SUSE 5149 Published by

The following updates has been released for openSUSE:

openSUSE-SU-2018:2010-1: important: Security update for perl
openSUSE-SU-2018:2011-1: moderate: Security update for perl
openSUSE-SU-2018:2013-1: moderate: Security update for gdk-pixbuf
openSUSE-SU-2018:2014-1: moderate: Security update for php7
openSUSE-SU-2018:2015-1: moderate: Security update for libopenmpt
openSUSE-SU-2018:2019-1: moderate: Security update for rsyslog
openSUSE-SU-2018:2021-1: moderate: Security update for polkit
openSUSE-SU-2018:2023-1: moderate: Security update for mercurial



openSUSE-SU-2018:2010-1: important: Security update for perl

openSUSE Security Update: Security update for perl
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:2010-1
Rating: important
References: #1068565 #1096718
Cross-References: CVE-2018-12015
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves one vulnerability and has one errata
is now available.

Description:

This update for perl fixes the following issues:

This security issue was fixed:

- CVE-2018-12015: The Archive::Tar module allowed remote attackers to
bypass a directory-traversal protection mechanism and overwrite
arbitrary files (bsc#1096718)

This non-security issue was fixed:

- fix debugger crash in tab completion with Term::ReadLine::Gnu
[bsc#1068565]

This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-750=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

perl-5.18.2-15.2
perl-base-5.18.2-15.2
perl-base-debuginfo-5.18.2-15.2
perl-debuginfo-5.18.2-15.2
perl-debugsource-5.18.2-15.2

- openSUSE Leap 42.3 (x86_64):

perl-32bit-5.18.2-15.2
perl-base-32bit-5.18.2-15.2
perl-base-debuginfo-32bit-5.18.2-15.2
perl-debuginfo-32bit-5.18.2-15.2

- openSUSE Leap 42.3 (noarch):

perl-doc-5.18.2-15.2


References:

https://www.suse.com/security/cve/CVE-2018-12015.html
https://bugzilla.suse.com/1068565
https://bugzilla.suse.com/1096718

--


openSUSE-SU-2018:2011-1: moderate: Security update for perl

openSUSE Security Update: Security update for perl
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:2011-1
Rating: moderate
References: #1096718
Cross-References: CVE-2018-12015
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for perl fixes the following issues:

- CVE-2018-12015: The Archive::Tar module allowed remote attackers to
bypass a directory-traversal protection mechanism and overwrite
arbitrary files (bsc#1096718)

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-751=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

perl-5.26.1-lp150.6.3.1
perl-base-5.26.1-lp150.6.3.1
perl-base-debuginfo-5.26.1-lp150.6.3.1
perl-debuginfo-5.26.1-lp150.6.3.1
perl-debugsource-5.26.1-lp150.6.3.1

- openSUSE Leap 15.0 (noarch):

perl-doc-5.26.1-lp150.6.3.1

- openSUSE Leap 15.0 (x86_64):

perl-32bit-5.26.1-lp150.6.3.1
perl-32bit-debuginfo-5.26.1-lp150.6.3.1
perl-base-32bit-5.26.1-lp150.6.3.1
perl-base-32bit-debuginfo-5.26.1-lp150.6.3.1


References:

https://www.suse.com/security/cve/CVE-2018-12015.html
https://bugzilla.suse.com/1096718

--


openSUSE-SU-2018:2013-1: moderate: Security update for gdk-pixbuf

openSUSE Security Update: Security update for gdk-pixbuf
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:2013-1
Rating: moderate
References: #1074462
Cross-References: CVE-2017-1000422
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for gdk-pixbuf fixes the following security issue:

- CVE-2017-1000422: Prevent several integer overflow in the gif_get_lzw
function resulting in memory corruption and potential code execution
(bsc#1074462).

This update was imported from the SUSE:SLE-12-SP2:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-741=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

gdk-pixbuf-debugsource-2.34.0-16.1
gdk-pixbuf-devel-2.34.0-16.1
gdk-pixbuf-devel-debuginfo-2.34.0-16.1
gdk-pixbuf-query-loaders-2.34.0-16.1
gdk-pixbuf-query-loaders-debuginfo-2.34.0-16.1
libgdk_pixbuf-2_0-0-2.34.0-16.1
libgdk_pixbuf-2_0-0-debuginfo-2.34.0-16.1
typelib-1_0-GdkPixbuf-2_0-2.34.0-16.1

- openSUSE Leap 42.3 (noarch):

gdk-pixbuf-lang-2.34.0-16.1

- openSUSE Leap 42.3 (x86_64):

gdk-pixbuf-devel-32bit-2.34.0-16.1
gdk-pixbuf-devel-debuginfo-32bit-2.34.0-16.1
gdk-pixbuf-query-loaders-32bit-2.34.0-16.1
gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-16.1
libgdk_pixbuf-2_0-0-32bit-2.34.0-16.1
libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-16.1


References:

https://www.suse.com/security/cve/CVE-2017-1000422.html
https://bugzilla.suse.com/1074462

--


openSUSE-SU-2018:2014-1: moderate: Security update for php7

openSUSE Security Update: Security update for php7
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:2014-1
Rating: moderate
References: #1099098
Cross-References: CVE-2018-12882
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for php7 fixes the following issues:

- CVE-2018-12882: exif_read_from_impl allowed attackers to trigger a
use-after-free (in exif_read_from_file) because it closed a stream that
it is not responsible for closing (bsc#1099098).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-737=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

apache2-mod_php7-7.2.5-lp150.2.6.1
apache2-mod_php7-debuginfo-7.2.5-lp150.2.6.1
php7-7.2.5-lp150.2.6.1
php7-bcmath-7.2.5-lp150.2.6.1
php7-bcmath-debuginfo-7.2.5-lp150.2.6.1
php7-bz2-7.2.5-lp150.2.6.1
php7-bz2-debuginfo-7.2.5-lp150.2.6.1
php7-calendar-7.2.5-lp150.2.6.1
php7-calendar-debuginfo-7.2.5-lp150.2.6.1
php7-ctype-7.2.5-lp150.2.6.1
php7-ctype-debuginfo-7.2.5-lp150.2.6.1
php7-curl-7.2.5-lp150.2.6.1
php7-curl-debuginfo-7.2.5-lp150.2.6.1
php7-dba-7.2.5-lp150.2.6.1
php7-dba-debuginfo-7.2.5-lp150.2.6.1
php7-debuginfo-7.2.5-lp150.2.6.1
php7-debugsource-7.2.5-lp150.2.6.1
php7-devel-7.2.5-lp150.2.6.1
php7-dom-7.2.5-lp150.2.6.1
php7-dom-debuginfo-7.2.5-lp150.2.6.1
php7-embed-7.2.5-lp150.2.6.1
php7-embed-debuginfo-7.2.5-lp150.2.6.1
php7-enchant-7.2.5-lp150.2.6.1
php7-enchant-debuginfo-7.2.5-lp150.2.6.1
php7-exif-7.2.5-lp150.2.6.1
php7-exif-debuginfo-7.2.5-lp150.2.6.1
php7-fastcgi-7.2.5-lp150.2.6.1
php7-fastcgi-debuginfo-7.2.5-lp150.2.6.1
php7-fileinfo-7.2.5-lp150.2.6.1
php7-fileinfo-debuginfo-7.2.5-lp150.2.6.1
php7-firebird-7.2.5-lp150.2.6.1
php7-firebird-debuginfo-7.2.5-lp150.2.6.1
php7-fpm-7.2.5-lp150.2.6.1
php7-fpm-debuginfo-7.2.5-lp150.2.6.1
php7-ftp-7.2.5-lp150.2.6.1
php7-ftp-debuginfo-7.2.5-lp150.2.6.1
php7-gd-7.2.5-lp150.2.6.1
php7-gd-debuginfo-7.2.5-lp150.2.6.1
php7-gettext-7.2.5-lp150.2.6.1
php7-gettext-debuginfo-7.2.5-lp150.2.6.1
php7-gmp-7.2.5-lp150.2.6.1
php7-gmp-debuginfo-7.2.5-lp150.2.6.1
php7-iconv-7.2.5-lp150.2.6.1
php7-iconv-debuginfo-7.2.5-lp150.2.6.1
php7-intl-7.2.5-lp150.2.6.1
php7-intl-debuginfo-7.2.5-lp150.2.6.1
php7-json-7.2.5-lp150.2.6.1
php7-json-debuginfo-7.2.5-lp150.2.6.1
php7-ldap-7.2.5-lp150.2.6.1
php7-ldap-debuginfo-7.2.5-lp150.2.6.1
php7-mbstring-7.2.5-lp150.2.6.1
php7-mbstring-debuginfo-7.2.5-lp150.2.6.1
php7-mysql-7.2.5-lp150.2.6.1
php7-mysql-debuginfo-7.2.5-lp150.2.6.1
php7-odbc-7.2.5-lp150.2.6.1
php7-odbc-debuginfo-7.2.5-lp150.2.6.1
php7-opcache-7.2.5-lp150.2.6.1
php7-opcache-debuginfo-7.2.5-lp150.2.6.1
php7-openssl-7.2.5-lp150.2.6.1
php7-openssl-debuginfo-7.2.5-lp150.2.6.1
php7-pcntl-7.2.5-lp150.2.6.1
php7-pcntl-debuginfo-7.2.5-lp150.2.6.1
php7-pdo-7.2.5-lp150.2.6.1
php7-pdo-debuginfo-7.2.5-lp150.2.6.1
php7-pgsql-7.2.5-lp150.2.6.1
php7-pgsql-debuginfo-7.2.5-lp150.2.6.1
php7-phar-7.2.5-lp150.2.6.1
php7-phar-debuginfo-7.2.5-lp150.2.6.1
php7-posix-7.2.5-lp150.2.6.1
php7-posix-debuginfo-7.2.5-lp150.2.6.1
php7-readline-7.2.5-lp150.2.6.1
php7-readline-debuginfo-7.2.5-lp150.2.6.1
php7-shmop-7.2.5-lp150.2.6.1
php7-shmop-debuginfo-7.2.5-lp150.2.6.1
php7-snmp-7.2.5-lp150.2.6.1
php7-snmp-debuginfo-7.2.5-lp150.2.6.1
php7-soap-7.2.5-lp150.2.6.1
php7-soap-debuginfo-7.2.5-lp150.2.6.1
php7-sockets-7.2.5-lp150.2.6.1
php7-sockets-debuginfo-7.2.5-lp150.2.6.1
php7-sodium-7.2.5-lp150.2.6.1
php7-sodium-debuginfo-7.2.5-lp150.2.6.1
php7-sqlite-7.2.5-lp150.2.6.1
php7-sqlite-debuginfo-7.2.5-lp150.2.6.1
php7-sysvmsg-7.2.5-lp150.2.6.1
php7-sysvmsg-debuginfo-7.2.5-lp150.2.6.1
php7-sysvsem-7.2.5-lp150.2.6.1
php7-sysvsem-debuginfo-7.2.5-lp150.2.6.1
php7-sysvshm-7.2.5-lp150.2.6.1
php7-sysvshm-debuginfo-7.2.5-lp150.2.6.1
php7-tidy-7.2.5-lp150.2.6.1
php7-tidy-debuginfo-7.2.5-lp150.2.6.1
php7-tokenizer-7.2.5-lp150.2.6.1
php7-tokenizer-debuginfo-7.2.5-lp150.2.6.1
php7-wddx-7.2.5-lp150.2.6.1
php7-wddx-debuginfo-7.2.5-lp150.2.6.1
php7-xmlreader-7.2.5-lp150.2.6.1
php7-xmlreader-debuginfo-7.2.5-lp150.2.6.1
php7-xmlrpc-7.2.5-lp150.2.6.1
php7-xmlrpc-debuginfo-7.2.5-lp150.2.6.1
php7-xmlwriter-7.2.5-lp150.2.6.1
php7-xmlwriter-debuginfo-7.2.5-lp150.2.6.1
php7-xsl-7.2.5-lp150.2.6.1
php7-xsl-debuginfo-7.2.5-lp150.2.6.1
php7-zip-7.2.5-lp150.2.6.1
php7-zip-debuginfo-7.2.5-lp150.2.6.1
php7-zlib-7.2.5-lp150.2.6.1
php7-zlib-debuginfo-7.2.5-lp150.2.6.1

- openSUSE Leap 15.0 (noarch):

php7-pear-7.2.5-lp150.2.6.1
php7-pear-Archive_Tar-7.2.5-lp150.2.6.1


References:

https://www.suse.com/security/cve/CVE-2018-12882.html
https://bugzilla.suse.com/1099098

--


openSUSE-SU-2018:2015-1: moderate: Security update for libopenmpt

openSUSE Security Update: Security update for libopenmpt
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:2015-1
Rating: moderate
References: #1089080 #1095644
Cross-References: CVE-2018-10017 CVE-2018-11710
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for libopenmpt to version 0.3.9 fixes the following issues:

These security issues were fixed:

- CVE-2018-11710: Prevent write near address 0 in out-of-memory situations
when reading AMS files (bsc#1095644)
- CVE-2018-10017: Preven out-of-bounds memory read with IT/ITP/MO3 files
containing pattern loops (bsc#1089080)

These non-security issues were fixed:

- [Bug] openmpt123: Fixed build failure in C++17 due to use of removed
feature std::random_shuffle.
- STM: Having both Bxx and Cxx commands in a pattern imported the Bxx
command incorrectly.
- STM: Last character of sample name was missing.
- Speed up reading of truncated ULT files.
- ULT: Portamento import was sometimes broken.
- The resonant filter was sometimes unstable when combining low-volume
samples, low cutoff and high mixing rates.
- Keep track of active SFx macro during seeking.
- The "note cut" duplicate note action did not volume-ramp the previously
playing sample.
- A song starting with non-existing patterns could not be played.
- DSM: Support restart position and 16-bit samples.
- DTM: Import global volume.

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-742=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

libmodplug-devel-0.3.9-lp150.2.3.1
libmodplug1-0.3.9-lp150.2.3.1
libmodplug1-debuginfo-0.3.9-lp150.2.3.1
libopenmpt-debugsource-0.3.9-lp150.2.3.1
libopenmpt-devel-0.3.9-lp150.2.3.1
libopenmpt0-0.3.9-lp150.2.3.1
libopenmpt0-debuginfo-0.3.9-lp150.2.3.1
libopenmpt_modplug1-0.3.9-lp150.2.3.1
libopenmpt_modplug1-debuginfo-0.3.9-lp150.2.3.1
openmpt123-0.3.9-lp150.2.3.1
openmpt123-debuginfo-0.3.9-lp150.2.3.1

- openSUSE Leap 15.0 (x86_64):

libmodplug1-32bit-0.3.9-lp150.2.3.1
libmodplug1-32bit-debuginfo-0.3.9-lp150.2.3.1
libopenmpt0-32bit-0.3.9-lp150.2.3.1
libopenmpt0-32bit-debuginfo-0.3.9-lp150.2.3.1
libopenmpt_modplug1-32bit-0.3.9-lp150.2.3.1
libopenmpt_modplug1-32bit-debuginfo-0.3.9-lp150.2.3.1


References:

https://www.suse.com/security/cve/CVE-2018-10017.html
https://www.suse.com/security/cve/CVE-2018-11710.html
https://bugzilla.suse.com/1089080
https://bugzilla.suse.com/1095644

--


openSUSE-SU-2018:2019-1: moderate: Security update for rsyslog

openSUSE Security Update: Security update for rsyslog
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:2019-1
Rating: moderate
References: #935393
Cross-References: CVE-2015-3243
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for rsyslog fixes the following security issue:

- CVE-2015-3243: Prevent weak permissions for generated log files, which
allowed local users to obtain sensitive information (bsc#935393).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-738=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

rsyslog-8.33.1-lp150.2.3.2
rsyslog-debuginfo-8.33.1-lp150.2.3.2
rsyslog-debugsource-8.33.1-lp150.2.3.2
rsyslog-diag-tools-8.33.1-lp150.2.3.2
rsyslog-diag-tools-debuginfo-8.33.1-lp150.2.3.2
rsyslog-doc-8.33.1-lp150.2.3.2
rsyslog-module-dbi-8.33.1-lp150.2.3.2
rsyslog-module-dbi-debuginfo-8.33.1-lp150.2.3.2
rsyslog-module-elasticsearch-8.33.1-lp150.2.3.2
rsyslog-module-elasticsearch-debuginfo-8.33.1-lp150.2.3.2
rsyslog-module-gcrypt-8.33.1-lp150.2.3.2
rsyslog-module-gcrypt-debuginfo-8.33.1-lp150.2.3.2
rsyslog-module-gssapi-8.33.1-lp150.2.3.2
rsyslog-module-gssapi-debuginfo-8.33.1-lp150.2.3.2
rsyslog-module-gtls-8.33.1-lp150.2.3.2
rsyslog-module-gtls-debuginfo-8.33.1-lp150.2.3.2
rsyslog-module-mmnormalize-8.33.1-lp150.2.3.2
rsyslog-module-mmnormalize-debuginfo-8.33.1-lp150.2.3.2
rsyslog-module-mysql-8.33.1-lp150.2.3.2
rsyslog-module-mysql-debuginfo-8.33.1-lp150.2.3.2
rsyslog-module-omamqp1-8.33.1-lp150.2.3.2
rsyslog-module-omamqp1-debuginfo-8.33.1-lp150.2.3.2
rsyslog-module-omhttpfs-8.33.1-lp150.2.3.2
rsyslog-module-omhttpfs-debuginfo-8.33.1-lp150.2.3.2
rsyslog-module-omtcl-8.33.1-lp150.2.3.2
rsyslog-module-omtcl-debuginfo-8.33.1-lp150.2.3.2
rsyslog-module-pgsql-8.33.1-lp150.2.3.2
rsyslog-module-pgsql-debuginfo-8.33.1-lp150.2.3.2
rsyslog-module-relp-8.33.1-lp150.2.3.2
rsyslog-module-relp-debuginfo-8.33.1-lp150.2.3.2
rsyslog-module-snmp-8.33.1-lp150.2.3.2
rsyslog-module-snmp-debuginfo-8.33.1-lp150.2.3.2
rsyslog-module-udpspoof-8.33.1-lp150.2.3.2
rsyslog-module-udpspoof-debuginfo-8.33.1-lp150.2.3.2


References:

https://www.suse.com/security/cve/CVE-2015-3243.html
https://bugzilla.suse.com/935393

--


openSUSE-SU-2018:2021-1: moderate: Security update for polkit

openSUSE Security Update: Security update for polkit
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:2021-1
Rating: moderate
References: #1099031
Cross-References: CVE-2018-1116
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for polkit fixes the following issues:

- CVE-2018-1116: Fixed trusting the client-supplied UID which could lead
to a denial of service (too many dialogs) caused by local attackers
(boo#1099031)


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-735=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

libpolkit0-0.113-14.3.1
libpolkit0-debuginfo-0.113-14.3.1
polkit-0.113-14.3.1
polkit-debuginfo-0.113-14.3.1
polkit-debugsource-0.113-14.3.1
polkit-devel-0.113-14.3.1
polkit-devel-debuginfo-0.113-14.3.1
typelib-1_0-Polkit-1_0-0.113-14.3.1

- openSUSE Leap 42.3 (noarch):

polkit-doc-0.113-14.3.1

- openSUSE Leap 42.3 (x86_64):

libpolkit0-32bit-0.113-14.3.1
libpolkit0-debuginfo-32bit-0.113-14.3.1


References:

https://www.suse.com/security/cve/CVE-2018-1116.html
https://bugzilla.suse.com/1099031

--


openSUSE-SU-2018:2023-1: moderate: Security update for mercurial

openSUSE Security Update: Security update for mercurial
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:2023-1
Rating: moderate
References: #1100353 #1100354 #1100355
Cross-References: CVE-2018-13346 CVE-2018-13347 CVE-2018-13348

Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for mercurial fixes the following issues:

Security issues fixed:

- CVE-2018-13348: Fix the mpatch_decode function in mpatch.c that
mishandles certain situations where there should be at least 12 bytes
remaining after thecurrent position in the patch data (boo#1100353).
- CVE-2018-13347: Fix mpatch.c that mishandles integer addition and
subtraction (boo#1100355).
- CVE-2018-13346: Fix the mpatch_apply function in mpatch.c that
incorrectly proceeds in cases where the fragment start is past the end
of the original data (boo#1100354).


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-734=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

mercurial-4.2.3-15.1
mercurial-debuginfo-4.2.3-15.1
mercurial-debugsource-4.2.3-15.1

- openSUSE Leap 42.3 (noarch):

mercurial-lang-4.2.3-15.1


References:

https://www.suse.com/security/cve/CVE-2018-13346.html
https://www.suse.com/security/cve/CVE-2018-13347.html
https://www.suse.com/security/cve/CVE-2018-13348.html
https://bugzilla.suse.com/1100353
https://bugzilla.suse.com/1100354
https://bugzilla.suse.com/1100355

--