The following updates has been released for openSUSE:
openSUSE-SU-2019:1491-1: moderate: Recommended update for GraphicsMagick
openSUSE-SU-2019:1492-1: important: Security update for curl
openSUSE-SU-2019:1494-1: moderate: Security update for NetworkManager
openSUSE-SU-2019:1495-1: important: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root
openSUSE-SU-2019:1497-1: moderate: Security update for axis
openSUSE-SU-2019:1498-1: moderate: Security update for libtasn1
openSUSE-SU-2019:1491-1: moderate: Recommended update for GraphicsMagick
openSUSE-SU-2019:1492-1: important: Security update for curl
openSUSE-SU-2019:1494-1: moderate: Security update for NetworkManager
openSUSE-SU-2019:1495-1: important: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root
openSUSE-SU-2019:1497-1: moderate: Security update for axis
openSUSE-SU-2019:1498-1: moderate: Security update for libtasn1
openSUSE-SU-2019:1491-1: moderate: Recommended update for GraphicsMagick
openSUSE Security Update: Recommended update for GraphicsMagick
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1491-1
Rating: moderate
References: #1136183
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.1
openSUSE Leap 15.0
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for GraphicsMagick fixes the following issues:
Changes in GraphicsMagick:
- disable also PCL decoding by default, as it is also passed through
ghostscript (boo#1136183)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2019-1491=1
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2019-1491=1
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-1491=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
GraphicsMagick-1.3.25-141.1
GraphicsMagick-debuginfo-1.3.25-141.1
GraphicsMagick-debugsource-1.3.25-141.1
GraphicsMagick-devel-1.3.25-141.1
libGraphicsMagick++-Q16-12-1.3.25-141.1
libGraphicsMagick++-Q16-12-debuginfo-1.3.25-141.1
libGraphicsMagick++-devel-1.3.25-141.1
libGraphicsMagick-Q16-3-1.3.25-141.1
libGraphicsMagick-Q16-3-debuginfo-1.3.25-141.1
libGraphicsMagick3-config-1.3.25-141.1
libGraphicsMagickWand-Q16-2-1.3.25-141.1
libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-141.1
perl-GraphicsMagick-1.3.25-141.1
perl-GraphicsMagick-debuginfo-1.3.25-141.1
- openSUSE Leap 15.1 (x86_64):
GraphicsMagick-1.3.29-lp151.4.3.1
GraphicsMagick-debuginfo-1.3.29-lp151.4.3.1
GraphicsMagick-debugsource-1.3.29-lp151.4.3.1
GraphicsMagick-devel-1.3.29-lp151.4.3.1
libGraphicsMagick++-Q16-12-1.3.29-lp151.4.3.1
libGraphicsMagick++-Q16-12-debuginfo-1.3.29-lp151.4.3.1
libGraphicsMagick++-devel-1.3.29-lp151.4.3.1
libGraphicsMagick-Q16-3-1.3.29-lp151.4.3.1
libGraphicsMagick-Q16-3-debuginfo-1.3.29-lp151.4.3.1
libGraphicsMagick3-config-1.3.29-lp151.4.3.1
libGraphicsMagickWand-Q16-2-1.3.29-lp151.4.3.1
libGraphicsMagickWand-Q16-2-debuginfo-1.3.29-lp151.4.3.1
perl-GraphicsMagick-1.3.29-lp151.4.3.1
perl-GraphicsMagick-debuginfo-1.3.29-lp151.4.3.1
- openSUSE Leap 15.0 (x86_64):
GraphicsMagick-1.3.29-lp150.3.31.1
GraphicsMagick-debuginfo-1.3.29-lp150.3.31.1
GraphicsMagick-debugsource-1.3.29-lp150.3.31.1
GraphicsMagick-devel-1.3.29-lp150.3.31.1
libGraphicsMagick++-Q16-12-1.3.29-lp150.3.31.1
libGraphicsMagick++-Q16-12-debuginfo-1.3.29-lp150.3.31.1
libGraphicsMagick++-devel-1.3.29-lp150.3.31.1
libGraphicsMagick-Q16-3-1.3.29-lp150.3.31.1
libGraphicsMagick-Q16-3-debuginfo-1.3.29-lp150.3.31.1
libGraphicsMagick3-config-1.3.29-lp150.3.31.1
libGraphicsMagickWand-Q16-2-1.3.29-lp150.3.31.1
libGraphicsMagickWand-Q16-2-debuginfo-1.3.29-lp150.3.31.1
perl-GraphicsMagick-1.3.29-lp150.3.31.1
perl-GraphicsMagick-debuginfo-1.3.29-lp150.3.31.1
References:
https://bugzilla.suse.com/1136183
--
openSUSE-SU-2019:1492-1: important: Security update for curl
openSUSE Security Update: Security update for curl
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1492-1
Rating: important
References: #1135170
Cross-References: CVE-2019-5436
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for curl fixes the following issues:
Security issue fixed:
- CVE-2019-5436: Fixed a heap buffer overflow exists in
tftp_receive_packet that receives data from a TFTP server (bsc#1135170).
This update was imported from the SUSE:SLE-12:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2019-1492=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
curl-7.37.0-51.1
curl-debuginfo-7.37.0-51.1
curl-debugsource-7.37.0-51.1
libcurl-devel-7.37.0-51.1
libcurl4-7.37.0-51.1
libcurl4-debuginfo-7.37.0-51.1
- openSUSE Leap 42.3 (x86_64):
libcurl-devel-32bit-7.37.0-51.1
libcurl4-32bit-7.37.0-51.1
libcurl4-debuginfo-32bit-7.37.0-51.1
References:
https://www.suse.com/security/cve/CVE-2019-5436.html
https://bugzilla.suse.com/1135170
--
openSUSE-SU-2019:1494-1: moderate: Security update for NetworkManager
openSUSE Security Update: Security update for NetworkManager
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1494-1
Rating: moderate
References: #1086263
Cross-References: CVE-2018-1000135
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for NetworkManager fixes the following issues:
Following security issue was fixed:
- CVE-2018-1000135: A potential leak of private DNS queries to other DNS
servers could happen while on VPN (bsc#1086263, bgo#746422).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-1494=1
Package List:
- openSUSE Leap 15.0 (i586 x86_64):
NetworkManager-1.10.6-lp150.4.6.1
NetworkManager-debuginfo-1.10.6-lp150.4.6.1
NetworkManager-debugsource-1.10.6-lp150.4.6.1
NetworkManager-devel-1.10.6-lp150.4.6.1
libnm-glib-vpn1-1.10.6-lp150.4.6.1
libnm-glib-vpn1-debuginfo-1.10.6-lp150.4.6.1
libnm-glib4-1.10.6-lp150.4.6.1
libnm-glib4-debuginfo-1.10.6-lp150.4.6.1
libnm-util2-1.10.6-lp150.4.6.1
libnm-util2-debuginfo-1.10.6-lp150.4.6.1
libnm0-1.10.6-lp150.4.6.1
libnm0-debuginfo-1.10.6-lp150.4.6.1
typelib-1_0-NM-1_0-1.10.6-lp150.4.6.1
typelib-1_0-NMClient-1_0-1.10.6-lp150.4.6.1
typelib-1_0-NetworkManager-1_0-1.10.6-lp150.4.6.1
- openSUSE Leap 15.0 (x86_64):
NetworkManager-devel-32bit-1.10.6-lp150.4.6.1
libnm-glib-vpn1-32bit-1.10.6-lp150.4.6.1
libnm-glib-vpn1-32bit-debuginfo-1.10.6-lp150.4.6.1
libnm-glib4-32bit-1.10.6-lp150.4.6.1
libnm-glib4-32bit-debuginfo-1.10.6-lp150.4.6.1
libnm-util2-32bit-1.10.6-lp150.4.6.1
libnm-util2-32bit-debuginfo-1.10.6-lp150.4.6.1
- openSUSE Leap 15.0 (noarch):
NetworkManager-branding-upstream-1.10.6-lp150.4.6.1
NetworkManager-lang-1.10.6-lp150.4.6.1
References:
https://www.suse.com/security/cve/CVE-2018-1000135.html
https://bugzilla.suse.com/1086263
--
openSUSE-SU-2019:1495-1: important: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root
openSUSE Security Update: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1495-1
Rating: important
References: #1134524
Cross-References: CVE-2019-5021
Affected Products:
openSUSE Leap 15.1
openSUSE Leap 15.0
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for sles12sp3-docker-image, sles12sp4-image, system-user-root
fixes the following issues:
- CVE-2019-5021: Include an invalidated root password by default, not an
empty one (bsc#1134524)
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2019-1495=1
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-1495=1
Package List:
- openSUSE Leap 15.1 (noarch):
system-user-root-20190513-lp151.3.3.1
- openSUSE Leap 15.0 (noarch):
system-user-root-20190513-lp150.2.3.1
References:
https://www.suse.com/security/cve/CVE-2019-5021.html
https://bugzilla.suse.com/1134524
--
openSUSE-SU-2019:1497-1: moderate: Security update for axis
openSUSE Security Update: Security update for axis
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1497-1
Rating: moderate
References: #1134598
Cross-References: CVE-2012-5784 CVE-2014-3596
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for axis fixes the following issues:
Security issue fixed:
- CVE-2012-5784, CVE-2014-3596: Fixed missing connection hostname check
against X.509 certificate name (bsc#1134598).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-1497=1
Package List:
- openSUSE Leap 15.0 (noarch):
axis-1.4-lp150.9.1
axis-manual-1.4-lp150.9.1
References:
https://www.suse.com/security/cve/CVE-2012-5784.html
https://www.suse.com/security/cve/CVE-2014-3596.html
https://bugzilla.suse.com/1134598
--
openSUSE-SU-2019:1498-1: moderate: Security update for libtasn1
openSUSE Security Update: Security update for libtasn1
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1498-1
Rating: moderate
References: #1105435
Cross-References: CVE-2018-1000654
Affected Products:
openSUSE Leap 15.1
openSUSE Leap 15.0
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libtasn1 fixes the following issues:
Security issue fixed:
- CVE-2018-1000654: Fixed a denial of service in the asn1 parser
(bsc#1105435).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2019-1498=1
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-1498=1
Package List:
- openSUSE Leap 15.1 (i586 x86_64):
libtasn1-4.13-lp151.4.3.1
libtasn1-6-4.13-lp151.4.3.1
libtasn1-6-debuginfo-4.13-lp151.4.3.1
libtasn1-debuginfo-4.13-lp151.4.3.1
libtasn1-debugsource-4.13-lp151.4.3.1
libtasn1-devel-4.13-lp151.4.3.1
- openSUSE Leap 15.1 (x86_64):
libtasn1-6-32bit-4.13-lp151.4.3.1
libtasn1-6-32bit-debuginfo-4.13-lp151.4.3.1
libtasn1-devel-32bit-4.13-lp151.4.3.1
- openSUSE Leap 15.0 (i586 x86_64):
libtasn1-4.13-lp150.3.3.1
libtasn1-6-4.13-lp150.3.3.1
libtasn1-6-debuginfo-4.13-lp150.3.3.1
libtasn1-debuginfo-4.13-lp150.3.3.1
libtasn1-debugsource-4.13-lp150.3.3.1
libtasn1-devel-4.13-lp150.3.3.1
- openSUSE Leap 15.0 (x86_64):
libtasn1-6-32bit-4.13-lp150.3.3.1
libtasn1-6-32bit-debuginfo-4.13-lp150.3.3.1
libtasn1-devel-32bit-4.13-lp150.3.3.1
References:
https://www.suse.com/security/cve/CVE-2018-1000654.html
https://bugzilla.suse.com/1105435
--