SUSE 5181 Published by

The following updates has been released for openSUSE:

openSUSE-SU-2019:1791-1: moderate: Security update for libsass
openSUSE-SU-2019:1792-1: moderate: Security update for libgcrypt
openSUSE-SU-2019:1793-1: moderate: Security update for teeworlds
openSUSE-SU-2019:1794-1: moderate: Security update for mumble
openSUSE-SU-2019:1795-1: moderate: Security update for ImageMagick
openSUSE-SU-2019:1796-1: important: Security update for neovim
openSUSE-SU-2019:1797-1: moderate: Security update for live555



openSUSE-SU-2019:1791-1: moderate: Security update for libsass

openSUSE Security Update: Security update for libsass
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1791-1
Rating: moderate
References: #1096894 #1118301 #1118346 #1118348 #1118349
#1118351 #1119789 #1121943 #1121944 #1121945
#1133200 #1133201
Cross-References: CVE-2018-11499 CVE-2018-19797 CVE-2018-19827
CVE-2018-19837 CVE-2018-19838 CVE-2018-19839
CVE-2018-20190 CVE-2018-20821 CVE-2018-20822
CVE-2019-6283 CVE-2019-6284 CVE-2019-6286

Affected Products:
openSUSE Leap 15.1
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes 12 vulnerabilities is now available.

Description:

This update for libsass to version 3.6.1 fixes the following issues:

Security issues fixed:

- CVE-2019-6283: Fixed heap-buffer-overflow in
Sass::Prelexer::parenthese_scope(char const*) (boo#1121943).
- CVE-2019-6284: Fixed heap-based buffer over-read exists in
Sass:Prelexer:alternatives (boo#1121944).
- CVE-2019-6286: Fixed heap-based buffer over-read exists in
Sass:Prelexer:skip_over_scopes (boo#1121945).
- CVE-2018-11499: Fixed use-after-free vulnerability in
sass_context.cpp:handle_error (boo#1096894).
- CVE-2018-19797: Disallowed parent selector in selector_fns arguments
(boo#1118301).
- CVE-2018-19827: Fixed use-after-free vulnerability exists in the
SharedPtr class (boo#1118346).
- CVE-2018-19837: Fixed stack overflow in Eval::operator() (boo#1118348).
- CVE-2018-19838: Fixed stack-overflow at IMPLEMENT_AST_OPERATORS
expansion (boo#1118349).
- CVE-2018-19839: Fixed buffer-overflow (OOB read) against some invalid
input (boo#1118351).
- CVE-2018-20190: Fixed Null pointer dereference in
Sass::Eval::operator()(Sass::Supports_Operator*) (boo#1119789).
- CVE-2018-20821: Fixed uncontrolled recursion in
Sass:Parser:parse_css_variable_value (boo#1133200).
- CVE-2018-20822: Fixed stack-overflow at Sass::Inspect::operator()
(boo#1133201).


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1791=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1791=1



Package List:

- openSUSE Leap 15.1 (x86_64):

libsass-3_6_1-1-3.6.1-lp151.3.3.1
libsass-3_6_1-1-debuginfo-3.6.1-lp151.3.3.1
libsass-debugsource-3.6.1-lp151.3.3.1
libsass-devel-3.6.1-lp151.3.3.1

- openSUSE Leap 15.0 (x86_64):

libsass-3_6_1-1-3.6.1-lp150.2.3.1
libsass-3_6_1-1-debuginfo-3.6.1-lp150.2.3.1
libsass-debugsource-3.6.1-lp150.2.3.1
libsass-devel-3.6.1-lp150.2.3.1


References:

https://www.suse.com/security/cve/CVE-2018-11499.html
https://www.suse.com/security/cve/CVE-2018-19797.html
https://www.suse.com/security/cve/CVE-2018-19827.html
https://www.suse.com/security/cve/CVE-2018-19837.html
https://www.suse.com/security/cve/CVE-2018-19838.html
https://www.suse.com/security/cve/CVE-2018-19839.html
https://www.suse.com/security/cve/CVE-2018-20190.html
https://www.suse.com/security/cve/CVE-2018-20821.html
https://www.suse.com/security/cve/CVE-2018-20822.html
https://www.suse.com/security/cve/CVE-2019-6283.html
https://www.suse.com/security/cve/CVE-2019-6284.html
https://www.suse.com/security/cve/CVE-2019-6286.html
https://bugzilla.suse.com/1096894
https://bugzilla.suse.com/1118301
https://bugzilla.suse.com/1118346
https://bugzilla.suse.com/1118348
https://bugzilla.suse.com/1118349
https://bugzilla.suse.com/1118351
https://bugzilla.suse.com/1119789
https://bugzilla.suse.com/1121943
https://bugzilla.suse.com/1121944
https://bugzilla.suse.com/1121945
https://bugzilla.suse.com/1133200
https://bugzilla.suse.com/1133201

--


openSUSE-SU-2019:1792-1: moderate: Security update for libgcrypt

openSUSE Security Update: Security update for libgcrypt
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1792-1
Rating: moderate
References: #1097073 #1125740 #1138939
Cross-References: CVE-2019-12904
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves one vulnerability and has two fixes
is now available.

Description:

This update for libgcrypt fixes the following issues:

Security issues fixed:

- CVE-2019-12904: The C implementation of AES is vulnerable to a
flush-and-reload side-channel attack because physical addresses are
available to other processes. (The C implementation is used on platforms
where an assembly-language implementation is unavailable.) (bsc#1138939)

Other bugfixes:

- Don't run full FIPS self-tests from constructor (bsc#1097073)
- Skip all the self-tests except for binary integrity when called from the
constructor (bsc#1097073)
- Enforce the minimal RSA keygen size in fips mode (bsc#1125740)
- avoid executing some tests twice.
- Fixed a race condition in initialization.
- Fixed env-script-interpreter in cavs_driver.pl
- Fixed redundant fips tests in some situations causing failure to boot in
fips mode. (bsc#1097073)

This helps during booting of the system in FIPS mode with insufficient
entropy.

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1792=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

libgcrypt-cavs-1.8.2-lp150.5.10.1
libgcrypt-cavs-debuginfo-1.8.2-lp150.5.10.1
libgcrypt-debugsource-1.8.2-lp150.5.10.1
libgcrypt-devel-1.8.2-lp150.5.10.1
libgcrypt-devel-debuginfo-1.8.2-lp150.5.10.1
libgcrypt20-1.8.2-lp150.5.10.1
libgcrypt20-debuginfo-1.8.2-lp150.5.10.1
libgcrypt20-hmac-1.8.2-lp150.5.10.1

- openSUSE Leap 15.0 (x86_64):

libgcrypt-devel-32bit-1.8.2-lp150.5.10.1
libgcrypt-devel-32bit-debuginfo-1.8.2-lp150.5.10.1
libgcrypt20-32bit-1.8.2-lp150.5.10.1
libgcrypt20-32bit-debuginfo-1.8.2-lp150.5.10.1
libgcrypt20-hmac-32bit-1.8.2-lp150.5.10.1


References:

https://www.suse.com/security/cve/CVE-2019-12904.html
https://bugzilla.suse.com/1097073
https://bugzilla.suse.com/1125740
https://bugzilla.suse.com/1138939

--


openSUSE-SU-2019:1793-1: moderate: Security update for teeworlds

openSUSE Security Update: Security update for teeworlds
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1793-1
Rating: moderate
References: #1112910 #1131729
Cross-References: CVE-2018-18541 CVE-2019-10877 CVE-2019-10878
CVE-2019-10879
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for teeworlds fixes the following issues:

- CVE-2019-10879: An integer overflow in CDataFileReader::Open() could
have lead to a buffer overflow and possibly remote code execution,
because size-related multiplications were mishandled. (boo#1131729)
- CVE-2019-10878: A failed bounds check in CDataFileReader::GetData() and
CDataFileReader::ReplaceData() and related functions could have lead to
an arbitrary free and out-of-bounds pointer write, possibly resulting in
remote code execution.
- CVE-2019-10877: An integer overflow in CMap::Load() could have lead to a
buffer overflow, because multiplication of width and height were
mishandled.
- CVE-2018-18541: Connection packets could have been forged. There was no
challenge-response involved in the connection build up. A remote
attacker could have sent connection packets from a spoofed IP address
and occupy all server slots, or even use them for a reflection attack
using map download packets. (boo#1112910)

- Update to version 0.7.3.1
* Colorful gametype and level icons in the browser instead of grayscale.
* Add an option to use raw mouse inputs, revert to (0.6) relative mode
by default.
* Demo list marker indicator.
* Restore ingame Player and Tee menus, add a warning that a reconnect is
needed.
* Emotes can now be cancelled by releasing the mouse in the middle of
the circle.
* Improve add friend text.
* Add a confirmation for removing a filter
* Add a "click a player to follow" hint
* Also hint players which key they should press to set themselves ready.
* fixed using correct array measurements when placing egg doodads
* fixed demo recorder downloaded maps using the sha256 hash
* show correct game release version in the start menu and console
* Fix platform-specific client libraries for Linux
* advanced scoreboard with game statistics
* joystick support (experimental!)
* copy paste (one-way)
* bot cosmetics (a visual difference between players and NPCs)
* chat commands (type / in chat)
* players can change skin without leaving the server (again)
* live automapper and complete rules for 0.7 tilesets
* audio toggling HUD
* an Easter surprise...
* new gametypes: "last man standing" (LMS) and "last team standing"
(LTS). survive by your own or as a team with limited weaponry
* 64 players support. official gametypes are still restricted to 16
players maximum but allow more spectators
* new skin system. build your own skins based on a variety of provided
parts
* enhanced security. all communications require a handshake and use a
token to counter spoofing and reflection attacks
* new maps: ctf8, dm3, lms1. Click to discover them!
* animated background menu map: jungle, heavens (day/night themes,
customisable in the map editor)
* new design for the menus: added start menus, reworked server browser,
settings
* customisable gametype icons (browser). make your own!
* chat overhaul, whispers (private messages)
* composed binds (ctrl+, shift+, alt+)
* scoreboard remodelled, now shows kills/deaths
* demo markers
* master server list cache (in case the masters are unreachable)
* input separated from rendering (optimisation)
* upgrade to SDL2. support for multiple monitors, non-english keyboards,
and more
* broadcasts overhaul, optional colours support
* ready system, for competitive settings
* server difficulty setting (casual, competitive, normal), shown in the
browser
* spectator mode improvements: follow flags, click on players
* bot flags for modified servers: indicate NPCs, can be filtered out in
the server browser
* sharper graphics all around (no more tileset_borderfix and dilate)
* refreshed the HUD, ninja cooldown, new mouse cursor
* mapres update (higher resolution, fixes...)


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1793=1



Package List:

- openSUSE Leap 15.1 (x86_64):

teeworlds-0.7.3.1-lp151.2.3.1
teeworlds-debuginfo-0.7.3.1-lp151.2.3.1
teeworlds-debugsource-0.7.3.1-lp151.2.3.1


References:

https://www.suse.com/security/cve/CVE-2018-18541.html
https://www.suse.com/security/cve/CVE-2019-10877.html
https://www.suse.com/security/cve/CVE-2019-10878.html
https://www.suse.com/security/cve/CVE-2019-10879.html
https://bugzilla.suse.com/1112910
https://bugzilla.suse.com/1131729

--


openSUSE-SU-2019:1794-1: moderate: Security update for mumble

openSUSE Security Update: Security update for mumble
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1794-1
Rating: moderate
References: #1123334
Cross-References: CVE-2018-20743
Affected Products:
openSUSE Leap 15.1
openSUSE Leap 15.0
openSUSE Backports SLE-15
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for mumble fixes the following issues:

CVE-2018-20743: murmur mishandled multiple concurrent requests that were
persisted in the database, which allowed remote attackers to cause a
denial of service (daemon hang or crash) via a message flood. (boo#1123334)


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1794=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1794=1

- openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2019-1794=1

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2019-1794=1



Package List:

- openSUSE Leap 15.1 (i586 x86_64):

mumble-1.2.19-lp151.4.6.1
mumble-debuginfo-1.2.19-lp151.4.6.1
mumble-debugsource-1.2.19-lp151.4.6.1
mumble-server-1.2.19-lp151.4.6.1
mumble-server-debuginfo-1.2.19-lp151.4.6.1

- openSUSE Leap 15.1 (x86_64):

mumble-32bit-1.2.19-lp151.4.6.1
mumble-32bit-debuginfo-1.2.19-lp151.4.6.1

- openSUSE Leap 15.0 (i586 x86_64):

mumble-1.2.19-lp150.3.3.1
mumble-debuginfo-1.2.19-lp150.3.3.1
mumble-debugsource-1.2.19-lp150.3.3.1
mumble-server-1.2.19-lp150.3.3.1
mumble-server-debuginfo-1.2.19-lp150.3.3.1

- openSUSE Leap 15.0 (x86_64):

mumble-32bit-1.2.19-lp150.3.3.1
mumble-32bit-debuginfo-1.2.19-lp150.3.3.1

- openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):

mumble-1.2.19-bp150.3.3.1
mumble-server-1.2.19-bp150.3.3.1

- openSUSE Backports SLE-15 (aarch64_ilp32):

mumble-64bit-1.2.19-bp150.3.3.1

- SUSE Package Hub for SUSE Linux Enterprise 12 (ppc64le s390x x86_64):

mumble-1.2.19-9.1
mumble-server-1.2.19-9.1


References:

https://www.suse.com/security/cve/CVE-2018-20743.html
https://bugzilla.suse.com/1123334

--


openSUSE-SU-2019:1795-1: moderate: Security update for ImageMagick

openSUSE Security Update: Security update for ImageMagick
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1795-1
Rating: moderate
References: #1138425 #1138464
Cross-References: CVE-2019-11597
Affected Products:
openSUSE Leap 15.1
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves one vulnerability and has one errata
is now available.

Description:

This update for ImageMagick fixes the following issues:

Security issues fixed:

- CVE-2019-11597: Fixed a heap-based buffer over-read in the
WriteTIFFImage() (bsc#1138464).
- Fixed a file content disclosure via SVG and WMF decoding (bsc#1138425).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1795=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1795=1



Package List:

- openSUSE Leap 15.1 (i586 x86_64):

ImageMagick-7.0.7.34-lp151.7.6.1
ImageMagick-config-7-SUSE-7.0.7.34-lp151.7.6.1
ImageMagick-config-7-upstream-7.0.7.34-lp151.7.6.1
ImageMagick-debuginfo-7.0.7.34-lp151.7.6.1
ImageMagick-debugsource-7.0.7.34-lp151.7.6.1
ImageMagick-devel-7.0.7.34-lp151.7.6.1
ImageMagick-extra-7.0.7.34-lp151.7.6.1
ImageMagick-extra-debuginfo-7.0.7.34-lp151.7.6.1
libMagick++-7_Q16HDRI4-7.0.7.34-lp151.7.6.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-lp151.7.6.1
libMagick++-devel-7.0.7.34-lp151.7.6.1
libMagickCore-7_Q16HDRI6-7.0.7.34-lp151.7.6.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-lp151.7.6.1
libMagickWand-7_Q16HDRI6-7.0.7.34-lp151.7.6.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-lp151.7.6.1
perl-PerlMagick-7.0.7.34-lp151.7.6.1
perl-PerlMagick-debuginfo-7.0.7.34-lp151.7.6.1

- openSUSE Leap 15.1 (noarch):

ImageMagick-doc-7.0.7.34-lp151.7.6.1

- openSUSE Leap 15.1 (x86_64):

ImageMagick-devel-32bit-7.0.7.34-lp151.7.6.1
libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp151.7.6.1
libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-lp151.7.6.1
libMagick++-devel-32bit-7.0.7.34-lp151.7.6.1
libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp151.7.6.1
libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-lp151.7.6.1
libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp151.7.6.1
libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-lp151.7.6.1

- openSUSE Leap 15.0 (i586 x86_64):

ImageMagick-7.0.7.34-lp150.2.35.1
ImageMagick-config-7-SUSE-7.0.7.34-lp150.2.35.1
ImageMagick-config-7-upstream-7.0.7.34-lp150.2.35.1
ImageMagick-debuginfo-7.0.7.34-lp150.2.35.1
ImageMagick-debugsource-7.0.7.34-lp150.2.35.1
ImageMagick-devel-7.0.7.34-lp150.2.35.1
ImageMagick-extra-7.0.7.34-lp150.2.35.1
ImageMagick-extra-debuginfo-7.0.7.34-lp150.2.35.1
libMagick++-7_Q16HDRI4-7.0.7.34-lp150.2.35.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-lp150.2.35.1
libMagick++-devel-7.0.7.34-lp150.2.35.1
libMagickCore-7_Q16HDRI6-7.0.7.34-lp150.2.35.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-lp150.2.35.1
libMagickWand-7_Q16HDRI6-7.0.7.34-lp150.2.35.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-lp150.2.35.1
perl-PerlMagick-7.0.7.34-lp150.2.35.1
perl-PerlMagick-debuginfo-7.0.7.34-lp150.2.35.1

- openSUSE Leap 15.0 (noarch):

ImageMagick-doc-7.0.7.34-lp150.2.35.1

- openSUSE Leap 15.0 (x86_64):

ImageMagick-devel-32bit-7.0.7.34-lp150.2.35.1
libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp150.2.35.1
libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-lp150.2.35.1
libMagick++-devel-32bit-7.0.7.34-lp150.2.35.1
libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.35.1
libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-lp150.2.35.1
libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.35.1
libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-lp150.2.35.1


References:

https://www.suse.com/security/cve/CVE-2019-11597.html
https://bugzilla.suse.com/1138425
https://bugzilla.suse.com/1138464

--


openSUSE-SU-2019:1796-1: important: Security update for neovim

openSUSE Security Update: Security update for neovim
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1796-1
Rating: important
References: #1137443
Cross-References: CVE-2019-12735
Affected Products:
openSUSE Backports SLE-15
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for neovim fixes the following issues:

neovim was updated to version 0.3.7:

* CVE-2019-12735: source should check sandbox (boo#1137443)
* genappimage.sh: migrate to linuxdeploy

Version Update to version 0.3.5:

* options: properly reset directories on 'autochdir'
* Remove MSVC optimization workaround for SHM_ALL
* Make SHM_ALL to a variable instead of a compound literal #define
* doc: mention "pynvim" module rename
* screen: don't crash when drawing popupmenu with 'rightleft' option
* look-behind match may use the wrong line number
* :terminal : set topline based on window height
* :recover : Fix crash on non-existent *.swp

Version Update to version 0.3.4:

* test: add tests for conceal cursor movement
* display: unify ursorline and concealcursor redraw logic

Version Update to version 0.3.3:

* health/provider: Check for available pynvim when neovim mod is missing
* python#CheckForModule: Use the given module string instead of
hard-coding pynvim
* (health.provider)/python: Import the neovim, rather than pynvim, module
* TUI: Konsole DECSCUSR fixup

Version Update to version 0.3.2:-

* Features

- clipboard: support Custom VimL functions (#9304)
- win/TUI: improve terminal/console support (#9401)
- startup: Use $XDG_CONFIG_DIRS/nvim/sysinit.vim if exists (#9077)
- support mapping in more places (#9299)
- diff/highlight: show underline for low-priority CursorLine (#9028)
- signs: Add "nuhml" argument (#9113)
- clipboard: support Wayland (#9230)
- TUI: add support for undercurl and underline color (#9052)
- man.vim: soft (dynamic) wrap (#9023)

* API

- API: implement object namespaces (#6920)
- API: implement nvim_win_set_buf() (#9100)
- API: virtual text annotations (nvim_buf_set_virtual_text) (#8180)
- API: add nvim_buf_is_loaded() (#8660)
- API: nvm_buf_get_offset_for_line (#8221)
- API/UI: ext_newgrid, ext_histate (#8221)

* UI

- TUI: use BCE again more often (smoother resize) (#8806)
- screen: add missing status redraw when redraw_later(CLEAR) was used
(#9315)
- TUI: clip invalid regions on resize (#8779)
- TUI: improvements for scrolling and clearing (#9193)
- TUI: disable clearing almost everywhere (#9143)
- TUI: always use safe cursor movement after resize (#9079)
- ui_options: also send when starting or from OptionSet (#9211)
- TUI: Avoid reset_color_cursor_color in old VTE (#9191)
- Don't erase screen on :hi Normal during startup (#9021)
- TUI: Hint wrapped lines to terminals (#8915)

* FIXES

- RPC: turn errors from async calls into notifications
- TUI: Restore terminal title via "title stacking" (#9407)
- genappimage: Unset $ARGV0 at invocation (#9376)
- TUI: Konsole 18.07.70 supports DECSCUSR (#9364)
- provider: improve error message (#9344)
- runtime/syntax: Fix highlighting of autogroup contents (#9328)
- VimL/confirm(): Show dialog even if :silent (#9297)
- clipboard: prefer xclip (#9302)
- provider/nodejs: fix npm, yarn detection
- channel: avoid buffering output when only terminal is active (#9218)
- ruby: detect rbenv shims for other versions (#8733)
- third party/unibilium: Fix parsing of extended capabilitiy entries
(#9123)
- jobstart(): Fix hang on non-executable cwd (#9204)
- provide/nodejs: Simultaneously query npm and yarn (#9054)
- undo: Fix infinite loop if undo_read_byte returns EOF (#2880)
- 'swapfile: always show dialog' (#9034)

- Add to the system-wide configuration file extension of runtimepath by
/usr/share/vim/site, so that neovim uses other Vim plugins installed
from packages.

- Add /usr/share/vim/site tree of directories to be owned by neovim as
well.

This update was imported from the openSUSE:Leap:15.0:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2019-1796=1



Package List:

- openSUSE Backports SLE-15 (noarch):

neovim-lang-0.3.7-bp150.2.9.1

- openSUSE Backports SLE-15 (x86_64):

neovim-0.3.7-bp150.2.9.1


References:

https://www.suse.com/security/cve/CVE-2019-12735.html
https://bugzilla.suse.com/1137443

--


openSUSE-SU-2019:1797-1: moderate: Security update for live555

openSUSE Security Update: Security update for live555
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1797-1
Rating: moderate
References: #1121995 #1124159 #1127341
Cross-References: CVE-2019-7314 CVE-2019-9215
Affected Products:
openSUSE Leap 15.1
openSUSE Leap 15.0
openSUSE Backports SLE-15
______________________________________________________________________________

An update that solves two vulnerabilities and has one
errata is now available.

Description:

This update for live555 fixes the following issues:

- CVE-2019-9215: Malformed headers could have lead to invalid memory
access in the parseAuthorizationHeader function. (boo#1127341)

- CVE-2019-7314: Mishandled termination of an RTSP stream after
RTP/RTCP-over-RTSP has been set up could have lead to a Use-After-Free
error causing the RTSP server to crash or possibly have unspecified
other impact. (boo#1124159)

- Update to version 2019.06.28,
- Convert to dynamic libraries (boo#1121995):
+ Use make ilinux-with-shared-libraries: build the dynamic libs instead
of the static one.
+ Use make install instead of a manual file copy script: this also
reveals that we missed quite a bit of code to be installed before.
+ Split out shared library packages according the SLPP.
- Use FAT LTO objects in order to provide proper static library.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1797=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1797=1

- openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2019-1797=1



Package List:

- openSUSE Leap 15.1 (x86_64):

libBasicUsageEnvironment1-2019.06.28-lp151.2.3.1
libBasicUsageEnvironment1-debuginfo-2019.06.28-lp151.2.3.1
libUsageEnvironment3-2019.06.28-lp151.2.3.1
libUsageEnvironment3-debuginfo-2019.06.28-lp151.2.3.1
libgroupsock8-2019.06.28-lp151.2.3.1
libgroupsock8-debuginfo-2019.06.28-lp151.2.3.1
libliveMedia66-2019.06.28-lp151.2.3.1
libliveMedia66-debuginfo-2019.06.28-lp151.2.3.1
live555-2019.06.28-lp151.2.3.1
live555-debuginfo-2019.06.28-lp151.2.3.1
live555-debugsource-2019.06.28-lp151.2.3.1
live555-devel-2019.06.28-lp151.2.3.1

- openSUSE Leap 15.0 (x86_64):

libBasicUsageEnvironment1-2019.06.28-lp150.12.1
libBasicUsageEnvironment1-debuginfo-2019.06.28-lp150.12.1
libUsageEnvironment3-2019.06.28-lp150.12.1
libUsageEnvironment3-debuginfo-2019.06.28-lp150.12.1
libgroupsock8-2019.06.28-lp150.12.1
libgroupsock8-debuginfo-2019.06.28-lp150.12.1
libliveMedia66-2019.06.28-lp150.12.1
libliveMedia66-debuginfo-2019.06.28-lp150.12.1
live555-2019.06.28-lp150.12.1
live555-debuginfo-2019.06.28-lp150.12.1
live555-debugsource-2019.06.28-lp150.12.1
live555-devel-2019.06.28-lp150.12.1

- openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):

libBasicUsageEnvironment1-2019.06.28-bp150.12.1
libUsageEnvironment3-2019.06.28-bp150.12.1
libgroupsock8-2019.06.28-bp150.12.1
libliveMedia66-2019.06.28-bp150.12.1
live555-2019.06.28-bp150.12.1
live555-devel-2019.06.28-bp150.12.1


References:

https://www.suse.com/security/cve/CVE-2019-7314.html
https://www.suse.com/security/cve/CVE-2019-9215.html
https://bugzilla.suse.com/1121995
https://bugzilla.suse.com/1124159
https://bugzilla.suse.com/1127341

--