SUSE 5186 Published by

The following updates has been released for openSUSE:

openSUSE-SU-2019:2050-1: moderate: Security update for httpie
openSUSE-SU-2019:2051-1: important: Security update for apache2
openSUSE-SU-2019:2052-1: important: Security update for slurm
openSUSE-SU-2019:2056-1: moderate: Security update for go1.12
openSUSE-SU-2019:2057-1: important: Security update for libreoffice
openSUSE-SU-2019:2058-1: important: Security update for apache-commons-beanutils



openSUSE-SU-2019:2050-1: moderate: Security update for httpie

openSUSE Security Update: Security update for httpie
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2050-1
Rating: moderate
References: #1148466
Cross-References: CVE-2019-10751
Affected Products:
openSUSE Leap 15.1
openSUSE Backports SLE-15-SP1
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for httpie fixes the following issues:

httpie was updated to version 1.0.3:

* Fix CVE-2019-10751 (HTTPie is volnerable to Open Redirect that allows an
attacker to write an arbitrary file with supplied filename and content
to the current directory, by redirecting a request from HTTP to a
crafted URL pointing to a server in his or hers control. (bsc#1148466)


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-2050=1

- openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2019-2050=1



Package List:

- openSUSE Leap 15.1 (noarch):

python3-httpie-1.0.3-lp151.2.3.1

- openSUSE Backports SLE-15-SP1 (noarch):

python3-httpie-1.0.3-bp151.2.3.1


References:

https://www.suse.com/security/cve/CVE-2019-10751.html
https://bugzilla.suse.com/1148466

openSUSE-SU-2019:2051-1: important: Security update for apache2

openSUSE Security Update: Security update for apache2
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2051-1
Rating: important
References: #1145575 #1145738 #1145739 #1145740 #1145741
#1145742
Cross-References: CVE-2019-10081 CVE-2019-10082 CVE-2019-10092
CVE-2019-10097 CVE-2019-10098 CVE-2019-9517

Affected Products:
openSUSE Leap 15.1
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes 6 vulnerabilities is now available.

Description:

This update for apache2 fixes the following issues:

Security issues fixed:

- CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to
unconstrained interal data buffering (bsc#1145575).
- CVE-2019-10081: Fixed mod_http2 that is vulnerable to memory corruption
on early pushes (bsc#1145742).
- CVE-2019-10082: Fixed mod_http2 that is vulnerable to read-after-free in
h2 connection shutdown (bsc#1145741).
- CVE-2019-10092: Fixed limited cross-site scripting in mod_proxy
(bsc#1145740).
- CVE-2019-10097: Fixed mod_remoteip stack buffer overflow and NULL
pointer dereference (bsc#1145739).
- CVE-2019-10098: Fixed mod_rewrite configuration vulnerablility to open
redirect (bsc#1145738).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-2051=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-2051=1



Package List:

- openSUSE Leap 15.1 (i586 x86_64):

apache2-2.4.33-lp151.8.6.1
apache2-debuginfo-2.4.33-lp151.8.6.1
apache2-debugsource-2.4.33-lp151.8.6.1
apache2-devel-2.4.33-lp151.8.6.1
apache2-event-2.4.33-lp151.8.6.1
apache2-event-debuginfo-2.4.33-lp151.8.6.1
apache2-example-pages-2.4.33-lp151.8.6.1
apache2-prefork-2.4.33-lp151.8.6.1
apache2-prefork-debuginfo-2.4.33-lp151.8.6.1
apache2-utils-2.4.33-lp151.8.6.1
apache2-utils-debuginfo-2.4.33-lp151.8.6.1
apache2-worker-2.4.33-lp151.8.6.1
apache2-worker-debuginfo-2.4.33-lp151.8.6.1

- openSUSE Leap 15.1 (noarch):

apache2-doc-2.4.33-lp151.8.6.1

- openSUSE Leap 15.0 (i586 x86_64):

apache2-2.4.33-lp150.2.23.1
apache2-debuginfo-2.4.33-lp150.2.23.1
apache2-debugsource-2.4.33-lp150.2.23.1
apache2-devel-2.4.33-lp150.2.23.1
apache2-event-2.4.33-lp150.2.23.1
apache2-event-debuginfo-2.4.33-lp150.2.23.1
apache2-example-pages-2.4.33-lp150.2.23.1
apache2-prefork-2.4.33-lp150.2.23.1
apache2-prefork-debuginfo-2.4.33-lp150.2.23.1
apache2-utils-2.4.33-lp150.2.23.1
apache2-utils-debuginfo-2.4.33-lp150.2.23.1
apache2-worker-2.4.33-lp150.2.23.1
apache2-worker-debuginfo-2.4.33-lp150.2.23.1

- openSUSE Leap 15.0 (noarch):

apache2-doc-2.4.33-lp150.2.23.1


References:

https://www.suse.com/security/cve/CVE-2019-10081.html
https://www.suse.com/security/cve/CVE-2019-10082.html
https://www.suse.com/security/cve/CVE-2019-10092.html
https://www.suse.com/security/cve/CVE-2019-10097.html
https://www.suse.com/security/cve/CVE-2019-10098.html
https://www.suse.com/security/cve/CVE-2019-9517.html
https://bugzilla.suse.com/1145575
https://bugzilla.suse.com/1145738
https://bugzilla.suse.com/1145739
https://bugzilla.suse.com/1145740
https://bugzilla.suse.com/1145741
https://bugzilla.suse.com/1145742

openSUSE-SU-2019:2052-1: important: Security update for slurm

openSUSE Security Update: Security update for slurm
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2052-1
Rating: important
References: #1140709
Cross-References: CVE-2019-12838
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for slurm to version 18.08.8 fixes the following issues:

Security issue fixed:

- CVE-2019-12838: Fixed a SQL injection in slurmdbd (bsc#1140709).

This update was imported from the SUSE:SLE-15-SP1:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-2052=1



Package List:

- openSUSE Leap 15.1 (x86_64):

libpmi0-18.08.8-lp151.2.3.1
libpmi0-debuginfo-18.08.8-lp151.2.3.1
libslurm33-18.08.8-lp151.2.3.1
libslurm33-debuginfo-18.08.8-lp151.2.3.1
perl-slurm-18.08.8-lp151.2.3.1
perl-slurm-debuginfo-18.08.8-lp151.2.3.1
slurm-18.08.8-lp151.2.3.1
slurm-auth-none-18.08.8-lp151.2.3.1
slurm-auth-none-debuginfo-18.08.8-lp151.2.3.1
slurm-config-18.08.8-lp151.2.3.1
slurm-config-man-18.08.8-lp151.2.3.1
slurm-cray-18.08.8-lp151.2.3.1
slurm-cray-debuginfo-18.08.8-lp151.2.3.1
slurm-debuginfo-18.08.8-lp151.2.3.1
slurm-debugsource-18.08.8-lp151.2.3.1
slurm-devel-18.08.8-lp151.2.3.1
slurm-doc-18.08.8-lp151.2.3.1
slurm-hdf5-18.08.8-lp151.2.3.1
slurm-hdf5-debuginfo-18.08.8-lp151.2.3.1
slurm-lua-18.08.8-lp151.2.3.1
slurm-lua-debuginfo-18.08.8-lp151.2.3.1
slurm-munge-18.08.8-lp151.2.3.1
slurm-munge-debuginfo-18.08.8-lp151.2.3.1
slurm-node-18.08.8-lp151.2.3.1
slurm-node-debuginfo-18.08.8-lp151.2.3.1
slurm-openlava-18.08.8-lp151.2.3.1
slurm-pam_slurm-18.08.8-lp151.2.3.1
slurm-pam_slurm-debuginfo-18.08.8-lp151.2.3.1
slurm-plugins-18.08.8-lp151.2.3.1
slurm-plugins-debuginfo-18.08.8-lp151.2.3.1
slurm-seff-18.08.8-lp151.2.3.1
slurm-sjstat-18.08.8-lp151.2.3.1
slurm-slurmdbd-18.08.8-lp151.2.3.1
slurm-slurmdbd-debuginfo-18.08.8-lp151.2.3.1
slurm-sql-18.08.8-lp151.2.3.1
slurm-sql-debuginfo-18.08.8-lp151.2.3.1
slurm-sview-18.08.8-lp151.2.3.1
slurm-sview-debuginfo-18.08.8-lp151.2.3.1
slurm-torque-18.08.8-lp151.2.3.1
slurm-torque-debuginfo-18.08.8-lp151.2.3.1


References:

https://www.suse.com/security/cve/CVE-2019-12838.html
https://bugzilla.suse.com/1140709

openSUSE-SU-2019:2056-1: moderate: Security update for go1.12

openSUSE Security Update: Security update for go1.12
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2056-1
Rating: moderate
References: #1139210 #1141689 #1146111 #1146115 #1146123

Cross-References: CVE-2019-14809 CVE-2019-9512 CVE-2019-9514

Affected Products:
openSUSE Leap 15.1
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves three vulnerabilities and has two
fixes is now available.

Description:

This update for go1.12 fixes the following issues:

Security issues fixed:

- CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in
unbounded memory growth (bsc#1146111).
- CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset
flood, potentially leading to a denial of service (bsc#1146115).
- CVE-2019-14809: Fixed malformed hosts in URLs that leads to
authorization bypass (bsc#1146123).

Bugfixes:

- Update to go version 1.12.9 (bsc#1141689).
- Adding Web Assembly stuff from misc/wasm (bsc#1139210).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-2056=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-2056=1



Package List:

- openSUSE Leap 15.1 (x86_64):

go1.12-1.12.9-lp151.2.13.1
go1.12-doc-1.12.9-lp151.2.13.1
go1.12-race-1.12.9-lp151.2.13.1

- openSUSE Leap 15.0 (x86_64):

go1.12-1.12.9-lp150.8.1
go1.12-doc-1.12.9-lp150.8.1
go1.12-race-1.12.9-lp150.8.1


References:

https://www.suse.com/security/cve/CVE-2019-14809.html
https://www.suse.com/security/cve/CVE-2019-9512.html
https://www.suse.com/security/cve/CVE-2019-9514.html
https://bugzilla.suse.com/1139210
https://bugzilla.suse.com/1141689
https://bugzilla.suse.com/1146111
https://bugzilla.suse.com/1146115
https://bugzilla.suse.com/1146123

openSUSE-SU-2019:2057-1: important: Security update for libreoffice

openSUSE Security Update: Security update for libreoffice
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2057-1
Rating: important
References: #1133534 #1141861 #1141862 #1146098 #1146105
#1146107
Cross-References: CVE-2019-9848 CVE-2019-9849 CVE-2019-9850
CVE-2019-9851 CVE-2019-9852
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves 5 vulnerabilities and has one errata
is now available.

Description:

This update for libreoffice fixes the following issues:

Security issues fixed:

- CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth
mode' (bsc#1141861).
- CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo
(bsc#1141862).
- CVE-2019-9851: Fixed LibreLogo global-event script execution issue
(bsc#1146105).
- CVE-2019-9852: Fixed insufficient URL encoding flaw in allowed script
location check (bsc#1146107).
- CVE-2019-9850: Fixed insufficient URL validation that allowed LibreLogo
script execution (bsc#1146098).

Non-security issue fixed:

- SmartArt: Basic rendering of Trapezoid List (bsc#1133534)

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-2057=1



Package List:

- openSUSE Leap 15.0 (noarch):

libreoffice-branding-upstream-6.2.6.2-lp150.2.16.1
libreoffice-gdb-pretty-printers-6.2.6.2-lp150.2.16.1
libreoffice-glade-6.2.6.2-lp150.2.16.1
libreoffice-icon-themes-6.2.6.2-lp150.2.16.1
libreoffice-l10n-af-6.2.6.2-lp150.2.16.1
libreoffice-l10n-am-6.2.6.2-lp150.2.16.1
libreoffice-l10n-ar-6.2.6.2-lp150.2.16.1
libreoffice-l10n-as-6.2.6.2-lp150.2.16.1
libreoffice-l10n-ast-6.2.6.2-lp150.2.16.1
libreoffice-l10n-be-6.2.6.2-lp150.2.16.1
libreoffice-l10n-bg-6.2.6.2-lp150.2.16.1
libreoffice-l10n-bn-6.2.6.2-lp150.2.16.1
libreoffice-l10n-bn_IN-6.2.6.2-lp150.2.16.1
libreoffice-l10n-bo-6.2.6.2-lp150.2.16.1
libreoffice-l10n-br-6.2.6.2-lp150.2.16.1
libreoffice-l10n-brx-6.2.6.2-lp150.2.16.1
libreoffice-l10n-bs-6.2.6.2-lp150.2.16.1
libreoffice-l10n-ca-6.2.6.2-lp150.2.16.1
libreoffice-l10n-ca_valencia-6.2.6.2-lp150.2.16.1
libreoffice-l10n-cs-6.2.6.2-lp150.2.16.1
libreoffice-l10n-cy-6.2.6.2-lp150.2.16.1
libreoffice-l10n-da-6.2.6.2-lp150.2.16.1
libreoffice-l10n-de-6.2.6.2-lp150.2.16.1
libreoffice-l10n-dgo-6.2.6.2-lp150.2.16.1
libreoffice-l10n-dsb-6.2.6.2-lp150.2.16.1
libreoffice-l10n-dz-6.2.6.2-lp150.2.16.1
libreoffice-l10n-el-6.2.6.2-lp150.2.16.1
libreoffice-l10n-en-6.2.6.2-lp150.2.16.1
libreoffice-l10n-en_GB-6.2.6.2-lp150.2.16.1
libreoffice-l10n-en_ZA-6.2.6.2-lp150.2.16.1
libreoffice-l10n-eo-6.2.6.2-lp150.2.16.1
libreoffice-l10n-es-6.2.6.2-lp150.2.16.1
libreoffice-l10n-et-6.2.6.2-lp150.2.16.1
libreoffice-l10n-eu-6.2.6.2-lp150.2.16.1
libreoffice-l10n-fa-6.2.6.2-lp150.2.16.1
libreoffice-l10n-fi-6.2.6.2-lp150.2.16.1
libreoffice-l10n-fr-6.2.6.2-lp150.2.16.1
libreoffice-l10n-fy-6.2.6.2-lp150.2.16.1
libreoffice-l10n-ga-6.2.6.2-lp150.2.16.1
libreoffice-l10n-gd-6.2.6.2-lp150.2.16.1
libreoffice-l10n-gl-6.2.6.2-lp150.2.16.1
libreoffice-l10n-gu-6.2.6.2-lp150.2.16.1
libreoffice-l10n-gug-6.2.6.2-lp150.2.16.1
libreoffice-l10n-he-6.2.6.2-lp150.2.16.1
libreoffice-l10n-hi-6.2.6.2-lp150.2.16.1
libreoffice-l10n-hr-6.2.6.2-lp150.2.16.1
libreoffice-l10n-hsb-6.2.6.2-lp150.2.16.1
libreoffice-l10n-hu-6.2.6.2-lp150.2.16.1
libreoffice-l10n-id-6.2.6.2-lp150.2.16.1
libreoffice-l10n-is-6.2.6.2-lp150.2.16.1
libreoffice-l10n-it-6.2.6.2-lp150.2.16.1
libreoffice-l10n-ja-6.2.6.2-lp150.2.16.1
libreoffice-l10n-ka-6.2.6.2-lp150.2.16.1
libreoffice-l10n-kab-6.2.6.2-lp150.2.16.1
libreoffice-l10n-kk-6.2.6.2-lp150.2.16.1
libreoffice-l10n-km-6.2.6.2-lp150.2.16.1
libreoffice-l10n-kmr_Latn-6.2.6.2-lp150.2.16.1
libreoffice-l10n-kn-6.2.6.2-lp150.2.16.1
libreoffice-l10n-ko-6.2.6.2-lp150.2.16.1
libreoffice-l10n-kok-6.2.6.2-lp150.2.16.1
libreoffice-l10n-ks-6.2.6.2-lp150.2.16.1
libreoffice-l10n-lb-6.2.6.2-lp150.2.16.1
libreoffice-l10n-lo-6.2.6.2-lp150.2.16.1
libreoffice-l10n-lt-6.2.6.2-lp150.2.16.1
libreoffice-l10n-lv-6.2.6.2-lp150.2.16.1
libreoffice-l10n-mai-6.2.6.2-lp150.2.16.1
libreoffice-l10n-mk-6.2.6.2-lp150.2.16.1
libreoffice-l10n-ml-6.2.6.2-lp150.2.16.1
libreoffice-l10n-mn-6.2.6.2-lp150.2.16.1
libreoffice-l10n-mni-6.2.6.2-lp150.2.16.1
libreoffice-l10n-mr-6.2.6.2-lp150.2.16.1
libreoffice-l10n-my-6.2.6.2-lp150.2.16.1
libreoffice-l10n-nb-6.2.6.2-lp150.2.16.1
libreoffice-l10n-ne-6.2.6.2-lp150.2.16.1
libreoffice-l10n-nl-6.2.6.2-lp150.2.16.1
libreoffice-l10n-nn-6.2.6.2-lp150.2.16.1
libreoffice-l10n-nr-6.2.6.2-lp150.2.16.1
libreoffice-l10n-nso-6.2.6.2-lp150.2.16.1
libreoffice-l10n-oc-6.2.6.2-lp150.2.16.1
libreoffice-l10n-om-6.2.6.2-lp150.2.16.1
libreoffice-l10n-or-6.2.6.2-lp150.2.16.1
libreoffice-l10n-pa-6.2.6.2-lp150.2.16.1
libreoffice-l10n-pl-6.2.6.2-lp150.2.16.1
libreoffice-l10n-pt_BR-6.2.6.2-lp150.2.16.1
libreoffice-l10n-pt_PT-6.2.6.2-lp150.2.16.1
libreoffice-l10n-ro-6.2.6.2-lp150.2.16.1
libreoffice-l10n-ru-6.2.6.2-lp150.2.16.1
libreoffice-l10n-rw-6.2.6.2-lp150.2.16.1
libreoffice-l10n-sa_IN-6.2.6.2-lp150.2.16.1
libreoffice-l10n-sat-6.2.6.2-lp150.2.16.1
libreoffice-l10n-sd-6.2.6.2-lp150.2.16.1
libreoffice-l10n-si-6.2.6.2-lp150.2.16.1
libreoffice-l10n-sid-6.2.6.2-lp150.2.16.1
libreoffice-l10n-sk-6.2.6.2-lp150.2.16.1
libreoffice-l10n-sl-6.2.6.2-lp150.2.16.1
libreoffice-l10n-sq-6.2.6.2-lp150.2.16.1
libreoffice-l10n-sr-6.2.6.2-lp150.2.16.1
libreoffice-l10n-ss-6.2.6.2-lp150.2.16.1
libreoffice-l10n-st-6.2.6.2-lp150.2.16.1
libreoffice-l10n-sv-6.2.6.2-lp150.2.16.1
libreoffice-l10n-sw_TZ-6.2.6.2-lp150.2.16.1
libreoffice-l10n-ta-6.2.6.2-lp150.2.16.1
libreoffice-l10n-te-6.2.6.2-lp150.2.16.1
libreoffice-l10n-tg-6.2.6.2-lp150.2.16.1
libreoffice-l10n-th-6.2.6.2-lp150.2.16.1
libreoffice-l10n-tn-6.2.6.2-lp150.2.16.1
libreoffice-l10n-tr-6.2.6.2-lp150.2.16.1
libreoffice-l10n-ts-6.2.6.2-lp150.2.16.1
libreoffice-l10n-tt-6.2.6.2-lp150.2.16.1
libreoffice-l10n-ug-6.2.6.2-lp150.2.16.1
libreoffice-l10n-uk-6.2.6.2-lp150.2.16.1
libreoffice-l10n-uz-6.2.6.2-lp150.2.16.1
libreoffice-l10n-ve-6.2.6.2-lp150.2.16.1
libreoffice-l10n-vec-6.2.6.2-lp150.2.16.1
libreoffice-l10n-vi-6.2.6.2-lp150.2.16.1
libreoffice-l10n-xh-6.2.6.2-lp150.2.16.1
libreoffice-l10n-zh_CN-6.2.6.2-lp150.2.16.1
libreoffice-l10n-zh_TW-6.2.6.2-lp150.2.16.1
libreoffice-l10n-zu-6.2.6.2-lp150.2.16.1

- openSUSE Leap 15.0 (x86_64):

libreoffice-6.2.6.2-lp150.2.16.1
libreoffice-base-6.2.6.2-lp150.2.16.1
libreoffice-base-debuginfo-6.2.6.2-lp150.2.16.1
libreoffice-base-drivers-firebird-6.2.6.2-lp150.2.16.1
libreoffice-base-drivers-firebird-debuginfo-6.2.6.2-lp150.2.16.1
libreoffice-base-drivers-postgresql-6.2.6.2-lp150.2.16.1
libreoffice-base-drivers-postgresql-debuginfo-6.2.6.2-lp150.2.16.1
libreoffice-calc-6.2.6.2-lp150.2.16.1
libreoffice-calc-debuginfo-6.2.6.2-lp150.2.16.1
libreoffice-calc-extensions-6.2.6.2-lp150.2.16.1
libreoffice-debuginfo-6.2.6.2-lp150.2.16.1
libreoffice-debugsource-6.2.6.2-lp150.2.16.1
libreoffice-draw-6.2.6.2-lp150.2.16.1
libreoffice-draw-debuginfo-6.2.6.2-lp150.2.16.1
libreoffice-filters-optional-6.2.6.2-lp150.2.16.1
libreoffice-gnome-6.2.6.2-lp150.2.16.1
libreoffice-gnome-debuginfo-6.2.6.2-lp150.2.16.1
libreoffice-gtk2-6.2.6.2-lp150.2.16.1
libreoffice-gtk2-debuginfo-6.2.6.2-lp150.2.16.1
libreoffice-gtk3-6.2.6.2-lp150.2.16.1
libreoffice-gtk3-debuginfo-6.2.6.2-lp150.2.16.1
libreoffice-impress-6.2.6.2-lp150.2.16.1
libreoffice-impress-debuginfo-6.2.6.2-lp150.2.16.1
libreoffice-mailmerge-6.2.6.2-lp150.2.16.1
libreoffice-math-6.2.6.2-lp150.2.16.1
libreoffice-math-debuginfo-6.2.6.2-lp150.2.16.1
libreoffice-officebean-6.2.6.2-lp150.2.16.1
libreoffice-officebean-debuginfo-6.2.6.2-lp150.2.16.1
libreoffice-pyuno-6.2.6.2-lp150.2.16.1
libreoffice-pyuno-debuginfo-6.2.6.2-lp150.2.16.1
libreoffice-qt5-6.2.6.2-lp150.2.16.1
libreoffice-qt5-debuginfo-6.2.6.2-lp150.2.16.1
libreoffice-sdk-6.2.6.2-lp150.2.16.1
libreoffice-sdk-debuginfo-6.2.6.2-lp150.2.16.1
libreoffice-sdk-doc-6.2.6.2-lp150.2.16.1
libreoffice-writer-6.2.6.2-lp150.2.16.1
libreoffice-writer-debuginfo-6.2.6.2-lp150.2.16.1
libreoffice-writer-extensions-6.2.6.2-lp150.2.16.1
libreofficekit-6.2.6.2-lp150.2.16.1
libreofficekit-devel-6.2.6.2-lp150.2.16.1


References:

https://www.suse.com/security/cve/CVE-2019-9848.html
https://www.suse.com/security/cve/CVE-2019-9849.html
https://www.suse.com/security/cve/CVE-2019-9850.html
https://www.suse.com/security/cve/CVE-2019-9851.html
https://www.suse.com/security/cve/CVE-2019-9852.html
https://bugzilla.suse.com/1133534
https://bugzilla.suse.com/1141861
https://bugzilla.suse.com/1141862
https://bugzilla.suse.com/1146098
https://bugzilla.suse.com/1146105
https://bugzilla.suse.com/1146107

openSUSE-SU-2019:2058-1: important: Security update for apache-commons-beanutils

openSUSE Security Update: Security update for apache-commons-beanutils
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2058-1
Rating: important
References: #1146657
Cross-References: CVE-2019-10086
Affected Products:
openSUSE Leap 15.1
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for apache-commons-beanutils fixes the following issues:

Security issue fixed:

- CVE-2019-10086: Added special BeanIntrospector class which allows
suppressing the ability for an attacker to access the classloader via
the class property available on all Java objects (bsc#1146657).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-2058=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-2058=1



Package List:

- openSUSE Leap 15.1 (noarch):

apache-commons-beanutils-1.9.2-lp151.3.3.1
apache-commons-beanutils-javadoc-1.9.2-lp151.3.3.1

- openSUSE Leap 15.0 (noarch):

apache-commons-beanutils-1.9.2-lp150.2.3.1
apache-commons-beanutils-javadoc-1.9.2-lp150.2.3.1


References:

https://www.suse.com/security/cve/CVE-2019-10086.html
https://bugzilla.suse.com/1146657