The following updates has been released for openSUSE:
openSUSE-SU-2019:1158-1: moderate: Security update for ntp
openSUSE-SU-2019:1163-1: moderate: Security update for ldb
openSUSE-SU-2019:1166-1: Security update for znc
openSUSE-SU-2019:1158-1: moderate: Security update for ntp
openSUSE-SU-2019:1163-1: moderate: Security update for ldb
openSUSE-SU-2019:1166-1: Security update for znc
openSUSE-SU-2019:1158-1: moderate: Security update for ntp
openSUSE Security Update: Security update for ntp
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1158-1
Rating: moderate
References: #1125401 #1128525
Cross-References: CVE-2019-8936
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for ntp fixes the following issues:
Security issue fixed:
- CVE-2019-8936: Fixed a null pointer exception which could allow an
authenticated attcker to cause segmentation fault to ntpd (bsc#1128525).
Other isses addressed:
- Fixed an issue which caused openSSL mismatch (bsc#1125401)
- Fixed several bugs in the BANCOMM reclock driver.
- Fixed ntp_loopfilter.c snprintf compilation warnings.
- Fixed spurious initgroups() error message.
- Fixed STA_NANO struct timex units.
- Fixed GPS week rollover in libparse.
- Fixed incorrect poll interval in packet.
- Added a missing check for ENABLE_CMAC.
This update was imported from the SUSE:SLE-12-SP1:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2019-1158=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
ntp-4.2.8p13-31.9.1
ntp-debuginfo-4.2.8p13-31.9.1
ntp-debugsource-4.2.8p13-31.9.1
ntp-doc-4.2.8p13-31.9.1
References:
https://www.suse.com/security/cve/CVE-2019-8936.html
https://bugzilla.suse.com/1125401
https://bugzilla.suse.com/1128525
--
openSUSE-SU-2019:1163-1: moderate: Security update for ldb
openSUSE Security Update: Security update for ldb
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1163-1
Rating: moderate
References: #1125410
Cross-References: CVE-2019-3824
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for ldb fixes the following issue:
Security issue fixed:
- CVE-2019-3824: Fixed an out-of-bound read vulnerability in
ldb_wildcard_compare (bsc#1125410).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-1163=1
Package List:
- openSUSE Leap 15.0 (i586 x86_64):
ldb-debugsource-1.2.3-lp150.7.2
ldb-tools-1.2.3-lp150.7.2
ldb-tools-debuginfo-1.2.3-lp150.7.2
libldb-devel-1.2.3-lp150.7.2
libldb1-1.2.3-lp150.7.2
libldb1-debuginfo-1.2.3-lp150.7.2
python-ldb-1.2.3-lp150.7.2
python-ldb-debuginfo-1.2.3-lp150.7.2
python-ldb-devel-1.2.3-lp150.7.2
python3-ldb-1.2.3-lp150.7.2
python3-ldb-debuginfo-1.2.3-lp150.7.2
python3-ldb-devel-1.2.3-lp150.7.2
- openSUSE Leap 15.0 (x86_64):
libldb1-32bit-1.2.3-lp150.7.2
libldb1-32bit-debuginfo-1.2.3-lp150.7.2
python-ldb-32bit-1.2.3-lp150.7.2
python-ldb-32bit-debuginfo-1.2.3-lp150.7.2
python3-ldb-32bit-1.2.3-lp150.7.2
python3-ldb-32bit-debuginfo-1.2.3-lp150.7.2
References:
https://www.suse.com/security/cve/CVE-2019-3824.html
https://bugzilla.suse.com/1125410
--
openSUSE-SU-2019:1166-1: Security update for znc
openSUSE Security Update: Security update for znc
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1166-1
Rating: low
References: #1130360
Cross-References: CVE-2019-9917
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.0
openSUSE Backports SLE-15
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for znc to version 1.7.2 fixes the following issue:
Security issue fixed:
- CVE-2019-9917: Fixed an issue where due to invalid encoding znc was
crashing (bsc#1130360).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2019-1166=1
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-1166=1
- openSUSE Backports SLE-15:
zypper in -t patch openSUSE-2019-1166=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
znc-1.7.2-25.1
znc-debuginfo-1.7.2-25.1
znc-debugsource-1.7.2-25.1
znc-devel-1.7.2-25.1
znc-perl-1.7.2-25.1
znc-perl-debuginfo-1.7.2-25.1
znc-python3-1.7.2-25.1
znc-python3-debuginfo-1.7.2-25.1
znc-tcl-1.7.2-25.1
znc-tcl-debuginfo-1.7.2-25.1
- openSUSE Leap 42.3 (noarch):
znc-lang-1.7.2-25.1
- openSUSE Leap 15.0 (x86_64):
znc-1.7.2-lp150.25.1
znc-debuginfo-1.7.2-lp150.25.1
znc-debugsource-1.7.2-lp150.25.1
znc-devel-1.7.2-lp150.25.1
znc-perl-1.7.2-lp150.25.1
znc-perl-debuginfo-1.7.2-lp150.25.1
znc-python3-1.7.2-lp150.25.1
znc-python3-debuginfo-1.7.2-lp150.25.1
znc-tcl-1.7.2-lp150.25.1
znc-tcl-debuginfo-1.7.2-lp150.25.1
- openSUSE Leap 15.0 (noarch):
znc-lang-1.7.2-lp150.25.1
- openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):
znc-1.7.2-bp150.2.3.1
znc-debuginfo-1.7.2-bp150.2.3.1
znc-debugsource-1.7.2-bp150.2.3.1
znc-devel-1.7.2-bp150.2.3.1
znc-perl-1.7.2-bp150.2.3.1
znc-perl-debuginfo-1.7.2-bp150.2.3.1
znc-python3-1.7.2-bp150.2.3.1
znc-python3-debuginfo-1.7.2-bp150.2.3.1
znc-tcl-1.7.2-bp150.2.3.1
znc-tcl-debuginfo-1.7.2-bp150.2.3.1
- openSUSE Backports SLE-15 (noarch):
znc-lang-1.7.2-bp150.2.3.1
References:
https://www.suse.com/security/cve/CVE-2019-9917.html
https://bugzilla.suse.com/1130360
--