SUSE 5180 Published by

The following updates has been released for openSUSE:

openSUSE-SU-2019:1193-1: important: Security update for the Linux Kernel
openSUSE-SU-2019:1196-1: moderate: Security update for libarchive
openSUSE-SU-2019:1197-1: moderate: Security update for file
openSUSE-SU-2019:1198-1: moderate: Security update for bluez
openSUSE-SU-2019:1199-1: important: Recommended update for xen
openSUSE-SU-2019:1200-1: moderate: Security update for netpbm



openSUSE-SU-2019:1193-1: important: Security update for the Linux Kernel

openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1193-1
Rating: important
References: #1046305 #1046306 #1050549 #1051510 #1056787
#1060463 #1063638 #1065600 #1070995 #1071995
#1078355 #1082943 #1083548 #1083647 #1086095
#1086282 #1088133 #1094244 #1094555 #1098995
#1100132 #1103429 #1106811 #1107078 #1107665
#1108101 #1110096 #1113042 #1113399 #1113722
#1113939 #1114279 #1114585 #1117108 #1117645
#1119019 #1119086 #1119843 #1120008 #1120601
#1120854 #1120902 #1120909 #1121317 #1121789
#1121805 #1122192 #1122764 #1122822 #1122982
#1123060 #1123061 #1123105 #1123161 #1123456
#1123882 #1124055 #1124235 #1124974 #1124975
#1124976 #1124978 #1124979 #1124980 #1124981
#1124982 #1124984 #1125125 #1125252 #1125315
#1125342 #1125614 #1125728 #1125780 #1125797
#1125799 #1125800 #1125907 #1125947 #1126131
#1126209 #1126356 #1126389 #1126393 #1126476
#1126480 #1126481 #1126488 #1126495 #1126555
#1126579 #1126740 #1126789 #1126790 #1126802
#1126803 #1126804 #1126805 #1126806 #1126807
#1127042 #1127062 #1127082 #1127154 #1127285
#1127286 #1127307 #1127363 #1127378 #1127445
#1127493 #1127494 #1127495 #1127496 #1127497
#1127498 #1127534 #1127561 #1127567 #1127595
#1127603 #1127682 #1127731 #1127750 #1127836
#1127961 #1128094 #1128166 #1128351 #1128451
#1128895 #1129046 #1129080 #1129163 #1129179
#1129181 #1129182 #1129183 #1129184 #1129205
#1129276 #1129281 #1129284 #1129285 #1129291
#1129292 #1129293 #1129294 #1129295 #1129296
#1129326 #1129327 #1129330 #1129363 #1129366
#1129497 #1129519 #1129543 #1129547 #1129551
#1129581 #1129625 #1129664 #1129739 #1129770
#1129923 #1130130 #1130154 #1130335 #1130336
#1130337 #1130338 #1130425 #1130427 #1130518
#1131062 #824948
Cross-References: CVE-2019-2024 CVE-2019-3819 CVE-2019-7308
CVE-2019-8912 CVE-2019-8980 CVE-2019-9213

Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves 6 vulnerabilities and has 171 fixes
is now available.

Description:


The openSUSE Leap 15.0 was updated to receive various security and
bugfixes.


Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1193=1



Package List:

- openSUSE Leap 15.0 (noarch):

kernel-devel-4.12.14-lp150.12.58.1
kernel-docs-4.12.14-lp150.12.58.1
kernel-docs-html-4.12.14-lp150.12.58.1
kernel-macros-4.12.14-lp150.12.58.1
kernel-source-4.12.14-lp150.12.58.1
kernel-source-vanilla-4.12.14-lp150.12.58.1

- openSUSE Leap 15.0 (x86_64):

kernel-debug-4.12.14-lp150.12.58.1
kernel-debug-base-4.12.14-lp150.12.58.1
kernel-debug-base-debuginfo-4.12.14-lp150.12.58.1
kernel-debug-debuginfo-4.12.14-lp150.12.58.1
kernel-debug-debugsource-4.12.14-lp150.12.58.1
kernel-debug-devel-4.12.14-lp150.12.58.1
kernel-debug-devel-debuginfo-4.12.14-lp150.12.58.1
kernel-default-4.12.14-lp150.12.58.1
kernel-default-base-4.12.14-lp150.12.58.1
kernel-default-base-debuginfo-4.12.14-lp150.12.58.1
kernel-default-debuginfo-4.12.14-lp150.12.58.1
kernel-default-debugsource-4.12.14-lp150.12.58.1
kernel-default-devel-4.12.14-lp150.12.58.1
kernel-default-devel-debuginfo-4.12.14-lp150.12.58.1
kernel-kvmsmall-4.12.14-lp150.12.58.1
kernel-kvmsmall-base-4.12.14-lp150.12.58.1
kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.58.1
kernel-kvmsmall-debuginfo-4.12.14-lp150.12.58.1
kernel-kvmsmall-debugsource-4.12.14-lp150.12.58.1
kernel-kvmsmall-devel-4.12.14-lp150.12.58.1
kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.58.1
kernel-obs-build-4.12.14-lp150.12.58.1
kernel-obs-build-debugsource-4.12.14-lp150.12.58.1
kernel-obs-qa-4.12.14-lp150.12.58.1
kernel-syms-4.12.14-lp150.12.58.1
kernel-vanilla-4.12.14-lp150.12.58.1
kernel-vanilla-base-4.12.14-lp150.12.58.1
kernel-vanilla-base-debuginfo-4.12.14-lp150.12.58.1
kernel-vanilla-debuginfo-4.12.14-lp150.12.58.1
kernel-vanilla-debugsource-4.12.14-lp150.12.58.1
kernel-vanilla-devel-4.12.14-lp150.12.58.1
kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.58.1


References:

https://www.suse.com/security/cve/CVE-2019-2024.html
https://www.suse.com/security/cve/CVE-2019-3819.html
https://www.suse.com/security/cve/CVE-2019-7308.html
https://www.suse.com/security/cve/CVE-2019-8912.html
https://www.suse.com/security/cve/CVE-2019-8980.html
https://www.suse.com/security/cve/CVE-2019-9213.html
https://bugzilla.suse.com/1046305
https://bugzilla.suse.com/1046306
https://bugzilla.suse.com/1050549
https://bugzilla.suse.com/1051510
https://bugzilla.suse.com/1056787
https://bugzilla.suse.com/1060463
https://bugzilla.suse.com/1063638
https://bugzilla.suse.com/1065600
https://bugzilla.suse.com/1070995
https://bugzilla.suse.com/1071995
https://bugzilla.suse.com/1078355
https://bugzilla.suse.com/1082943
https://bugzilla.suse.com/1083548
https://bugzilla.suse.com/1083647
https://bugzilla.suse.com/1086095
https://bugzilla.suse.com/1086282
https://bugzilla.suse.com/1088133
https://bugzilla.suse.com/1094244
https://bugzilla.suse.com/1094555
https://bugzilla.suse.com/1098995
https://bugzilla.suse.com/1100132
https://bugzilla.suse.com/1103429
https://bugzilla.suse.com/1106811
https://bugzilla.suse.com/1107078
https://bugzilla.suse.com/1107665
https://bugzilla.suse.com/1108101
https://bugzilla.suse.com/1110096
https://bugzilla.suse.com/1113042
https://bugzilla.suse.com/1113399
https://bugzilla.suse.com/1113722
https://bugzilla.suse.com/1113939
https://bugzilla.suse.com/1114279
https://bugzilla.suse.com/1114585
https://bugzilla.suse.com/1117108
https://bugzilla.suse.com/1117645
https://bugzilla.suse.com/1119019
https://bugzilla.suse.com/1119086
https://bugzilla.suse.com/1119843
https://bugzilla.suse.com/1120008
https://bugzilla.suse.com/1120601
https://bugzilla.suse.com/1120854
https://bugzilla.suse.com/1120902
https://bugzilla.suse.com/1120909
https://bugzilla.suse.com/1121317
https://bugzilla.suse.com/1121789
https://bugzilla.suse.com/1121805
https://bugzilla.suse.com/1122192
https://bugzilla.suse.com/1122764
https://bugzilla.suse.com/1122822
https://bugzilla.suse.com/1122982
https://bugzilla.suse.com/1123060
https://bugzilla.suse.com/1123061
https://bugzilla.suse.com/1123105
https://bugzilla.suse.com/1123161
https://bugzilla.suse.com/1123456
https://bugzilla.suse.com/1123882
https://bugzilla.suse.com/1124055
https://bugzilla.suse.com/1124235
https://bugzilla.suse.com/1124974
https://bugzilla.suse.com/1124975
https://bugzilla.suse.com/1124976
https://bugzilla.suse.com/1124978
https://bugzilla.suse.com/1124979
https://bugzilla.suse.com/1124980
https://bugzilla.suse.com/1124981
https://bugzilla.suse.com/1124982
https://bugzilla.suse.com/1124984
https://bugzilla.suse.com/1125125
https://bugzilla.suse.com/1125252
https://bugzilla.suse.com/1125315
https://bugzilla.suse.com/1125342
https://bugzilla.suse.com/1125614
https://bugzilla.suse.com/1125728
https://bugzilla.suse.com/1125780
https://bugzilla.suse.com/1125797
https://bugzilla.suse.com/1125799
https://bugzilla.suse.com/1125800
https://bugzilla.suse.com/1125907
https://bugzilla.suse.com/1125947
https://bugzilla.suse.com/1126131
https://bugzilla.suse.com/1126209
https://bugzilla.suse.com/1126356
https://bugzilla.suse.com/1126389
https://bugzilla.suse.com/1126393
https://bugzilla.suse.com/1126476
https://bugzilla.suse.com/1126480
https://bugzilla.suse.com/1126481
https://bugzilla.suse.com/1126488
https://bugzilla.suse.com/1126495
https://bugzilla.suse.com/1126555
https://bugzilla.suse.com/1126579
https://bugzilla.suse.com/1126740
https://bugzilla.suse.com/1126789
https://bugzilla.suse.com/1126790
https://bugzilla.suse.com/1126802
https://bugzilla.suse.com/1126803
https://bugzilla.suse.com/1126804
https://bugzilla.suse.com/1126805
https://bugzilla.suse.com/1126806
https://bugzilla.suse.com/1126807
https://bugzilla.suse.com/1127042
https://bugzilla.suse.com/1127062
https://bugzilla.suse.com/1127082
https://bugzilla.suse.com/1127154
https://bugzilla.suse.com/1127285
https://bugzilla.suse.com/1127286
https://bugzilla.suse.com/1127307
https://bugzilla.suse.com/1127363
https://bugzilla.suse.com/1127378
https://bugzilla.suse.com/1127445
https://bugzilla.suse.com/1127493
https://bugzilla.suse.com/1127494
https://bugzilla.suse.com/1127495
https://bugzilla.suse.com/1127496
https://bugzilla.suse.com/1127497
https://bugzilla.suse.com/1127498
https://bugzilla.suse.com/1127534
https://bugzilla.suse.com/1127561
https://bugzilla.suse.com/1127567
https://bugzilla.suse.com/1127595
https://bugzilla.suse.com/1127603
https://bugzilla.suse.com/1127682
https://bugzilla.suse.com/1127731
https://bugzilla.suse.com/1127750
https://bugzilla.suse.com/1127836
https://bugzilla.suse.com/1127961
https://bugzilla.suse.com/1128094
https://bugzilla.suse.com/1128166
https://bugzilla.suse.com/1128351
https://bugzilla.suse.com/1128451
https://bugzilla.suse.com/1128895
https://bugzilla.suse.com/1129046
https://bugzilla.suse.com/1129080
https://bugzilla.suse.com/1129163
https://bugzilla.suse.com/1129179
https://bugzilla.suse.com/1129181
https://bugzilla.suse.com/1129182
https://bugzilla.suse.com/1129183
https://bugzilla.suse.com/1129184
https://bugzilla.suse.com/1129205
https://bugzilla.suse.com/1129276
https://bugzilla.suse.com/1129281
https://bugzilla.suse.com/1129284
https://bugzilla.suse.com/1129285
https://bugzilla.suse.com/1129291
https://bugzilla.suse.com/1129292
https://bugzilla.suse.com/1129293
https://bugzilla.suse.com/1129294
https://bugzilla.suse.com/1129295
https://bugzilla.suse.com/1129296
https://bugzilla.suse.com/1129326
https://bugzilla.suse.com/1129327
https://bugzilla.suse.com/1129330
https://bugzilla.suse.com/1129363
https://bugzilla.suse.com/1129366
https://bugzilla.suse.com/1129497
https://bugzilla.suse.com/1129519
https://bugzilla.suse.com/1129543
https://bugzilla.suse.com/1129547
https://bugzilla.suse.com/1129551
https://bugzilla.suse.com/1129581
https://bugzilla.suse.com/1129625
https://bugzilla.suse.com/1129664
https://bugzilla.suse.com/1129739
https://bugzilla.suse.com/1129770
https://bugzilla.suse.com/1129923
https://bugzilla.suse.com/1130130
https://bugzilla.suse.com/1130154
https://bugzilla.suse.com/1130335
https://bugzilla.suse.com/1130336
https://bugzilla.suse.com/1130337
https://bugzilla.suse.com/1130338
https://bugzilla.suse.com/1130425
https://bugzilla.suse.com/1130427
https://bugzilla.suse.com/1130518
https://bugzilla.suse.com/1131062
https://bugzilla.suse.com/824948

--


openSUSE-SU-2019:1196-1: moderate: Security update for libarchive

openSUSE Security Update: Security update for libarchive
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1196-1
Rating: moderate
References: #1120653 #1120654 #1120656 #1120659 #1124341
#1124342
Cross-References: CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000879
CVE-2018-1000880 CVE-2019-1000019 CVE-2019-1000020

Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes 6 vulnerabilities is now available.

Description:

This update for libarchive fixes the following issues:

Security issues fixed:

- CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder
(bsc#1120653)
- CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder
(bsc#1120654)
- CVE-2018-1000879: Fixed a NULL Pointer Dereference vulnerability in ACL
parser (bsc#1120656)
- CVE-2018-1000880: Fixed an Improper Input Validation vulnerability in
WARC parser (bsc#1120659)
- CVE-2019-1000019: Fixed an Out-Of-Bounds Read vulnerability in 7zip
decompression (bsc#1124341)
- CVE-2019-1000020: Fixed an Infinite Loop vulnerability in ISO9660 parser
(bsc#1124342)

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1196=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

bsdtar-3.3.2-lp150.7.1
bsdtar-debuginfo-3.3.2-lp150.7.1
libarchive-debugsource-3.3.2-lp150.7.1
libarchive-devel-3.3.2-lp150.7.1
libarchive13-3.3.2-lp150.7.1
libarchive13-debuginfo-3.3.2-lp150.7.1

- openSUSE Leap 15.0 (x86_64):

libarchive13-32bit-3.3.2-lp150.7.1
libarchive13-32bit-debuginfo-3.3.2-lp150.7.1


References:

https://www.suse.com/security/cve/CVE-2018-1000877.html
https://www.suse.com/security/cve/CVE-2018-1000878.html
https://www.suse.com/security/cve/CVE-2018-1000879.html
https://www.suse.com/security/cve/CVE-2018-1000880.html
https://www.suse.com/security/cve/CVE-2019-1000019.html
https://www.suse.com/security/cve/CVE-2019-1000020.html
https://bugzilla.suse.com/1120653
https://bugzilla.suse.com/1120654
https://bugzilla.suse.com/1120656
https://bugzilla.suse.com/1120659
https://bugzilla.suse.com/1124341
https://bugzilla.suse.com/1124342

--


openSUSE-SU-2019:1197-1: moderate: Security update for file

openSUSE Security Update: Security update for file
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1197-1
Rating: moderate
References: #1096974 #1096984 #1126117 #1126118 #1126119

Cross-References: CVE-2018-10360 CVE-2019-8905 CVE-2019-8906
CVE-2019-8907
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves four vulnerabilities and has one
errata is now available.

Description:

This update for file fixes the following issues:

The following security vulnerabilities were addressed:

- Fixed an out-of-bounds read in the function do_core_note in readelf.c,
which allowed remote attackers to cause a denial of service (application
crash) via a crafted ELF file (bsc#1096974 CVE-2018-10360).
- CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in
readelf.c (bsc#1126118)
- CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c
(bsc#1126119)
- CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c
(bsc#1126117)

This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1197=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

file-5.22-16.1
file-debuginfo-5.22-16.1
file-debugsource-5.22-16.1
file-devel-5.22-16.1
file-magic-5.22-16.1
libmagic1-5.22-16.1
libmagic1-debuginfo-5.22-16.1
python-magic-5.22-16.1

- openSUSE Leap 42.3 (x86_64):

libmagic1-32bit-5.22-16.1
libmagic1-debuginfo-32bit-5.22-16.1


References:

https://www.suse.com/security/cve/CVE-2018-10360.html
https://www.suse.com/security/cve/CVE-2019-8905.html
https://www.suse.com/security/cve/CVE-2019-8906.html
https://www.suse.com/security/cve/CVE-2019-8907.html
https://bugzilla.suse.com/1096974
https://bugzilla.suse.com/1096984
https://bugzilla.suse.com/1126117
https://bugzilla.suse.com/1126118
https://bugzilla.suse.com/1126119

--


openSUSE-SU-2019:1198-1: moderate: Security update for bluez

openSUSE Security Update: Security update for bluez
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1198-1
Rating: moderate
References: #1015173
Cross-References: CVE-2016-9918
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for bluez fixes the following issues:

Security issue fixed:

- CVE-2016-9918: Fixed a out-of-bound read in the packet_hexdump function
(bsc#1015173)

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1198=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

bluez-5.48-lp150.4.10.1
bluez-cups-5.48-lp150.4.10.1
bluez-cups-debuginfo-5.48-lp150.4.10.1
bluez-debuginfo-5.48-lp150.4.10.1
bluez-debugsource-5.48-lp150.4.10.1
bluez-devel-5.48-lp150.4.10.1
bluez-test-5.48-lp150.4.10.1
bluez-test-debuginfo-5.48-lp150.4.10.1
libbluetooth3-5.48-lp150.4.10.1
libbluetooth3-debuginfo-5.48-lp150.4.10.1

- openSUSE Leap 15.0 (noarch):

bluez-auto-enable-devices-5.48-lp150.4.10.1

- openSUSE Leap 15.0 (x86_64):

bluez-devel-32bit-5.48-lp150.4.10.1
libbluetooth3-32bit-5.48-lp150.4.10.1
libbluetooth3-32bit-debuginfo-5.48-lp150.4.10.1


References:

https://www.suse.com/security/cve/CVE-2016-9918.html
https://bugzilla.suse.com/1015173

--


openSUSE-SU-2019:1199-1: important: Recommended update for xen

openSUSE Security Update: Recommended update for xen
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1199-1
Rating: important
References: #1026236 #1027519 #1114988 #1126140 #1126141
#1126192 #1126195 #1126196 #1126197 #1126198
#1126201 #1126325 #1127400 #1127620
Cross-References: CVE-2018-19967
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves one vulnerability and has 13 fixes is
now available.

Description:

This update for xen fixes the following issues:

Security issues fixed:

- CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the
host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988)
- Fixed an issue which could allow malicious PV guests may cause a host
crash or gain access to data pertaining to other guests.Additionally,
vulnerable configurations are likely to be unstable even in the absence
of an attack (bsc#1126198).
- Fixed multiple access violations introduced by XENMEM_exchange hypercall
which could allow a single PV guest to leak arbitrary amounts of memory,
leading to a denial of service (bsc#1126192).
- Fixed an issue which could allow a malicious unprivileged guest
userspace process to escalate its privilege to that of other userspace
processes in the same guest and potentially thereby to that
of the guest operating system (bsc#1126201).
- Fixed an issue which could allow malicious or buggy x86 PV guest kernels
to mount a Denial of Service attack affecting the whole system
(bsc#1126197).
- Fixed an issue which could allow an untrusted PV domain with access to a
physical device to DMA into its own pagetables leading to privilege
escalation (bsc#1126195).
- Fixed an issue which could allow a malicious or buggy x86 PV guest
kernels can mount a Denial of Service attack affecting the whole system
(bsc#1126196).
- Fixed an issue which could allow malicious 64bit PV guests to cause a
host crash (bsc#1127400).
- Fixed an issue which could allow malicious or buggy guests with passed
through PCI devices to be able to escalate their privileges, crash the
host, or access data belonging to other guests. Additionally memory
leaks were also possible (bsc#1126140).
- Fixed a race condition issue which could allow malicious PV guests to
escalate their privilege to that
of the hypervisor (bsc#1126141).

Other issues fixed:

- Upstream bug fixes (bsc#1027519)
- Fixed an issue where setup of grant_tables and other variables may fail
(bsc#1126325).
- Added a requirement for xen, xl.cfg firmware="pvgrub32|pvgrub64
(bsc#1127620).
- Added Xen cmdline option "suse_vtsc_tolerance" to avoid TSC emulation
for HVM domUs (bsc#1026236).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1199=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

xen-debugsource-4.10.3_02-lp150.2.16.1
xen-devel-4.10.3_02-lp150.2.16.1
xen-libs-4.10.3_02-lp150.2.16.1
xen-libs-debuginfo-4.10.3_02-lp150.2.16.1
xen-tools-domU-4.10.3_02-lp150.2.16.1
xen-tools-domU-debuginfo-4.10.3_02-lp150.2.16.1

- openSUSE Leap 15.0 (x86_64):

xen-4.10.3_02-lp150.2.16.1
xen-doc-html-4.10.3_02-lp150.2.16.1
xen-libs-32bit-4.10.3_02-lp150.2.16.1
xen-libs-32bit-debuginfo-4.10.3_02-lp150.2.16.1
xen-tools-4.10.3_02-lp150.2.16.1
xen-tools-debuginfo-4.10.3_02-lp150.2.16.1


References:

https://www.suse.com/security/cve/CVE-2018-19967.html
https://bugzilla.suse.com/1026236
https://bugzilla.suse.com/1027519
https://bugzilla.suse.com/1114988
https://bugzilla.suse.com/1126140
https://bugzilla.suse.com/1126141
https://bugzilla.suse.com/1126192
https://bugzilla.suse.com/1126195
https://bugzilla.suse.com/1126196
https://bugzilla.suse.com/1126197
https://bugzilla.suse.com/1126198
https://bugzilla.suse.com/1126201
https://bugzilla.suse.com/1126325
https://bugzilla.suse.com/1127400
https://bugzilla.suse.com/1127620

--


openSUSE-SU-2019:1200-1: moderate: Security update for netpbm

openSUSE Security Update: Security update for netpbm
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1200-1
Rating: moderate
References: #1086777
Cross-References: CVE-2018-8975
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for netpbm fixes the following issues:

- CVE-2018-8975: The pm_mallocarray2 function allowed remote attackers to
cause a denial of service (heap-based buffer over-read) via a crafted
image file (bsc#1086777).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1200=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

libnetpbm-devel-10.80.1-lp150.2.3.1
libnetpbm11-10.80.1-lp150.2.3.1
libnetpbm11-debuginfo-10.80.1-lp150.2.3.1
netpbm-10.80.1-lp150.2.3.1
netpbm-debuginfo-10.80.1-lp150.2.3.1
netpbm-debugsource-10.80.1-lp150.2.3.1

- openSUSE Leap 15.0 (x86_64):

libnetpbm11-32bit-10.80.1-lp150.2.3.1
libnetpbm11-32bit-debuginfo-10.80.1-lp150.2.3.1


References:

https://www.suse.com/security/cve/CVE-2018-8975.html
https://bugzilla.suse.com/1086777

--