SUSE 5149 Published by

The following updates has been released for openSUSE:

openSUSE-SU-2018:1438-1: important: Security update for opencv
openSUSE-SU-2018:1439-1: moderate: Security update for GraphicsMagick
openSUSE-SU-2018:1440-1: Security update for jasper
openSUSE-SU-2018:1442-1: moderate: Security update for pdns



openSUSE-SU-2018:1438-1: important: Security update for opencv

openSUSE Security Update: Security update for opencv
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:1438-1
Rating: important
References: #1074312 #1074313 #1074487 #1075017 #1075019

Cross-References: CVE-2017-1000450 CVE-2017-17760 CVE-2017-18009
CVE-2018-5268 CVE-2018-5269
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes 5 vulnerabilities is now available.

Description:

This update for opencv fixes the following issues:

- CVE-2018-5268: Fixed a heap-based buffer overflow in
incv::Jpeg2KDecoder::readComponent8u in
modules/imgcodecs/src/grfmt_jpeg2000.cppwhen parsing a crafted image
file. (boo#1075017)
- CVE-2017-17760: Fixed an buffer overflow in function
cv::PxMDecoder::readData (boo#1074313)
- CVE-2017-18009: Fixed a heap-based buffer over-read in function
cv::HdrDecoder::checkSignature (boo#1074312)
- CVE-2017-1000450: Functions FillUniColor and FillUniGray do not check
the input length which could lead to out of bounds writes and crashes
(boo#1074487)
- CVE-2018-5269: Fixed an assertion failure happens in
cv::RBaseStream::setPos inmodules/imgcodecs/src/bitstrm.cpp because of
an incorrect integer cast (bsc#1075019).


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-534=1



Package List:

- openSUSE Leap 42.3 (x86_64):

libopencv-qt56_3-3.1.0-4.11.1
libopencv-qt56_3-debuginfo-3.1.0-4.11.1
libopencv3_1-3.1.0-4.11.1
libopencv3_1-debuginfo-3.1.0-4.11.1
opencv-3.1.0-4.11.1
opencv-debuginfo-3.1.0-4.11.1
opencv-debugsource-3.1.0-4.11.1
opencv-devel-3.1.0-4.11.1
opencv-doc-3.1.0-4.11.1
opencv-qt5-3.1.0-4.11.1
opencv-qt5-debuginfo-3.1.0-4.11.1
opencv-qt5-debugsource-3.1.0-4.11.1
opencv-qt5-devel-3.1.0-4.11.1
opencv-qt5-doc-3.1.0-4.11.1
python-opencv-3.1.0-4.11.1
python-opencv-debuginfo-3.1.0-4.11.1
python-opencv-qt5-3.1.0-4.11.1
python-opencv-qt5-debuginfo-3.1.0-4.11.1
python3-opencv-3.1.0-4.11.1
python3-opencv-debuginfo-3.1.0-4.11.1
python3-opencv-qt5-3.1.0-4.11.1
python3-opencv-qt5-debuginfo-3.1.0-4.11.1


References:

https://www.suse.com/security/cve/CVE-2017-1000450.html
https://www.suse.com/security/cve/CVE-2017-17760.html
https://www.suse.com/security/cve/CVE-2017-18009.html
https://www.suse.com/security/cve/CVE-2018-5268.html
https://www.suse.com/security/cve/CVE-2018-5269.html
https://bugzilla.suse.com/1074312
https://bugzilla.suse.com/1074313
https://bugzilla.suse.com/1074487
https://bugzilla.suse.com/1075017
https://bugzilla.suse.com/1075019

--


openSUSE-SU-2018:1439-1: moderate: Security update for GraphicsMagick

openSUSE Security Update: Security update for GraphicsMagick
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:1439-1
Rating: moderate
References: #1094204
Cross-References: CVE-2017-18271
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for GraphicsMagick fixes the following issues:

- CVE-2017-18271: An infinite loop in the function ReadMIFFImage in
coders/miff.c, which allows attackers to cause a denial of service was
fixed. (boo#1094204)


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-533=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

GraphicsMagick-1.3.25-90.1
GraphicsMagick-debuginfo-1.3.25-90.1
GraphicsMagick-debugsource-1.3.25-90.1
GraphicsMagick-devel-1.3.25-90.1
libGraphicsMagick++-Q16-12-1.3.25-90.1
libGraphicsMagick++-Q16-12-debuginfo-1.3.25-90.1
libGraphicsMagick++-devel-1.3.25-90.1
libGraphicsMagick-Q16-3-1.3.25-90.1
libGraphicsMagick-Q16-3-debuginfo-1.3.25-90.1
libGraphicsMagick3-config-1.3.25-90.1
libGraphicsMagickWand-Q16-2-1.3.25-90.1
libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-90.1
perl-GraphicsMagick-1.3.25-90.1
perl-GraphicsMagick-debuginfo-1.3.25-90.1


References:

https://www.suse.com/security/cve/CVE-2017-18271.html
https://bugzilla.suse.com/1094204

--


openSUSE-SU-2018:1440-1: Security update for jasper

openSUSE Security Update: Security update for jasper
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:1440-1
Rating: low
References: #1087020
Cross-References: CVE-2018-9055
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for jasper fixes the following issues:

- CVE-2018-9055: denial of service via a reachable assertion in the
function jpc_firstone in libjasper/jpc/jpc_math.c could lead to
denial of service. (bsc#1087020)

This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-531=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

jasper-1.900.14-182.1
jasper-debuginfo-1.900.14-182.1
jasper-debugsource-1.900.14-182.1
libjasper-devel-1.900.14-182.1
libjasper1-1.900.14-182.1
libjasper1-debuginfo-1.900.14-182.1

- openSUSE Leap 42.3 (x86_64):

libjasper1-32bit-1.900.14-182.1
libjasper1-debuginfo-32bit-1.900.14-182.1


References:

https://www.suse.com/security/cve/CVE-2018-9055.html
https://bugzilla.suse.com/1087020

--


openSUSE-SU-2018:1442-1: moderate: Security update for pdns

openSUSE Security Update: Security update for pdns
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:1442-1
Rating: moderate
References: #1092540
Cross-References: CVE-2018-1046
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for pdns fixes the following issues:

Security issues fixed:

- CVE-2018-1046: Fix an issue with replaying a specially crafted PCAP file
that can trigger a stack-based buffer overflow, leading to a crash and
potentially arbitrary code execution (bsc#1092540).


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-532=1



Package List:

- openSUSE Leap 15.0 (x86_64):

pdns-4.1.2-lp150.3.3.1
pdns-backend-geoip-4.1.2-lp150.3.3.1
pdns-backend-geoip-debuginfo-4.1.2-lp150.3.3.1
pdns-backend-godbc-4.1.2-lp150.3.3.1
pdns-backend-godbc-debuginfo-4.1.2-lp150.3.3.1
pdns-backend-ldap-4.1.2-lp150.3.3.1
pdns-backend-ldap-debuginfo-4.1.2-lp150.3.3.1
pdns-backend-lua-4.1.2-lp150.3.3.1
pdns-backend-lua-debuginfo-4.1.2-lp150.3.3.1
pdns-backend-mydns-4.1.2-lp150.3.3.1
pdns-backend-mydns-debuginfo-4.1.2-lp150.3.3.1
pdns-backend-mysql-4.1.2-lp150.3.3.1
pdns-backend-mysql-debuginfo-4.1.2-lp150.3.3.1
pdns-backend-postgresql-4.1.2-lp150.3.3.1
pdns-backend-postgresql-debuginfo-4.1.2-lp150.3.3.1
pdns-backend-remote-4.1.2-lp150.3.3.1
pdns-backend-remote-debuginfo-4.1.2-lp150.3.3.1
pdns-backend-sqlite3-4.1.2-lp150.3.3.1
pdns-backend-sqlite3-debuginfo-4.1.2-lp150.3.3.1
pdns-debuginfo-4.1.2-lp150.3.3.1
pdns-debugsource-4.1.2-lp150.3.3.1


References:

https://www.suse.com/security/cve/CVE-2018-1046.html
https://bugzilla.suse.com/1092540

--