SUSE 5149 Published by

The following updates has been released for openSUSE:

openSUSE-SU-2019:1172-1: moderate: Security update for ovmf
openSUSE-SU-2019:1173-1: moderate: Security update for nodejs6
openSUSE-SU-2019:1174-1: moderate: Recommended update for adcli, sssd
openSUSE-SU-2019:1175-1: moderate: Security update for openssl
openSUSE-SU-2019:1176-1: Security update for sysstat



openSUSE-SU-2019:1172-1: moderate: Security update for ovmf

openSUSE Security Update: Security update for ovmf
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1172-1
Rating: moderate
References: #1128503 #1130267
Cross-References: CVE-2018-12181 CVE-2019-0160
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for ovmf fixes the following issues:

Security issues fixed:

- CVE-2019-0160: Fixed multiple buffer overflows in UDF-related codes in
MdeModulePkg\Universal\Disk\PartitionDxe\Udf.c and
MdeModulePkg\Universal\Disk\UdfDxe (bsc#1130267).
- CVE-2018-12181: Fixed a stack buffer overflow in the HII database when a
corrupted Bitmap was used (bsc#1128503).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1172=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

ovmf-2017+git1510945757.b2662641d5-lp150.4.16.1
ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.16.1

- openSUSE Leap 15.0 (noarch):

qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.16.1
qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.16.1

- openSUSE Leap 15.0 (x86_64):

qemu-ovmf-x86_64-debug-2017+git1510945757.b2662641d5-lp150.4.16.1


References:

https://www.suse.com/security/cve/CVE-2018-12181.html
https://www.suse.com/security/cve/CVE-2019-0160.html
https://bugzilla.suse.com/1128503
https://bugzilla.suse.com/1130267

--


openSUSE-SU-2019:1173-1: moderate: Security update for nodejs6

openSUSE Security Update: Security update for nodejs6
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1173-1
Rating: moderate
References: #1127080 #1127532 #1127533
Cross-References: CVE-2019-1559 CVE-2019-5737 CVE-2019-5739

Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for nodejs6 to version 6.17.0 fixes the following issues:

Security issues fixed:


- CVE-2019-5739: Fixed a potentially attack vector which could lead to
Denial of Service when HTTP connection are kept active (bsc#1127533).
- CVE-2019-5737: Fixed a potentially attack vector which could lead to
Denial of Service when HTTP connection are kept active (bsc#1127532).
- CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under
certain circumstances a TLS server can be forced to respond differently
to a client and lead to the decryption of the data (bsc#1127080).

Release Notes: https://nodejs.org/en/blog/release/v6.17.0/

This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1173=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

nodejs6-6.17.0-21.1
nodejs6-debuginfo-6.17.0-21.1
nodejs6-debugsource-6.17.0-21.1
nodejs6-devel-6.17.0-21.1
npm6-6.17.0-21.1

- openSUSE Leap 42.3 (noarch):

nodejs6-docs-6.17.0-21.1


References:

https://www.suse.com/security/cve/CVE-2019-1559.html
https://www.suse.com/security/cve/CVE-2019-5737.html
https://www.suse.com/security/cve/CVE-2019-5739.html
https://bugzilla.suse.com/1127080
https://bugzilla.suse.com/1127532
https://bugzilla.suse.com/1127533

--


openSUSE-SU-2019:1174-1: moderate: Recommended update for adcli, sssd

openSUSE Security Update: Recommended update for adcli, sssd
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1174-1
Rating: moderate
References: #1109849 #1110121 #1121759 #1125617 #1127670

Cross-References: CVE-2019-3811
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves one vulnerability and has four fixes
is now available.

Description:


This update for adcli and sssd provides the following improvement:

Security vulnerability fixed:

- CVE-2019-3811: Fix fallback_homedir returning '/' for empty home
directories (bsc#1121759)

Other fixes:

- Add an option to disable checking for trusted domains in the subdomains
provider (bsc#1125617)
- Clear pid file in corner cases (bsc#1127670)
- Fix child unable to write to log file after SIGHUP (bsc#1127670)
- Include adcli in SUSE Linux Enterprise 12 SP3 for sssd-ad. (fate#326619,
bsc#1109849)

The adcli enables sssd to do password renewal when using Active Directory.

This update was imported from the SUSE:SLE-12-SP2:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1174=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

libipa_hbac-devel-1.13.4-15.1
libipa_hbac0-1.13.4-15.1
libipa_hbac0-debuginfo-1.13.4-15.1
libsss_idmap-devel-1.13.4-15.1
libsss_idmap0-1.13.4-15.1
libsss_idmap0-debuginfo-1.13.4-15.1
libsss_nss_idmap-devel-1.13.4-15.1
libsss_nss_idmap0-1.13.4-15.1
libsss_nss_idmap0-debuginfo-1.13.4-15.1
libsss_sudo-1.13.4-15.1
libsss_sudo-debuginfo-1.13.4-15.1
python-ipa_hbac-1.13.4-15.1
python-ipa_hbac-debuginfo-1.13.4-15.1
python-sss_nss_idmap-1.13.4-15.1
python-sss_nss_idmap-debuginfo-1.13.4-15.1
python-sssd-config-1.13.4-15.1
python-sssd-config-debuginfo-1.13.4-15.1
sssd-1.13.4-15.1
sssd-ad-1.13.4-15.1
sssd-ad-debuginfo-1.13.4-15.1
sssd-debuginfo-1.13.4-15.1
sssd-debugsource-1.13.4-15.1
sssd-ipa-1.13.4-15.1
sssd-ipa-debuginfo-1.13.4-15.1
sssd-krb5-1.13.4-15.1
sssd-krb5-common-1.13.4-15.1
sssd-krb5-common-debuginfo-1.13.4-15.1
sssd-krb5-debuginfo-1.13.4-15.1
sssd-ldap-1.13.4-15.1
sssd-ldap-debuginfo-1.13.4-15.1
sssd-proxy-1.13.4-15.1
sssd-proxy-debuginfo-1.13.4-15.1
sssd-tools-1.13.4-15.1
sssd-tools-debuginfo-1.13.4-15.1

- openSUSE Leap 42.3 (x86_64):

sssd-32bit-1.13.4-15.1
sssd-debuginfo-32bit-1.13.4-15.1


References:

https://www.suse.com/security/cve/CVE-2019-3811.html
https://bugzilla.suse.com/1109849
https://bugzilla.suse.com/1110121
https://bugzilla.suse.com/1121759
https://bugzilla.suse.com/1125617
https://bugzilla.suse.com/1127670

--


openSUSE-SU-2019:1175-1: moderate: Security update for openssl

openSUSE Security Update: Security update for openssl
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1175-1
Rating: moderate
References: #1100078 #1113975 #1117951 #1127080
Cross-References: CVE-2019-1559
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves one vulnerability and has three fixes
is now available.

Description:

This update for openssl fixes the following issues:

Security issues fixed:

- The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS
Implementations (bsc#1117951)
- CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under
certain circumstances a TLS server can be forced to respond differently
to a client and lead to the decryption of the data (bsc#1127080).

Other issues addressed:

- Fixed IV handling in SHAEXT paths: aes/asm/aesni-sha*-x86_64.pl
(bsc#1113975).
- Set TLS version to 0 in msg_callback for record messages to avoid
confusing applications (bsc#1100078).

This update was imported from the SUSE:SLE-12-SP2:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1175=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

libopenssl-devel-1.0.2j-35.1
libopenssl1_0_0-1.0.2j-35.1
libopenssl1_0_0-debuginfo-1.0.2j-35.1
libopenssl1_0_0-hmac-1.0.2j-35.1
openssl-1.0.2j-35.1
openssl-cavs-1.0.2j-35.1
openssl-cavs-debuginfo-1.0.2j-35.1
openssl-debuginfo-1.0.2j-35.1
openssl-debugsource-1.0.2j-35.1

- openSUSE Leap 42.3 (noarch):

openssl-doc-1.0.2j-35.1

- openSUSE Leap 42.3 (x86_64):

libopenssl-devel-32bit-1.0.2j-35.1
libopenssl1_0_0-32bit-1.0.2j-35.1
libopenssl1_0_0-debuginfo-32bit-1.0.2j-35.1
libopenssl1_0_0-hmac-32bit-1.0.2j-35.1


References:

https://www.suse.com/security/cve/CVE-2019-1559.html
https://bugzilla.suse.com/1100078
https://bugzilla.suse.com/1113975
https://bugzilla.suse.com/1117951
https://bugzilla.suse.com/1127080

--


openSUSE-SU-2019:1176-1: Security update for sysstat

openSUSE Security Update: Security update for sysstat
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1176-1
Rating: low
References: #1117001 #1117260
Cross-References: CVE-2018-19416 CVE-2018-19517
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for sysstat fixes the following issues:

Security issues fixed:

- CVE-2018-19416: Fixed out-of-bounds read during a memmove call inside
the remap_struct function (bsc#1117001).
- CVE-2018-19517: Fixed out-of-bounds read during a memset call inside the
remap_struct function (bsc#1117260).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1176=1



Package List:

- openSUSE Leap 15.0 (x86_64):

sysstat-12.0.2-lp150.7.1
sysstat-debuginfo-12.0.2-lp150.7.1
sysstat-debugsource-12.0.2-lp150.7.1
sysstat-isag-12.0.2-lp150.7.1


References:

https://www.suse.com/security/cve/CVE-2018-19416.html
https://www.suse.com/security/cve/CVE-2018-19517.html
https://bugzilla.suse.com/1117001
https://bugzilla.suse.com/1117260

--