SUSE 5181 Published by

The following updates has been released for openSUSE:

openSUSE-SU-2019:1158-1: moderate: Security update for ntp
openSUSE-SU-2019:1163-1: moderate: Security update for ldb
openSUSE-SU-2019:1166-1: Security update for znc



openSUSE-SU-2019:1158-1: moderate: Security update for ntp

openSUSE Security Update: Security update for ntp
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1158-1
Rating: moderate
References: #1125401 #1128525
Cross-References: CVE-2019-8936
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves one vulnerability and has one errata
is now available.

Description:

This update for ntp fixes the following issues:

Security issue fixed:

- CVE-2019-8936: Fixed a null pointer exception which could allow an
authenticated attcker to cause segmentation fault to ntpd (bsc#1128525).

Other isses addressed:

- Fixed an issue which caused openSSL mismatch (bsc#1125401)
- Fixed several bugs in the BANCOMM reclock driver.
- Fixed ntp_loopfilter.c snprintf compilation warnings.
- Fixed spurious initgroups() error message.
- Fixed STA_NANO struct timex units.
- Fixed GPS week rollover in libparse.
- Fixed incorrect poll interval in packet.
- Added a missing check for ENABLE_CMAC.

This update was imported from the SUSE:SLE-12-SP1:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1158=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

ntp-4.2.8p13-31.9.1
ntp-debuginfo-4.2.8p13-31.9.1
ntp-debugsource-4.2.8p13-31.9.1
ntp-doc-4.2.8p13-31.9.1


References:

https://www.suse.com/security/cve/CVE-2019-8936.html
https://bugzilla.suse.com/1125401
https://bugzilla.suse.com/1128525

--


openSUSE-SU-2019:1163-1: moderate: Security update for ldb

openSUSE Security Update: Security update for ldb
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1163-1
Rating: moderate
References: #1125410
Cross-References: CVE-2019-3824
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for ldb fixes the following issue:

Security issue fixed:

- CVE-2019-3824: Fixed an out-of-bound read vulnerability in
ldb_wildcard_compare (bsc#1125410).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1163=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

ldb-debugsource-1.2.3-lp150.7.2
ldb-tools-1.2.3-lp150.7.2
ldb-tools-debuginfo-1.2.3-lp150.7.2
libldb-devel-1.2.3-lp150.7.2
libldb1-1.2.3-lp150.7.2
libldb1-debuginfo-1.2.3-lp150.7.2
python-ldb-1.2.3-lp150.7.2
python-ldb-debuginfo-1.2.3-lp150.7.2
python-ldb-devel-1.2.3-lp150.7.2
python3-ldb-1.2.3-lp150.7.2
python3-ldb-debuginfo-1.2.3-lp150.7.2
python3-ldb-devel-1.2.3-lp150.7.2

- openSUSE Leap 15.0 (x86_64):

libldb1-32bit-1.2.3-lp150.7.2
libldb1-32bit-debuginfo-1.2.3-lp150.7.2
python-ldb-32bit-1.2.3-lp150.7.2
python-ldb-32bit-debuginfo-1.2.3-lp150.7.2
python3-ldb-32bit-1.2.3-lp150.7.2
python3-ldb-32bit-debuginfo-1.2.3-lp150.7.2


References:

https://www.suse.com/security/cve/CVE-2019-3824.html
https://bugzilla.suse.com/1125410

--


openSUSE-SU-2019:1166-1: Security update for znc

openSUSE Security Update: Security update for znc
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1166-1
Rating: low
References: #1130360
Cross-References: CVE-2019-9917
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.0
openSUSE Backports SLE-15
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for znc to version 1.7.2 fixes the following issue:

Security issue fixed:

- CVE-2019-9917: Fixed an issue where due to invalid encoding znc was
crashing (bsc#1130360).


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1166=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1166=1

- openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2019-1166=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

znc-1.7.2-25.1
znc-debuginfo-1.7.2-25.1
znc-debugsource-1.7.2-25.1
znc-devel-1.7.2-25.1
znc-perl-1.7.2-25.1
znc-perl-debuginfo-1.7.2-25.1
znc-python3-1.7.2-25.1
znc-python3-debuginfo-1.7.2-25.1
znc-tcl-1.7.2-25.1
znc-tcl-debuginfo-1.7.2-25.1

- openSUSE Leap 42.3 (noarch):

znc-lang-1.7.2-25.1

- openSUSE Leap 15.0 (x86_64):

znc-1.7.2-lp150.25.1
znc-debuginfo-1.7.2-lp150.25.1
znc-debugsource-1.7.2-lp150.25.1
znc-devel-1.7.2-lp150.25.1
znc-perl-1.7.2-lp150.25.1
znc-perl-debuginfo-1.7.2-lp150.25.1
znc-python3-1.7.2-lp150.25.1
znc-python3-debuginfo-1.7.2-lp150.25.1
znc-tcl-1.7.2-lp150.25.1
znc-tcl-debuginfo-1.7.2-lp150.25.1

- openSUSE Leap 15.0 (noarch):

znc-lang-1.7.2-lp150.25.1

- openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):

znc-1.7.2-bp150.2.3.1
znc-debuginfo-1.7.2-bp150.2.3.1
znc-debugsource-1.7.2-bp150.2.3.1
znc-devel-1.7.2-bp150.2.3.1
znc-perl-1.7.2-bp150.2.3.1
znc-perl-debuginfo-1.7.2-bp150.2.3.1
znc-python3-1.7.2-bp150.2.3.1
znc-python3-debuginfo-1.7.2-bp150.2.3.1
znc-tcl-1.7.2-bp150.2.3.1
znc-tcl-debuginfo-1.7.2-bp150.2.3.1

- openSUSE Backports SLE-15 (noarch):

znc-lang-1.7.2-bp150.2.3.1


References:

https://www.suse.com/security/cve/CVE-2019-9917.html
https://bugzilla.suse.com/1130360

--