SUSE 5180 Published by

The following updates has been released for SUSE:

openSUSE-SU-2018:3871-1: important: Security update for chromium
openSUSE-SU-2018:3872-1: important: Security update for chromium
openSUSE-SU-2018:3876-1: important: Security update for virtualbox



openSUSE-SU-2018:3871-1: important: Security update for chromium

openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3871-1
Rating: important
References: #1116608
Cross-References: CVE-2018-17479
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.0
openSUSE Backports SLE-15
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for Chromium to version 70.0.3538.110 fixes the following
security issue:

- CVE-2018-17479: Use-after-free in GPU (boo#1116608)


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1446=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1446=1

- openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2018-1446=1



Package List:

- openSUSE Leap 42.3 (x86_64):

chromedriver-70.0.3538.110-186.1
chromedriver-debuginfo-70.0.3538.110-186.1
chromium-70.0.3538.110-186.1
chromium-debuginfo-70.0.3538.110-186.1
chromium-debugsource-70.0.3538.110-186.1

- openSUSE Leap 15.0 (x86_64):

chromedriver-70.0.3538.110-lp150.2.26.1
chromedriver-debuginfo-70.0.3538.110-lp150.2.26.1
chromium-70.0.3538.110-lp150.2.26.1
chromium-debuginfo-70.0.3538.110-lp150.2.26.1
chromium-debugsource-70.0.3538.110-lp150.2.26.1

- openSUSE Backports SLE-15 (aarch64 x86_64):

chromedriver-70.0.3538.110-bp150.2.20.1
chromedriver-debuginfo-70.0.3538.110-bp150.2.20.1
chromium-70.0.3538.110-bp150.2.20.1
chromium-debuginfo-70.0.3538.110-bp150.2.20.1
chromium-debugsource-70.0.3538.110-bp150.2.20.1


References:

https://www.suse.com/security/cve/CVE-2018-17479.html
https://bugzilla.suse.com/1116608

--


openSUSE-SU-2018:3872-1: important: Security update for chromium

openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3872-1
Rating: important
References: #1116608
Cross-References: CVE-2018-17479
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for Chromium to version 70.0.3538.110 fixes the following
security issue:

- CVE-2018-17479: Use-after-free in GPU (boo#1116608)


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2018-1446=1



Package List:

- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):

chromedriver-70.0.3538.110-77.1
chromedriver-debuginfo-70.0.3538.110-77.1
chromium-70.0.3538.110-77.1
chromium-debuginfo-70.0.3538.110-77.1
chromium-debugsource-70.0.3538.110-77.1


References:

https://www.suse.com/security/cve/CVE-2018-17479.html
https://bugzilla.suse.com/1116608

--


openSUSE-SU-2018:3876-1: important: Security update for virtualbox

openSUSE Security Update: Security update for virtualbox
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3876-1
Rating: important
References: #1115041
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.0
______________________________________________________________________________

An update that contains security fixes can now be installed.

Description:

This update for virtualbox fixes the following issues:

virtualbox was updated to version 5.2.22 (released November 09 2018 by
Oracle).

Security issues fixed:

- Fixed a guest-to-host excape via the e1000 virtual network driver
(bsc#1115041).


Non-security issues fixed:

- Audio: Fixed a regression in the Core Audio backend causing a hang when
returning from host sleep when processing input buffers.
- Audio: Fixed a potential crash in the HDA emulation if a stream has no
valid mixer sink attached.
- Linux Additions: Disable 3D for recent guests using Wayland (bug #18116).
- Linux Additions: Fix for rebuilding kernel modules for new kernels on
RPM guests.
- Linux Additions: Further fixes for Linux 4.19.
- Linux Additions: Fixed errors rebuilding initrd files with dracut on EL
6 (bug 18055#).
- Linux Additions: Fixed 5.2.20 regression: guests not remembering the
screen size after shutdown and restart (bug #18078).


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1443=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1443=1



Package List:

- openSUSE Leap 42.3 (x86_64):

python-virtualbox-5.2.22-63.1
python-virtualbox-debuginfo-5.2.22-63.1
virtualbox-5.2.22-63.1
virtualbox-debuginfo-5.2.22-63.1
virtualbox-debugsource-5.2.22-63.1
virtualbox-devel-5.2.22-63.1
virtualbox-guest-kmp-default-5.2.22_k4.4.162_78-63.1
virtualbox-guest-kmp-default-debuginfo-5.2.22_k4.4.162_78-63.1
virtualbox-guest-tools-5.2.22-63.1
virtualbox-guest-tools-debuginfo-5.2.22-63.1
virtualbox-guest-x11-5.2.22-63.1
virtualbox-guest-x11-debuginfo-5.2.22-63.1
virtualbox-host-kmp-default-5.2.22_k4.4.162_78-63.1
virtualbox-host-kmp-default-debuginfo-5.2.22_k4.4.162_78-63.1
virtualbox-qt-5.2.22-63.1
virtualbox-qt-debuginfo-5.2.22-63.1
virtualbox-vnc-5.2.22-63.1
virtualbox-websrv-5.2.22-63.1
virtualbox-websrv-debuginfo-5.2.22-63.1

- openSUSE Leap 42.3 (noarch):

virtualbox-guest-desktop-icons-5.2.22-63.1
virtualbox-guest-source-5.2.22-63.1
virtualbox-host-source-5.2.22-63.1

- openSUSE Leap 15.0 (noarch):

virtualbox-guest-desktop-icons-5.2.22-lp150.4.23.1
virtualbox-guest-source-5.2.22-lp150.4.23.1
virtualbox-host-source-5.2.22-lp150.4.23.1

- openSUSE Leap 15.0 (x86_64):

python3-virtualbox-5.2.22-lp150.4.23.1
python3-virtualbox-debuginfo-5.2.22-lp150.4.23.1
virtualbox-5.2.22-lp150.4.23.1
virtualbox-debuginfo-5.2.22-lp150.4.23.1
virtualbox-debugsource-5.2.22-lp150.4.23.1
virtualbox-devel-5.2.22-lp150.4.23.1
virtualbox-guest-kmp-default-5.2.22_k4.12.14_lp150.12.25-lp150.4.23.1
virtualbox-guest-kmp-default-debuginfo-5.2.22_k4.12.14_lp150.12.25-lp150.4.23.1
virtualbox-guest-tools-5.2.22-lp150.4.23.1
virtualbox-guest-tools-debuginfo-5.2.22-lp150.4.23.1
virtualbox-guest-x11-5.2.22-lp150.4.23.1
virtualbox-guest-x11-debuginfo-5.2.22-lp150.4.23.1
virtualbox-host-kmp-default-5.2.22_k4.12.14_lp150.12.25-lp150.4.23.1
virtualbox-host-kmp-default-debuginfo-5.2.22_k4.12.14_lp150.12.25-lp150.4.23.1
virtualbox-qt-5.2.22-lp150.4.23.1
virtualbox-qt-debuginfo-5.2.22-lp150.4.23.1
virtualbox-vnc-5.2.22-lp150.4.23.1
virtualbox-websrv-5.2.22-lp150.4.23.1
virtualbox-websrv-debuginfo-5.2.22-lp150.4.23.1


References:

https://bugzilla.suse.com/1115041

--