SUSE 5180 Published by

The following updates has been released for openSUSE:

openSUSE-SU-2018:1708-1: moderate: Security update for enigmail
openSUSE-SU-2018:1709-1: moderate: Security update for postgresql96
openSUSE-SU-2018:1710-1: important: Security update for java-1_7_0-openjdk



openSUSE-SU-2018:1708-1: moderate: Security update for enigmail

openSUSE Security Update: Security update for enigmail
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:1708-1
Rating: moderate
References: #1096745 #1097525
Cross-References: CVE-2018-12019 CVE-2018-12020
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for enigmail fixes vulnerabilities that allowed spoofing of
e-mail signatures:

- CVE-2018-12019: signature spoofing via specially crafted OpenPGP user
IDs (boo#1097525)
- CVE-2018-12020: signature spoofing via diagnostic output of the original
file name in GnuPG verbose mode (boo#1096745) This mitigation prevents
CVE-2018-12020 from being exploited even if GnuPG is not patched.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-630=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-630=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

enigmail-2.0.7-21.1

- openSUSE Leap 15.0 (x86_64):

enigmail-2.0.7-lp150.2.12.1


References:

https://www.suse.com/security/cve/CVE-2018-12019.html
https://www.suse.com/security/cve/CVE-2018-12020.html
https://bugzilla.suse.com/1096745
https://bugzilla.suse.com/1097525

--


openSUSE-SU-2018:1709-1: moderate: Security update for postgresql96

openSUSE Security Update: Security update for postgresql96
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:1709-1
Rating: moderate
References: #1091610
Cross-References: CVE-2018-1115
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

PostgreSQL was updated to 9.6.9 fixing bugs and security issues:

Release notes:

- https://www.postgresql.org/about/news/1851/
- https://www.postgresql.org/docs/current/static/release-9-6-9.html

A dump/restore is not required for those running 9.6.X. However, if you
use the adminpack extension, you should update it as per the first
changelog entry below. Also, if the function marking mistakes mentioned in
the second and third changelog entries below affect you, you will want to
take steps to correct your database catalogs.

Security issue fixed:

- CVE-2018-1115: Remove public execute privilege from contrib/adminpack's
pg_logfile_rotate() function pg_logfile_rotate() is a deprecated wrapper
for the core function pg_rotate_logfile(). When that function was
changed to rely on SQL privileges for access control rather than a
hard-coded superuser check, pg_logfile_rotate() should have been updated
as well, but the need for this was missed. Hence, if adminpack is
installed, any user could request a logfile rotation, creating a minor
security issue. After installing this update, administrators should
update adminpack by performing ALTER EXTENSION adminpack UPDATE in each
database in which adminpack is installed. (bsc#1091610)


This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-638=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

libecpg6-9.6.9-18.1
libecpg6-debuginfo-9.6.9-18.1
libpq5-9.6.9-18.1
libpq5-debuginfo-9.6.9-18.1
postgresql96-9.6.9-18.1
postgresql96-contrib-9.6.9-18.1
postgresql96-contrib-debuginfo-9.6.9-18.1
postgresql96-debuginfo-9.6.9-18.1
postgresql96-debugsource-9.6.9-18.1
postgresql96-devel-9.6.9-18.1
postgresql96-devel-debuginfo-9.6.9-18.1
postgresql96-libs-debugsource-9.6.9-18.1
postgresql96-plperl-9.6.9-18.1
postgresql96-plperl-debuginfo-9.6.9-18.1
postgresql96-plpython-9.6.9-18.1
postgresql96-plpython-debuginfo-9.6.9-18.1
postgresql96-pltcl-9.6.9-18.1
postgresql96-pltcl-debuginfo-9.6.9-18.1
postgresql96-server-9.6.9-18.1
postgresql96-server-debuginfo-9.6.9-18.1
postgresql96-test-9.6.9-18.1

- openSUSE Leap 42.3 (x86_64):

libecpg6-32bit-9.6.9-18.1
libecpg6-debuginfo-32bit-9.6.9-18.1
libpq5-32bit-9.6.9-18.1
libpq5-debuginfo-32bit-9.6.9-18.1

- openSUSE Leap 42.3 (noarch):

postgresql96-docs-9.6.9-18.1


References:

https://www.suse.com/security/cve/CVE-2018-1115.html
https://bugzilla.suse.com/1091610

--


openSUSE-SU-2018:1710-1: important: Security update for java-1_7_0-openjdk

openSUSE Security Update: Security update for java-1_7_0-openjdk
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:1710-1
Rating: important
References: #1090023 #1090024 #1090025 #1090026 #1090027
#1090028 #1090029 #1090030 #1090032 #1090033

Cross-References: CVE-2018-2790 CVE-2018-2794 CVE-2018-2795
CVE-2018-2796 CVE-2018-2797 CVE-2018-2798
CVE-2018-2799 CVE-2018-2800 CVE-2018-2814
CVE-2018-2815
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes 10 vulnerabilities is now available.

Description:

This update for java-1_7_0-openjdk to version 7u181 fixes the following
issues:

+ S8162488: JDK should be updated to use LittleCMS 2.8
+ S8180881: Better packaging of deserialization
+ S8182362: Update CipherOutputStream Usage
+ S8183032: Upgrade to LittleCMS 2.9
+ S8189123: More consistent classloading
+ S8190478: Improved interface method selection
+ S8190877: Better handling of abstract classes
+ S8191696: Better mouse positioning
+ S8192030: Better MTSchema support
+ S8193409: Improve AES supporting classes
+ S8193414: Improvements in MethodType lookups
+ S8189969, CVE-2018-2790, bsc#1090023: Manifest better manifest entries
+ S8189977, CVE-2018-2795, bsc#1090025: Improve permission portability
+ S8189981, CVE-2018-2796, bsc#1090026: Improve queuing portability
+ S8189985, CVE-2018-2797, bsc#1090027: Improve tabular data portability
+ S8189989, CVE-2018-2798, bsc#1090028: Improve container portability
+ S8189993, CVE-2018-2799, bsc#1090029: Improve document portability
+ S8189997, CVE-2018-2794, bsc#1090024: Enhance keystore mechanisms
+ S8192025, CVE-2018-2814, bsc#1090032: Less referential references
+ S8192757, CVE-2018-2815, bsc#1090033: Improve stub classes implementation
+ S8193833, CVE-2018-2800, bsc#1090030: Better RMI connection support

For additional changes please consult the changelog.

This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-637=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

java-1_7_0-openjdk-1.7.0.181-51.1
java-1_7_0-openjdk-accessibility-1.7.0.181-51.1
java-1_7_0-openjdk-bootstrap-1.7.0.181-51.1
java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.181-51.1
java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.181-51.1
java-1_7_0-openjdk-bootstrap-devel-1.7.0.181-51.1
java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.181-51.1
java-1_7_0-openjdk-bootstrap-headless-1.7.0.181-51.1
java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.181-51.1
java-1_7_0-openjdk-debuginfo-1.7.0.181-51.1
java-1_7_0-openjdk-debugsource-1.7.0.181-51.1
java-1_7_0-openjdk-demo-1.7.0.181-51.1
java-1_7_0-openjdk-demo-debuginfo-1.7.0.181-51.1
java-1_7_0-openjdk-devel-1.7.0.181-51.1
java-1_7_0-openjdk-devel-debuginfo-1.7.0.181-51.1
java-1_7_0-openjdk-headless-1.7.0.181-51.1
java-1_7_0-openjdk-headless-debuginfo-1.7.0.181-51.1
java-1_7_0-openjdk-src-1.7.0.181-51.1

- openSUSE Leap 42.3 (noarch):

java-1_7_0-openjdk-javadoc-1.7.0.181-51.1


References:

https://www.suse.com/security/cve/CVE-2018-2790.html
https://www.suse.com/security/cve/CVE-2018-2794.html
https://www.suse.com/security/cve/CVE-2018-2795.html
https://www.suse.com/security/cve/CVE-2018-2796.html
https://www.suse.com/security/cve/CVE-2018-2797.html
https://www.suse.com/security/cve/CVE-2018-2798.html
https://www.suse.com/security/cve/CVE-2018-2799.html
https://www.suse.com/security/cve/CVE-2018-2800.html
https://www.suse.com/security/cve/CVE-2018-2814.html
https://www.suse.com/security/cve/CVE-2018-2815.html
https://bugzilla.suse.com/1090023
https://bugzilla.suse.com/1090024
https://bugzilla.suse.com/1090025
https://bugzilla.suse.com/1090026
https://bugzilla.suse.com/1090027
https://bugzilla.suse.com/1090028
https://bugzilla.suse.com/1090029
https://bugzilla.suse.com/1090030
https://bugzilla.suse.com/1090032
https://bugzilla.suse.com/1090033

--