SUSE 5181 Published by

The following updates has been released for openSUSE:

openSUSE-SU-2019:1570-1: important: Security update for the Linux Kernel
openSUSE-SU-2019:1571-1: important: Security update for the Linux Kernel
openSUSE-SU-2019:1572-1: moderate: Security update for php7
openSUSE-SU-2019:1573-1: moderate: Security update for php7
openSUSE-SU-2019:1575-1: moderate: Security update for libcroco
openSUSE-SU-2019:1576-1: moderate: Security update for sssd
openSUSE-SU-2019:1577-1: important: Security update for MozillaThunderbird
openSUSE-SU-2019:1578-1: moderate: Security update for postgresql10
openSUSE-SU-2019:1579-1: important: Security update for the Linux Kernel
openSUSE-SU-2019:1580-1: important: Security update for python
openSUSE-SU-2019:1582-1: moderate: Security update for gnome-shell
openSUSE-SU-2019:1583-1: important: Security update for MozillaThunderbird



openSUSE-SU-2019:1570-1: important: Security update for the Linux Kernel

openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1570-1
Rating: important
References: #1005778 #1005780 #1005781 #1012382 #1019695
#1019696 #1022604 #1053043 #1063638 #1065600
#1066223 #1085535 #1085539 #1090888 #1099658
#1100132 #1106110 #1106284 #1106929 #1108838
#1109137 #1112178 #1117562 #1119086 #1120642
#1120843 #1120902 #1125580 #1126356 #1127155
#1128052 #1129770 #1131107 #1131543 #1131565
#1132374 #1132472 #1133190 #1133874 #1134338
#1134806 #1134813 #1135120 #1135281 #1135603
#1135642 #1135661 #1135878 #1136424 #1136438
#1136448 #1136449 #1136451 #1136452 #1136455
#1136458 #1136539 #1136573 #1136575 #1136586
#1136590 #1136598 #1136623 #1136810 #1136922
#1136935 #1136990 #1136993 #1137142 #1137162
#1137586 #1137739 #1137752 #1137915 #1138291
#1138293 #1138374
Cross-References: CVE-2018-7191 CVE-2019-11190 CVE-2019-11191
CVE-2019-11477 CVE-2019-11478 CVE-2019-11479
CVE-2019-11487 CVE-2019-11833 CVE-2019-12380
CVE-2019-12382 CVE-2019-12456 CVE-2019-12818
CVE-2019-12819 CVE-2019-3846 CVE-2019-5489

Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves 15 vulnerabilities and has 62 fixes
is now available.

Description:



Example: The openSUSE Leap 42.3 kernel was updated to 4.4.180 to receive
various security and bugfixes.

The following security bugs were fixed:

- CVE-2019-11477: A sequence of SACKs may have been crafted by a remote
attacker such that one can trigger an integer overflow, leading to a
kernel panic. (bsc#1137586).
- CVE-2019-11478: It was possible to send a crafted sequence of SACKs
which would fragment the TCP retransmission queue. A remote attacker may
have been able to further exploit the fragmented queue to cause an
expensive linked-list walk for subsequent SACKs received for that same
TCP connection. (bsc#1137586)
- CVE-2019-11479: It was possible to send a crafted sequence of SACKs
which would fragment the RACK send map. A remote attacker may be able to
further exploit the fragmented send map to cause an expensive
linked-list walk for subsequent SACKs received for that same TCP
connection. This would have resulted in excess resource consumption due
to low mss values. (bsc#1137586)
- CVE-2019-12819: The function __mdiobus_register() in
drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a
fixed_mdio_bus_init use-after-free. This will cause a denial of service
(bnc#1138291).
- CVE-2019-12818: The nfc_llcp_build_tlv function in
net/nfc/llcp_commands.c may return NULL. If the caller did not check for
this, it will trigger a NULL pointer dereference. This will cause denial
of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c
(bnc#1138293).
- CVE-2019-12456: An issue was discovered in the MPT3COMMAND case in
_ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c that allowed local
users to cause a denial of service or possibly have unspecified other
impact by changing the value of ioc_number between two kernel reads of
that value, aka a "double fetch" vulnerability (bnc#1136922).
- CVE-2019-12380: phys_efi_set_virtual_address_map in
arch/x86/platform/efi/efi.c and efi_call_phys_prolog in
arch/x86/platform/efi/efi_64.c mishandle memory allocation failures
(bnc#1136598).
- CVE-2019-11487: The Linux kernel allowed page->_refcount reference count
overflow, with resultant use-after-free issues, if about 140 GiB of RAM
exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c,
include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c,
mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests
(bnc#1133190).
- CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and
possibly escalate privileges was found in the mwifiex kernel module
while connecting to a malicious wireless network (bnc#1136424).
- CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in
drivers/gpu/drm/drm_edid_load.c. There was an unchecked kstrdup of
fwstr, which might allow an attacker to cause a denial of service (NULL
pointer dereference and system crash) (bnc#1136586).
- CVE-2019-5489: The mincore() implementation in mm/mincore.c allowed
local attackers to observe page cache access patterns of other processes
on the same system, potentially allowing sniffing of secret information.
(Fixing this affects the output of the fincore program.) Limited remote
exploitation may be possible, as demonstrated by latency differences in
accessing public files from an Apache HTTP Server (bnc#1120843).
- CVE-2019-11833: fs/ext4/extents.c did not zero out the unused memory
region in the extent tree block, which might allow local users to obtain
sensitive information by reading uninitialized data in the filesystem
(bnc#1135281).
- CVE-2018-7191: In the tun subsystem dev_get_valid_name is not called
before register_netdevice. This allowed local users to cause a denial of
service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF)
call with a dev name containing a / character. This is similar to
CVE-2013-4343 (bnc#1135603).
- CVE-2019-11190, CVE-2019-11191: The Linux kernel allowed local users to
bypass ASLR on setuid programs (such as /bin/su) because
install_exec_creds() is called too late in load_elf_binary() in
fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race
condition when reading /proc/pid/stat (bnc#1131543 bnc#1132374
bnc#1132472).


Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1570=1



Package List:

- openSUSE Leap 42.3 (noarch):

kernel-devel-4.4.180-102.1
kernel-docs-4.4.180-102.1
kernel-docs-html-4.4.180-102.1
kernel-docs-pdf-4.4.180-102.1
kernel-macros-4.4.180-102.1
kernel-source-4.4.180-102.1
kernel-source-vanilla-4.4.180-102.1

- openSUSE Leap 42.3 (x86_64):

kernel-debug-4.4.180-102.1
kernel-debug-base-4.4.180-102.1
kernel-debug-base-debuginfo-4.4.180-102.1
kernel-debug-debuginfo-4.4.180-102.1
kernel-debug-debugsource-4.4.180-102.1
kernel-debug-devel-4.4.180-102.1
kernel-debug-devel-debuginfo-4.4.180-102.1
kernel-default-4.4.180-102.1
kernel-default-base-4.4.180-102.1
kernel-default-base-debuginfo-4.4.180-102.1
kernel-default-debuginfo-4.4.180-102.1
kernel-default-debugsource-4.4.180-102.1
kernel-default-devel-4.4.180-102.1
kernel-obs-build-4.4.180-102.1
kernel-obs-build-debugsource-4.4.180-102.1
kernel-obs-qa-4.4.180-102.1
kernel-syms-4.4.180-102.1
kernel-vanilla-4.4.180-102.1
kernel-vanilla-base-4.4.180-102.1
kernel-vanilla-base-debuginfo-4.4.180-102.1
kernel-vanilla-debuginfo-4.4.180-102.1
kernel-vanilla-debugsource-4.4.180-102.1
kernel-vanilla-devel-4.4.180-102.1


References:

https://www.suse.com/security/cve/CVE-2018-7191.html
https://www.suse.com/security/cve/CVE-2019-11190.html
https://www.suse.com/security/cve/CVE-2019-11191.html
https://www.suse.com/security/cve/CVE-2019-11477.html
https://www.suse.com/security/cve/CVE-2019-11478.html
https://www.suse.com/security/cve/CVE-2019-11479.html
https://www.suse.com/security/cve/CVE-2019-11487.html
https://www.suse.com/security/cve/CVE-2019-11833.html
https://www.suse.com/security/cve/CVE-2019-12380.html
https://www.suse.com/security/cve/CVE-2019-12382.html
https://www.suse.com/security/cve/CVE-2019-12456.html
https://www.suse.com/security/cve/CVE-2019-12818.html
https://www.suse.com/security/cve/CVE-2019-12819.html
https://www.suse.com/security/cve/CVE-2019-3846.html
https://www.suse.com/security/cve/CVE-2019-5489.html
https://bugzilla.suse.com/1005778
https://bugzilla.suse.com/1005780
https://bugzilla.suse.com/1005781
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1019695
https://bugzilla.suse.com/1019696
https://bugzilla.suse.com/1022604
https://bugzilla.suse.com/1053043
https://bugzilla.suse.com/1063638
https://bugzilla.suse.com/1065600
https://bugzilla.suse.com/1066223
https://bugzilla.suse.com/1085535
https://bugzilla.suse.com/1085539
https://bugzilla.suse.com/1090888
https://bugzilla.suse.com/1099658
https://bugzilla.suse.com/1100132
https://bugzilla.suse.com/1106110
https://bugzilla.suse.com/1106284
https://bugzilla.suse.com/1106929
https://bugzilla.suse.com/1108838
https://bugzilla.suse.com/1109137
https://bugzilla.suse.com/1112178
https://bugzilla.suse.com/1117562
https://bugzilla.suse.com/1119086
https://bugzilla.suse.com/1120642
https://bugzilla.suse.com/1120843
https://bugzilla.suse.com/1120902
https://bugzilla.suse.com/1125580
https://bugzilla.suse.com/1126356
https://bugzilla.suse.com/1127155
https://bugzilla.suse.com/1128052
https://bugzilla.suse.com/1129770
https://bugzilla.suse.com/1131107
https://bugzilla.suse.com/1131543
https://bugzilla.suse.com/1131565
https://bugzilla.suse.com/1132374
https://bugzilla.suse.com/1132472
https://bugzilla.suse.com/1133190
https://bugzilla.suse.com/1133874
https://bugzilla.suse.com/1134338
https://bugzilla.suse.com/1134806
https://bugzilla.suse.com/1134813
https://bugzilla.suse.com/1135120
https://bugzilla.suse.com/1135281
https://bugzilla.suse.com/1135603
https://bugzilla.suse.com/1135642
https://bugzilla.suse.com/1135661
https://bugzilla.suse.com/1135878
https://bugzilla.suse.com/1136424
https://bugzilla.suse.com/1136438
https://bugzilla.suse.com/1136448
https://bugzilla.suse.com/1136449
https://bugzilla.suse.com/1136451
https://bugzilla.suse.com/1136452
https://bugzilla.suse.com/1136455
https://bugzilla.suse.com/1136458
https://bugzilla.suse.com/1136539
https://bugzilla.suse.com/1136573
https://bugzilla.suse.com/1136575
https://bugzilla.suse.com/1136586
https://bugzilla.suse.com/1136590
https://bugzilla.suse.com/1136598
https://bugzilla.suse.com/1136623
https://bugzilla.suse.com/1136810
https://bugzilla.suse.com/1136922
https://bugzilla.suse.com/1136935
https://bugzilla.suse.com/1136990
https://bugzilla.suse.com/1136993
https://bugzilla.suse.com/1137142
https://bugzilla.suse.com/1137162
https://bugzilla.suse.com/1137586
https://bugzilla.suse.com/1137739
https://bugzilla.suse.com/1137752
https://bugzilla.suse.com/1137915
https://bugzilla.suse.com/1138291
https://bugzilla.suse.com/1138293
https://bugzilla.suse.com/1138374

--


openSUSE-SU-2019:1571-1: important: Security update for the Linux Kernel

openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1571-1
Rating: important
References: #1012382 #1050242 #1051510 #1053043 #1056787
#1058115 #1061840 #1064802 #1065600 #1065729
#1066129 #1068546 #1071995 #1075020 #1082387
#1083647 #1085535 #1093389 #1099658 #1103992
#1104353 #1104427 #1111666 #1111696 #1113722
#1115688 #1117114 #1117158 #1117561 #1118139
#1120091 #1120423 #1120566 #1120902 #1124503
#1126206 #1126356 #1127616 #1128432 #1130699
#1131673 #1133190 #1133612 #1133616 #1134090
#1134671 #1134730 #1134738 #1134743 #1134806
#1134936 #1134945 #1134946 #1134947 #1134948
#1134949 #1134950 #1134951 #1134952 #1134953
#1134972 #1134974 #1134975 #1134980 #1134981
#1134983 #1134987 #1134989 #1134990 #1134994
#1134995 #1134998 #1134999 #1135018 #1135021
#1135024 #1135026 #1135027 #1135028 #1135029
#1135031 #1135033 #1135034 #1135035 #1135036
#1135037 #1135038 #1135039 #1135041 #1135042
#1135044 #1135045 #1135046 #1135047 #1135049
#1135051 #1135052 #1135053 #1135055 #1135056
#1135058 #1135153 #1135542 #1135556 #1135642
#1135661 #1136188 #1136206 #1136215 #1136345
#1136347 #1136348 #1136353 #1136424 #1136428
#1136430 #1136432 #1136434 #1136435 #1136438
#1136439 #1136456 #1136460 #1136461 #1136469
#1136477 #1136478 #1136498 #1136573 #1136586
#1136598 #1136881 #1136922 #1136935 #1136978
#1136990 #1137151 #1137152 #1137153 #1137162
#1137201 #1137224 #1137232 #1137233 #1137236
#1137372 #1137429 #1137444 #1137586 #1137739
#1137752 #1137995 #1137996 #1137998 #1137999
#1138000 #1138002 #1138003 #1138005 #1138006
#1138007 #1138008 #1138009 #1138010 #1138011
#1138012 #1138013 #1138014 #1138015 #1138016
#1138017 #1138018 #1138019 #1138291 #1138293
#1138336 #1138374 #1138375
Cross-References: CVE-2019-10124 CVE-2019-11477 CVE-2019-11478
CVE-2019-11479 CVE-2019-11487 CVE-2019-12380
CVE-2019-12382 CVE-2019-12456 CVE-2019-12818
CVE-2019-12819 CVE-2019-3846
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that solves 11 vulnerabilities and has 167 fixes
is now available.

Description:



The openSUSE Leap 15.1 was updated to receive various security and
bugfixes.

The following security bugs were fixed:

- CVE-2019-11477: A sequence of SACKs may have been crafted by a remote
attacker such that one can trigger an integer overflow, leading to a
kernel panic. (bsc#1137586).
- CVE-2019-11478: It was possible to send a crafted sequence of SACKs
which would fragment the TCP retransmission queue. A remote attacker may
have been able to further exploit the fragmented queue to cause an
expensive linked-list walk for subsequent SACKs received for that same
TCP connection. (bsc#1137586)
- CVE-2019-11479: It was possible to send a crafted sequence of SACKs
which would fragment the RACK send map. A remote attacker may be able to
further exploit the fragmented send map to cause an expensive
linked-list walk for subsequent SACKs received for that same TCP
connection. This would have resulted in excess resource consumption due
to low mss values. (bsc#1137586)
- CVE-2019-12819: The function __mdiobus_register() in
drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a
fixed_mdio_bus_init use-after-free. This will cause a denial of service
(bnc#1138291).
- CVE-2019-12818: The nfc_llcp_build_tlv function in
net/nfc/llcp_commands.c may return NULL. If the caller did not check for
this, it will trigger a NULL pointer dereference. This will cause denial
of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c
(bnc#1138293).
- CVE-2019-12456: An issue was discovered in the MPT3COMMAND case in
_ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c that allowed local
users to cause a denial of service or possibly have unspecified other
impact by changing the value of ioc_number between two kernel reads of
that value, aka a "double fetch" vulnerability. (bnc#1136922)
- CVE-2019-12380: An issue was discovered in the efi subsystem in the
Linux kernel phys_efi_set_virtual_address_map in
arch/x86/platform/efi/efi.c and efi_call_phys_prolog in
arch/x86/platform/efi/efi_64.c mishandle memory allocation failures
(bnc#1136598).
- CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and
possibly escalate privileges was found in the mwifiex kernel module
while connecting to a malicious wireless network (bnc#1136424).
- CVE-2019-10124: An attacker could exploit an issue in the hwpoison
implementation to cause a denial of service (BUG). (bsc#1130699)
- CVE-2019-12382: In the drm_load_edid_firmware in
drivers/gpu/drm/drm_edid_load.c was an unchecked kstrdup of fwstr, which
might allow an attacker to cause a denial of service (NULL pointer
dereference and system crash) (bnc#1136586).
- CVE-2019-11487: The Linux kernel allowed page->_refcount reference count
overflow, with resultant use-after-free issues, if about 140 GiB of RAM
exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c,
include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c,
mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests
(bnc#1133190).


Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1571=1



Package List:

- openSUSE Leap 15.1 (x86_64):

kernel-debug-4.12.14-lp151.28.7.1
kernel-debug-base-4.12.14-lp151.28.7.1
kernel-debug-base-debuginfo-4.12.14-lp151.28.7.1
kernel-debug-debuginfo-4.12.14-lp151.28.7.1
kernel-debug-debugsource-4.12.14-lp151.28.7.1
kernel-debug-devel-4.12.14-lp151.28.7.1
kernel-debug-devel-debuginfo-4.12.14-lp151.28.7.1
kernel-default-4.12.14-lp151.28.7.1
kernel-default-base-4.12.14-lp151.28.7.1
kernel-default-base-debuginfo-4.12.14-lp151.28.7.1
kernel-default-debuginfo-4.12.14-lp151.28.7.1
kernel-default-debugsource-4.12.14-lp151.28.7.1
kernel-default-devel-4.12.14-lp151.28.7.1
kernel-default-devel-debuginfo-4.12.14-lp151.28.7.1
kernel-kvmsmall-4.12.14-lp151.28.7.1
kernel-kvmsmall-base-4.12.14-lp151.28.7.1
kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.7.1
kernel-kvmsmall-debuginfo-4.12.14-lp151.28.7.1
kernel-kvmsmall-debugsource-4.12.14-lp151.28.7.1
kernel-kvmsmall-devel-4.12.14-lp151.28.7.1
kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.7.1
kernel-obs-build-4.12.14-lp151.28.7.1
kernel-obs-build-debugsource-4.12.14-lp151.28.7.1
kernel-obs-qa-4.12.14-lp151.28.7.1
kernel-syms-4.12.14-lp151.28.7.1
kernel-vanilla-4.12.14-lp151.28.7.1
kernel-vanilla-base-4.12.14-lp151.28.7.1
kernel-vanilla-base-debuginfo-4.12.14-lp151.28.7.1
kernel-vanilla-debuginfo-4.12.14-lp151.28.7.1
kernel-vanilla-debugsource-4.12.14-lp151.28.7.1
kernel-vanilla-devel-4.12.14-lp151.28.7.1
kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.7.1

- openSUSE Leap 15.1 (noarch):

kernel-devel-4.12.14-lp151.28.7.1
kernel-docs-4.12.14-lp151.28.7.1
kernel-docs-html-4.12.14-lp151.28.7.1
kernel-macros-4.12.14-lp151.28.7.1
kernel-source-4.12.14-lp151.28.7.1
kernel-source-vanilla-4.12.14-lp151.28.7.1


References:

https://www.suse.com/security/cve/CVE-2019-10124.html
https://www.suse.com/security/cve/CVE-2019-11477.html
https://www.suse.com/security/cve/CVE-2019-11478.html
https://www.suse.com/security/cve/CVE-2019-11479.html
https://www.suse.com/security/cve/CVE-2019-11487.html
https://www.suse.com/security/cve/CVE-2019-12380.html
https://www.suse.com/security/cve/CVE-2019-12382.html
https://www.suse.com/security/cve/CVE-2019-12456.html
https://www.suse.com/security/cve/CVE-2019-12818.html
https://www.suse.com/security/cve/CVE-2019-12819.html
https://www.suse.com/security/cve/CVE-2019-3846.html
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1050242
https://bugzilla.suse.com/1051510
https://bugzilla.suse.com/1053043
https://bugzilla.suse.com/1056787
https://bugzilla.suse.com/1058115
https://bugzilla.suse.com/1061840
https://bugzilla.suse.com/1064802
https://bugzilla.suse.com/1065600
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1066129
https://bugzilla.suse.com/1068546
https://bugzilla.suse.com/1071995
https://bugzilla.suse.com/1075020
https://bugzilla.suse.com/1082387
https://bugzilla.suse.com/1083647
https://bugzilla.suse.com/1085535
https://bugzilla.suse.com/1093389
https://bugzilla.suse.com/1099658
https://bugzilla.suse.com/1103992
https://bugzilla.suse.com/1104353
https://bugzilla.suse.com/1104427
https://bugzilla.suse.com/1111666
https://bugzilla.suse.com/1111696
https://bugzilla.suse.com/1113722
https://bugzilla.suse.com/1115688
https://bugzilla.suse.com/1117114
https://bugzilla.suse.com/1117158
https://bugzilla.suse.com/1117561
https://bugzilla.suse.com/1118139
https://bugzilla.suse.com/1120091
https://bugzilla.suse.com/1120423
https://bugzilla.suse.com/1120566
https://bugzilla.suse.com/1120902
https://bugzilla.suse.com/1124503
https://bugzilla.suse.com/1126206
https://bugzilla.suse.com/1126356
https://bugzilla.suse.com/1127616
https://bugzilla.suse.com/1128432
https://bugzilla.suse.com/1130699
https://bugzilla.suse.com/1131673
https://bugzilla.suse.com/1133190
https://bugzilla.suse.com/1133612
https://bugzilla.suse.com/1133616
https://bugzilla.suse.com/1134090
https://bugzilla.suse.com/1134671
https://bugzilla.suse.com/1134730
https://bugzilla.suse.com/1134738
https://bugzilla.suse.com/1134743
https://bugzilla.suse.com/1134806
https://bugzilla.suse.com/1134936
https://bugzilla.suse.com/1134945
https://bugzilla.suse.com/1134946
https://bugzilla.suse.com/1134947
https://bugzilla.suse.com/1134948
https://bugzilla.suse.com/1134949
https://bugzilla.suse.com/1134950
https://bugzilla.suse.com/1134951
https://bugzilla.suse.com/1134952
https://bugzilla.suse.com/1134953
https://bugzilla.suse.com/1134972
https://bugzilla.suse.com/1134974
https://bugzilla.suse.com/1134975
https://bugzilla.suse.com/1134980
https://bugzilla.suse.com/1134981
https://bugzilla.suse.com/1134983
https://bugzilla.suse.com/1134987
https://bugzilla.suse.com/1134989
https://bugzilla.suse.com/1134990
https://bugzilla.suse.com/1134994
https://bugzilla.suse.com/1134995
https://bugzilla.suse.com/1134998
https://bugzilla.suse.com/1134999
https://bugzilla.suse.com/1135018
https://bugzilla.suse.com/1135021
https://bugzilla.suse.com/1135024
https://bugzilla.suse.com/1135026
https://bugzilla.suse.com/1135027
https://bugzilla.suse.com/1135028
https://bugzilla.suse.com/1135029
https://bugzilla.suse.com/1135031
https://bugzilla.suse.com/1135033
https://bugzilla.suse.com/1135034
https://bugzilla.suse.com/1135035
https://bugzilla.suse.com/1135036
https://bugzilla.suse.com/1135037
https://bugzilla.suse.com/1135038
https://bugzilla.suse.com/1135039
https://bugzilla.suse.com/1135041
https://bugzilla.suse.com/1135042
https://bugzilla.suse.com/1135044
https://bugzilla.suse.com/1135045
https://bugzilla.suse.com/1135046
https://bugzilla.suse.com/1135047
https://bugzilla.suse.com/1135049
https://bugzilla.suse.com/1135051
https://bugzilla.suse.com/1135052
https://bugzilla.suse.com/1135053
https://bugzilla.suse.com/1135055
https://bugzilla.suse.com/1135056
https://bugzilla.suse.com/1135058
https://bugzilla.suse.com/1135153
https://bugzilla.suse.com/1135542
https://bugzilla.suse.com/1135556
https://bugzilla.suse.com/1135642
https://bugzilla.suse.com/1135661
https://bugzilla.suse.com/1136188
https://bugzilla.suse.com/1136206
https://bugzilla.suse.com/1136215
https://bugzilla.suse.com/1136345
https://bugzilla.suse.com/1136347
https://bugzilla.suse.com/1136348
https://bugzilla.suse.com/1136353
https://bugzilla.suse.com/1136424
https://bugzilla.suse.com/1136428
https://bugzilla.suse.com/1136430
https://bugzilla.suse.com/1136432
https://bugzilla.suse.com/1136434
https://bugzilla.suse.com/1136435
https://bugzilla.suse.com/1136438
https://bugzilla.suse.com/1136439
https://bugzilla.suse.com/1136456
https://bugzilla.suse.com/1136460
https://bugzilla.suse.com/1136461
https://bugzilla.suse.com/1136469
https://bugzilla.suse.com/1136477
https://bugzilla.suse.com/1136478
https://bugzilla.suse.com/1136498
https://bugzilla.suse.com/1136573
https://bugzilla.suse.com/1136586
https://bugzilla.suse.com/1136598
https://bugzilla.suse.com/1136881
https://bugzilla.suse.com/1136922
https://bugzilla.suse.com/1136935
https://bugzilla.suse.com/1136978
https://bugzilla.suse.com/1136990
https://bugzilla.suse.com/1137151
https://bugzilla.suse.com/1137152
https://bugzilla.suse.com/1137153
https://bugzilla.suse.com/1137162
https://bugzilla.suse.com/1137201
https://bugzilla.suse.com/1137224
https://bugzilla.suse.com/1137232
https://bugzilla.suse.com/1137233
https://bugzilla.suse.com/1137236
https://bugzilla.suse.com/1137372
https://bugzilla.suse.com/1137429
https://bugzilla.suse.com/1137444
https://bugzilla.suse.com/1137586
https://bugzilla.suse.com/1137739
https://bugzilla.suse.com/1137752
https://bugzilla.suse.com/1137995
https://bugzilla.suse.com/1137996
https://bugzilla.suse.com/1137998
https://bugzilla.suse.com/1137999
https://bugzilla.suse.com/1138000
https://bugzilla.suse.com/1138002
https://bugzilla.suse.com/1138003
https://bugzilla.suse.com/1138005
https://bugzilla.suse.com/1138006
https://bugzilla.suse.com/1138007
https://bugzilla.suse.com/1138008
https://bugzilla.suse.com/1138009
https://bugzilla.suse.com/1138010
https://bugzilla.suse.com/1138011
https://bugzilla.suse.com/1138012
https://bugzilla.suse.com/1138013
https://bugzilla.suse.com/1138014
https://bugzilla.suse.com/1138015
https://bugzilla.suse.com/1138016
https://bugzilla.suse.com/1138017
https://bugzilla.suse.com/1138018
https://bugzilla.suse.com/1138019
https://bugzilla.suse.com/1138291
https://bugzilla.suse.com/1138293
https://bugzilla.suse.com/1138336
https://bugzilla.suse.com/1138374
https://bugzilla.suse.com/1138375

--


openSUSE-SU-2019:1572-1: moderate: Security update for php7

openSUSE Security Update: Security update for php7
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1572-1
Rating: moderate
References: #1118832 #1119396 #1126711 #1126713 #1126821
#1126823 #1126827 #1127122 #1128722 #1128883
#1128886 #1128887 #1128889 #1128892 #1129032
#1132837 #1132838 #1134322
Cross-References: CVE-2018-19935 CVE-2018-20783 CVE-2019-11034
CVE-2019-11035 CVE-2019-11036 CVE-2019-9020
CVE-2019-9021 CVE-2019-9022 CVE-2019-9023
CVE-2019-9024 CVE-2019-9637 CVE-2019-9638
CVE-2019-9639 CVE-2019-9640 CVE-2019-9641
CVE-2019-9675
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that solves 16 vulnerabilities and has two fixes
is now available.

Description:

This update for php7 fixes the following issues:

Security issues fixed:

- CVE-2019-9637: Fixed improper implementation of rename function and
multiple invalid memory access in EXIF extension (bsc#1128892).
- CVE-2019-9675: Fixed improper implementation of rename function and
multiple invalid memory access in EXIF extension (bsc#1128886).
- CVE-2019-9638: Fixed improper implementation of rename function and
multiple invalid memory access in EXIF extension ((bsc#1128889).
- CVE-2019-9639: Fixed improper implementation of rename function and
multiple invalid memory access in EXIF extension (bsc#1128887).
- CVE-2019-9640: Fixed improper implementation of rename function and
multiple invalid memory access in EXIF extension (bsc#1128883).
- CVE-2019-9022: Fixed a vulnerability which could allow a hostile DNS
server to make PHP misuse memcpy (bsc#1126827).
- CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which
could allow to a hostile XMLRPC server to cause memory read outside the
allocated areas (bsc#1126821).
- CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function
(bsc#1126711).
- CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which
could allow an attacker to read allocated and unallocated memory when
parsing a phar file (bsc#1127122).
- CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR
reading functions which could allow an attacker to read allocated and
unallocated memory when parsing a phar file (bsc#1126713).
- CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in
mbstring regular expression functions (bsc#1126823).
- CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension
and improved insecure implementation
of rename function (bsc#1128722).
- CVE-2018-19935: Fixed a Denial of Service in php_imap.c which could be
triggered via an empty string in the message argument to imap_mail
(bsc#1118832).
- CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si()
(bsc#1132838).
- CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value()
(bsc#1132837).
- CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function
leading to information disclosure (bsc#1134322).

Other issue addressed:

- Deleted README.default_socket_timeout which is not needed anymore
(bsc#1129032).
- Enabled php7 testsuite (bsc#1119396).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1572=1



Package List:

- openSUSE Leap 15.1 (i586 x86_64):

apache2-mod_php7-7.2.5-lp151.6.3.1
apache2-mod_php7-debuginfo-7.2.5-lp151.6.3.1
php7-7.2.5-lp151.6.3.1
php7-bcmath-7.2.5-lp151.6.3.1
php7-bcmath-debuginfo-7.2.5-lp151.6.3.1
php7-bz2-7.2.5-lp151.6.3.1
php7-bz2-debuginfo-7.2.5-lp151.6.3.1
php7-calendar-7.2.5-lp151.6.3.1
php7-calendar-debuginfo-7.2.5-lp151.6.3.1
php7-ctype-7.2.5-lp151.6.3.1
php7-ctype-debuginfo-7.2.5-lp151.6.3.1
php7-curl-7.2.5-lp151.6.3.1
php7-curl-debuginfo-7.2.5-lp151.6.3.1
php7-dba-7.2.5-lp151.6.3.1
php7-dba-debuginfo-7.2.5-lp151.6.3.1
php7-debuginfo-7.2.5-lp151.6.3.1
php7-debugsource-7.2.5-lp151.6.3.1
php7-devel-7.2.5-lp151.6.3.1
php7-dom-7.2.5-lp151.6.3.1
php7-dom-debuginfo-7.2.5-lp151.6.3.1
php7-embed-7.2.5-lp151.6.3.1
php7-embed-debuginfo-7.2.5-lp151.6.3.1
php7-enchant-7.2.5-lp151.6.3.1
php7-enchant-debuginfo-7.2.5-lp151.6.3.1
php7-exif-7.2.5-lp151.6.3.1
php7-exif-debuginfo-7.2.5-lp151.6.3.1
php7-fastcgi-7.2.5-lp151.6.3.1
php7-fastcgi-debuginfo-7.2.5-lp151.6.3.1
php7-fileinfo-7.2.5-lp151.6.3.1
php7-fileinfo-debuginfo-7.2.5-lp151.6.3.1
php7-firebird-7.2.5-lp151.6.3.1
php7-firebird-debuginfo-7.2.5-lp151.6.3.1
php7-fpm-7.2.5-lp151.6.3.1
php7-fpm-debuginfo-7.2.5-lp151.6.3.1
php7-ftp-7.2.5-lp151.6.3.1
php7-ftp-debuginfo-7.2.5-lp151.6.3.1
php7-gd-7.2.5-lp151.6.3.1
php7-gd-debuginfo-7.2.5-lp151.6.3.1
php7-gettext-7.2.5-lp151.6.3.1
php7-gettext-debuginfo-7.2.5-lp151.6.3.1
php7-gmp-7.2.5-lp151.6.3.1
php7-gmp-debuginfo-7.2.5-lp151.6.3.1
php7-iconv-7.2.5-lp151.6.3.1
php7-iconv-debuginfo-7.2.5-lp151.6.3.1
php7-intl-7.2.5-lp151.6.3.1
php7-intl-debuginfo-7.2.5-lp151.6.3.1
php7-json-7.2.5-lp151.6.3.1
php7-json-debuginfo-7.2.5-lp151.6.3.1
php7-ldap-7.2.5-lp151.6.3.1
php7-ldap-debuginfo-7.2.5-lp151.6.3.1
php7-mbstring-7.2.5-lp151.6.3.1
php7-mbstring-debuginfo-7.2.5-lp151.6.3.1
php7-mysql-7.2.5-lp151.6.3.1
php7-mysql-debuginfo-7.2.5-lp151.6.3.1
php7-odbc-7.2.5-lp151.6.3.1
php7-odbc-debuginfo-7.2.5-lp151.6.3.1
php7-opcache-7.2.5-lp151.6.3.1
php7-opcache-debuginfo-7.2.5-lp151.6.3.1
php7-openssl-7.2.5-lp151.6.3.1
php7-openssl-debuginfo-7.2.5-lp151.6.3.1
php7-pcntl-7.2.5-lp151.6.3.1
php7-pcntl-debuginfo-7.2.5-lp151.6.3.1
php7-pdo-7.2.5-lp151.6.3.1
php7-pdo-debuginfo-7.2.5-lp151.6.3.1
php7-pgsql-7.2.5-lp151.6.3.1
php7-pgsql-debuginfo-7.2.5-lp151.6.3.1
php7-phar-7.2.5-lp151.6.3.1
php7-phar-debuginfo-7.2.5-lp151.6.3.1
php7-posix-7.2.5-lp151.6.3.1
php7-posix-debuginfo-7.2.5-lp151.6.3.1
php7-readline-7.2.5-lp151.6.3.1
php7-readline-debuginfo-7.2.5-lp151.6.3.1
php7-shmop-7.2.5-lp151.6.3.1
php7-shmop-debuginfo-7.2.5-lp151.6.3.1
php7-snmp-7.2.5-lp151.6.3.1
php7-snmp-debuginfo-7.2.5-lp151.6.3.1
php7-soap-7.2.5-lp151.6.3.1
php7-soap-debuginfo-7.2.5-lp151.6.3.1
php7-sockets-7.2.5-lp151.6.3.1
php7-sockets-debuginfo-7.2.5-lp151.6.3.1
php7-sodium-7.2.5-lp151.6.3.1
php7-sodium-debuginfo-7.2.5-lp151.6.3.1
php7-sqlite-7.2.5-lp151.6.3.1
php7-sqlite-debuginfo-7.2.5-lp151.6.3.1
php7-sysvmsg-7.2.5-lp151.6.3.1
php7-sysvmsg-debuginfo-7.2.5-lp151.6.3.1
php7-sysvsem-7.2.5-lp151.6.3.1
php7-sysvsem-debuginfo-7.2.5-lp151.6.3.1
php7-sysvshm-7.2.5-lp151.6.3.1
php7-sysvshm-debuginfo-7.2.5-lp151.6.3.1
php7-testresults-7.2.5-lp151.6.3.1
php7-tidy-7.2.5-lp151.6.3.1
php7-tidy-debuginfo-7.2.5-lp151.6.3.1
php7-tokenizer-7.2.5-lp151.6.3.1
php7-tokenizer-debuginfo-7.2.5-lp151.6.3.1
php7-wddx-7.2.5-lp151.6.3.1
php7-wddx-debuginfo-7.2.5-lp151.6.3.1
php7-xmlreader-7.2.5-lp151.6.3.1
php7-xmlreader-debuginfo-7.2.5-lp151.6.3.1
php7-xmlrpc-7.2.5-lp151.6.3.1
php7-xmlrpc-debuginfo-7.2.5-lp151.6.3.1
php7-xmlwriter-7.2.5-lp151.6.3.1
php7-xmlwriter-debuginfo-7.2.5-lp151.6.3.1
php7-xsl-7.2.5-lp151.6.3.1
php7-xsl-debuginfo-7.2.5-lp151.6.3.1
php7-zip-7.2.5-lp151.6.3.1
php7-zip-debuginfo-7.2.5-lp151.6.3.1
php7-zlib-7.2.5-lp151.6.3.1
php7-zlib-debuginfo-7.2.5-lp151.6.3.1

- openSUSE Leap 15.1 (noarch):

php7-pear-7.2.5-lp151.6.3.1
php7-pear-Archive_Tar-7.2.5-lp151.6.3.1


References:

https://www.suse.com/security/cve/CVE-2018-19935.html
https://www.suse.com/security/cve/CVE-2018-20783.html
https://www.suse.com/security/cve/CVE-2019-11034.html
https://www.suse.com/security/cve/CVE-2019-11035.html
https://www.suse.com/security/cve/CVE-2019-11036.html
https://www.suse.com/security/cve/CVE-2019-9020.html
https://www.suse.com/security/cve/CVE-2019-9021.html
https://www.suse.com/security/cve/CVE-2019-9022.html
https://www.suse.com/security/cve/CVE-2019-9023.html
https://www.suse.com/security/cve/CVE-2019-9024.html
https://www.suse.com/security/cve/CVE-2019-9637.html
https://www.suse.com/security/cve/CVE-2019-9638.html
https://www.suse.com/security/cve/CVE-2019-9639.html
https://www.suse.com/security/cve/CVE-2019-9640.html
https://www.suse.com/security/cve/CVE-2019-9641.html
https://www.suse.com/security/cve/CVE-2019-9675.html
https://bugzilla.suse.com/1118832
https://bugzilla.suse.com/1119396
https://bugzilla.suse.com/1126711
https://bugzilla.suse.com/1126713
https://bugzilla.suse.com/1126821
https://bugzilla.suse.com/1126823
https://bugzilla.suse.com/1126827
https://bugzilla.suse.com/1127122
https://bugzilla.suse.com/1128722
https://bugzilla.suse.com/1128883
https://bugzilla.suse.com/1128886
https://bugzilla.suse.com/1128887
https://bugzilla.suse.com/1128889
https://bugzilla.suse.com/1128892
https://bugzilla.suse.com/1129032
https://bugzilla.suse.com/1132837
https://bugzilla.suse.com/1132838
https://bugzilla.suse.com/1134322

--


openSUSE-SU-2019:1573-1: moderate: Security update for php7

openSUSE Security Update: Security update for php7
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1573-1
Rating: moderate
References: #1118832 #1119396 #1126711 #1126713 #1126821
#1126823 #1126827 #1127122 #1128722 #1128883
#1128886 #1128887 #1128889 #1128892 #1129032
#1132837 #1132838 #1134322
Cross-References: CVE-2018-19935 CVE-2018-20783 CVE-2019-11034
CVE-2019-11035 CVE-2019-11036 CVE-2019-9020
CVE-2019-9021 CVE-2019-9022 CVE-2019-9023
CVE-2019-9024 CVE-2019-9637 CVE-2019-9638
CVE-2019-9639 CVE-2019-9640 CVE-2019-9641
CVE-2019-9675
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves 16 vulnerabilities and has two fixes
is now available.

Description:

This update for php7 fixes the following issues:

Security issues fixed:

- CVE-2019-9637: Fixed improper implementation of rename function and
multiple invalid memory access in EXIF extension (bsc#1128892).
- CVE-2019-9675: Fixed improper implementation of rename function and
multiple invalid memory access in EXIF extension (bsc#1128886).
- CVE-2019-9638: Fixed improper implementation of rename function and
multiple invalid memory access in EXIF extension ((bsc#1128889).
- CVE-2019-9639: Fixed improper implementation of rename function and
multiple invalid memory access in EXIF extension (bsc#1128887).
- CVE-2019-9640: Fixed improper implementation of rename function and
multiple invalid memory access in EXIF extension (bsc#1128883).
- CVE-2019-9022: Fixed a vulnerability which could allow a hostile DNS
server to make PHP misuse memcpy (bsc#1126827).
- CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which
could allow to a hostile XMLRPC server to cause memory read outside the
allocated areas (bsc#1126821).
- CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function
(bsc#1126711).
- CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which
could allow an attacker to read allocated and unallocated memory when
parsing a phar file (bsc#1127122).
- CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR
reading functions which could allow an attacker to read allocated and
unallocated memory when parsing a phar file (bsc#1126713).
- CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in
mbstring regular expression functions (bsc#1126823).
- CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension
and improved insecure implementation
of rename function (bsc#1128722).
- CVE-2018-19935: Fixed a Denial of Service in php_imap.c which could be
triggered via an empty string in the message argument to imap_mail
(bsc#1118832).
- CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si()
(bsc#1132838).
- CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value()
(bsc#1132837).
- CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function
leading to information disclosure (bsc#1134322).

Other issue addressed:

- Deleted README.default_socket_timeout which is not needed anymore
(bsc#1129032).
- Enabled php7 testsuite (bsc#1119396).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1573=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

apache2-mod_php7-7.2.5-lp150.2.19.1
apache2-mod_php7-debuginfo-7.2.5-lp150.2.19.1
php7-7.2.5-lp150.2.19.1
php7-bcmath-7.2.5-lp150.2.19.1
php7-bcmath-debuginfo-7.2.5-lp150.2.19.1
php7-bz2-7.2.5-lp150.2.19.1
php7-bz2-debuginfo-7.2.5-lp150.2.19.1
php7-calendar-7.2.5-lp150.2.19.1
php7-calendar-debuginfo-7.2.5-lp150.2.19.1
php7-ctype-7.2.5-lp150.2.19.1
php7-ctype-debuginfo-7.2.5-lp150.2.19.1
php7-curl-7.2.5-lp150.2.19.1
php7-curl-debuginfo-7.2.5-lp150.2.19.1
php7-dba-7.2.5-lp150.2.19.1
php7-dba-debuginfo-7.2.5-lp150.2.19.1
php7-debuginfo-7.2.5-lp150.2.19.1
php7-debugsource-7.2.5-lp150.2.19.1
php7-devel-7.2.5-lp150.2.19.1
php7-dom-7.2.5-lp150.2.19.1
php7-dom-debuginfo-7.2.5-lp150.2.19.1
php7-embed-7.2.5-lp150.2.19.1
php7-embed-debuginfo-7.2.5-lp150.2.19.1
php7-enchant-7.2.5-lp150.2.19.1
php7-enchant-debuginfo-7.2.5-lp150.2.19.1
php7-exif-7.2.5-lp150.2.19.1
php7-exif-debuginfo-7.2.5-lp150.2.19.1
php7-fastcgi-7.2.5-lp150.2.19.1
php7-fastcgi-debuginfo-7.2.5-lp150.2.19.1
php7-fileinfo-7.2.5-lp150.2.19.1
php7-fileinfo-debuginfo-7.2.5-lp150.2.19.1
php7-firebird-7.2.5-lp150.2.19.1
php7-firebird-debuginfo-7.2.5-lp150.2.19.1
php7-fpm-7.2.5-lp150.2.19.1
php7-fpm-debuginfo-7.2.5-lp150.2.19.1
php7-ftp-7.2.5-lp150.2.19.1
php7-ftp-debuginfo-7.2.5-lp150.2.19.1
php7-gd-7.2.5-lp150.2.19.1
php7-gd-debuginfo-7.2.5-lp150.2.19.1
php7-gettext-7.2.5-lp150.2.19.1
php7-gettext-debuginfo-7.2.5-lp150.2.19.1
php7-gmp-7.2.5-lp150.2.19.1
php7-gmp-debuginfo-7.2.5-lp150.2.19.1
php7-iconv-7.2.5-lp150.2.19.1
php7-iconv-debuginfo-7.2.5-lp150.2.19.1
php7-intl-7.2.5-lp150.2.19.1
php7-intl-debuginfo-7.2.5-lp150.2.19.1
php7-json-7.2.5-lp150.2.19.1
php7-json-debuginfo-7.2.5-lp150.2.19.1
php7-ldap-7.2.5-lp150.2.19.1
php7-ldap-debuginfo-7.2.5-lp150.2.19.1
php7-mbstring-7.2.5-lp150.2.19.1
php7-mbstring-debuginfo-7.2.5-lp150.2.19.1
php7-mysql-7.2.5-lp150.2.19.1
php7-mysql-debuginfo-7.2.5-lp150.2.19.1
php7-odbc-7.2.5-lp150.2.19.1
php7-odbc-debuginfo-7.2.5-lp150.2.19.1
php7-opcache-7.2.5-lp150.2.19.1
php7-opcache-debuginfo-7.2.5-lp150.2.19.1
php7-openssl-7.2.5-lp150.2.19.1
php7-openssl-debuginfo-7.2.5-lp150.2.19.1
php7-pcntl-7.2.5-lp150.2.19.1
php7-pcntl-debuginfo-7.2.5-lp150.2.19.1
php7-pdo-7.2.5-lp150.2.19.1
php7-pdo-debuginfo-7.2.5-lp150.2.19.1
php7-pgsql-7.2.5-lp150.2.19.1
php7-pgsql-debuginfo-7.2.5-lp150.2.19.1
php7-phar-7.2.5-lp150.2.19.1
php7-phar-debuginfo-7.2.5-lp150.2.19.1
php7-posix-7.2.5-lp150.2.19.1
php7-posix-debuginfo-7.2.5-lp150.2.19.1
php7-readline-7.2.5-lp150.2.19.1
php7-readline-debuginfo-7.2.5-lp150.2.19.1
php7-shmop-7.2.5-lp150.2.19.1
php7-shmop-debuginfo-7.2.5-lp150.2.19.1
php7-snmp-7.2.5-lp150.2.19.1
php7-snmp-debuginfo-7.2.5-lp150.2.19.1
php7-soap-7.2.5-lp150.2.19.1
php7-soap-debuginfo-7.2.5-lp150.2.19.1
php7-sockets-7.2.5-lp150.2.19.1
php7-sockets-debuginfo-7.2.5-lp150.2.19.1
php7-sodium-7.2.5-lp150.2.19.1
php7-sodium-debuginfo-7.2.5-lp150.2.19.1
php7-sqlite-7.2.5-lp150.2.19.1
php7-sqlite-debuginfo-7.2.5-lp150.2.19.1
php7-sysvmsg-7.2.5-lp150.2.19.1
php7-sysvmsg-debuginfo-7.2.5-lp150.2.19.1
php7-sysvsem-7.2.5-lp150.2.19.1
php7-sysvsem-debuginfo-7.2.5-lp150.2.19.1
php7-sysvshm-7.2.5-lp150.2.19.1
php7-sysvshm-debuginfo-7.2.5-lp150.2.19.1
php7-testresults-7.2.5-lp150.2.19.1
php7-tidy-7.2.5-lp150.2.19.1
php7-tidy-debuginfo-7.2.5-lp150.2.19.1
php7-tokenizer-7.2.5-lp150.2.19.1
php7-tokenizer-debuginfo-7.2.5-lp150.2.19.1
php7-wddx-7.2.5-lp150.2.19.1
php7-wddx-debuginfo-7.2.5-lp150.2.19.1
php7-xmlreader-7.2.5-lp150.2.19.1
php7-xmlreader-debuginfo-7.2.5-lp150.2.19.1
php7-xmlrpc-7.2.5-lp150.2.19.1
php7-xmlrpc-debuginfo-7.2.5-lp150.2.19.1
php7-xmlwriter-7.2.5-lp150.2.19.1
php7-xmlwriter-debuginfo-7.2.5-lp150.2.19.1
php7-xsl-7.2.5-lp150.2.19.1
php7-xsl-debuginfo-7.2.5-lp150.2.19.1
php7-zip-7.2.5-lp150.2.19.1
php7-zip-debuginfo-7.2.5-lp150.2.19.1
php7-zlib-7.2.5-lp150.2.19.1
php7-zlib-debuginfo-7.2.5-lp150.2.19.1

- openSUSE Leap 15.0 (noarch):

php7-pear-7.2.5-lp150.2.19.1
php7-pear-Archive_Tar-7.2.5-lp150.2.19.1


References:

https://www.suse.com/security/cve/CVE-2018-19935.html
https://www.suse.com/security/cve/CVE-2018-20783.html
https://www.suse.com/security/cve/CVE-2019-11034.html
https://www.suse.com/security/cve/CVE-2019-11035.html
https://www.suse.com/security/cve/CVE-2019-11036.html
https://www.suse.com/security/cve/CVE-2019-9020.html
https://www.suse.com/security/cve/CVE-2019-9021.html
https://www.suse.com/security/cve/CVE-2019-9022.html
https://www.suse.com/security/cve/CVE-2019-9023.html
https://www.suse.com/security/cve/CVE-2019-9024.html
https://www.suse.com/security/cve/CVE-2019-9637.html
https://www.suse.com/security/cve/CVE-2019-9638.html
https://www.suse.com/security/cve/CVE-2019-9639.html
https://www.suse.com/security/cve/CVE-2019-9640.html
https://www.suse.com/security/cve/CVE-2019-9641.html
https://www.suse.com/security/cve/CVE-2019-9675.html
https://bugzilla.suse.com/1118832
https://bugzilla.suse.com/1119396
https://bugzilla.suse.com/1126711
https://bugzilla.suse.com/1126713
https://bugzilla.suse.com/1126821
https://bugzilla.suse.com/1126823
https://bugzilla.suse.com/1126827
https://bugzilla.suse.com/1127122
https://bugzilla.suse.com/1128722
https://bugzilla.suse.com/1128883
https://bugzilla.suse.com/1128886
https://bugzilla.suse.com/1128887
https://bugzilla.suse.com/1128889
https://bugzilla.suse.com/1128892
https://bugzilla.suse.com/1129032
https://bugzilla.suse.com/1132837
https://bugzilla.suse.com/1132838
https://bugzilla.suse.com/1134322

--


openSUSE-SU-2019:1575-1: moderate: Security update for libcroco

openSUSE Security Update: Security update for libcroco
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1575-1
Rating: moderate
References: #1034481 #1034482 #1043898 #1043899
Cross-References: CVE-2017-7960 CVE-2017-7961 CVE-2017-8834
CVE-2017-8871
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for libcroco fixes the following issues:

Security issues fixed:

- CVE-2017-7960: Fixed heap overflow (input: check end of input before
reading a byte) (bsc#1034481).
- CVE-2017-7961: Fixed undefined behavior (tknzr: support only max long
rgb values) (bsc#1034482).
- CVE-2017-8834: Fixed denial of service (memory allocation error) via a
crafted CSS file (bsc#1043898).
- CVE-2017-8871: Fixed denial of service (infinite loop and CPU
consumption) via a crafted CSS file (bsc#1043899).

This update was imported from the SUSE:SLE-12-SP2:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1575=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

libcroco-0.6.11-5.3.1
libcroco-0_6-3-0.6.11-5.3.1
libcroco-0_6-3-debuginfo-0.6.11-5.3.1
libcroco-debuginfo-0.6.11-5.3.1
libcroco-debugsource-0.6.11-5.3.1
libcroco-devel-0.6.11-5.3.1

- openSUSE Leap 42.3 (x86_64):

libcroco-0_6-3-32bit-0.6.11-5.3.1
libcroco-0_6-3-debuginfo-32bit-0.6.11-5.3.1


References:

https://www.suse.com/security/cve/CVE-2017-7960.html
https://www.suse.com/security/cve/CVE-2017-7961.html
https://www.suse.com/security/cve/CVE-2017-8834.html
https://www.suse.com/security/cve/CVE-2017-8871.html
https://bugzilla.suse.com/1034481
https://bugzilla.suse.com/1034482
https://bugzilla.suse.com/1043898
https://bugzilla.suse.com/1043899

--


openSUSE-SU-2019:1576-1: moderate: Security update for sssd

openSUSE Security Update: Security update for sssd
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1576-1
Rating: moderate
References: #1124194 #1132879
Cross-References: CVE-2018-16838
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves one vulnerability and has one errata
is now available.

Description:

This update for sssd fixes the following issues:

Security issue fixed:

- CVE-2018-16838: Fixed an authentication bypass related to the Group
Policy Objects implementation (bsc#1124194).

Non-security issue fixed:

- Create directory to download and cache GPOs (bsc#1132879)

This update was imported from the SUSE:SLE-12-SP2:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1576=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

libipa_hbac-devel-1.13.4-21.1
libipa_hbac0-1.13.4-21.1
libipa_hbac0-debuginfo-1.13.4-21.1
libsss_idmap-devel-1.13.4-21.1
libsss_idmap0-1.13.4-21.1
libsss_idmap0-debuginfo-1.13.4-21.1
libsss_nss_idmap-devel-1.13.4-21.1
libsss_nss_idmap0-1.13.4-21.1
libsss_nss_idmap0-debuginfo-1.13.4-21.1
libsss_sudo-1.13.4-21.1
libsss_sudo-debuginfo-1.13.4-21.1
python-ipa_hbac-1.13.4-21.1
python-ipa_hbac-debuginfo-1.13.4-21.1
python-sss_nss_idmap-1.13.4-21.1
python-sss_nss_idmap-debuginfo-1.13.4-21.1
python-sssd-config-1.13.4-21.1
python-sssd-config-debuginfo-1.13.4-21.1
sssd-1.13.4-21.1
sssd-ad-1.13.4-21.1
sssd-ad-debuginfo-1.13.4-21.1
sssd-debuginfo-1.13.4-21.1
sssd-debugsource-1.13.4-21.1
sssd-ipa-1.13.4-21.1
sssd-ipa-debuginfo-1.13.4-21.1
sssd-krb5-1.13.4-21.1
sssd-krb5-common-1.13.4-21.1
sssd-krb5-common-debuginfo-1.13.4-21.1
sssd-krb5-debuginfo-1.13.4-21.1
sssd-ldap-1.13.4-21.1
sssd-ldap-debuginfo-1.13.4-21.1
sssd-proxy-1.13.4-21.1
sssd-proxy-debuginfo-1.13.4-21.1
sssd-tools-1.13.4-21.1
sssd-tools-debuginfo-1.13.4-21.1

- openSUSE Leap 42.3 (x86_64):

sssd-32bit-1.13.4-21.1
sssd-debuginfo-32bit-1.13.4-21.1


References:

https://www.suse.com/security/cve/CVE-2018-16838.html
https://bugzilla.suse.com/1124194
https://bugzilla.suse.com/1132879

--


openSUSE-SU-2019:1577-1: important: Security update for MozillaThunderbird

openSUSE Security Update: Security update for MozillaThunderbird
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1577-1
Rating: important
References: #1137595
Cross-References: CVE-2019-11703 CVE-2019-11704 CVE-2019-11705
CVE-2019-11706
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for MozillaThunderbird fixes the following issues:

Mozilla Thunderbird was updated to 60.7.1:

Security issues fixed with MFSA 2019-17 (boo#1137595)

- CVE-2019-11703: Fixed a heap-based buffer overflow in
icalmemorystrdupanddequote() (bsc#1137595).
- CVE-2019-11704: Fixed a heap-based buffer overflow in
parser_get_next_char() (bsc#1137595).
- CVE-2019-11705: Fixed a stack-based buffer overflow in
icalrecur_add_bydayrules() (bsc#1137595).
- CVE-2019-11706: Fixed a type confusion in
icaltimezone_get_vtimezone_properties() (bsc#1137595).

Also fixed:
- No prompt for smartcard PIN when S/MIME signing is used


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1577=1



Package List:

- openSUSE Leap 42.3 (x86_64):

MozillaThunderbird-60.7.1-95.1
MozillaThunderbird-buildsymbols-60.7.1-95.1
MozillaThunderbird-debuginfo-60.7.1-95.1
MozillaThunderbird-debugsource-60.7.1-95.1
MozillaThunderbird-translations-common-60.7.1-95.1
MozillaThunderbird-translations-other-60.7.1-95.1


References:

https://www.suse.com/security/cve/CVE-2019-11703.html
https://www.suse.com/security/cve/CVE-2019-11704.html
https://www.suse.com/security/cve/CVE-2019-11705.html
https://www.suse.com/security/cve/CVE-2019-11706.html
https://bugzilla.suse.com/1137595

--


openSUSE-SU-2019:1578-1: moderate: Security update for postgresql10

openSUSE Security Update: Security update for postgresql10
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1578-1
Rating: moderate
References: #1134689
Cross-References: CVE-2019-10130
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for postgresql10 fixes the following issues:

Security issue fixed:

- CVE-2019-10130: Prevent row-level security policies from being bypassed
via selectivity estimators (bsc#1134689).

Bug fixes:

- For a complete list of fixes check the release notes.
* https://www.postgresql.org/docs/10/release-10-8.html
* https://www.postgresql.org/docs/10/release-10-7.html

This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1578=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

libecpg6-10.8-8.1
libecpg6-debuginfo-10.8-8.1
libpq5-10.8-8.1
libpq5-debuginfo-10.8-8.1
postgresql10-10.8-8.1
postgresql10-contrib-10.8-8.1
postgresql10-contrib-debuginfo-10.8-8.1
postgresql10-debuginfo-10.8-8.1
postgresql10-debugsource-10.8-8.1
postgresql10-devel-10.8-8.1
postgresql10-devel-debuginfo-10.8-8.1
postgresql10-libs-debugsource-10.8-8.1
postgresql10-plperl-10.8-8.1
postgresql10-plperl-debuginfo-10.8-8.1
postgresql10-plpython-10.8-8.1
postgresql10-plpython-debuginfo-10.8-8.1
postgresql10-pltcl-10.8-8.1
postgresql10-pltcl-debuginfo-10.8-8.1
postgresql10-server-10.8-8.1
postgresql10-server-debuginfo-10.8-8.1
postgresql10-test-10.8-8.1

- openSUSE Leap 42.3 (noarch):

postgresql10-docs-10.8-8.1

- openSUSE Leap 42.3 (x86_64):

libecpg6-32bit-10.8-8.1
libecpg6-debuginfo-32bit-10.8-8.1
libpq5-32bit-10.8-8.1
libpq5-debuginfo-32bit-10.8-8.1


References:

https://www.suse.com/security/cve/CVE-2019-10130.html
https://bugzilla.suse.com/1134689

--


openSUSE-SU-2019:1579-1: important: Security update for the Linux Kernel

openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1579-1
Rating: important
References: #1012382 #1050242 #1051510 #1053043 #1056787
#1058115 #1061840 #1063638 #1064802 #1065600
#1065729 #1066129 #1068546 #1071995 #1075020
#1082387 #1083647 #1085535 #1099658 #1103992
#1104353 #1104427 #1106284 #1108838 #1111696
#1113722 #1114427 #1115688 #1117158 #1117561
#1118139 #1120091 #1120423 #1120566 #1120843
#1120902 #1123454 #1123663 #1124503 #1126356
#1127616 #1128052 #1128432 #1128904 #1129693
#1129770 #1130699 #1131565 #1131673 #1133190
#1133320 #1133612 #1133616 #1134597 #1134671
#1134806 #1134936 #1135056 #1135120 #1135278
#1135281 #1135309 #1135312 #1135314 #1135315
#1135316 #1135320 #1135323 #1135330 #1135492
#1135542 #1135556 #1135603 #1135642 #1135661
#1135758 #1136206 #1136424 #1136428 #1136430
#1136432 #1136434 #1136435 #1136438 #1136439
#1136477 #1136478 #1136573 #1136586 #1136598
#1136881 #1136922 #1136935 #1136990 #1137151
#1137152 #1137153 #1137162 #1137372 #1137429
#1137444 #1137586 #1137739 #1137752 #1137995
#1137996 #1137998 #1137999 #1138000 #1138002
#1138003 #1138005 #1138006 #1138007 #1138008
#1138009 #1138010 #1138011 #1138012 #1138013
#1138014 #1138015 #1138016 #1138017 #1138018
#1138019 #1138291 #1138293 #1138374 #1138375

Cross-References: CVE-2018-7191 CVE-2019-10124 CVE-2019-11085
CVE-2019-11477 CVE-2019-11478 CVE-2019-11479
CVE-2019-11487 CVE-2019-11833 CVE-2019-12380
CVE-2019-12382 CVE-2019-12456 CVE-2019-12818
CVE-2019-12819 CVE-2019-3846 CVE-2019-5489

Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves 15 vulnerabilities and has 115 fixes
is now available.

Description:



The openSUSE Leap 15.0 kernel was updated to receive various security and
bugfixes.

The following security bugs were fixed:

- CVE-2019-11477: A sequence of SACKs may have been crafted by a remote
attacker such that one can trigger an integer overflow, leading to a
kernel panic. (bsc#1137586).
- CVE-2019-11478: It was possible to send a crafted sequence of SACKs
which would fragment the TCP retransmission queue. A remote attacker may
have been able to further exploit the fragmented queue to cause an
expensive linked-list walk for subsequent SACKs received for that same
TCP connection. (bsc#1137586)
- CVE-2019-11479: It was possible to send a crafted sequence of SACKs
which would fragment the RACK send map. A remote attacker may be able to
further exploit the fragmented send map to cause an expensive
linked-list walk for subsequent SACKs received for that same TCP
connection. This would have resulted in excess resource consumption due
to low mss values. (bsc#1137586)
- CVE-2019-12819: The function __mdiobus_register() in
drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a
fixed_mdio_bus_init use-after-free. This will cause a denial of service
(bnc#1138291).
- CVE-2019-12818: The nfc_llcp_build_tlv function in
net/nfc/llcp_commands.c may return NULL. If the caller did not check for
this, it will trigger a NULL pointer dereference. This will cause denial
of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c
(bnc#1138293).
- CVE-2019-12456: local users could cause a denial of service or possibly
have unspecified other impact by changing the value of ioc_number
between two kernel reads of that value, aka a "double fetch"
vulnerability. (bnc#1136922)
- CVE-2019-12380: phys_efi_set_virtual_address_map in
arch/x86/platform/efi/efi.c and efi_call_phys_prolog in
arch/x86/platform/efi/efi_64.c mishandle memory allocation failures
(bnc#1136598).
- CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and
possibly escalate privileges was found in the mwifiex kernel module
while connecting to a malicious wireless network (bnc#1136424).
- CVE-2019-10124: An attacker could exploit an issue in the hwpoison
implementation to cause a denial of service (BUG). (bsc#1130699)
- CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in
drivers/gpu/drm/drm_edid_load.c. There was an unchecked kstrdup of
fwstr, which might allow an attacker to cause a denial of service (NULL
pointer dereference and system crash) (bnc#1136586).
- CVE-2019-11487: The Linux kernel before 5.1-rc5 allowed page->_refcount
reference count overflow, with resultant use-after-free issues, if about
140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c,
fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h,
kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE
requests (bnc#1133190).
- CVE-2019-5489: The mincore() implementation in mm/mincore.c allowed
local attackers to observe page cache access patterns of other processes
on the same system, potentially allowing sniffing of secret information.
(Fixing this affects the output of the fincore program.) Limited remote
exploitation may be possible, as demonstrated by latency differences in
accessing public files from an Apache HTTP Server (bnc#1120843).
- CVE-2019-11833: fs/ext4/extents.c did not zero out the unused memory
region in the extent tree block, which might allow local users to obtain
sensitive information by reading uninitialized data in the filesystem
(bnc#1135281).
- CVE-2018-7191: In the tun subsystem dev_get_valid_name is not called
before register_netdevice. This allowed local users to cause a denial of
service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF)
call with a dev name containing a / character. This is similar to
CVE-2013-4343 (bnc#1135603).
- CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in
Intel(R) i915 Graphics may have allowed an authenticated user to
potentially enable escalation of privilege via local access
(bnc#1135278).


Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1579=1



Package List:

- openSUSE Leap 15.0 (noarch):

kernel-devel-4.12.14-lp150.12.64.1
kernel-docs-4.12.14-lp150.12.64.1
kernel-docs-html-4.12.14-lp150.12.64.1
kernel-macros-4.12.14-lp150.12.64.1
kernel-source-4.12.14-lp150.12.64.1
kernel-source-vanilla-4.12.14-lp150.12.64.1

- openSUSE Leap 15.0 (x86_64):

kernel-debug-4.12.14-lp150.12.64.1
kernel-debug-base-4.12.14-lp150.12.64.1
kernel-debug-base-debuginfo-4.12.14-lp150.12.64.1
kernel-debug-debuginfo-4.12.14-lp150.12.64.1
kernel-debug-debugsource-4.12.14-lp150.12.64.1
kernel-debug-devel-4.12.14-lp150.12.64.1
kernel-debug-devel-debuginfo-4.12.14-lp150.12.64.1
kernel-default-4.12.14-lp150.12.64.1
kernel-default-base-4.12.14-lp150.12.64.1
kernel-default-base-debuginfo-4.12.14-lp150.12.64.1
kernel-default-debuginfo-4.12.14-lp150.12.64.1
kernel-default-debugsource-4.12.14-lp150.12.64.1
kernel-default-devel-4.12.14-lp150.12.64.1
kernel-default-devel-debuginfo-4.12.14-lp150.12.64.1
kernel-kvmsmall-4.12.14-lp150.12.64.1
kernel-kvmsmall-base-4.12.14-lp150.12.64.1
kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.64.1
kernel-kvmsmall-debuginfo-4.12.14-lp150.12.64.1
kernel-kvmsmall-debugsource-4.12.14-lp150.12.64.1
kernel-kvmsmall-devel-4.12.14-lp150.12.64.1
kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.64.1
kernel-obs-build-4.12.14-lp150.12.64.1
kernel-obs-build-debugsource-4.12.14-lp150.12.64.1
kernel-obs-qa-4.12.14-lp150.12.64.1
kernel-syms-4.12.14-lp150.12.64.1
kernel-vanilla-4.12.14-lp150.12.64.1
kernel-vanilla-base-4.12.14-lp150.12.64.1
kernel-vanilla-base-debuginfo-4.12.14-lp150.12.64.1
kernel-vanilla-debuginfo-4.12.14-lp150.12.64.1
kernel-vanilla-debugsource-4.12.14-lp150.12.64.1
kernel-vanilla-devel-4.12.14-lp150.12.64.1
kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.64.1


References:

https://www.suse.com/security/cve/CVE-2018-7191.html
https://www.suse.com/security/cve/CVE-2019-10124.html
https://www.suse.com/security/cve/CVE-2019-11085.html
https://www.suse.com/security/cve/CVE-2019-11477.html
https://www.suse.com/security/cve/CVE-2019-11478.html
https://www.suse.com/security/cve/CVE-2019-11479.html
https://www.suse.com/security/cve/CVE-2019-11487.html
https://www.suse.com/security/cve/CVE-2019-11833.html
https://www.suse.com/security/cve/CVE-2019-12380.html
https://www.suse.com/security/cve/CVE-2019-12382.html
https://www.suse.com/security/cve/CVE-2019-12456.html
https://www.suse.com/security/cve/CVE-2019-12818.html
https://www.suse.com/security/cve/CVE-2019-12819.html
https://www.suse.com/security/cve/CVE-2019-3846.html
https://www.suse.com/security/cve/CVE-2019-5489.html
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1050242
https://bugzilla.suse.com/1051510
https://bugzilla.suse.com/1053043
https://bugzilla.suse.com/1056787
https://bugzilla.suse.com/1058115
https://bugzilla.suse.com/1061840
https://bugzilla.suse.com/1063638
https://bugzilla.suse.com/1064802
https://bugzilla.suse.com/1065600
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1066129
https://bugzilla.suse.com/1068546
https://bugzilla.suse.com/1071995
https://bugzilla.suse.com/1075020
https://bugzilla.suse.com/1082387
https://bugzilla.suse.com/1083647
https://bugzilla.suse.com/1085535
https://bugzilla.suse.com/1099658
https://bugzilla.suse.com/1103992
https://bugzilla.suse.com/1104353
https://bugzilla.suse.com/1104427
https://bugzilla.suse.com/1106284
https://bugzilla.suse.com/1108838
https://bugzilla.suse.com/1111696
https://bugzilla.suse.com/1113722
https://bugzilla.suse.com/1114427
https://bugzilla.suse.com/1115688
https://bugzilla.suse.com/1117158
https://bugzilla.suse.com/1117561
https://bugzilla.suse.com/1118139
https://bugzilla.suse.com/1120091
https://bugzilla.suse.com/1120423
https://bugzilla.suse.com/1120566
https://bugzilla.suse.com/1120843
https://bugzilla.suse.com/1120902
https://bugzilla.suse.com/1123454
https://bugzilla.suse.com/1123663
https://bugzilla.suse.com/1124503
https://bugzilla.suse.com/1126356
https://bugzilla.suse.com/1127616
https://bugzilla.suse.com/1128052
https://bugzilla.suse.com/1128432
https://bugzilla.suse.com/1128904
https://bugzilla.suse.com/1129693
https://bugzilla.suse.com/1129770
https://bugzilla.suse.com/1130699
https://bugzilla.suse.com/1131565
https://bugzilla.suse.com/1131673
https://bugzilla.suse.com/1133190
https://bugzilla.suse.com/1133320
https://bugzilla.suse.com/1133612
https://bugzilla.suse.com/1133616
https://bugzilla.suse.com/1134597
https://bugzilla.suse.com/1134671
https://bugzilla.suse.com/1134806
https://bugzilla.suse.com/1134936
https://bugzilla.suse.com/1135056
https://bugzilla.suse.com/1135120
https://bugzilla.suse.com/1135278
https://bugzilla.suse.com/1135281
https://bugzilla.suse.com/1135309
https://bugzilla.suse.com/1135312
https://bugzilla.suse.com/1135314
https://bugzilla.suse.com/1135315
https://bugzilla.suse.com/1135316
https://bugzilla.suse.com/1135320
https://bugzilla.suse.com/1135323
https://bugzilla.suse.com/1135330
https://bugzilla.suse.com/1135492
https://bugzilla.suse.com/1135542
https://bugzilla.suse.com/1135556
https://bugzilla.suse.com/1135603
https://bugzilla.suse.com/1135642
https://bugzilla.suse.com/1135661
https://bugzilla.suse.com/1135758
https://bugzilla.suse.com/1136206
https://bugzilla.suse.com/1136424
https://bugzilla.suse.com/1136428
https://bugzilla.suse.com/1136430
https://bugzilla.suse.com/1136432
https://bugzilla.suse.com/1136434
https://bugzilla.suse.com/1136435
https://bugzilla.suse.com/1136438
https://bugzilla.suse.com/1136439
https://bugzilla.suse.com/1136477
https://bugzilla.suse.com/1136478
https://bugzilla.suse.com/1136573
https://bugzilla.suse.com/1136586
https://bugzilla.suse.com/1136598
https://bugzilla.suse.com/1136881
https://bugzilla.suse.com/1136922
https://bugzilla.suse.com/1136935
https://bugzilla.suse.com/1136990
https://bugzilla.suse.com/1137151
https://bugzilla.suse.com/1137152
https://bugzilla.suse.com/1137153
https://bugzilla.suse.com/1137162
https://bugzilla.suse.com/1137372
https://bugzilla.suse.com/1137429
https://bugzilla.suse.com/1137444
https://bugzilla.suse.com/1137586
https://bugzilla.suse.com/1137739
https://bugzilla.suse.com/1137752
https://bugzilla.suse.com/1137995
https://bugzilla.suse.com/1137996
https://bugzilla.suse.com/1137998
https://bugzilla.suse.com/1137999
https://bugzilla.suse.com/1138000
https://bugzilla.suse.com/1138002
https://bugzilla.suse.com/1138003
https://bugzilla.suse.com/1138005
https://bugzilla.suse.com/1138006
https://bugzilla.suse.com/1138007
https://bugzilla.suse.com/1138008
https://bugzilla.suse.com/1138009
https://bugzilla.suse.com/1138010
https://bugzilla.suse.com/1138011
https://bugzilla.suse.com/1138012
https://bugzilla.suse.com/1138013
https://bugzilla.suse.com/1138014
https://bugzilla.suse.com/1138015
https://bugzilla.suse.com/1138016
https://bugzilla.suse.com/1138017
https://bugzilla.suse.com/1138018
https://bugzilla.suse.com/1138019
https://bugzilla.suse.com/1138291
https://bugzilla.suse.com/1138293
https://bugzilla.suse.com/1138374
https://bugzilla.suse.com/1138375

--


openSUSE-SU-2019:1580-1: important: Security update for python

openSUSE Security Update: Security update for python
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1580-1
Rating: important
References: #1129346 #1130847
Cross-References: CVE-2019-9636 CVE-2019-9948
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for python fixes the following issues:

Security issues fixed:

- CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the
'local-file:' scheme instead (bsc#1130847).
- CVE-2019-9636: Fixed an information disclosure because of incorrect
handling of Unicode encoding during NFKC normalization (bsc#1129346).

This update was imported from the SUSE:SLE-12-SP1:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1580=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

libpython2_7-1_0-2.7.13-27.15.1
libpython2_7-1_0-debuginfo-2.7.13-27.15.1
python-2.7.13-27.15.1
python-base-2.7.13-27.15.1
python-base-debuginfo-2.7.13-27.15.1
python-base-debugsource-2.7.13-27.15.1
python-curses-2.7.13-27.15.1
python-curses-debuginfo-2.7.13-27.15.1
python-debuginfo-2.7.13-27.15.1
python-debugsource-2.7.13-27.15.1
python-demo-2.7.13-27.15.1
python-devel-2.7.13-27.15.1
python-gdbm-2.7.13-27.15.1
python-gdbm-debuginfo-2.7.13-27.15.1
python-idle-2.7.13-27.15.1
python-tk-2.7.13-27.15.1
python-tk-debuginfo-2.7.13-27.15.1
python-xml-2.7.13-27.15.1
python-xml-debuginfo-2.7.13-27.15.1

- openSUSE Leap 42.3 (x86_64):

libpython2_7-1_0-32bit-2.7.13-27.15.1
libpython2_7-1_0-debuginfo-32bit-2.7.13-27.15.1
python-32bit-2.7.13-27.15.1
python-base-32bit-2.7.13-27.15.1
python-base-debuginfo-32bit-2.7.13-27.15.1
python-debuginfo-32bit-2.7.13-27.15.1

- openSUSE Leap 42.3 (noarch):

python-doc-2.7.13-27.15.1
python-doc-pdf-2.7.13-27.15.1


References:

https://www.suse.com/security/cve/CVE-2019-9636.html
https://www.suse.com/security/cve/CVE-2019-9948.html
https://bugzilla.suse.com/1129346
https://bugzilla.suse.com/1130847

--


openSUSE-SU-2019:1582-1: moderate: Security update for gnome-shell

openSUSE Security Update: Security update for gnome-shell
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1582-1
Rating: moderate
References: #1124493
Cross-References: CVE-2019-3820
Affected Products:
openSUSE Leap 15.1
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for gnome-shell fixes the following issues:

Security issue fixed:

- CVE-2019-3820: Fixed a partial lock screen bypass (bsc#1124493).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1582=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1582=1



Package List:

- openSUSE Leap 15.1 (noarch):

gnome-shell-lang-3.26.2+20180130.0d9c74212-lp151.7.3.1

- openSUSE Leap 15.1 (x86_64):

gnome-shell-3.26.2+20180130.0d9c74212-lp151.7.3.1
gnome-shell-browser-plugin-3.26.2+20180130.0d9c74212-lp151.7.3.1
gnome-shell-browser-plugin-debuginfo-3.26.2+20180130.0d9c74212-lp151.7.3.1
gnome-shell-calendar-3.26.2+20180130.0d9c74212-lp151.7.3.1
gnome-shell-calendar-debuginfo-3.26.2+20180130.0d9c74212-lp151.7.3.1
gnome-shell-debuginfo-3.26.2+20180130.0d9c74212-lp151.7.3.1
gnome-shell-debugsource-3.26.2+20180130.0d9c74212-lp151.7.3.1
gnome-shell-devel-3.26.2+20180130.0d9c74212-lp151.7.3.1

- openSUSE Leap 15.0 (noarch):

gnome-shell-lang-3.26.2+20180130.0d9c74212-lp150.3.16.1

- openSUSE Leap 15.0 (x86_64):

gnome-shell-3.26.2+20180130.0d9c74212-lp150.3.16.1
gnome-shell-browser-plugin-3.26.2+20180130.0d9c74212-lp150.3.16.1
gnome-shell-browser-plugin-debuginfo-3.26.2+20180130.0d9c74212-lp150.3.16.1
gnome-shell-calendar-3.26.2+20180130.0d9c74212-lp150.3.16.1
gnome-shell-calendar-debuginfo-3.26.2+20180130.0d9c74212-lp150.3.16.1
gnome-shell-debuginfo-3.26.2+20180130.0d9c74212-lp150.3.16.1
gnome-shell-debugsource-3.26.2+20180130.0d9c74212-lp150.3.16.1
gnome-shell-devel-3.26.2+20180130.0d9c74212-lp150.3.16.1


References:

https://www.suse.com/security/cve/CVE-2019-3820.html
https://bugzilla.suse.com/1124493

--


openSUSE-SU-2019:1583-1: important: Security update for MozillaThunderbird

openSUSE Security Update: Security update for MozillaThunderbird
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1583-1
Rating: important
References: #1137595
Cross-References: CVE-2019-11703 CVE-2019-11704 CVE-2019-11705
CVE-2019-11706
Affected Products:
openSUSE Leap 15.1
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for MozillaThunderbird fixes the following security issues:

- CVE-2019-11703: Fixed a heap-based buffer overflow in
icalmemorystrdupanddequote() (bsc#1137595).
- CVE-2019-11704: Fixed a heap-based buffer overflow in
parser_get_next_char() (bsc#1137595).
- CVE-2019-11705: Fixed a stack-based buffer overflow in
icalrecur_add_bydayrules() (bsc#1137595).
- CVE-2019-11706: Fixed a type confusion in
icaltimezone_get_vtimezone_properties() (bsc#1137595).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1583=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1583=1



Package List:

- openSUSE Leap 15.1 (x86_64):

MozillaThunderbird-60.7.0-lp151.2.4.1
MozillaThunderbird-buildsymbols-60.7.0-lp151.2.4.1
MozillaThunderbird-debuginfo-60.7.0-lp151.2.4.1
MozillaThunderbird-debugsource-60.7.0-lp151.2.4.1
MozillaThunderbird-translations-common-60.7.0-lp151.2.4.1
MozillaThunderbird-translations-other-60.7.0-lp151.2.4.1

- openSUSE Leap 15.0 (x86_64):

MozillaThunderbird-60.7.0-lp150.3.41.1
MozillaThunderbird-buildsymbols-60.7.0-lp150.3.41.1
MozillaThunderbird-debuginfo-60.7.0-lp150.3.41.1
MozillaThunderbird-debugsource-60.7.0-lp150.3.41.1
MozillaThunderbird-translations-common-60.7.0-lp150.3.41.1
MozillaThunderbird-translations-other-60.7.0-lp150.3.41.1


References:

https://www.suse.com/security/cve/CVE-2019-11703.html
https://www.suse.com/security/cve/CVE-2019-11704.html
https://www.suse.com/security/cve/CVE-2019-11705.html
https://www.suse.com/security/cve/CVE-2019-11706.html
https://bugzilla.suse.com/1137595

--