SUSE 5152 Published by

The following security updates has been released for openSUSE:

openSUSE-SU-2019:1749-1: moderate: Security update for glib2
openSUSE-SU-2019:1750-1: important: Security update for dbus-1
openSUSE-SU-2019:1751-1: Security update for fence-agents
openSUSE-SU-2019:1752-1: moderate: Security update for libqb
openSUSE-SU-2019:1753-1: important: Security update for libvirt
openSUSE-SU-2019:1754-1: moderate: Security update for python-requests
openSUSE-SU-2019:1755-1: important: Security update for samba
openSUSE-SU-2019:1757-1: important: Security update for the Linux Kernel
openSUSE-SU-2019:1758-1: important: Security update for MozillaFirefox



openSUSE-SU-2019:1749-1: moderate: Security update for glib2

openSUSE Security Update: Security update for glib2
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1749-1
Rating: moderate
References: #1139959
Cross-References: CVE-2019-13012
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for glib2 fixes the following issues:

Security issue fixed:

- CVE-2019-13012: Fixed improper restriction of file permissions when
creating directories (bsc#1139959).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1749=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

glib2-debugsource-2.54.3-lp150.3.13.1
glib2-devel-2.54.3-lp150.3.13.1
glib2-devel-debuginfo-2.54.3-lp150.3.13.1
glib2-devel-static-2.54.3-lp150.3.13.1
glib2-tools-2.54.3-lp150.3.13.1
glib2-tools-debuginfo-2.54.3-lp150.3.13.1
libgio-2_0-0-2.54.3-lp150.3.13.1
libgio-2_0-0-debuginfo-2.54.3-lp150.3.13.1
libgio-fam-2.54.3-lp150.3.13.1
libgio-fam-debuginfo-2.54.3-lp150.3.13.1
libglib-2_0-0-2.54.3-lp150.3.13.1
libglib-2_0-0-debuginfo-2.54.3-lp150.3.13.1
libgmodule-2_0-0-2.54.3-lp150.3.13.1
libgmodule-2_0-0-debuginfo-2.54.3-lp150.3.13.1
libgobject-2_0-0-2.54.3-lp150.3.13.1
libgobject-2_0-0-debuginfo-2.54.3-lp150.3.13.1
libgthread-2_0-0-2.54.3-lp150.3.13.1
libgthread-2_0-0-debuginfo-2.54.3-lp150.3.13.1

- openSUSE Leap 15.0 (noarch):

gio-branding-upstream-2.54.3-lp150.3.13.1
glib2-lang-2.54.3-lp150.3.13.1

- openSUSE Leap 15.0 (x86_64):

glib2-devel-32bit-2.54.3-lp150.3.13.1
glib2-devel-32bit-debuginfo-2.54.3-lp150.3.13.1
glib2-tools-32bit-2.54.3-lp150.3.13.1
glib2-tools-32bit-debuginfo-2.54.3-lp150.3.13.1
libgio-2_0-0-32bit-2.54.3-lp150.3.13.1
libgio-2_0-0-32bit-debuginfo-2.54.3-lp150.3.13.1
libgio-fam-32bit-2.54.3-lp150.3.13.1
libgio-fam-32bit-debuginfo-2.54.3-lp150.3.13.1
libglib-2_0-0-32bit-2.54.3-lp150.3.13.1
libglib-2_0-0-32bit-debuginfo-2.54.3-lp150.3.13.1
libgmodule-2_0-0-32bit-2.54.3-lp150.3.13.1
libgmodule-2_0-0-32bit-debuginfo-2.54.3-lp150.3.13.1
libgobject-2_0-0-32bit-2.54.3-lp150.3.13.1
libgobject-2_0-0-32bit-debuginfo-2.54.3-lp150.3.13.1
libgthread-2_0-0-32bit-2.54.3-lp150.3.13.1
libgthread-2_0-0-32bit-debuginfo-2.54.3-lp150.3.13.1


References:

https://www.suse.com/security/cve/CVE-2019-13012.html
https://bugzilla.suse.com/1139959

openSUSE-SU-2019:1750-1: important: Security update for dbus-1

openSUSE Security Update: Security update for dbus-1
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1750-1
Rating: important
References: #1137832
Cross-References: CVE-2019-12749
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for dbus-1 fixes the following issues:

Security issue fixed:

- CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which
could have allowed local attackers to bypass authentication
(bsc#1137832).

This update was imported from the SUSE:SLE-15-SP1:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1750=1



Package List:

- openSUSE Leap 15.1 (i586 x86_64):

dbus-1-1.12.2-lp151.4.3.1
dbus-1-debuginfo-1.12.2-lp151.4.3.1
dbus-1-debugsource-1.12.2-lp151.4.3.1
dbus-1-devel-1.12.2-lp151.4.3.1
dbus-1-x11-1.12.2-lp151.4.3.1
dbus-1-x11-debuginfo-1.12.2-lp151.4.3.1
dbus-1-x11-debugsource-1.12.2-lp151.4.3.1
libdbus-1-3-1.12.2-lp151.4.3.1
libdbus-1-3-debuginfo-1.12.2-lp151.4.3.1

- openSUSE Leap 15.1 (noarch):

dbus-1-devel-doc-1.12.2-lp151.4.3.1

- openSUSE Leap 15.1 (x86_64):

dbus-1-32bit-debuginfo-1.12.2-lp151.4.3.1
dbus-1-devel-32bit-1.12.2-lp151.4.3.1
libdbus-1-3-32bit-1.12.2-lp151.4.3.1
libdbus-1-3-32bit-debuginfo-1.12.2-lp151.4.3.1


References:

https://www.suse.com/security/cve/CVE-2019-12749.html
https://bugzilla.suse.com/1137832

openSUSE-SU-2019:1751-1: Security update for fence-agents

openSUSE Security Update: Security update for fence-agents
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1751-1
Rating: low
References: #1137314 #1139913
Cross-References: CVE-2019-10153
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that solves one vulnerability and has one errata
is now available.

Description:

This update for fence-agents version 4.4.0 fixes the following issues:

Security issue fixed:

- CVE-2019-10153: Fixed a denial of service via guest VM comments
(bsc#1137314).

Non-security issue fixed:

- Added aliyun fence agent (bsc#1139913).

This update was imported from the SUSE:SLE-15-SP1:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1751=1



Package List:

- openSUSE Leap 15.1 (x86_64):

fence-agents-4.4.0+git.1558595666.5f79f9e9-lp151.2.3.1
fence-agents-amt_ws-4.4.0+git.1558595666.5f79f9e9-lp151.2.3.1
fence-agents-debuginfo-4.4.0+git.1558595666.5f79f9e9-lp151.2.3.1
fence-agents-debugsource-4.4.0+git.1558595666.5f79f9e9-lp151.2.3.1
fence-agents-devel-4.4.0+git.1558595666.5f79f9e9-lp151.2.3.1


References:

https://www.suse.com/security/cve/CVE-2019-10153.html
https://bugzilla.suse.com/1137314
https://bugzilla.suse.com/1139913

openSUSE-SU-2019:1752-1: moderate: Security update for libqb

openSUSE Security Update: Security update for libqb
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1752-1
Rating: moderate
References: #1137835
Cross-References: CVE-2019-12779
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for libqb fixes the following issue:

Security issue fixed:

- CVE-2019-12779: Fixed an insecure treatment of IPC temporary files which
could have allowed a local attacker to overwrite privileged system files
(bsc#1137835).

This update was imported from the SUSE:SLE-15-SP1:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1752=1



Package List:

- openSUSE Leap 15.1 (i586 x86_64):

libqb-debugsource-1.0.3+20190326.a521604-lp151.2.3.1
libqb-devel-1.0.3+20190326.a521604-lp151.2.3.1
libqb-tests-1.0.3+20190326.a521604-lp151.2.3.1
libqb-tests-debuginfo-1.0.3+20190326.a521604-lp151.2.3.1
libqb-tools-1.0.3+20190326.a521604-lp151.2.3.1
libqb-tools-debuginfo-1.0.3+20190326.a521604-lp151.2.3.1
libqb20-1.0.3+20190326.a521604-lp151.2.3.1
libqb20-debuginfo-1.0.3+20190326.a521604-lp151.2.3.1

- openSUSE Leap 15.1 (x86_64):

libqb-devel-32bit-1.0.3+20190326.a521604-lp151.2.3.1
libqb20-32bit-1.0.3+20190326.a521604-lp151.2.3.1
libqb20-32bit-debuginfo-1.0.3+20190326.a521604-lp151.2.3.1


References:

https://www.suse.com/security/cve/CVE-2019-12779.html
https://bugzilla.suse.com/1137835

openSUSE-SU-2019:1753-1: important: Security update for libvirt

openSUSE Security Update: Security update for libvirt
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1753-1
Rating: important
References: #1138301 #1138302 #1138303 #1138305
Cross-References: CVE-2019-10161 CVE-2019-10166 CVE-2019-10167
CVE-2019-10168
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for libvirt fixes the following issues:

Security issues fixed:

- CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could
accept a path parameter pointing anywhere on the system and potentially
leading to execution
of a malicious file with root privileges by libvirtd (bsc#1138301).
- CVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which
could have been used to alter the domain's config used for managedsave
or execute arbitrary emulator binaries (bsc#1138302).
- CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API
which could have been used to execute arbitrary emulators (bsc#1138303).
- CVE-2019-10168: Fixed an issue with virConnect*HypervisorCPU API which
could have been used to execute arbitrary emulators (bsc#1138305).

This update was imported from the SUSE:SLE-15-SP1:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1753=1



Package List:

- openSUSE Leap 15.1 (i586 x86_64):

libvirt-5.1.0-lp151.7.3.1
libvirt-admin-5.1.0-lp151.7.3.1
libvirt-admin-debuginfo-5.1.0-lp151.7.3.1
libvirt-client-5.1.0-lp151.7.3.1
libvirt-client-debuginfo-5.1.0-lp151.7.3.1
libvirt-daemon-5.1.0-lp151.7.3.1
libvirt-daemon-config-network-5.1.0-lp151.7.3.1
libvirt-daemon-config-nwfilter-5.1.0-lp151.7.3.1
libvirt-daemon-debuginfo-5.1.0-lp151.7.3.1
libvirt-daemon-driver-interface-5.1.0-lp151.7.3.1
libvirt-daemon-driver-interface-debuginfo-5.1.0-lp151.7.3.1
libvirt-daemon-driver-lxc-5.1.0-lp151.7.3.1
libvirt-daemon-driver-lxc-debuginfo-5.1.0-lp151.7.3.1
libvirt-daemon-driver-network-5.1.0-lp151.7.3.1
libvirt-daemon-driver-network-debuginfo-5.1.0-lp151.7.3.1
libvirt-daemon-driver-nodedev-5.1.0-lp151.7.3.1
libvirt-daemon-driver-nodedev-debuginfo-5.1.0-lp151.7.3.1
libvirt-daemon-driver-nwfilter-5.1.0-lp151.7.3.1
libvirt-daemon-driver-nwfilter-debuginfo-5.1.0-lp151.7.3.1
libvirt-daemon-driver-qemu-5.1.0-lp151.7.3.1
libvirt-daemon-driver-qemu-debuginfo-5.1.0-lp151.7.3.1
libvirt-daemon-driver-secret-5.1.0-lp151.7.3.1
libvirt-daemon-driver-secret-debuginfo-5.1.0-lp151.7.3.1
libvirt-daemon-driver-storage-5.1.0-lp151.7.3.1
libvirt-daemon-driver-storage-core-5.1.0-lp151.7.3.1
libvirt-daemon-driver-storage-core-debuginfo-5.1.0-lp151.7.3.1
libvirt-daemon-driver-storage-disk-5.1.0-lp151.7.3.1
libvirt-daemon-driver-storage-disk-debuginfo-5.1.0-lp151.7.3.1
libvirt-daemon-driver-storage-gluster-5.1.0-lp151.7.3.1
libvirt-daemon-driver-storage-gluster-debuginfo-5.1.0-lp151.7.3.1
libvirt-daemon-driver-storage-iscsi-5.1.0-lp151.7.3.1
libvirt-daemon-driver-storage-iscsi-debuginfo-5.1.0-lp151.7.3.1
libvirt-daemon-driver-storage-logical-5.1.0-lp151.7.3.1
libvirt-daemon-driver-storage-logical-debuginfo-5.1.0-lp151.7.3.1
libvirt-daemon-driver-storage-mpath-5.1.0-lp151.7.3.1
libvirt-daemon-driver-storage-mpath-debuginfo-5.1.0-lp151.7.3.1
libvirt-daemon-driver-storage-scsi-5.1.0-lp151.7.3.1
libvirt-daemon-driver-storage-scsi-debuginfo-5.1.0-lp151.7.3.1
libvirt-daemon-hooks-5.1.0-lp151.7.3.1
libvirt-daemon-lxc-5.1.0-lp151.7.3.1
libvirt-daemon-qemu-5.1.0-lp151.7.3.1
libvirt-debugsource-5.1.0-lp151.7.3.1
libvirt-devel-5.1.0-lp151.7.3.1
libvirt-libs-5.1.0-lp151.7.3.1
libvirt-libs-debuginfo-5.1.0-lp151.7.3.1
libvirt-lock-sanlock-5.1.0-lp151.7.3.1
libvirt-lock-sanlock-debuginfo-5.1.0-lp151.7.3.1
libvirt-nss-5.1.0-lp151.7.3.1
libvirt-nss-debuginfo-5.1.0-lp151.7.3.1
wireshark-plugin-libvirt-5.1.0-lp151.7.3.1
wireshark-plugin-libvirt-debuginfo-5.1.0-lp151.7.3.1

- openSUSE Leap 15.1 (noarch):

libvirt-bash-completion-5.1.0-lp151.7.3.1
libvirt-doc-5.1.0-lp151.7.3.1

- openSUSE Leap 15.1 (x86_64):

libvirt-client-32bit-debuginfo-5.1.0-lp151.7.3.1
libvirt-daemon-driver-libxl-5.1.0-lp151.7.3.1
libvirt-daemon-driver-libxl-debuginfo-5.1.0-lp151.7.3.1
libvirt-daemon-driver-storage-rbd-5.1.0-lp151.7.3.1
libvirt-daemon-driver-storage-rbd-debuginfo-5.1.0-lp151.7.3.1
libvirt-daemon-xen-5.1.0-lp151.7.3.1
libvirt-devel-32bit-5.1.0-lp151.7.3.1


References:

https://www.suse.com/security/cve/CVE-2019-10161.html
https://www.suse.com/security/cve/CVE-2019-10166.html
https://www.suse.com/security/cve/CVE-2019-10167.html
https://www.suse.com/security/cve/CVE-2019-10168.html
https://bugzilla.suse.com/1138301
https://bugzilla.suse.com/1138302
https://bugzilla.suse.com/1138303
https://bugzilla.suse.com/1138305

openSUSE-SU-2019:1754-1: moderate: Security update for python-requests

openSUSE Security Update: Security update for python-requests
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1754-1
Rating: moderate
References: #1111622
Cross-References: CVE-2018-18074
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for python-requests to version 2.20.1 fixes the following
issues:

Security issue fixed:

- CVE-2018-18074: Fixed an information disclosure vulnerability of the
HTTP Authorization header (bsc#1111622).

This update was imported from the SUSE:SLE-15-SP1:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1754=1



Package List:

- openSUSE Leap 15.1 (noarch):

python2-requests-2.20.1-lp151.2.3.1
python2-requests-test-2.20.1-lp151.2.3.1
python3-requests-2.20.1-lp151.2.3.1
python3-requests-test-2.20.1-lp151.2.3.1


References:

https://www.suse.com/security/cve/CVE-2018-18074.html
https://bugzilla.suse.com/1111622

openSUSE-SU-2019:1755-1: important: Security update for samba

openSUSE Security Update: Security update for samba
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1755-1
Rating: important
References: #1125601 #1130245 #1134452 #1134697 #1137815

Cross-References: CVE-2019-12435
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that solves one vulnerability and has four fixes
is now available.

Description:

This update for samba fixes the following issues:

Security issues fixed:

- CVE-2019-12435: zone operations can crash rpc server; (bso#13922);
(bsc#1137815).

Other issues fixed:

- Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697).
- Add ceph_snapshots VFS module; (jsc#SES-183).
- Fix vfs_ceph realpath; (bso#13918); (bsc#1134452).
- MacOS credit accounting breaks with async SESSION SETUP; (bsc#1125601);
(bso#13796).
- Mac OS X SMB2 implmenetation sees Input/output error or Resource
temporarily unavailable and drops connection; (bso#13698)
- Explicitly enable libcephfs POSIX ACL support; (bso#13896);
(bsc#1130245).

This update was imported from the SUSE:SLE-15-SP1:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1755=1



Package List:

- openSUSE Leap 15.1 (i586 x86_64):

ctdb-4.9.5+git.176.375e1f05788-lp151.2.3.1
ctdb-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
ctdb-pcp-pmda-4.9.5+git.176.375e1f05788-lp151.2.3.1
ctdb-pcp-pmda-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
ctdb-tests-4.9.5+git.176.375e1f05788-lp151.2.3.1
ctdb-tests-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libdcerpc-binding0-4.9.5+git.176.375e1f05788-lp151.2.3.1
libdcerpc-binding0-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libdcerpc-devel-4.9.5+git.176.375e1f05788-lp151.2.3.1
libdcerpc-samr-devel-4.9.5+git.176.375e1f05788-lp151.2.3.1
libdcerpc-samr0-4.9.5+git.176.375e1f05788-lp151.2.3.1
libdcerpc-samr0-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libdcerpc0-4.9.5+git.176.375e1f05788-lp151.2.3.1
libdcerpc0-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libndr-devel-4.9.5+git.176.375e1f05788-lp151.2.3.1
libndr-krb5pac-devel-4.9.5+git.176.375e1f05788-lp151.2.3.1
libndr-krb5pac0-4.9.5+git.176.375e1f05788-lp151.2.3.1
libndr-krb5pac0-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libndr-nbt-devel-4.9.5+git.176.375e1f05788-lp151.2.3.1
libndr-nbt0-4.9.5+git.176.375e1f05788-lp151.2.3.1
libndr-nbt0-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libndr-standard-devel-4.9.5+git.176.375e1f05788-lp151.2.3.1
libndr-standard0-4.9.5+git.176.375e1f05788-lp151.2.3.1
libndr-standard0-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libndr0-4.9.5+git.176.375e1f05788-lp151.2.3.1
libndr0-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libnetapi-devel-4.9.5+git.176.375e1f05788-lp151.2.3.1
libnetapi0-4.9.5+git.176.375e1f05788-lp151.2.3.1
libnetapi0-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-credentials-devel-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-credentials0-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-credentials0-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-errors-devel-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-errors0-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-errors0-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-hostconfig-devel-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-hostconfig0-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-hostconfig0-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-passdb-devel-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-passdb0-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-passdb0-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-policy-devel-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-policy-python-devel-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-policy-python3-devel-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-policy0-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-policy0-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-policy0-python3-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-policy0-python3-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-util-devel-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-util0-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-util0-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamdb-devel-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamdb0-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamdb0-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsmbclient-devel-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsmbclient0-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsmbclient0-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsmbconf-devel-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsmbconf0-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsmbconf0-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsmbldap-devel-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsmbldap2-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsmbldap2-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libtevent-util-devel-4.9.5+git.176.375e1f05788-lp151.2.3.1
libtevent-util0-4.9.5+git.176.375e1f05788-lp151.2.3.1
libtevent-util0-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libwbclient-devel-4.9.5+git.176.375e1f05788-lp151.2.3.1
libwbclient0-4.9.5+git.176.375e1f05788-lp151.2.3.1
libwbclient0-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-ad-dc-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-ad-dc-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-client-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-client-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-core-devel-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-debugsource-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-dsdb-modules-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-dsdb-modules-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-libs-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-libs-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-libs-python-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-libs-python-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-libs-python3-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-libs-python3-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-pidl-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-python-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-python-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-python3-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-python3-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-test-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-test-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-winbind-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-winbind-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1

- openSUSE Leap 15.1 (x86_64):

libdcerpc-binding0-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
libdcerpc-binding0-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libdcerpc-samr0-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
libdcerpc-samr0-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libdcerpc0-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
libdcerpc0-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libndr-krb5pac0-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
libndr-krb5pac0-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libndr-nbt0-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
libndr-nbt0-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libndr-standard0-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
libndr-standard0-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libndr0-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
libndr0-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libnetapi0-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
libnetapi0-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-credentials0-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-credentials0-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-errors0-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-errors0-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-hostconfig0-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-passdb0-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-passdb0-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-policy0-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-policy0-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-policy0-python3-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-policy0-python3-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-util0-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamba-util0-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamdb0-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsamdb0-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsmbclient0-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsmbclient0-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsmbconf0-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsmbconf0-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsmbldap2-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
libsmbldap2-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libtevent-util0-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
libtevent-util0-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
libwbclient0-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
libwbclient0-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-ad-dc-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-ad-dc-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-ceph-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-ceph-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-client-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-client-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-libs-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-libs-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-libs-python-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-libs-python-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-libs-python3-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-libs-python3-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-winbind-32bit-4.9.5+git.176.375e1f05788-lp151.2.3.1
samba-winbind-32bit-debuginfo-4.9.5+git.176.375e1f05788-lp151.2.3.1

- openSUSE Leap 15.1 (noarch):

samba-doc-4.9.5+git.176.375e1f05788-lp151.2.3.1


References:

https://www.suse.com/security/cve/CVE-2019-12435.html
https://bugzilla.suse.com/1125601
https://bugzilla.suse.com/1130245
https://bugzilla.suse.com/1134452
https://bugzilla.suse.com/1134697
https://bugzilla.suse.com/1137815

openSUSE-SU-2019:1757-1: important: Security update for the Linux Kernel

openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1757-1
Rating: important
References: #1051510 #1071995 #1088047 #1094555 #1098633
#1103990 #1103991 #1103992 #1106383 #1109837
#1111666 #1112374 #1114279 #1114685 #1119113
#1119532 #1120423 #1125703 #1128902 #1130836
#1132390 #1133401 #1133738 #1134303 #1134395
#1135296 #1135556 #1135642 #1135897 #1136156
#1136157 #1136161 #1136264 #1136271 #1136333
#1136343 #1136462 #1136935 #1137103 #1137194
#1137366 #1137625 #1137728 #1137884 #1137985
#1138263 #1138589 #1138681 #1138719 #1138732
#1138879 #1139712 #1139771 #1139865 #1140133
#1140228 #1140328 #1140405 #1140424 #1140428
#1140454 #1140463 #1140575 #1140577 #1140637
#1140658 #1140715 #1140719 #1140726 #1140727
#1140728 #1140814 #1140887 #1140888 #1140889
#1140891 #1140893 #1140948 #1140954 #1140955
#1140956 #1140957 #1140958 #1140959 #1140960
#1140961 #1140962 #1140964 #1140971 #1140972
#1140992
Cross-References: CVE-2018-16871 CVE-2018-20836 CVE-2019-10126
CVE-2019-10638 CVE-2019-10639 CVE-2019-11599
CVE-2019-12614 CVE-2019-12817 CVE-2019-13233

Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that solves 9 vulnerabilities and has 82 fixes is
now available.

Description:



The openSUSE Leap 15.1 kernel was updated to receive various security and
bugfixes.


The following security bugs were fixed:

- CVE-2019-10638: A device could be tracked by an attacker using the IP ID
values the kernel produces for connection-less protocols (e.g., UDP and
ICMP). When such traffic is sent to multiple destination IP addresses,
it is possible to obtain hash collisions (of indices to the counter
array) and thereby obtain the hashing key (via enumeration). An attack
may be conducted by hosting a crafted web page that uses WebRTC or gQUIC
to force UDP traffic to attacker-controlled IP addresses (bnc#1140575).
- CVE-2019-10639: The Linux kernel allowed Information Exposure (partial
kernel address disclosure), leading to a KASLR bypass. Specifically, it
is possible to extract the KASLR kernel image offset using the IP ID
values the kernel produces for connection-less protocols (e.g., UDP and
ICMP). When such traffic is sent to multiple destination IP addresses,
it is possible to obtain hash collisions (of indices to the counter
array) and thereby obtain the hashing key (via enumeration). This key
contains enough bits from a kernel address (of a static variable) so
when the key is extracted (via enumeration), the offset of the kernel
image is exposed. This attack can be carried out remotely, by the
attacker forcing the target device to send UDP or ICMP (or certain
other) traffic to attacker-controlled IP addresses. Forcing a server to
send UDP traffic is trivial if the server is a DNS server. ICMP traffic
is trivial if the server answers ICMP Echo requests (ping). For client
targets, if the target visits the attacker's web page, then WebRTC or
gQUIC can be used to force UDP traffic to attacker-controlled IP
addresses. NOTE: this attack against KASLR became viable in 4.1 because
IP ID generation was changed to have a dependency on an address
associated with a network namespace (bnc#1140577).
- CVE-2019-13233: In arch/x86/lib/insn-eval.c there was a use-after-free
for access to an LDT entry because of a race condition between
modify_ldt() and a #BR exception for an MPX bounds violation
(bnc#1140454).
- CVE-2018-20836: There was a race condition in smp_task_timedout() and
smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a
use-after-free (bnc#1134395).
- CVE-2019-10126: A heap based buffer overflow in
mwifiex_uap_parse_tail_ies function in
drivers/net/wireless/marvell/mwifiex/ie.c might have lead to memory
corruption and possibly other consequences (bnc#1136935).
- CVE-2019-11599: The coredump implementation in the Linux kernel did not
use locking or other mechanisms to prevent vma layout or vma flags
changes while it runs, which allowed local users to obtain sensitive
information, cause a denial of service, or possibly have unspecified
other impact by triggering a race condition with mmget_not_zero or
get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c,
fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c
(bnc#1133738).
- CVE-2019-12817: arch/powerpc/mm/mmu_context_book3s64.c in the Linux
kernel for powerpc has a bug where unrelated processes may be able to
read/write to one another's virtual memory under certain conditions via
an mmap above 512 TB. Only a subset of powerpc systems are affected
(bnc#1138263).
- CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in
arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel. There was an
unchecked kstrdup of prop->name, which might allow an attacker to cause
a denial of service (NULL pointer dereference and system crash)
(bnc#1137194).
- CVE-2018-16871: A NULL pointer dereference due to an anomalized NFS
message sequence was fixed. (bnc#1137103).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1757=1



Package List:

- openSUSE Leap 15.1 (noarch):

kernel-devel-4.12.14-lp151.28.10.1
kernel-docs-4.12.14-lp151.28.10.1
kernel-docs-html-4.12.14-lp151.28.10.1
kernel-macros-4.12.14-lp151.28.10.1
kernel-source-4.12.14-lp151.28.10.1
kernel-source-vanilla-4.12.14-lp151.28.10.1

- openSUSE Leap 15.1 (x86_64):

kernel-debug-4.12.14-lp151.28.10.1
kernel-debug-base-4.12.14-lp151.28.10.1
kernel-debug-base-debuginfo-4.12.14-lp151.28.10.1
kernel-debug-debuginfo-4.12.14-lp151.28.10.1
kernel-debug-debugsource-4.12.14-lp151.28.10.1
kernel-debug-devel-4.12.14-lp151.28.10.1
kernel-debug-devel-debuginfo-4.12.14-lp151.28.10.1
kernel-default-4.12.14-lp151.28.10.1
kernel-default-base-4.12.14-lp151.28.10.1
kernel-default-base-debuginfo-4.12.14-lp151.28.10.1
kernel-default-debuginfo-4.12.14-lp151.28.10.1
kernel-default-debugsource-4.12.14-lp151.28.10.1
kernel-default-devel-4.12.14-lp151.28.10.1
kernel-default-devel-debuginfo-4.12.14-lp151.28.10.1
kernel-kvmsmall-4.12.14-lp151.28.10.1
kernel-kvmsmall-base-4.12.14-lp151.28.10.1
kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.10.1
kernel-kvmsmall-debuginfo-4.12.14-lp151.28.10.1
kernel-kvmsmall-debugsource-4.12.14-lp151.28.10.1
kernel-kvmsmall-devel-4.12.14-lp151.28.10.1
kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.10.1
kernel-obs-build-4.12.14-lp151.28.10.1
kernel-obs-build-debugsource-4.12.14-lp151.28.10.1
kernel-obs-qa-4.12.14-lp151.28.10.1
kernel-syms-4.12.14-lp151.28.10.1
kernel-vanilla-4.12.14-lp151.28.10.1
kernel-vanilla-base-4.12.14-lp151.28.10.1
kernel-vanilla-base-debuginfo-4.12.14-lp151.28.10.1
kernel-vanilla-debuginfo-4.12.14-lp151.28.10.1
kernel-vanilla-debugsource-4.12.14-lp151.28.10.1
kernel-vanilla-devel-4.12.14-lp151.28.10.1
kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.10.1


References:

https://www.suse.com/security/cve/CVE-2018-16871.html
https://www.suse.com/security/cve/CVE-2018-20836.html
https://www.suse.com/security/cve/CVE-2019-10126.html
https://www.suse.com/security/cve/CVE-2019-10638.html
https://www.suse.com/security/cve/CVE-2019-10639.html
https://www.suse.com/security/cve/CVE-2019-11599.html
https://www.suse.com/security/cve/CVE-2019-12614.html
https://www.suse.com/security/cve/CVE-2019-12817.html
https://www.suse.com/security/cve/CVE-2019-13233.html
https://bugzilla.suse.com/1051510
https://bugzilla.suse.com/1071995
https://bugzilla.suse.com/1088047
https://bugzilla.suse.com/1094555
https://bugzilla.suse.com/1098633
https://bugzilla.suse.com/1103990
https://bugzilla.suse.com/1103991
https://bugzilla.suse.com/1103992
https://bugzilla.suse.com/1106383
https://bugzilla.suse.com/1109837
https://bugzilla.suse.com/1111666
https://bugzilla.suse.com/1112374
https://bugzilla.suse.com/1114279
https://bugzilla.suse.com/1114685
https://bugzilla.suse.com/1119113
https://bugzilla.suse.com/1119532
https://bugzilla.suse.com/1120423
https://bugzilla.suse.com/1125703
https://bugzilla.suse.com/1128902
https://bugzilla.suse.com/1130836
https://bugzilla.suse.com/1132390
https://bugzilla.suse.com/1133401
https://bugzilla.suse.com/1133738
https://bugzilla.suse.com/1134303
https://bugzilla.suse.com/1134395
https://bugzilla.suse.com/1135296
https://bugzilla.suse.com/1135556
https://bugzilla.suse.com/1135642
https://bugzilla.suse.com/1135897
https://bugzilla.suse.com/1136156
https://bugzilla.suse.com/1136157
https://bugzilla.suse.com/1136161
https://bugzilla.suse.com/1136264
https://bugzilla.suse.com/1136271
https://bugzilla.suse.com/1136333
https://bugzilla.suse.com/1136343
https://bugzilla.suse.com/1136462
https://bugzilla.suse.com/1136935
https://bugzilla.suse.com/1137103
https://bugzilla.suse.com/1137194
https://bugzilla.suse.com/1137366
https://bugzilla.suse.com/1137625
https://bugzilla.suse.com/1137728
https://bugzilla.suse.com/1137884
https://bugzilla.suse.com/1137985
https://bugzilla.suse.com/1138263
https://bugzilla.suse.com/1138589
https://bugzilla.suse.com/1138681
https://bugzilla.suse.com/1138719
https://bugzilla.suse.com/1138732
https://bugzilla.suse.com/1138879
https://bugzilla.suse.com/1139712
https://bugzilla.suse.com/1139771
https://bugzilla.suse.com/1139865
https://bugzilla.suse.com/1140133
https://bugzilla.suse.com/1140228
https://bugzilla.suse.com/1140328
https://bugzilla.suse.com/1140405
https://bugzilla.suse.com/1140424
https://bugzilla.suse.com/1140428
https://bugzilla.suse.com/1140454
https://bugzilla.suse.com/1140463
https://bugzilla.suse.com/1140575
https://bugzilla.suse.com/1140577
https://bugzilla.suse.com/1140637
https://bugzilla.suse.com/1140658
https://bugzilla.suse.com/1140715
https://bugzilla.suse.com/1140719
https://bugzilla.suse.com/1140726
https://bugzilla.suse.com/1140727
https://bugzilla.suse.com/1140728
https://bugzilla.suse.com/1140814
https://bugzilla.suse.com/1140887
https://bugzilla.suse.com/1140888
https://bugzilla.suse.com/1140889
https://bugzilla.suse.com/1140891
https://bugzilla.suse.com/1140893
https://bugzilla.suse.com/1140948
https://bugzilla.suse.com/1140954
https://bugzilla.suse.com/1140955
https://bugzilla.suse.com/1140956
https://bugzilla.suse.com/1140957
https://bugzilla.suse.com/1140958
https://bugzilla.suse.com/1140959
https://bugzilla.suse.com/1140960
https://bugzilla.suse.com/1140961
https://bugzilla.suse.com/1140962
https://bugzilla.suse.com/1140964
https://bugzilla.suse.com/1140971
https://bugzilla.suse.com/1140972
https://bugzilla.suse.com/1140992

openSUSE-SU-2019:1758-1: important: Security update for MozillaFirefox

openSUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1758-1
Rating: important
References: #1119069 #1120374 #1122983
Cross-References: CVE-2018-12404 CVE-2018-18500 CVE-2018-18501
CVE-2018-18505
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for MozillaFirefox, mozilla-nss fixes the following issues:

Security issues fixed:

- CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream
(bsc#1122983).
- CVE-2018-18501: Fixed multiple memory safety bugs (bsc#1122983).
- CVE-2018-18505: Fixed a privilege escalation through IPC channel
messages (bsc#1122983).
- CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack
(bsc#1119069).

Non-security issue fixed:

- Update to MozillaFirefox ESR 60.5.0
- Update to mozilla-nss 3.41.1

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1758=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

libfreebl3-3.41.1-lp150.2.20.1
libfreebl3-debuginfo-3.41.1-lp150.2.20.1
libfreebl3-hmac-3.41.1-lp150.2.20.1
libsoftokn3-3.41.1-lp150.2.20.1
libsoftokn3-debuginfo-3.41.1-lp150.2.20.1
libsoftokn3-hmac-3.41.1-lp150.2.20.1
mozilla-nss-3.41.1-lp150.2.20.1
mozilla-nss-certs-3.41.1-lp150.2.20.1
mozilla-nss-certs-debuginfo-3.41.1-lp150.2.20.1
mozilla-nss-debuginfo-3.41.1-lp150.2.20.1
mozilla-nss-debugsource-3.41.1-lp150.2.20.1
mozilla-nss-devel-3.41.1-lp150.2.20.1
mozilla-nss-sysinit-3.41.1-lp150.2.20.1
mozilla-nss-sysinit-debuginfo-3.41.1-lp150.2.20.1
mozilla-nss-tools-3.41.1-lp150.2.20.1
mozilla-nss-tools-debuginfo-3.41.1-lp150.2.20.1

- openSUSE Leap 15.0 (x86_64):

MozillaFirefox-60.8.0-lp150.3.62.1
MozillaFirefox-branding-upstream-60.8.0-lp150.3.62.1
MozillaFirefox-buildsymbols-60.8.0-lp150.3.62.1
MozillaFirefox-debuginfo-60.8.0-lp150.3.62.1
MozillaFirefox-debugsource-60.8.0-lp150.3.62.1
MozillaFirefox-devel-60.8.0-lp150.3.62.1
MozillaFirefox-translations-common-60.8.0-lp150.3.62.1
MozillaFirefox-translations-other-60.8.0-lp150.3.62.1
libfreebl3-32bit-3.41.1-lp150.2.20.1
libfreebl3-32bit-debuginfo-3.41.1-lp150.2.20.1
libfreebl3-hmac-32bit-3.41.1-lp150.2.20.1
libsoftokn3-32bit-3.41.1-lp150.2.20.1
libsoftokn3-32bit-debuginfo-3.41.1-lp150.2.20.1
libsoftokn3-hmac-32bit-3.41.1-lp150.2.20.1
mozilla-nss-32bit-3.41.1-lp150.2.20.1
mozilla-nss-32bit-debuginfo-3.41.1-lp150.2.20.1
mozilla-nss-certs-32bit-3.41.1-lp150.2.20.1
mozilla-nss-certs-32bit-debuginfo-3.41.1-lp150.2.20.1
mozilla-nss-sysinit-32bit-3.41.1-lp150.2.20.1
mozilla-nss-sysinit-32bit-debuginfo-3.41.1-lp150.2.20.1


References:

https://www.suse.com/security/cve/CVE-2018-12404.html
https://www.suse.com/security/cve/CVE-2018-18500.html
https://www.suse.com/security/cve/CVE-2018-18501.html
https://www.suse.com/security/cve/CVE-2018-18505.html
https://bugzilla.suse.com/1119069
https://bugzilla.suse.com/1120374
https://bugzilla.suse.com/1122983