11.2-lp150.7.18.1
qemu-block-ssh-2.11.2-lp150.7.18.1
qemu-block-ssh-debuginfo-2.11.2-lp150.7.18.1
qemu-debuginfo-2.11.2-lp150.7.18.1
qemu-debugsource-2.11.2-lp150.7.18.1
qemu-extra-2.11.2-lp150.7.18.1
qemu-extra-debuginfo-2.11.2-lp150.7.18.1
qemu-guest-agent-2.11.2-lp150.7.18.1
qemu-guest-agent-debuginfo-2.11.2-lp150.7.18.1
qemu-ksm-2.11.2-lp150.7.18.1
qemu-kvm-2.11.2-lp150.7.18.1
qemu-lang-2.11.2-lp150.7.18.1
qemu-linux-user-2.11.2-lp150.7.18.1
qemu-linux-user-debuginfo-2.11.2-lp150.7.18.1
qemu-linux-user-debugsource-2.11.2-lp150.7.18.1
qemu-ppc-2.11.2-lp150.7.18.1
qemu-ppc-debuginfo-2.11.2-lp150.7.18.1
qemu-s390-2.11.2-lp150.7.18.1
qemu-s390-debuginfo-2.11.2-lp150.7.18.1
qemu-testsuite-2.11.2-lp150.7.18.1
qemu-tools-2.11.2-lp150.7.18.1
qemu-tools-debuginfo-2.11.2-lp150.7.18.1
qemu-x86-2.11.2-lp150.7.18.1
qemu-x86-debuginfo-2.11.2-lp150.7.18.1


References:

https://www.suse.com/security/cve/CVE-2018-16872.html
https://www.suse.com/security/cve/CVE-2018-18954.html
https://www.suse.com/security/cve/CVE-2018-19364.html
https://www.suse.com/security/cve/CVE-2018-19489.html
https://www.suse.com/security/cve/CVE-2019-6778.html
https://bugzilla.suse.com/1063993
https://bugzilla.suse.com/1079730
https://bugzilla.suse.com/1100408
https://bugzilla.suse.com/1101982
https://bugzilla.suse.com/1112646
https://bugzilla.suse.com/1114957
https://bugzilla.suse.com/1116717
https://bugzilla.suse.com/1117275
https://bugzilla.suse.com/1119493
https://bugzilla.suse.com/1121600
https://bugzilla.suse.com/1123156
https://bugzilla.suse.com/1123179

--


openSUSE-SU-2019:0255-1: important: Security update for systemd

openSUSE Security Update: Security update for systemd
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:0255-1
Rating: important
References: #1117025 #1121563 #1122000 #1123333 #1123727
#1123892 #1124153 #1125352
Cross-References: CVE-2019-6454
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves one vulnerability and has 7 fixes is
now available.

Description:

This update for systemd fixes the following issues:

- CVE-2019-6454: Overlong DBUS messages could be used to crash systemd
(bsc#1125352)

- units: make sure initrd-cleanup.service terminates before switching to
rootfs (bsc#1123333)
- logind: fix bad error propagation
- login: log session state "closing" (as well as New/Removed)
- logind: fix borked r check
- login: don't remove all devices from PID1 when only one was removed
- login: we only allow opening character devices
- login: correct comment in session_device_free()
- login: remember that fds received from PID1 need to be removed eventually
- login: fix FDNAME in call to sd_pid_notify_with_fds()
- logind: fd 0 is a valid fd
- logind: rework sd_eviocrevoke()
- logind: check file is device node before using .st_rdev
- logind: use the new FDSTOREREMOVE=1 sd_notify() message (bsc#1124153)
- core: add a new sd_notify() message for removing fds from the FD store
again
- logind: make sure we don't trip up on half-initialized session devices
(bsc#1123727)
- fd-util: accept that kcmp might fail with EPERM/EACCES
- core: Fix use after free case in load_from_path() (bsc#1121563)
- core: include Found state in device dumps
- device: fix serialization and deserialization of DeviceFound
- fix path in btrfs rule (#6844)
- assemble multidevice btrfs volumes without external tools (#6607)
(bsc#1117025)
- Update systemd-system.conf.xml (bsc#1122000)
- units: inform user that the default target is started after exiting from
rescue or emergency mode
- core: free lines after reading them (bsc#1123892)
- sd-bus: if we receive an invalid dbus message, ignore and proceeed
- automount: don't pass non-blocking pipe to kernel.

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-255=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

libsystemd0-234-lp150.20.15.1
libsystemd0-debuginfo-234-lp150.20.15.1
libsystemd0-mini-234-lp150.20.15.1
libsystemd0-mini-debuginfo-234-lp150.20.15.1
libudev-devel-234-lp150.20.15.1
libudev-mini-devel-234-lp150.20.15.1
libudev-mini1-234-lp150.20.15.1
libudev-mini1-debuginfo-234-lp150.20.15.1
libudev1-234-lp150.20.15.1
libudev1-debuginfo-234-lp150.20.15.1
nss-myhostname-234-lp150.20.15.1
nss-myhostname-debuginfo-234-lp150.20.15.1
nss-mymachines-234-lp150.20.15.1
nss-mymachines-debuginfo-234-lp150.20.15.1
nss-systemd-234-lp150.20.15.1
nss-systemd-debuginfo-234-lp150.20.15.1
systemd-234-lp150.20.15.1
systemd-container-234-lp150.20.15.1
systemd-container-debuginfo-234-lp150.20.15.1
systemd-coredump-234-lp150.20.15.1
systemd-coredump-debuginfo-234-lp150.20.15.1
systemd-debuginfo-234-lp150.20.15.1
systemd-debugsource-234-lp150.20.15.1
systemd-devel-234-lp150.20.15.1
systemd-logger-234-lp150.20.15.1
systemd-mini-234-lp150.20.15.1
systemd-mini-container-mini-234-lp150.20.15.1
systemd-mini-container-mini-debuginfo-234-lp150.20.15.1
systemd-mini-coredump-mini-234-lp150.20.15.1
systemd-mini-coredump-mini-debuginfo-234-lp150.20.15.1
systemd-mini-debuginfo-234-lp150.20.15.1
systemd-mini-debugsource-234-lp150.20.15.1
systemd-mini-devel-234-lp150.20.15.1
systemd-mini-sysvinit-234-lp150.20.15.1
systemd-sysvinit-234-lp150.20.15.1
udev-234-lp150.20.15.1
udev-debuginfo-234-lp150.20.15.1
udev-mini-234-lp150.20.15.1
udev-mini-debuginfo-234-lp150.20.15.1

- openSUSE Leap 15.0 (noarch):

systemd-bash-completion-234-lp150.20.15.1
systemd-mini-bash-completion-234-lp150.20.15.1

- openSUSE Leap 15.0 (x86_64):

libsystemd0-32bit-234-lp150.20.15.1
libsystemd0-32bit-debuginfo-234-lp150.20.15.1
libudev-devel-32bit-234-lp150.20.15.1
libudev1-32bit-234-lp150.20.15.1
libudev1-32bit-debuginfo-234-lp150.20.15.1
nss-myhostname-32bit-234-lp150.20.15.1
nss-myhostname-32bit-debuginfo-234-lp150.20.15.1
nss-mymachines-32bit-234-lp150.20.15.1
nss-mymachines-32bit-debuginfo-234-lp150.20.15.1
systemd-32bit-234-lp150.20.15.1
systemd-32bit-debuginfo-234-lp150.20.15.1


References:

https://www.suse.com/security/cve/CVE-2019-6454.html
https://bugzilla.suse.com/1117025
https://bugzilla.suse.com/1121563
https://bugzilla.suse.com/1122000
https://bugzilla.suse.com/1123333
https://bugzilla.suse.com/1123727
https://bugzilla.suse.com/1123892
https://bugzilla.suse.com/1124153
https://bugzilla.suse.com/1125352

--


openSUSE-SU-2019:0261-1: important: Security update for gvfs

openSUSE Security Update: Security update for gvfs
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:0261-1
Rating: important
References: #1125084
Cross-References: CVE-2019-3827
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for gvfs fixes the following issues:

Security vulnerability fixed:

- CVE-2019-3827: Fixed an issue whereby an unprivileged user was not
prompted to give a password when acessing root owned files. (bsc#1125084)

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-261=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

gvfs-1.34.2.1-lp150.3.6.1
gvfs-backend-afc-1.34.2.1-lp150.3.6.1
gvfs-backend-afc-debuginfo-1.34.2.1-lp150.3.6.1
gvfs-backend-samba-1.34.2.1-lp150.3.6.1
gvfs-backend-samba-debuginfo-1.34.2.1-lp150.3.6.1
gvfs-backends-1.34.2.1-lp150.3.6.1
gvfs-backends-debuginfo-1.34.2.1-lp150.3.6.1
gvfs-debuginfo-1.34.2.1-lp150.3.6.1
gvfs-debugsource-1.34.2.1-lp150.3.6.1
gvfs-devel-1.34.2.1-lp150.3.6.1
gvfs-fuse-1.34.2.1-lp150.3.6.1
gvfs-fuse-debuginfo-1.34.2.1-lp150.3.6.1

- openSUSE Leap 15.0 (noarch):

gvfs-lang-1.34.2.1-lp150.3.6.1

- openSUSE Leap 15.0 (x86_64):

gvfs-32bit-1.34.2.1-lp150.3.6.1
gvfs-32bit-debuginfo-1.34.2.1-lp150.3.6.1


References:

https://www.suse.com/security/cve/CVE-2019-3827.html
https://bugzilla.suse.com/1125084

--


openSUSE-SU-2019:0265-1: moderate: Security update for libqt5-qtbase

openSUSE Security Update: Security update for libqt5-qtbase
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:0265-1
Rating: moderate
References: #1096328 #1099874 #1108889 #1118595 #1118596
#1120639
Cross-References: CVE-2018-15518 CVE-2018-19873
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves two vulnerabilities and has four
fixes is now available.

Description:

This update for libqt5-qtbase provides the following fixes:

Security issues fixed:

- CVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595)
- CVE-2018-19873: Fixed Denial of Service on malformed BMP file in
QBmpHandler (bsc#1118596)

Non-security issues fixed:

- Fix dynamic loading of libGL. (bsc#1099874)
- Make sure printer settings are properly remembered. (bsc#1096328)
- Add patch to fix fails to load pixmap cursors on XRender less system
(bsc#1108889)
- Fix krita pop-up palette not working properly (bsc#1120639)


This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-265=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

libQt5Bootstrap-devel-static-5.9.4-lp150.5.4.1
libQt5Concurrent-devel-5.9.4-lp150.5.4.1
libQt5Concurrent5-5.9.4-lp150.5.4.1
libQt5Concurrent5-debuginfo-5.9.4-lp150.5.4.1
libQt5Core-devel-5.9.4-lp150.5.4.1
libQt5Core5-5.9.4-lp150.5.4.1
libQt5Core5-debuginfo-5.9.4-lp150.5.4.1
libQt5DBus-devel-5.9.4-lp150.5.4.1
libQt5DBus-devel-debuginfo-5.9.4-lp150.5.4.1
libQt5DBus5-5.9.4-lp150.5.4.1
libQt5DBus5-debuginfo-5.9.4-lp150.5.4.1
libQt5Gui-devel-5.9.4-lp150.5.4.1
libQt5Gui5-5.9.4-lp150.5.4.1
libQt5Gui5-debuginfo-5.9.4-lp150.5.4.1
libQt5KmsSupport-devel-static-5.9.4-lp150.5.4.1
libQt5Network-devel-5.9.4-lp150.5.4.1
libQt5Network5-5.9.4-lp150.5.4.1
libQt5Network5-debuginfo-5.9.4-lp150.5.4.1
libQt5OpenGL-devel-5.9.4-lp150.5.4.1
libQt5OpenGL5-5.9.4-lp150.5.4.1
libQt5OpenGL5-debuginfo-5.9.4-lp150.5.4.1
libQt5OpenGLExtensions-devel-static-5.9.4-lp150.5.4.1
libQt5PlatformHeaders-devel-5.9.4-lp150.5.4.1
libQt5PlatformSupport-devel-static-5.9.4-lp150.5.4.1
libQt5PrintSupport-devel-5.9.4-lp150.5.4.1
libQt5PrintSupport5-5.9.4-lp150.5.4.1
libQt5PrintSupport5-debuginfo-5.9.4-lp150.5.4.1
libQt5Sql-devel-5.9.4-lp150.5.4.1
libQt5Sql5-5.9.4-lp150.5.4.1
libQt5Sql5-debuginfo-5.9.4-lp150.5.4.1
libQt5Sql5-mysql-5.9.4-lp150.5.4.1
libQt5Sql5-mysql-debuginfo-5.9.4-lp150.5.4.1
libQt5Sql5-postgresql-5.9.4-lp150.5.4.1
libQt5Sql5-postgresql-debuginfo-5.9.4-lp150.5.4.1
libQt5Sql5-sqlite-5.9.4-lp150.5.4.1
libQt5Sql5-sqlite-debuginfo-5.9.4-lp150.5.4.1
libQt5Sql5-unixODBC-5.9.4-lp150.5.4.1
libQt5Sql5-unixODBC-debuginfo-5.9.4-lp150.5.4.1
libQt5Test-devel-5.9.4-lp150.5.4.1
libQt5Test5-5.9.4-lp150.5.4.1
libQt5Test5-debuginfo-5.9.4-lp150.5.4.1
libQt5Widgets-devel-5.9.4-lp150.5.4.1
libQt5Widgets5-5.9.4-lp150.5.4.1
libQt5Widgets5-debuginfo-5.9.4-lp150.5.4.1
libQt5Xml-devel-5.9.4-lp150.5.4.1
libQt5Xml5-5.9.4-lp150.5.4.1
libQt5Xml5-debuginfo-5.9.4-lp150.5.4.1
libqt5-qtbase-common-devel-5.9.4-lp150.5.4.1
libqt5-qtbase-common-devel-debuginfo-5.9.4-lp150.5.4.1
libqt5-qtbase-debugsource-5.9.4-lp150.5.4.1
libqt5-qtbase-devel-5.9.4-lp150.5.4.1
libqt5-qtbase-examples-5.9.4-lp150.5.4.1
libqt5-qtbase-examples-debuginfo-5.9.4-lp150.5.4.1
libqt5-qtbase-platformtheme-gtk3-5.9.4-lp150.5.4.1
libqt5-qtbase-platformtheme-gtk3-debuginfo-5.9.4-lp150.5.4.1

- openSUSE Leap 15.0 (x86_64):

libQt5Bootstrap-devel-static-32bit-5.9.4-lp150.5.4.1
libQt5Concurrent-devel-32bit-5.9.4-lp150.5.4.1
libQt5Concurrent5-32bit-5.9.4-lp150.5.4.1
libQt5Concurrent5-32bit-debuginfo-5.9.4-lp150.5.4.1
libQt5Core-devel-32bit-5.9.4-lp150.5.4.1
libQt5Core5-32bit-5.9.4-lp150.5.4.1
libQt5Core5-32bit-debuginfo-5.9.4-lp150.5.4.1
libQt5DBus-devel-32bit-5.9.4-lp150.5.4.1
libQt5DBus-devel-32bit-debuginfo-5.9.4-lp150.5.4.1
libQt5DBus5-32bit-5.9.4-lp150.5.4.1
libQt5DBus5-32bit-debuginfo-5.9.4-lp150.5.4.1
libQt5Gui-devel-32bit-5.9.4-lp150.5.4.1
libQt5Gui5-32bit-5.9.4-lp150.5.4.1
libQt5Gui5-32bit-debuginfo-5.9.4-lp150.5.4.1
libQt5Network-devel-32bit-5.9.4-lp150.5.4.1
libQt5Network5-32bit-5.9.4-lp150.5.4.1
libQt5Network5-32bit-debuginfo-5.9.4-lp150.5.4.1
libQt5OpenGL-devel-32bit-5.9.4-lp150.5.4.1
libQt5OpenGL5-32bit-5.9.4-lp150.5.4.1
libQt5OpenGL5-32bit-debuginfo-5.9.4-lp150.5.4.1
libQt5OpenGLExtensions-devel-static-32bit-5.9.4-lp150.5.4.1
libQt5PlatformSupport-devel-static-32bit-5.9.4-lp150.5.4.1
libQt5PrintSupport-devel-32bit-5.9.4-lp150.5.4.1
libQt5PrintSupport5-32bit-5.9.4-lp150.5.4.1
libQt5PrintSupport5-32bit-debuginfo-5.9.4-lp150.5.4.1
libQt5Sql-devel-32bit-5.9.4-lp150.5.4.1
libQt5Sql5-32bit-5.9.4-lp150.5.4.1
libQt5Sql5-32bit-debuginfo-5.9.4-lp150.5.4.1
libQt5Sql5-mysql-32bit-5.9.4-lp150.5.4.1
libQt5Sql5-mysql-32bit-debuginfo-5.9.4-lp150.5.4.1
libQt5Sql5-postgresql-32bit-5.9.4-lp150.5.4.1
libQt5Sql5-postgresql-32bit-debuginfo-5.9.4-lp150.5.4.1
libQt5Sql5-sqlite-32bit-5.9.4-lp150.5.4.1
libQt5Sql5-sqlite-32bit-debuginfo-5.9.4-lp150.5.4.1
libQt5Sql5-unixODBC-32bit-5.9.4-lp150.5.4.1
libQt5Sql5-unixODBC-32bit-debuginfo-5.9.4-lp150.5.4.1
libQt5Test-devel-32bit-5.9.4-lp150.5.4.1
libQt5Test5-32bit-5.9.4-lp150.5.4.1
libQt5Test5-32bit-debuginfo-5.9.4-lp150.5.4.1
libQt5Widgets-devel-32bit-5.9.4-lp150.5.4.1
libQt5Widgets5-32bit-5.9.4-lp150.5.4.1
libQt5Widgets5-32bit-debuginfo-5.9.4-lp150.5.4.1
libQt5Xml-devel-32bit-5.9.4-lp150.5.4.1
libQt5Xml5-32bit-5.9.4-lp150.5.4.1
libQt5Xml5-32bit-debuginfo-5.9.4-lp150.5.4.1
libqt5-qtbase-examples-32bit-5.9.4-lp150.5.4.1
libqt5-qtbase-examples-32bit-debuginfo-5.9.4-lp150.5.4.1

- openSUSE Leap 15.0 (noarch):

libQt5Core-private-headers-devel-5.9.4-lp150.5.4.1
libQt5DBus-private-headers-devel-5.9.4-lp150.5.4.1
libQt5Gui-private-headers-devel-5.9.4-lp150.5.4.1
libQt5KmsSupport-private-headers-devel-5.9.4-lp150.5.4.1
libQt5Network-private-headers-devel-5.9.4-lp150.5.4.1
libQt5OpenGL-private-headers-devel-5.9.4-lp150.5.4.1
libQt5PlatformSupport-private-headers-devel-5.9.4-lp150.5.4.1
libQt5PrintSupport-private-headers-devel-5.9.4-lp150.5.4.1
libQt5Sql-private-headers-devel-5.9.4-lp150.5.4.1
libQt5Test-private-headers-devel-5.9.4-lp150.5.4.1
libQt5Widgets-private-headers-devel-5.9.4-lp150.5.4.1
libqt5-qtbase-private-headers-devel-5.9.4-lp150.5.4.1


References:

https://www.suse.com/security/cve/CVE-2018-15518.html
https://www.suse.com/security/cve/CVE-2018-19873.html
https://bugzilla.suse.com/1096328
https://bugzilla.suse.com/1099874
https://bugzilla.suse.com/1108889
https://bugzilla.suse.com/1118595
https://bugzilla.suse.com/1118596
https://bugzilla.suse.com/1120639

--