SUSE 5153 Published by

The following security updates has been released for openSUSE:

openSUSE-SU-2019:1708-1: moderate: Security update for libu2f-host, pam_u2f
openSUSE-SU-2019:1716-1: important: Security update for the Linux Kernel
openSUSE-SU-2019:1718-1: moderate: Security update for libqb
openSUSE-SU-2019:1719-1: Security update for fence-agents
openSUSE-SU-2019:1721-1: important: Security update for bubblewrap
openSUSE-SU-2019:1723-1: moderate: Security update for tomcat



openSUSE-SU-2019:1708-1: moderate: Security update for libu2f-host, pam_u2f

openSUSE Security Update: Security update for libu2f-host, pam_u2f
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1708-1
Rating: moderate
References: #1128140 #1135727 #1135729
Cross-References: CVE-2019-12209 CVE-2019-12210 CVE-2019-9578

Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for libu2f-host and pam_u2f to version 1.0.8 fixes the
following issues:

Security issues fixed for libu2f-host:

- CVE-2019-9578: Fixed a memory leak due to a wrong parse of init's
response (bsc#1128140).

Security issues fixed for pam_u2f:

- CVE-2019-12209: Fixed an issue where symlinks in the user's directory
were followed (bsc#1135729).
- CVE-2019-12210: Fixed file descriptor leaks (bsc#1135727).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1708=1



Package List:

- openSUSE Leap 15.1 (x86_64):

libu2f-host-debuginfo-1.1.6-lp151.2.6.1
libu2f-host-debugsource-1.1.6-lp151.2.6.1
libu2f-host-devel-1.1.6-lp151.2.6.1
libu2f-host-doc-1.1.6-lp151.2.6.1
libu2f-host0-1.1.6-lp151.2.6.1
libu2f-host0-debuginfo-1.1.6-lp151.2.6.1
pam_u2f-1.0.8-lp151.2.3.1
pam_u2f-debuginfo-1.0.8-lp151.2.3.1
pam_u2f-debugsource-1.0.8-lp151.2.3.1
u2f-host-1.1.6-lp151.2.6.1
u2f-host-debuginfo-1.1.6-lp151.2.6.1


References:

https://www.suse.com/security/cve/CVE-2019-12209.html
https://www.suse.com/security/cve/CVE-2019-12210.html
https://www.suse.com/security/cve/CVE-2019-9578.html
https://bugzilla.suse.com/1128140
https://bugzilla.suse.com/1135727
https://bugzilla.suse.com/1135729

openSUSE-SU-2019:1716-1: important: Security update for the Linux Kernel

openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1716-1
Rating: important
References: #1051510 #1071995 #1088047 #1094555 #1098633
#1106383 #1106751 #1109137 #1114279 #1119532
#1120423 #1124167 #1127155 #1128902 #1128910
#1131645 #1132154 #1132390 #1133401 #1133738
#1134303 #1134395 #1135296 #1135556 #1135642
#1136157 #1136935 #1137103 #1137194 #1137625
#1137728 #1137884 #1138589 #1138719 #1139771
#1139782 #1139865 #1140133 #1140328 #1140405
#1140424 #1140428 #1140575 #1140577 #1140637
#1140658 #1140715 #1140719 #1140726 #1140727
#1140728 #1140814
Cross-References: CVE-2018-16871 CVE-2018-20836 CVE-2019-10126
CVE-2019-10638 CVE-2019-10639 CVE-2019-11599
CVE-2019-12614
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves 7 vulnerabilities and has 45 fixes is
now available.

Description:



The openSUSE Leap 15.0 was updated to receive various security and
bugfixes.

The following security bugs were fixed:

- CVE-2019-10638: A device can be tracked by an attacker using the IP ID
values the kernel produces for connection-less protocols (e.g., UDP and
ICMP). When such traffic is sent to multiple destination IP addresses,
it is possible to obtain hash collisions (of indices to the counter
array) and thereby obtain the hashing key (via enumeration). An attack
may be conducted by hosting a crafted web page that uses WebRTC or gQUIC
to force UDP traffic to attacker-controlled IP addresses (bnc#1140575).
- CVE-2019-10639: The Linux kernel allowed Information Exposure (partial
kernel address disclosure), leading to a KASLR bypass. Specifically, it
is possible to extract the KASLR kernel image offset using the IP ID
values the kernel produces for connection-less protocols (e.g., UDP and
ICMP). When such traffic is sent to multiple destination IP addresses,
it is possible to obtain hash collisions (of indices to the counter
array) and thereby obtain the hashing key (via enumeration). This key
contains enough bits from a kernel address (of a static variable) so
when the key is extracted (via enumeration), the offset of the kernel
image is exposed. This attack can be carried out remotely, by the
attacker forcing the target device to send UDP or ICMP (or certain
other) traffic to attacker-controlled IP addresses. Forcing a server to
send UDP traffic is trivial if the server is a DNS server. ICMP traffic
is trivial if the server answers ICMP Echo requests (ping). For client
targets, if the target visits the attacker's web page, then WebRTC or
gQUIC can be used to force UDP traffic to attacker-controlled IP
addresses. NOTE: this attack against KASLR became viable in 4.1 because
IP ID generation was changed to have a dependency on an address
associated with a network namespace (bnc#1140577).
- CVE-2018-20836: There was a race condition in smp_task_timedout() and
smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a
use-after-free (bnc#1134395).
- CVE-2019-10126: A heap based buffer overflow in
mwifiex_uap_parse_tail_ies function in
drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory
corruption and possibly other consequences (bnc#1136935).
- CVE-2019-11599: The coredump implementation in the Linux kernel did not
use locking or other mechanisms to prevent vma layout or vma flags
changes while it runs, which allowed local users to obtain sensitive
information, cause a denial of service, or possibly have unspecified
other impact by triggering a race condition with mmget_not_zero or
get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c,
fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c
(bnc#1131645 1133738).
- CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in
arch/powerpc/platforms/pseries/dlpar.c where there was an unchecked
kstrdup of prop->name, which might allow an attacker to cause a denial
of service (NULL pointer dereference and system crash) (bnc#1137194).
- CVE-2018-16871: A flaw was found in NFS where an attacker who is able to
mount an exported NFS filesystem was able to trigger a null pointer
dereference by an invalid NFS sequence. (bnc#1137103).


Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1716=1



Package List:

- openSUSE Leap 15.0 (noarch):

kernel-devel-4.12.14-lp150.12.67.1
kernel-docs-4.12.14-lp150.12.67.1
kernel-docs-html-4.12.14-lp150.12.67.1
kernel-macros-4.12.14-lp150.12.67.1
kernel-source-4.12.14-lp150.12.67.1
kernel-source-vanilla-4.12.14-lp150.12.67.1

- openSUSE Leap 15.0 (x86_64):

kernel-debug-4.12.14-lp150.12.67.1
kernel-debug-base-4.12.14-lp150.12.67.1
kernel-debug-base-debuginfo-4.12.14-lp150.12.67.1
kernel-debug-debuginfo-4.12.14-lp150.12.67.1
kernel-debug-debugsource-4.12.14-lp150.12.67.1
kernel-debug-devel-4.12.14-lp150.12.67.1
kernel-debug-devel-debuginfo-4.12.14-lp150.12.67.1
kernel-default-4.12.14-lp150.12.67.1
kernel-default-base-4.12.14-lp150.12.67.1
kernel-default-base-debuginfo-4.12.14-lp150.12.67.1
kernel-default-debuginfo-4.12.14-lp150.12.67.1
kernel-default-debugsource-4.12.14-lp150.12.67.1
kernel-default-devel-4.12.14-lp150.12.67.1
kernel-default-devel-debuginfo-4.12.14-lp150.12.67.1
kernel-kvmsmall-4.12.14-lp150.12.67.1
kernel-kvmsmall-base-4.12.14-lp150.12.67.1
kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.67.1
kernel-kvmsmall-debuginfo-4.12.14-lp150.12.67.1
kernel-kvmsmall-debugsource-4.12.14-lp150.12.67.1
kernel-kvmsmall-devel-4.12.14-lp150.12.67.1
kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.67.1
kernel-obs-build-4.12.14-lp150.12.67.1
kernel-obs-build-debugsource-4.12.14-lp150.12.67.1
kernel-obs-qa-4.12.14-lp150.12.67.1
kernel-syms-4.12.14-lp150.12.67.1
kernel-vanilla-4.12.14-lp150.12.67.1
kernel-vanilla-base-4.12.14-lp150.12.67.1
kernel-vanilla-base-debuginfo-4.12.14-lp150.12.67.1
kernel-vanilla-debuginfo-4.12.14-lp150.12.67.1
kernel-vanilla-debugsource-4.12.14-lp150.12.67.1
kernel-vanilla-devel-4.12.14-lp150.12.67.1
kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.67.1


References:

https://www.suse.com/security/cve/CVE-2018-16871.html
https://www.suse.com/security/cve/CVE-2018-20836.html
https://www.suse.com/security/cve/CVE-2019-10126.html
https://www.suse.com/security/cve/CVE-2019-10638.html
https://www.suse.com/security/cve/CVE-2019-10639.html
https://www.suse.com/security/cve/CVE-2019-11599.html
https://www.suse.com/security/cve/CVE-2019-12614.html
https://bugzilla.suse.com/1051510
https://bugzilla.suse.com/1071995
https://bugzilla.suse.com/1088047
https://bugzilla.suse.com/1094555
https://bugzilla.suse.com/1098633
https://bugzilla.suse.com/1106383
https://bugzilla.suse.com/1106751
https://bugzilla.suse.com/1109137
https://bugzilla.suse.com/1114279
https://bugzilla.suse.com/1119532
https://bugzilla.suse.com/1120423
https://bugzilla.suse.com/1124167
https://bugzilla.suse.com/1127155
https://bugzilla.suse.com/1128902
https://bugzilla.suse.com/1128910
https://bugzilla.suse.com/1131645
https://bugzilla.suse.com/1132154
https://bugzilla.suse.com/1132390
https://bugzilla.suse.com/1133401
https://bugzilla.suse.com/1133738
https://bugzilla.suse.com/1134303
https://bugzilla.suse.com/1134395
https://bugzilla.suse.com/1135296
https://bugzilla.suse.com/1135556
https://bugzilla.suse.com/1135642
https://bugzilla.suse.com/1136157
https://bugzilla.suse.com/1136935
https://bugzilla.suse.com/1137103
https://bugzilla.suse.com/1137194
https://bugzilla.suse.com/1137625
https://bugzilla.suse.com/1137728
https://bugzilla.suse.com/1137884
https://bugzilla.suse.com/1138589
https://bugzilla.suse.com/1138719
https://bugzilla.suse.com/1139771
https://bugzilla.suse.com/1139782
https://bugzilla.suse.com/1139865
https://bugzilla.suse.com/1140133
https://bugzilla.suse.com/1140328
https://bugzilla.suse.com/1140405
https://bugzilla.suse.com/1140424
https://bugzilla.suse.com/1140428
https://bugzilla.suse.com/1140575
https://bugzilla.suse.com/1140577
https://bugzilla.suse.com/1140637
https://bugzilla.suse.com/1140658
https://bugzilla.suse.com/1140715
https://bugzilla.suse.com/1140719
https://bugzilla.suse.com/1140726
https://bugzilla.suse.com/1140727
https://bugzilla.suse.com/1140728
https://bugzilla.suse.com/1140814

openSUSE-SU-2019:1718-1: moderate: Security update for libqb

openSUSE Security Update: Security update for libqb
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1718-1
Rating: moderate
References: #1137835
Cross-References: CVE-2019-12779
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for libqb fixes the following issues:

Security issue fixed:

- CVE-2019-12779: Fixed an issue where a local attacker could overwrite
privileged system files (bsc#1137835).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1718=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

libqb-debugsource-1.0.3+20171226.6d62b64-lp150.2.3.1
libqb-devel-1.0.3+20171226.6d62b64-lp150.2.3.1
libqb0-1.0.3+20171226.6d62b64-lp150.2.3.1
libqb0-debuginfo-1.0.3+20171226.6d62b64-lp150.2.3.1

- openSUSE Leap 15.0 (x86_64):

libqb-devel-32bit-1.0.3+20171226.6d62b64-lp150.2.3.1
libqb0-32bit-1.0.3+20171226.6d62b64-lp150.2.3.1
libqb0-32bit-debuginfo-1.0.3+20171226.6d62b64-lp150.2.3.1


References:

https://www.suse.com/security/cve/CVE-2019-12779.html
https://bugzilla.suse.com/1137835

openSUSE-SU-2019:1719-1: Security update for fence-agents

openSUSE Security Update: Security update for fence-agents
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1719-1
Rating: low
References: #1049852 #1137314
Cross-References: CVE-2019-10153
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves one vulnerability and has one errata
is now available.

Description:

This update for fence-agents version 4.4.0 fixes the following issues:

Security issue fixed:

- CVE-2019-10153: Fixed a denial of service via guest VM comments
(bsc#1137314).

Non-security issue fixed:

- Included timestamps when logging (bsc#1049852).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1719=1



Package List:

- openSUSE Leap 15.0 (x86_64):

fence-agents-4.4.0+git.1558595666.5f79f9e9-lp150.2.10.1
fence-agents-amt_ws-4.4.0+git.1558595666.5f79f9e9-lp150.2.10.1
fence-agents-debuginfo-4.4.0+git.1558595666.5f79f9e9-lp150.2.10.1
fence-agents-debugsource-4.4.0+git.1558595666.5f79f9e9-lp150.2.10.1
fence-agents-devel-4.4.0+git.1558595666.5f79f9e9-lp150.2.10.1


References:

https://www.suse.com/security/cve/CVE-2019-10153.html
https://bugzilla.suse.com/1049852
https://bugzilla.suse.com/1137314

openSUSE-SU-2019:1721-1: important: Security update for bubblewrap

openSUSE Security Update: Security update for bubblewrap
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1721-1
Rating: important
References: #1136958
Cross-References: CVE-2019-12439
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for bubblewrap fixes the following issues:

Security issue fixed:

- CVE-2019-12439: Fixed insecure use of /tmp (bsc#1136958).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1721=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

bubblewrap-0.2.0-lp150.2.3.1
bubblewrap-debuginfo-0.2.0-lp150.2.3.1
bubblewrap-debugsource-0.2.0-lp150.2.3.1


References:

https://www.suse.com/security/cve/CVE-2019-12439.html
https://bugzilla.suse.com/1136958

openSUSE-SU-2019:1723-1: moderate: Security update for tomcat

openSUSE Security Update: Security update for tomcat
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1723-1
Rating: moderate
References: #1139924
Cross-References: CVE-2019-0199
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for tomcat to version 9.0.21 fixes the following issues:

Security issue fixed:

- CVE-2019-0199: Added additional fixes to address HTTP/2 connection
window exhaustion (bsc#1139924).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1723=1



Package List:

- openSUSE Leap 15.0 (noarch):

tomcat-9.0.21-lp150.2.22.1
tomcat-admin-webapps-9.0.21-lp150.2.22.1
tomcat-docs-webapp-9.0.21-lp150.2.22.1
tomcat-el-3_0-api-9.0.21-lp150.2.22.1
tomcat-embed-9.0.21-lp150.2.22.1
tomcat-javadoc-9.0.21-lp150.2.22.1
tomcat-jsp-2_3-api-9.0.21-lp150.2.22.1
tomcat-jsvc-9.0.21-lp150.2.22.1
tomcat-lib-9.0.21-lp150.2.22.1
tomcat-servlet-4_0-api-9.0.21-lp150.2.22.1
tomcat-webapps-9.0.21-lp150.2.22.1


References:

https://www.suse.com/security/cve/CVE-2019-0199.html
https://bugzilla.suse.com/1139924