SUSE 5152 Published by

The following openSUSE updates has been released:

openSUSE-SU-2019:2159-1: important: Security update for skopeo
openSUSE-SU-2019:2160-1: moderate: Security update for ghostscript
openSUSE-SU-2019:2161-1: moderate: Security update for libgcrypt
openSUSE-SU-2019:2169-1: important: Security update for curl
openSUSE-SU-2019:2173-1: important: Security update for the Linux Kernel
openSUSE-SU-2019:2174-1: important: Security update for ibus
openSUSE-SU-2019:2175-1: moderate: Security update for util-linux and shadow
openSUSE-SU-2019:2176-1: moderate: Security update for openldap2
openSUSE-SU-2019:2177-1: moderate: Security update for fish3
openSUSE-SU-2019:2178-1: moderate: Security update for bird



openSUSE-SU-2019:2159-1: important: Security update for skopeo

openSUSE Security Update: Security update for skopeo
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2159-1
Rating: important
References: #1144065
Cross-References: CVE-2019-10214
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for skopeo fixes the following issues:

Security issues fixed:

- CVE-2019-10214: Fixed missing enforcement of TLS connections
(bsc#1144065).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-2159=1



Package List:

- openSUSE Leap 15.0 (x86_64):

skopeo-0.1.32-lp150.8.1
skopeo-debuginfo-0.1.32-lp150.8.1


References:

https://www.suse.com/security/cve/CVE-2019-10214.html
https://bugzilla.suse.com/1144065

openSUSE-SU-2019:2160-1: moderate: Security update for ghostscript

openSUSE Security Update: Security update for ghostscript
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2160-1
Rating: moderate
References: #1144621
Cross-References: CVE-2019-10216
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for ghostscript fixes the following issues:

Security issue fixed:

- CVE-2019-10216: Fix privilege escalation via specially crafted
PostScript file (bsc#1144621).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-2160=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

ghostscript-9.26a-lp150.2.20.1
ghostscript-debuginfo-9.26a-lp150.2.20.1
ghostscript-debugsource-9.26a-lp150.2.20.1
ghostscript-devel-9.26a-lp150.2.20.1
ghostscript-mini-9.26a-lp150.2.20.1
ghostscript-mini-debuginfo-9.26a-lp150.2.20.1
ghostscript-mini-debugsource-9.26a-lp150.2.20.1
ghostscript-mini-devel-9.26a-lp150.2.20.1
ghostscript-x11-9.26a-lp150.2.20.1
ghostscript-x11-debuginfo-9.26a-lp150.2.20.1


References:

https://www.suse.com/security/cve/CVE-2019-10216.html
https://bugzilla.suse.com/1144621

openSUSE-SU-2019:2161-1: moderate: Security update for libgcrypt

openSUSE Security Update: Security update for libgcrypt
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2161-1
Rating: moderate
References: #1148987
Cross-References: CVE-2019-13627
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for libgcrypt fixes the following issues:

Security issues fixed:

- CVE-2019-13627: Mitigated ECDSA timing attack. (bsc#1148987)

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-2161=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

libgcrypt-cavs-1.8.2-lp150.5.13.1
libgcrypt-cavs-debuginfo-1.8.2-lp150.5.13.1
libgcrypt-debugsource-1.8.2-lp150.5.13.1
libgcrypt-devel-1.8.2-lp150.5.13.1
libgcrypt-devel-debuginfo-1.8.2-lp150.5.13.1
libgcrypt20-1.8.2-lp150.5.13.1
libgcrypt20-debuginfo-1.8.2-lp150.5.13.1
libgcrypt20-hmac-1.8.2-lp150.5.13.1

- openSUSE Leap 15.0 (x86_64):

libgcrypt-devel-32bit-1.8.2-lp150.5.13.1
libgcrypt-devel-32bit-debuginfo-1.8.2-lp150.5.13.1
libgcrypt20-32bit-1.8.2-lp150.5.13.1
libgcrypt20-32bit-debuginfo-1.8.2-lp150.5.13.1
libgcrypt20-hmac-32bit-1.8.2-lp150.5.13.1


References:

https://www.suse.com/security/cve/CVE-2019-13627.html
https://bugzilla.suse.com/1148987

openSUSE-SU-2019:2169-1: important: Security update for curl

openSUSE Security Update: Security update for curl
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2169-1
Rating: important
References: #1149495 #1149496
Cross-References: CVE-2019-5481 CVE-2019-5482
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for curl fixes the following issues:

Security issues fixed:

- CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data
transfer (bsc#1149495).
- CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow
(bsc#1149496).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-2169=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

curl-7.60.0-lp150.2.25.1
curl-debuginfo-7.60.0-lp150.2.25.1
curl-debugsource-7.60.0-lp150.2.25.1
libcurl-devel-7.60.0-lp150.2.25.1
libcurl4-7.60.0-lp150.2.25.1
libcurl4-debuginfo-7.60.0-lp150.2.25.1

- openSUSE Leap 15.0 (x86_64):

libcurl-devel-32bit-7.60.0-lp150.2.25.1
libcurl4-32bit-7.60.0-lp150.2.25.1
libcurl4-32bit-debuginfo-7.60.0-lp150.2.25.1


References:

https://www.suse.com/security/cve/CVE-2019-5481.html
https://www.suse.com/security/cve/CVE-2019-5482.html
https://bugzilla.suse.com/1149495
https://bugzilla.suse.com/1149496

openSUSE-SU-2019:2173-1: important: Security update for the Linux Kernel

openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2173-1
Rating: important
References: #1047238 #1050911 #1051510 #1054914 #1056686
#1060662 #1061840 #1061843 #1064597 #1064701
#1065600 #1065729 #1066369 #1071009 #1071306
#1078248 #1082555 #1085030 #1085536 #1085539
#1087092 #1090734 #1091171 #1093205 #1102097
#1104902 #1106284 #1106434 #1108382 #1112894
#1112899 #1112902 #1112903 #1112905 #1112906
#1112907 #1113722 #1114279 #1114542 #1118689
#1119086 #1120876 #1120902 #1120937 #1123105
#1124370 #1129424 #1129519 #1129664 #1131107
#1131565 #1134291 #1134881 #1134882 #1135219
#1135642 #1136261 #1137884 #1138539 #1139020
#1139021 #1140012 #1140487 #1141543 #1141554
#1142019 #1142076 #1142109 #1142541 #1142635
#1143300 #1143765 #1143841 #1143843 #1144123
#1144333 #1144718 #1144813 #1144880 #1144886
#1144912 #1144920 #1144979 #1145010 #1145051
#1145059 #1145189 #1145235 #1145300 #1145302
#1145388 #1145389 #1145390 #1145391 #1145392
#1145393 #1145394 #1145395 #1145396 #1145397
#1145408 #1145409 #1145661 #1145678 #1145687
#1145920 #1145922 #1145934 #1145937 #1145940
#1145941 #1145942 #1146074 #1146084 #1146163
#1146285 #1146346 #1146351 #1146352 #1146361
#1146376 #1146378 #1146381 #1146391 #1146399
#1146413 #1146425 #1146512 #1146514 #1146516
#1146519 #1146524 #1146526 #1146529 #1146531
#1146543 #1146547 #1146550 #1146575 #1146589
#1146678 #1146938 #1148031 #1148032 #1148033
#1148034 #1148035 #1148093 #1148133 #1148192
#1148196 #1148198 #1148202 #1148303 #1148363
#1148379 #1148394 #1148527 #1148574 #1148616
#1148617 #1148619 #1148859 #1148868 #1149053
#1149083 #1149104 #1149105 #1149106 #1149197
#1149214 #1149224 #1149325 #1149376 #1149413
#1149418 #1149424 #1149522 #1149527 #1149539
#1149552 #1149591 #1149602 #1149612 #1149626
#1149652 #1149713 #1149940 #1149976 #1150025
#1150033 #1150112 #1150562 #1150727 #1150860
#1150861 #1150933
Cross-References: CVE-2017-18551 CVE-2018-20976 CVE-2018-21008
CVE-2019-14814 CVE-2019-14815 CVE-2019-14816
CVE-2019-14835 CVE-2019-15030 CVE-2019-15031
CVE-2019-15090 CVE-2019-15098 CVE-2019-15117
CVE-2019-15118 CVE-2019-15211 CVE-2019-15212
CVE-2019-15214 CVE-2019-15215 CVE-2019-15216
CVE-2019-15217 CVE-2019-15218 CVE-2019-15219
CVE-2019-15220 CVE-2019-15221 CVE-2019-15222
CVE-2019-15239 CVE-2019-15290 CVE-2019-15292
CVE-2019-15538 CVE-2019-15666 CVE-2019-15902
CVE-2019-15917 CVE-2019-15919 CVE-2019-15920
CVE-2019-15921 CVE-2019-15924 CVE-2019-15926
CVE-2019-15927 CVE-2019-9456
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves 38 vulnerabilities and has 159 fixes
is now available.

Description:



The openSUSE Leap 15.0 kernel was updated to receive various security and
bugfixes.

The following security bugs were fixed:

- CVE-2017-18551: There was an out of bounds write in the function
i2c_smbus_xfer_emulated (bnc#1146163).
- CVE-2018-20976: A use after free exists, related to xfs_fs_fill_super
failure (bnc#1146285).
- CVE-2018-21008: A use-after-free can be caused by the function
rsi_mac80211_detach in the file
drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591).
- CVE-2019-14814: A heap overflow in mwifiex_set_uap_rates() function of
Marvell was fixed. (bnc#1146512).
- CVE-2019-14815: A heap overflow in mwifiex_set_wmm_params() function of
Marvell Wifi Driver was fixed. (bnc#1146514).
- CVE-2019-14816: A heap overflow in mwifiex_update_vs_ie() function of
Marvell Wifi Driver was fixed. (bnc#1146516).
- CVE-2019-14835: A vhost/vhost_net kernel buffer overflow could lead to
guest to host kernel escape during live migration (bnc#1150112).
- CVE-2019-15030: In the Linux kernel on the powerpc platform, a local
user can read vector registers of other users' processes via a Facility
Unavailable exception. To exploit the venerability, a local user starts
a transaction (via the hardware transactional memory instruction tbegin)
and then accesses vector registers. At some point, the vector registers
will be corrupted with the values from a different local Linux process
because of a missing arch/powerpc/kernel/process.c check (bnc#1149713).
- CVE-2019-15031: In the Linux kernel on the powerpc platform, a local
user can read vector registers of other users' processes via an
interrupt. To exploit the venerability, a local user starts a
transaction (via the hardware transactional memory instruction tbegin)
and then accesses vector registers. At some point, the vector registers
will be corrupted with the values from a different local Linux process,
because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c
(bnc#1149713).
- CVE-2019-15090: In the qedi_dbg_* family of functions, there was an
out-of-bounds read (bnc#1146399).
- CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb.c had a NULL pointer
dereference via an incomplete address in an endpoint descriptor
(bnc#1146378).
- CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux
kernel mishandled a short descriptor, leading to out-of-bounds memory
access (bnc#1145920).
- CVE-2019-15118: check_input_term in sound/usb/mixer.c in the Linux
kernel mishandled recursion, leading to kernel stack exhaustion
(bnc#1145922).
- CVE-2019-15211: There was a use-after-free caused by a malicious USB
device in the drivers/media/v4l2-core/v4l2-dev.c driver because
drivers/media/radio/radio-raremono.c did not properly allocate memory
(bnc#1146519).
- CVE-2019-15212: There was a double-free caused by a malicious USB device
in the drivers/usb/misc/rio500.c driver (bnc#1146391).
- CVE-2019-15214: There was a use-after-free in the sound subsystem
because card disconnection causes certain data structures to be deleted
too early. This is related to sound/core/init.c and sound/core/info.c
(bnc#1146550).
- CVE-2019-15215: There was a use-after-free caused by a malicious USB
device in the drivers/media/usb/cpia2/cpia2_usb.c driver (bnc#1146425).
- CVE-2019-15216: There was a NULL pointer dereference caused by a
malicious USB device in the drivers/usb/misc/yurex.c driver
(bnc#1146361).
- CVE-2019-15217: There was a NULL pointer dereference caused by a
malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver
(bnc#1146547).
- CVE-2019-15218: There was a NULL pointer dereference caused by a
malicious USB device in the drivers/media/usb/siano/smsusb.c driver
(bnc#1146413).
- CVE-2019-15219: There was a NULL pointer dereference caused by a
malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver
(bnc#1146524).
- CVE-2019-15220: There was a use-after-free caused by a malicious USB
device in the drivers/net/wireless/intersil/p54/p54usb.c driver
(bnc#1146526).
- CVE-2019-15221: There was a NULL pointer dereference caused by a
malicious USB device in the sound/usb/line6/pcm.c driver (bnc#1146529).
- CVE-2019-15222: There was a NULL pointer dereference caused by a
malicious USB device in the sound/usb/helper.c (motu_microbookii) driver
(bnc#1146531).
- CVE-2019-15239: In the Linux kernel, a certain net/ipv4/tcp_output.c
change, which was properly incorporated into 4.16.12, was incorrectly
backported to the earlier longterm kernels, introducing a new
vulnerability that was potentially more severe than the issue that was
intended to be fixed by backporting. Specifically, by adding to a write
queue between disconnection and re-connection, a local attacker can
trigger multiple use-after-free conditions. This can result in a kernel
crash, or potentially in privilege escalation. (bnc#1146589)
- CVE-2019-15290: There was a NULL pointer dereference caused by a
malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function in
the drivers/net/wireless/ath/ath6kl/usb.c driver (bnc#1146378
bnc#1146543).
- CVE-2019-15292: There was a use-after-free in atalk_proc_exit, related
to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and
net/appletalk/sysctl_net_atalk.c (bnc#1146678).
- CVE-2019-15538: XFS partially wedges when a chgrp fails on account of
being out of disk quota. xfs_setattr_nonsize is failing to unlock the
ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a
local DoS attack vector, but it might result as well in remote DoS if
the XFS filesystem is exported for instance via NFS (bnc#1148093).
- CVE-2019-15666: There was an out-of-bounds array access in
__xfrm_policy_unlink, which will cause denial of service, because
verify_newpolicy_info in net/xfrm/xfrm_user.c mishandled directory
validation (bnc#1148394).
- CVE-2019-15902: Misuse of the upstream "x86/ptrace: Fix possible
spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre
vulnerability that it aimed to eliminate. This occurred because the
backport process depends on cherry picking specific commits, and because
two (correctly ordered) code lines were swapped (bnc#1149376).
- CVE-2019-15917: There was a use-after-free issue when
hci_uart_register_dev() fails in hci_uart_set_proto() in
drivers/bluetooth/hci_ldisc.c (bnc#1149539).
- CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free
(bnc#1149552).
- CVE-2019-15920: An issue was discovered in the Linux kernel SMB2_read in
fs/cifs/smb2pdu.c had a use-after-free. NOTE: this was not fixed
correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents a memory
leak (bnc#1149626).
- CVE-2019-15921: There was a memory leak issue when idr_alloc() fails in
genl_register_family() in net/netlink/genetlink.c (bnc#1149602).
- CVE-2019-15924: The fm10k_init_module in
drivers/net/ethernet/intel/fm10k/fm10k_main.c had a NULL pointer
dereference because there is no -ENOMEM upon an alloc_workqueue failure
(bnc#1149612).
- CVE-2019-15926: Out of bounds access exists in the functions
ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the
file drivers/net/wireless/ath/ath6kl/wmi.c (bnc#1149527).
- CVE-2019-15927: An out-of-bounds access exists in the function
build_audio_procunit in the file sound/usb/mixer.c (bnc#1149522).
- CVE-2019-9456: In USB monitor driver there is a possible OOB write due
to a missing bounds check. This could lead to local escalation of
privilege with System execution privileges needed. User interaction is
not needed for exploitation (bnc#1150025).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-2173=1



Package List:

- openSUSE Leap 15.0 (x86_64):

kernel-debug-4.12.14-lp150.12.73.1
kernel-debug-base-4.12.14-lp150.12.73.1
kernel-debug-base-debuginfo-4.12.14-lp150.12.73.1
kernel-debug-debuginfo-4.12.14-lp150.12.73.1
kernel-debug-debugsource-4.12.14-lp150.12.73.1
kernel-debug-devel-4.12.14-lp150.12.73.1
kernel-debug-devel-debuginfo-4.12.14-lp150.12.73.1
kernel-default-4.12.14-lp150.12.73.1
kernel-default-base-4.12.14-lp150.12.73.1
kernel-default-base-debuginfo-4.12.14-lp150.12.73.1
kernel-default-debuginfo-4.12.14-lp150.12.73.1
kernel-default-debugsource-4.12.14-lp150.12.73.1
kernel-default-devel-4.12.14-lp150.12.73.1
kernel-default-devel-debuginfo-4.12.14-lp150.12.73.1
kernel-kvmsmall-4.12.14-lp150.12.73.1
kernel-kvmsmall-base-4.12.14-lp150.12.73.1
kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.73.1
kernel-kvmsmall-debuginfo-4.12.14-lp150.12.73.1
kernel-kvmsmall-debugsource-4.12.14-lp150.12.73.1
kernel-kvmsmall-devel-4.12.14-lp150.12.73.1
kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.73.1
kernel-obs-build-4.12.14-lp150.12.73.1
kernel-obs-build-debugsource-4.12.14-lp150.12.73.1
kernel-obs-qa-4.12.14-lp150.12.73.1
kernel-syms-4.12.14-lp150.12.73.1
kernel-vanilla-4.12.14-lp150.12.73.1
kernel-vanilla-base-4.12.14-lp150.12.73.1
kernel-vanilla-base-debuginfo-4.12.14-lp150.12.73.1
kernel-vanilla-debuginfo-4.12.14-lp150.12.73.1
kernel-vanilla-debugsource-4.12.14-lp150.12.73.1
kernel-vanilla-devel-4.12.14-lp150.12.73.1
kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.73.1

- openSUSE Leap 15.0 (noarch):

kernel-devel-4.12.14-lp150.12.73.1
kernel-docs-4.12.14-lp150.12.73.1
kernel-docs-html-4.12.14-lp150.12.73.1
kernel-macros-4.12.14-lp150.12.73.1
kernel-source-4.12.14-lp150.12.73.1
kernel-source-vanilla-4.12.14-lp150.12.73.1


References:

https://www.suse.com/security/cve/CVE-2017-18551.html
https://www.suse.com/security/cve/CVE-2018-20976.html
https://www.suse.com/security/cve/CVE-2018-21008.html
https://www.suse.com/security/cve/CVE-2019-14814.html
https://www.suse.com/security/cve/CVE-2019-14815.html
https://www.suse.com/security/cve/CVE-2019-14816.html
https://www.suse.com/security/cve/CVE-2019-14835.html
https://www.suse.com/security/cve/CVE-2019-15030.html
https://www.suse.com/security/cve/CVE-2019-15031.html
https://www.suse.com/security/cve/CVE-2019-15090.html
https://www.suse.com/security/cve/CVE-2019-15098.html
https://www.suse.com/security/cve/CVE-2019-15117.html
https://www.suse.com/security/cve/CVE-2019-15118.html
https://www.suse.com/security/cve/CVE-2019-15211.html
https://www.suse.com/security/cve/CVE-2019-15212.html
https://www.suse.com/security/cve/CVE-2019-15214.html
https://www.suse.com/security/cve/CVE-2019-15215.html
https://www.suse.com/security/cve/CVE-2019-15216.html
https://www.suse.com/security/cve/CVE-2019-15217.html
https://www.suse.com/security/cve/CVE-2019-15218.html
https://www.suse.com/security/cve/CVE-2019-15219.html
https://www.suse.com/security/cve/CVE-2019-15220.html
https://www.suse.com/security/cve/CVE-2019-15221.html
https://www.suse.com/security/cve/CVE-2019-15222.html
https://www.suse.com/security/cve/CVE-2019-15239.html
https://www.suse.com/security/cve/CVE-2019-15290.html
https://www.suse.com/security/cve/CVE-2019-15292.html
https://www.suse.com/security/cve/CVE-2019-15538.html
https://www.suse.com/security/cve/CVE-2019-15666.html
https://www.suse.com/security/cve/CVE-2019-15902.html
https://www.suse.com/security/cve/CVE-2019-15917.html
https://www.suse.com/security/cve/CVE-2019-15919.html
https://www.suse.com/security/cve/CVE-2019-15920.html
https://www.suse.com/security/cve/CVE-2019-15921.html
https://www.suse.com/security/cve/CVE-2019-15924.html
https://www.suse.com/security/cve/CVE-2019-15926.html
https://www.suse.com/security/cve/CVE-2019-15927.html
https://www.suse.com/security/cve/CVE-2019-9456.html
https://bugzilla.suse.com/1047238
https://bugzilla.suse.com/1050911
https://bugzilla.suse.com/1051510
https://bugzilla.suse.com/1054914
https://bugzilla.suse.com/1056686
https://bugzilla.suse.com/1060662
https://bugzilla.suse.com/1061840
https://bugzilla.suse.com/1061843
https://bugzilla.suse.com/1064597
https://bugzilla.suse.com/1064701
https://bugzilla.suse.com/1065600
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1066369
https://bugzilla.suse.com/1071009
https://bugzilla.suse.com/1071306
https://bugzilla.suse.com/1078248
https://bugzilla.suse.com/1082555
https://bugzilla.suse.com/1085030
https://bugzilla.suse.com/1085536
https://bugzilla.suse.com/1085539
https://bugzilla.suse.com/1087092
https://bugzilla.suse.com/1090734
https://bugzilla.suse.com/1091171
https://bugzilla.suse.com/1093205
https://bugzilla.suse.com/1102097
https://bugzilla.suse.com/1104902
https://bugzilla.suse.com/1106284
https://bugzilla.suse.com/1106434
https://bugzilla.suse.com/1108382
https://bugzilla.suse.com/1112894
https://bugzilla.suse.com/1112899
https://bugzilla.suse.com/1112902
https://bugzilla.suse.com/1112903
https://bugzilla.suse.com/1112905
https://bugzilla.suse.com/1112906
https://bugzilla.suse.com/1112907
https://bugzilla.suse.com/1113722
https://bugzilla.suse.com/1114279
https://bugzilla.suse.com/1114542
https://bugzilla.suse.com/1118689
https://bugzilla.suse.com/1119086
https://bugzilla.suse.com/1120876
https://bugzilla.suse.com/1120902
https://bugzilla.suse.com/1120937
https://bugzilla.suse.com/1123105
https://bugzilla.suse.com/1124370
https://bugzilla.suse.com/1129424
https://bugzilla.suse.com/1129519
https://bugzilla.suse.com/1129664
https://bugzilla.suse.com/1131107
https://bugzilla.suse.com/1131565
https://bugzilla.suse.com/1134291
https://bugzilla.suse.com/1134881
https://bugzilla.suse.com/1134882
https://bugzilla.suse.com/1135219
https://bugzilla.suse.com/1135642
https://bugzilla.suse.com/1136261
https://bugzilla.suse.com/1137884
https://bugzilla.suse.com/1138539
https://bugzilla.suse.com/1139020
https://bugzilla.suse.com/1139021
https://bugzilla.suse.com/1140012
https://bugzilla.suse.com/1140487
https://bugzilla.suse.com/1141543
https://bugzilla.suse.com/1141554
https://bugzilla.suse.com/1142019
https://bugzilla.suse.com/1142076
https://bugzilla.suse.com/1142109
https://bugzilla.suse.com/1142541
https://bugzilla.suse.com/1142635
https://bugzilla.suse.com/1143300
https://bugzilla.suse.com/1143765
https://bugzilla.suse.com/1143841
https://bugzilla.suse.com/1143843
https://bugzilla.suse.com/1144123
https://bugzilla.suse.com/1144333
https://bugzilla.suse.com/1144718
https://bugzilla.suse.com/1144813
https://bugzilla.suse.com/1144880
https://bugzilla.suse.com/1144886
https://bugzilla.suse.com/1144912
https://bugzilla.suse.com/1144920
https://bugzilla.suse.com/1144979
https://bugzilla.suse.com/1145010
https://bugzilla.suse.com/1145051
https://bugzilla.suse.com/1145059
https://bugzilla.suse.com/1145189
https://bugzilla.suse.com/1145235
https://bugzilla.suse.com/1145300
https://bugzilla.suse.com/1145302
https://bugzilla.suse.com/1145388
https://bugzilla.suse.com/1145389
https://bugzilla.suse.com/1145390
https://bugzilla.suse.com/1145391
https://bugzilla.suse.com/1145392
https://bugzilla.suse.com/1145393
https://bugzilla.suse.com/1145394
https://bugzilla.suse.com/1145395
https://bugzilla.suse.com/1145396
https://bugzilla.suse.com/1145397
https://bugzilla.suse.com/1145408
https://bugzilla.suse.com/1145409
https://bugzilla.suse.com/1145661
https://bugzilla.suse.com/1145678
https://bugzilla.suse.com/1145687
https://bugzilla.suse.com/1145920
https://bugzilla.suse.com/1145922
https://bugzilla.suse.com/1145934
https://bugzilla.suse.com/1145937
https://bugzilla.suse.com/1145940
https://bugzilla.suse.com/1145941
https://bugzilla.suse.com/1145942
https://bugzilla.suse.com/1146074
https://bugzilla.suse.com/1146084
https://bugzilla.suse.com/1146163
https://bugzilla.suse.com/1146285
https://bugzilla.suse.com/1146346
https://bugzilla.suse.com/1146351
https://bugzilla.suse.com/1146352
https://bugzilla.suse.com/1146361
https://bugzilla.suse.com/1146376
https://bugzilla.suse.com/1146378
https://bugzilla.suse.com/1146381
https://bugzilla.suse.com/1146391
https://bugzilla.suse.com/1146399
https://bugzilla.suse.com/1146413
https://bugzilla.suse.com/1146425
https://bugzilla.suse.com/1146512
https://bugzilla.suse.com/1146514
https://bugzilla.suse.com/1146516
https://bugzilla.suse.com/1146519
https://bugzilla.suse.com/1146524
https://bugzilla.suse.com/1146526
https://bugzilla.suse.com/1146529
https://bugzilla.suse.com/1146531
https://bugzilla.suse.com/1146543
https://bugzilla.suse.com/1146547
https://bugzilla.suse.com/1146550
https://bugzilla.suse.com/1146575
https://bugzilla.suse.com/1146589
https://bugzilla.suse.com/1146678
https://bugzilla.suse.com/1146938
https://bugzilla.suse.com/1148031
https://bugzilla.suse.com/1148032
https://bugzilla.suse.com/1148033
https://bugzilla.suse.com/1148034
https://bugzilla.suse.com/1148035
https://bugzilla.suse.com/1148093
https://bugzilla.suse.com/1148133
https://bugzilla.suse.com/1148192
https://bugzilla.suse.com/1148196
https://bugzilla.suse.com/1148198
https://bugzilla.suse.com/1148202
https://bugzilla.suse.com/1148303
https://bugzilla.suse.com/1148363
https://bugzilla.suse.com/1148379
https://bugzilla.suse.com/1148394
https://bugzilla.suse.com/1148527
https://bugzilla.suse.com/1148574
https://bugzilla.suse.com/1148616
https://bugzilla.suse.com/1148617
https://bugzilla.suse.com/1148619
https://bugzilla.suse.com/1148859
https://bugzilla.suse.com/1148868
https://bugzilla.suse.com/1149053
https://bugzilla.suse.com/1149083
https://bugzilla.suse.com/1149104
https://bugzilla.suse.com/1149105
https://bugzilla.suse.com/1149106
https://bugzilla.suse.com/1149197
https://bugzilla.suse.com/1149214
https://bugzilla.suse.com/1149224
https://bugzilla.suse.com/1149325
https://bugzilla.suse.com/1149376
https://bugzilla.suse.com/1149413
https://bugzilla.suse.com/1149418
https://bugzilla.suse.com/1149424
https://bugzilla.suse.com/1149522
https://bugzilla.suse.com/1149527
https://bugzilla.suse.com/1149539
https://bugzilla.suse.com/1149552
https://bugzilla.suse.com/1149591
https://bugzilla.suse.com/1149602
https://bugzilla.suse.com/1149612
https://bugzilla.suse.com/1149626
https://bugzilla.suse.com/1149652
https://bugzilla.suse.com/1149713
https://bugzilla.suse.com/1149940
https://bugzilla.suse.com/1149976
https://bugzilla.suse.com/1150025
https://bugzilla.suse.com/1150033
https://bugzilla.suse.com/1150112
https://bugzilla.suse.com/1150562
https://bugzilla.suse.com/1150727
https://bugzilla.suse.com/1150860
https://bugzilla.suse.com/1150861
https://bugzilla.suse.com/1150933

openSUSE-SU-2019:2174-1: important: Security update for ibus

openSUSE Security Update: Security update for ibus
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2174-1
Rating: important
References: #1150011
Cross-References: CVE-2019-14822
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for ibus fixes the following issues:

Security issue fixed:

- CVE-2019-14822: Fixed a misconfiguration of the DBus server that allowed
an unprivileged user to monitor and send method calls to the ibus bus of
another user. (bsc#1150011)

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-2174=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

ibus-1.5.17-lp150.4.3.1
ibus-debuginfo-1.5.17-lp150.4.3.1
ibus-debugsource-1.5.17-lp150.4.3.1
ibus-devel-1.5.17-lp150.4.3.1
ibus-gtk-1.5.17-lp150.4.3.1
ibus-gtk-debuginfo-1.5.17-lp150.4.3.1
ibus-gtk3-1.5.17-lp150.4.3.1
ibus-gtk3-debuginfo-1.5.17-lp150.4.3.1
libibus-1_0-5-1.5.17-lp150.4.3.1
libibus-1_0-5-debuginfo-1.5.17-lp150.4.3.1
python-ibus-1.5.17-lp150.4.3.1
typelib-1_0-IBus-1_0-1.5.17-lp150.4.3.1

- openSUSE Leap 15.0 (noarch):

ibus-branding-openSUSE-KDE-1.5.17-lp150.4.3.1
ibus-lang-1.5.17-lp150.4.3.1

- openSUSE Leap 15.0 (x86_64):

ibus-gtk-32bit-1.5.17-lp150.4.3.1
ibus-gtk-32bit-debuginfo-1.5.17-lp150.4.3.1
ibus-gtk3-32bit-1.5.17-lp150.4.3.1
ibus-gtk3-32bit-debuginfo-1.5.17-lp150.4.3.1
libibus-1_0-5-32bit-1.5.17-lp150.4.3.1
libibus-1_0-5-32bit-debuginfo-1.5.17-lp150.4.3.1
python3-ibus-1.5.17-lp150.4.3.1


References:

https://www.suse.com/security/cve/CVE-2019-14822.html
https://bugzilla.suse.com/1150011

openSUSE-SU-2019:2175-1: moderate: Security update for util-linux and shadow

openSUSE Security Update: Security update for util-linux and shadow
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2175-1
Rating: moderate
References: #1081947 #1082293 #1085196 #1106214 #1121197
#1122417 #1125886 #1135534 #1135708 #353876

Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that contains security fixes can now be installed.

Description:

This update for util-linux and shadow fixes the following issues:

util-linux:

- Fixed an issue where PATH settings in /etc/default/su being ignored
(bsc#1121197)
- Prevent outdated pam files (bsc#1082293).
- Do not trim read-only volumes (bsc#1106214).
- Integrate pam_keyinit pam module to login (bsc#1081947).
- Perform one-time reset of /etc/default/su (bsc#1121197).
- Fix problems in reading of login.defs values (bsc#1121197)
- libmount: To prevent incorrect behavior, recognize more pseudofs and
netfs (bsc#1122417).
- raw.service: Add RemainAfterExit=yes (bsc#1135534).
- agetty: Return previous response of agetty for special characters
(bsc#1085196, bsc#1125886)
- Fix /etc/default/su comments and create /etc/default/runuser
(bsc#1121197).

shadow:

- Fixed an issue where PATH settings in /etc/default/su being ignored
(bsc#1121197)
- Hardening for su wrappers (bsc#353876)

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-2175=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

libblkid-devel-2.31.1-lp150.7.10.2
libblkid-devel-static-2.31.1-lp150.7.10.2
libblkid1-2.31.1-lp150.7.10.2
libblkid1-debuginfo-2.31.1-lp150.7.10.2
libfdisk-devel-2.31.1-lp150.7.10.2
libfdisk-devel-static-2.31.1-lp150.7.10.2
libfdisk1-2.31.1-lp150.7.10.2
libfdisk1-debuginfo-2.31.1-lp150.7.10.2
libmount-devel-2.31.1-lp150.7.10.2
libmount-devel-static-2.31.1-lp150.7.10.2
libmount1-2.31.1-lp150.7.10.2
libmount1-debuginfo-2.31.1-lp150.7.10.2
libsmartcols-devel-2.31.1-lp150.7.10.2
libsmartcols-devel-static-2.31.1-lp150.7.10.2
libsmartcols1-2.31.1-lp150.7.10.2
libsmartcols1-debuginfo-2.31.1-lp150.7.10.2
libuuid-devel-2.31.1-lp150.7.10.2
libuuid-devel-static-2.31.1-lp150.7.10.2
libuuid1-2.31.1-lp150.7.10.2
libuuid1-debuginfo-2.31.1-lp150.7.10.2
shadow-4.5-lp150.11.2
shadow-debuginfo-4.5-lp150.11.2
shadow-debugsource-4.5-lp150.11.2
util-linux-2.31.1-lp150.7.10.2
util-linux-debuginfo-2.31.1-lp150.7.10.2
util-linux-debugsource-2.31.1-lp150.7.10.2

- openSUSE Leap 15.0 (noarch):

util-linux-lang-2.31.1-lp150.7.10.2

- openSUSE Leap 15.0 (x86_64):

libblkid-devel-32bit-2.31.1-lp150.7.10.2
libblkid1-32bit-2.31.1-lp150.7.10.2
libblkid1-32bit-debuginfo-2.31.1-lp150.7.10.2
libmount-devel-32bit-2.31.1-lp150.7.10.2
libmount1-32bit-2.31.1-lp150.7.10.2
libmount1-32bit-debuginfo-2.31.1-lp150.7.10.2
libuuid-devel-32bit-2.31.1-lp150.7.10.2
libuuid1-32bit-2.31.1-lp150.7.10.2
libuuid1-32bit-debuginfo-2.31.1-lp150.7.10.2


References:

https://bugzilla.suse.com/1081947
https://bugzilla.suse.com/1082293
https://bugzilla.suse.com/1085196
https://bugzilla.suse.com/1106214
https://bugzilla.suse.com/1121197
https://bugzilla.suse.com/1122417
https://bugzilla.suse.com/1125886
https://bugzilla.suse.com/1135534
https://bugzilla.suse.com/1135708
https://bugzilla.suse.com/353876

openSUSE-SU-2019:2176-1: moderate: Security update for openldap2

openSUSE Security Update: Security update for openldap2
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2176-1
Rating: moderate
References: #1073313 #1111388 #1114845 #1143194 #1143273

Cross-References: CVE-2017-17740 CVE-2019-13057 CVE-2019-13565

Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves three vulnerabilities and has two
fixes is now available.

Description:

This update for openldap2 fixes the following issues:

Security issue fixed:

- CVE-2019-13565: Fixed an authentication bypass when using SASL
authentication and session encryption (bsc#1143194).
- CVE-2019-13057: Fixed an issue with delegated database admin privileges
(bsc#1143273).
- CVE-2017-17740: When both the nops module and the member of overlay are
enabled, attempts to free a buffer that was allocated on the stack,
which allows remote attackers to cause a denial of service (slapd crash)
via a member MODDN operation. (bsc#1073313)

Non-security issues fixed:

- Fixed broken shebang line in openldap_update_modules_path.sh
(bsc#1114845).
- Create files in /var/lib/ldap/ during initial start to allow for
transactional updates (bsc#1111388)
- Fixed incorrect post script call causing tmpfiles creation not to be run
(bsc#1111388).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-2176=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

libldap-2_4-2-2.4.46-lp150.13.1
libldap-2_4-2-debuginfo-2.4.46-lp150.13.1
openldap2-2.4.46-lp150.13.1
openldap2-back-meta-2.4.46-lp150.13.1
openldap2-back-meta-debuginfo-2.4.46-lp150.13.1
openldap2-back-perl-2.4.46-lp150.13.1
openldap2-back-perl-debuginfo-2.4.46-lp150.13.1
openldap2-back-sock-2.4.46-lp150.13.1
openldap2-back-sock-debuginfo-2.4.46-lp150.13.1
openldap2-back-sql-2.4.46-lp150.13.1
openldap2-back-sql-debuginfo-2.4.46-lp150.13.1
openldap2-client-2.4.46-lp150.13.1
openldap2-client-debuginfo-2.4.46-lp150.13.1
openldap2-contrib-2.4.46-lp150.13.1
openldap2-contrib-debuginfo-2.4.46-lp150.13.1
openldap2-debuginfo-2.4.46-lp150.13.1
openldap2-debugsource-2.4.46-lp150.13.1
openldap2-devel-2.4.46-lp150.13.1
openldap2-devel-static-2.4.46-lp150.13.1
openldap2-ppolicy-check-password-1.2-lp150.13.1
openldap2-ppolicy-check-password-debuginfo-1.2-lp150.13.1

- openSUSE Leap 15.0 (noarch):

libldap-data-2.4.46-lp150.13.1
openldap2-doc-2.4.46-lp150.13.1

- openSUSE Leap 15.0 (x86_64):

libldap-2_4-2-32bit-2.4.46-lp150.13.1
libldap-2_4-2-32bit-debuginfo-2.4.46-lp150.13.1
openldap2-devel-32bit-2.4.46-lp150.13.1


References:

https://www.suse.com/security/cve/CVE-2017-17740.html
https://www.suse.com/security/cve/CVE-2019-13057.html
https://www.suse.com/security/cve/CVE-2019-13565.html
https://bugzilla.suse.com/1073313
https://bugzilla.suse.com/1111388
https://bugzilla.suse.com/1114845
https://bugzilla.suse.com/1143194
https://bugzilla.suse.com/1143273

openSUSE-SU-2019:2177-1: moderate: Security update for fish3

openSUSE Security Update: Security update for fish3
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2177-1
Rating: moderate
References: #1128601
Cross-References: CVE-2014-2905 CVE-2014-2906 CVE-2014-2914
CVE-2014-3219 CVE-2014-3856
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes 5 vulnerabilities is now available.

Description:


This update supplies the "fish3" package, complementary to the "fish"
package.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-2177=1



Package List:

- openSUSE Leap 15.0 (x86_64):

fish3-3.0.0-lp150.3.1
fish3-debuginfo-3.0.0-lp150.3.1
fish3-debugsource-3.0.0-lp150.3.1
fish3-devel-3.0.0-lp150.3.1


References:

https://www.suse.com/security/cve/CVE-2014-2905.html
https://www.suse.com/security/cve/CVE-2014-2906.html
https://www.suse.com/security/cve/CVE-2014-2914.html
https://www.suse.com/security/cve/CVE-2014-3219.html
https://www.suse.com/security/cve/CVE-2014-3856.html
https://bugzilla.suse.com/1128601

openSUSE-SU-2019:2178-1: moderate: Security update for bird

openSUSE Security Update: Security update for bird
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2178-1
Rating: moderate
References: #1150108
Cross-References: CVE-2019-16159
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for bird fixes the following issues:

- CVE-2019-16159: Fixed a stack-based buffer overflow via administrative
shutdown communication messages. (bnc#1150108)


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-2178=1



Package List:

- openSUSE Leap 15.1 (x86_64):

bird-1.6.8-lp151.2.3.1
bird-common-1.6.8-lp151.2.3.1
bird-debuginfo-1.6.8-lp151.2.3.1
bird-debugsource-1.6.8-lp151.2.3.1
bird-doc-1.6.8-lp151.2.3.1
bird6-1.6.8-lp151.2.3.1
bird6-debuginfo-1.6.8-lp151.2.3.1


References:

https://www.suse.com/security/cve/CVE-2019-16159.html
https://bugzilla.suse.com/1150108