SUSE 5145 Published by

The following updates has been released for openSUSE:

openSUSE-SU-2019:1371-1: important: Security update for python3
openSUSE-SU-2019:1372-1: moderate: Security update for sqlite3
openSUSE-SU-2019:1373-1: moderate: Security update for openssl
openSUSE-SU-2019:1374-1: important: Security update for webkit2gtk3



openSUSE-SU-2019:1371-1: important: Security update for python3

openSUSE Security Update: Security update for python3
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1371-1
Rating: important
References: #1129346
Cross-References: CVE-2019-9636
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for python3 fixes the following issues:

Security issue fixed:

- CVE-2019-9636: Fixed an information disclosure because of incorrect
handling of Unicode encoding during NFKC normalization (bsc#1129346).

This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1371=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

libpython3_4m1_0-3.4.6-12.10.1
libpython3_4m1_0-debuginfo-3.4.6-12.10.1
python3-3.4.6-12.10.2
python3-base-3.4.6-12.10.1
python3-base-debuginfo-3.4.6-12.10.1
python3-base-debugsource-3.4.6-12.10.1
python3-curses-3.4.6-12.10.2
python3-curses-debuginfo-3.4.6-12.10.2
python3-dbm-3.4.6-12.10.2
python3-dbm-debuginfo-3.4.6-12.10.2
python3-debuginfo-3.4.6-12.10.2
python3-debugsource-3.4.6-12.10.2
python3-devel-3.4.6-12.10.1
python3-devel-debuginfo-3.4.6-12.10.1
python3-idle-3.4.6-12.10.1
python3-testsuite-3.4.6-12.10.1
python3-testsuite-debuginfo-3.4.6-12.10.1
python3-tk-3.4.6-12.10.2
python3-tk-debuginfo-3.4.6-12.10.2
python3-tools-3.4.6-12.10.1

- openSUSE Leap 42.3 (x86_64):

libpython3_4m1_0-32bit-3.4.6-12.10.1
libpython3_4m1_0-debuginfo-32bit-3.4.6-12.10.1
python3-32bit-3.4.6-12.10.2
python3-base-32bit-3.4.6-12.10.1
python3-base-debuginfo-32bit-3.4.6-12.10.1
python3-debuginfo-32bit-3.4.6-12.10.2


References:

https://www.suse.com/security/cve/CVE-2019-9636.html
https://bugzilla.suse.com/1129346

--


openSUSE-SU-2019:1372-1: moderate: Security update for sqlite3

openSUSE Security Update: Security update for sqlite3
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1372-1
Rating: moderate
References: #1130325 #1130326
Cross-References: CVE-2019-9936 CVE-2019-9937
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for sqlite3 to version 3.28.0 fixes the following issues:

Security issues fixed:

- CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5
prefix queries inside transaction (bsc#1130326).
- CVE-2019-9937: Fixed a denial of service related to interleaving reads
and writes in a single transaction with an fts5 virtual table
(bsc#1130325).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1372=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

libsqlite3-0-3.28.0-lp150.2.6.1
libsqlite3-0-debuginfo-3.28.0-lp150.2.6.1
sqlite3-3.28.0-lp150.2.6.1
sqlite3-debuginfo-3.28.0-lp150.2.6.1
sqlite3-debugsource-3.28.0-lp150.2.6.1
sqlite3-devel-3.28.0-lp150.2.6.1

- openSUSE Leap 15.0 (x86_64):

libsqlite3-0-32bit-3.28.0-lp150.2.6.1
libsqlite3-0-32bit-debuginfo-3.28.0-lp150.2.6.1

- openSUSE Leap 15.0 (noarch):

sqlite3-doc-3.28.0-lp150.2.6.1


References:

https://www.suse.com/security/cve/CVE-2019-9936.html
https://www.suse.com/security/cve/CVE-2019-9937.html
https://bugzilla.suse.com/1130325
https://bugzilla.suse.com/1130326

--


openSUSE-SU-2019:1373-1: moderate: Security update for openssl

openSUSE Security Update: Security update for openssl
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1373-1
Rating: moderate
References: #1131291
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that contains security fixes can now be installed.

Description:

This update for openssl fixes the following issues:

- Reject invalid EC point coordinates (bsc#1131291)

This helps openssl using services that do not do this verification on
their own.

This update was imported from the SUSE:SLE-12-SP2:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1373=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

libopenssl-devel-1.0.2j-38.1
libopenssl1_0_0-1.0.2j-38.1
libopenssl1_0_0-debuginfo-1.0.2j-38.1
libopenssl1_0_0-hmac-1.0.2j-38.1
openssl-1.0.2j-38.1
openssl-cavs-1.0.2j-38.1
openssl-cavs-debuginfo-1.0.2j-38.1
openssl-debuginfo-1.0.2j-38.1
openssl-debugsource-1.0.2j-38.1

- openSUSE Leap 42.3 (noarch):

openssl-doc-1.0.2j-38.1

- openSUSE Leap 42.3 (x86_64):

libopenssl-devel-32bit-1.0.2j-38.1
libopenssl1_0_0-32bit-1.0.2j-38.1
libopenssl1_0_0-debuginfo-32bit-1.0.2j-38.1
libopenssl1_0_0-hmac-32bit-1.0.2j-38.1


References:

https://bugzilla.suse.com/1131291

--


openSUSE-SU-2019:1374-1: important: Security update for webkit2gtk3

openSUSE Security Update: Security update for webkit2gtk3
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1374-1
Rating: important
References: #1132256
Cross-References: CVE-2019-11070 CVE-2019-6201 CVE-2019-6251
CVE-2019-7285 CVE-2019-7292 CVE-2019-8503
CVE-2019-8506 CVE-2019-8515 CVE-2019-8518
CVE-2019-8523 CVE-2019-8524 CVE-2019-8535
CVE-2019-8536 CVE-2019-8544 CVE-2019-8551
CVE-2019-8558 CVE-2019-8559 CVE-2019-8563

Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes 18 vulnerabilities is now available.

Description:

This update for webkit2gtk3 to version 2.24.1 fixes the following issues:

Security issues fixed:

- CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292,
CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8518,
CVE-2019-8523, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536,
CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559,
CVE-2019-8563, CVE-2019-11070 (bsc#1132256).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1374=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

libjavascriptcoregtk-4_0-18-2.24.1-lp150.2.19.1
libjavascriptcoregtk-4_0-18-debuginfo-2.24.1-lp150.2.19.1
libwebkit2gtk-4_0-37-2.24.1-lp150.2.19.1
libwebkit2gtk-4_0-37-debuginfo-2.24.1-lp150.2.19.1
typelib-1_0-JavaScriptCore-4_0-2.24.1-lp150.2.19.1
typelib-1_0-WebKit2-4_0-2.24.1-lp150.2.19.1
typelib-1_0-WebKit2WebExtension-4_0-2.24.1-lp150.2.19.1
webkit-jsc-4-2.24.1-lp150.2.19.1
webkit-jsc-4-debuginfo-2.24.1-lp150.2.19.1
webkit2gtk-4_0-injected-bundles-2.24.1-lp150.2.19.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.24.1-lp150.2.19.1
webkit2gtk3-debugsource-2.24.1-lp150.2.19.1
webkit2gtk3-devel-2.24.1-lp150.2.19.1
webkit2gtk3-minibrowser-2.24.1-lp150.2.19.1
webkit2gtk3-minibrowser-debuginfo-2.24.1-lp150.2.19.1
webkit2gtk3-plugin-process-gtk2-2.24.1-lp150.2.19.1
webkit2gtk3-plugin-process-gtk2-debuginfo-2.24.1-lp150.2.19.1

- openSUSE Leap 15.0 (x86_64):

libjavascriptcoregtk-4_0-18-32bit-2.24.1-lp150.2.19.1
libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.24.1-lp150.2.19.1
libwebkit2gtk-4_0-37-32bit-2.24.1-lp150.2.19.1
libwebkit2gtk-4_0-37-32bit-debuginfo-2.24.1-lp150.2.19.1

- openSUSE Leap 15.0 (noarch):

libwebkit2gtk3-lang-2.24.1-lp150.2.19.1


References:

https://www.suse.com/security/cve/CVE-2019-11070.html
https://www.suse.com/security/cve/CVE-2019-6201.html
https://www.suse.com/security/cve/CVE-2019-6251.html
https://www.suse.com/security/cve/CVE-2019-7285.html
https://www.suse.com/security/cve/CVE-2019-7292.html
https://www.suse.com/security/cve/CVE-2019-8503.html
https://www.suse.com/security/cve/CVE-2019-8506.html
https://www.suse.com/security/cve/CVE-2019-8515.html
https://www.suse.com/security/cve/CVE-2019-8518.html
https://www.suse.com/security/cve/CVE-2019-8523.html
https://www.suse.com/security/cve/CVE-2019-8524.html
https://www.suse.com/security/cve/CVE-2019-8535.html
https://www.suse.com/security/cve/CVE-2019-8536.html
https://www.suse.com/security/cve/CVE-2019-8544.html
https://www.suse.com/security/cve/CVE-2019-8551.html
https://www.suse.com/security/cve/CVE-2019-8558.html
https://www.suse.com/security/cve/CVE-2019-8559.html
https://www.suse.com/security/cve/CVE-2019-8563.html
https://bugzilla.suse.com/1132256

--