The following updates has been released for openSUSE:
openSUSE-SU-2019:1632-1: moderate: Security update for SDL2
openSUSE-SU-2019:1633-1: moderate: Security update for SDL2
openSUSE-SU-2019:1635-1: moderate: Security update for ansible
openSUSE-SU-2019:1637-1: moderate: Security update for compat-openssl098
openSUSE-SU-2019:1638-1: important: Security update for gstreamer-0_10-plugins-base
openSUSE-SU-2019:1639-1: important: Security update for gstreamer-plugins-base
openSUSE-SU-2019:1640-1: moderate: Security update for libssh2_org
openSUSE-SU-2019:1645-1: important: Security update for sqlite3
openSUSE-SU-2019:1646-1: moderate: Security update for wireshark
openSUSE-SU-2019:1649-1: moderate: Security update for exempi
openSUSE-SU-2019:1650-1: important: Security update for glib2
openSUSE-SU-2019:1657-1: moderate: Security update for exempi
openSUSE-SU-2019:1658-1: moderate: Security update for libmediainfo
openSUSE-SU-2019:1632-1: moderate: Security update for SDL2
openSUSE-SU-2019:1633-1: moderate: Security update for SDL2
openSUSE-SU-2019:1635-1: moderate: Security update for ansible
openSUSE-SU-2019:1637-1: moderate: Security update for compat-openssl098
openSUSE-SU-2019:1638-1: important: Security update for gstreamer-0_10-plugins-base
openSUSE-SU-2019:1639-1: important: Security update for gstreamer-plugins-base
openSUSE-SU-2019:1640-1: moderate: Security update for libssh2_org
openSUSE-SU-2019:1645-1: important: Security update for sqlite3
openSUSE-SU-2019:1646-1: moderate: Security update for wireshark
openSUSE-SU-2019:1649-1: moderate: Security update for exempi
openSUSE-SU-2019:1650-1: important: Security update for glib2
openSUSE-SU-2019:1657-1: moderate: Security update for exempi
openSUSE-SU-2019:1658-1: moderate: Security update for libmediainfo
openSUSE-SU-2019:1632-1: moderate: Security update for SDL2
openSUSE Security Update: Security update for SDL2
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1632-1
Rating: moderate
References: #1124825 #1134135
Cross-References: CVE-2019-7637
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for SDL2 fixes the following issues:
- Remove the fix for CVE-2019-7637, the modification of function
SDL_CalculatePitch is only suited for SDL not SDL2, and breaks SDL2
software. (bsc#1134135)
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-1632=1
Package List:
- openSUSE Leap 15.0 (i586 x86_64):
SDL2-debugsource-2.0.8-lp150.2.6.1
libSDL2-2_0-0-2.0.8-lp150.2.6.1
libSDL2-2_0-0-debuginfo-2.0.8-lp150.2.6.1
libSDL2-devel-2.0.8-lp150.2.6.1
- openSUSE Leap 15.0 (x86_64):
libSDL2-2_0-0-32bit-2.0.8-lp150.2.6.1
libSDL2-2_0-0-32bit-debuginfo-2.0.8-lp150.2.6.1
libSDL2-devel-32bit-2.0.8-lp150.2.6.1
References:
https://www.suse.com/security/cve/CVE-2019-7637.html
https://bugzilla.suse.com/1124825
https://bugzilla.suse.com/1134135
--
openSUSE-SU-2019:1633-1: moderate: Security update for SDL2
openSUSE Security Update: Security update for SDL2
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1633-1
Rating: moderate
References: #1124825 #1134135
Cross-References: CVE-2019-7637
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for SDL2 fixes the following issues:
- Remove the fix for CVE-2019-7637, the modification of function
SDL_CalculatePitch is only suited for SDL not SDL2, and breaks SDL2
software. (bsc#1134135)
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2019-1633=1
Package List:
- openSUSE Leap 15.1 (i586 x86_64):
SDL2-debugsource-2.0.8-lp151.4.3.1
libSDL2-2_0-0-2.0.8-lp151.4.3.1
libSDL2-2_0-0-debuginfo-2.0.8-lp151.4.3.1
libSDL2-devel-2.0.8-lp151.4.3.1
- openSUSE Leap 15.1 (x86_64):
libSDL2-2_0-0-32bit-2.0.8-lp151.4.3.1
libSDL2-2_0-0-32bit-debuginfo-2.0.8-lp151.4.3.1
libSDL2-devel-32bit-2.0.8-lp151.4.3.1
References:
https://www.suse.com/security/cve/CVE-2019-7637.html
https://bugzilla.suse.com/1124825
https://bugzilla.suse.com/1134135
--
openSUSE-SU-2019:1635-1: moderate: Security update for ansible
openSUSE Security Update: Security update for ansible
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1635-1
Rating: moderate
References: #1109957 #1112959 #1118896 #1126503
Cross-References: CVE-2018-16837 CVE-2018-16859 CVE-2018-16876
CVE-2019-3828
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.1
openSUSE Leap 15.0
openSUSE Backports SLE-15
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for ansible fixes the following issues:
Ansible was updated to version 2.8.1:
Full changelog is at /usr/share/doc/packages/ansible/changelogs/
- Bugfixes
- ACI - DO not encode query_string
- ACI modules - Fix non-signature authentication
- Add missing directory provided via ``--playbook-dir`` to adjacent
collection loading
- Fix "Interface not found" errors when using eos_l2_interface with
nonexistant interfaces configured
- Fix cannot get credential when `source_auth` set to `credential_file`.
- Fix netconf_config backup string issue
- Fix privilege escalation support for the docker connection plugin when
credentials need to be supplied (e.g. sudo with password).
- Fix vyos cli prompt inspection
- Fixed loading namespaced documentation fragments from collections.
- Fixing bug came up after running cnos_vrf module against coverity.
- Properly handle data importer failures on PVC creation, instead of
timing out.
- To fix the ios static route TC failure in CI
- To fix the nios member module params
- To fix the nios_zone module idempotency failure
- add terminal initial prompt for initial connection
- allow include_role to work with ansible command
- allow python_requirements_facts to report on dependencies containing
dashes
- asa_config fix
- azure_rm_roledefinition - fix a small error in build scope.
- azure_rm_virtualnetworkpeering - fix cross subscriptions virtual
network peering.
- cgroup_perf_recap - When not using file_per_task, make sure we don't
prematurely close the perf files
- display underlying error when reporting an invalid ``tasks:`` block.
- dnf - fix wildcard matching for state: absent
- docker connection plugin - accept version ``dev`` as 'newest version'
and print warning.
- docker_container - ``oom_killer`` and ``oom_score_adj`` options are
available since docker-py 1.8.0, not 2.0.0 as assumed by the version
check.
- docker_container - fix network creation when
``networks_cli_compatible`` is enabled.
- docker_container - use docker API's ``restart`` instead of
``stop``/``start`` to restart a container.
- docker_image - if ``build`` was not specified, the wrong default for
``build.rm`` is used.
- docker_image - if ``nocache`` set to ``yes`` but not
``build.nocache``, the module failed.
- docker_image - module failed when ``source: build`` was set but
``build.path`` options not specified.
- docker_network module - fix idempotency when using ``aux_addresses``
in ``ipam_config``.
- ec2_instance - make Name tag idempotent
- eos: don't fail modules without become set, instead show message and
continue
- eos_config: check for session support when asked to 'diff_against:
session'
- eos_eapi: fix idempotency issues when vrf was unspecified.
- fix bugs for ce - more info see
- fix incorrect uses of to_native that should be to_text instead.
- hcloud_volume - Fix idempotency when attaching a server to a volume.
- ibm_storage - Added a check for null fields in ibm_storage utils
module.
- include_tasks - whitelist ``listen`` as a valid keyword
- k8s - resource updates applied with force work correctly now
- keep results subset also when not no_log.
- meraki_switchport - improve reliability with native VLAN functionality.
- netapp_e_iscsi_target - fix netapp_e_iscsi_target chap secret size and
clearing functionality
- netapp_e_volumes - fix workload profileId indexing when no previous
workload tags exist on the storage array.
- nxos_acl some platforms/versions raise when no ACLs are present
- nxos_facts fix https://github.com/ansible/ansible/pull/57009
- nxos_file_copy fix passwordless workflow
- nxos_interface Fix admin_state check for n6k
- nxos_snmp_traps fix group all for N35 platforms
- nxos_snmp_user fix platform fixes for get_snmp_user
- nxos_vlan mode idempotence bug
- nxos_vlan vlan names containing regex ctl chars should be escaped
- nxos_vtp_* modules fix n6k issues
- openssl_certificate - fix private key passphrase handling for
``cryptography`` backend.
- openssl_pkcs12 - fixes crash when private key has a passphrase and the
module is run a second time.
- os_stack - Apply tags conditionally so that the module does not throw
up an error when using an older distro of openstacksdk
- pass correct loading context to persistent connections other than local
- pkg_mgr - Ansible 2.8.0 failing to install yum packages on Amazon Linux
- postgresql - added initial SSL related tests
- postgresql - added missing_required_libs, removed excess param mapping
- postgresql - move connect_to_db and get_pg_version into
module_utils/postgres.py
(https://github.com/ansible/ansible/pull/55514)
- postgresql_db - add note to the documentation about state dump and the
incorrect rc (https://github.com/ansible/ansible/pull/57297)
- postgresql_db - fix for postgresql_db fails if stderr contains output
- postgresql_ping - fixed a typo in the module documentation
- preserve actual ssh error when we cannot connect.
- route53_facts - the module did not advertise check mode support,
causing it not to be run in check mode.
- sysctl: the module now also checks the output of STDERR to report if
values are correctly set
(https://github.com/ansible/ansible/pull/55695)
- ufw - correctly check status when logging is off
- uri - always return a value for status even during failure
- urls - Handle redirects properly for IPv6 address by not splitting on
``:`` and rely on already parsed hostname and port values
- vmware_vm_facts - fix the support with regular ESXi
- vyos_interface fix https://github.com/ansible/ansible/pull/57169
- we don't really need to template vars on definition as we do this on
demand in templating.
- win_acl - Fix qualifier parser when using UNC paths -
- win_hostname - Fix non netbios compliant name handling
- winrm - Fix issue when attempting to parse CLIXML on send input failure
- xenserver_guest - fixed an issue where VM whould be powered off even
though check mode is used if reconfiguration requires VM to be powered
off.
- xenserver_guest - proper error message is shown when maximum number of
network interfaces is reached and multiple network interfaces are
added at
once.
- yum - Fix false error message about autoremove not being supported
- yum - fix failure when using ``update_cache`` standalone
- yum - handle special "_none_" value for proxy in yum.conf and .repo
files
Update to version 2.8.0
Major changes:
* Experimental support for Ansible Collections and content namespacing -
Ansible content can now be packaged in a collection and addressed via
namespaces. This allows for easier sharing, distribution, and
installation
of bundled modules/roles/plugins, and consistent rules for accessing
specific content via namespaces.
* Python interpreter discovery - The first time a Python module runs on
a target, Ansible will attempt to discover the proper default Python
interpreter to use for the target platform/version (instead of
immediately defaulting to /usr/bin/python). You can override this
behavior by setting ansible_python_interpreter or via config. (see
https://github.com/ansible/ansible/pull/50163)
* become - The deprecated CLI arguments for --sudo, --sudo-user,
--ask-sudo-pass, -su, --su-user, and --ask-su-pass have been removed,
in favor of the more generic --become, --become-user,
--become-method, and
--ask-become-pass.
* become - become functionality has been migrated to a plugin
architecture, to allow customization of become functionality and 3rd
party become methods (https://github.com/ansible/ansible/pull/50991)
- addresses CVE-2018-16859, CVE-2018-16876, CVE-2019-3828, CVE-2018-16837
For the full changelog see /usr/share/doc/packages/ansible/changelogs or
online:
https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.
8.rst
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2019-1635=1
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2019-1635=1
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-1635=1
- openSUSE Backports SLE-15:
zypper in -t patch openSUSE-2019-1635=1
- SUSE Package Hub for SUSE Linux Enterprise 12:
zypper in -t patch openSUSE-2019-1635=1
Package List:
- openSUSE Leap 42.3 (noarch):
ansible-2.8.1-12.1
- openSUSE Leap 15.1 (noarch):
ansible-2.8.1-lp151.2.3.1
- openSUSE Leap 15.0 (noarch):
ansible-2.8.1-lp150.2.6.1
- openSUSE Backports SLE-15 (noarch):
ansible-2.8.1-bp150.3.9.1
- SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):
ansible-2.8.1-12.1
References:
https://www.suse.com/security/cve/CVE-2018-16837.html
https://www.suse.com/security/cve/CVE-2018-16859.html
https://www.suse.com/security/cve/CVE-2018-16876.html
https://www.suse.com/security/cve/CVE-2019-3828.html
https://bugzilla.suse.com/1109957
https://bugzilla.suse.com/1112959
https://bugzilla.suse.com/1118896
https://bugzilla.suse.com/1126503
--
openSUSE-SU-2019:1637-1: moderate: Security update for compat-openssl098
openSUSE Security Update: Security update for compat-openssl098
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1637-1
Rating: moderate
References: #1117951 #1127080 #1131291
Cross-References: CVE-2019-1559
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that solves one vulnerability and has two fixes
is now available.
Description:
This update for compat-openssl098 fixes the following issues:
- CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown
(bsc#1127080)
- Reject invalid EC point coordinates (bsc#1131291)
- Fixed "The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS
Implementations" (bsc#1117951)
This update was imported from the SUSE:SLE-12:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2019-1637=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
compat-openssl098-debugsource-0.9.8j-30.1
libopenssl0_9_8-0.9.8j-30.1
libopenssl0_9_8-debuginfo-0.9.8j-30.1
- openSUSE Leap 42.3 (x86_64):
libopenssl0_9_8-32bit-0.9.8j-30.1
libopenssl0_9_8-debuginfo-32bit-0.9.8j-30.1
References:
https://www.suse.com/security/cve/CVE-2019-1559.html
https://bugzilla.suse.com/1117951
https://bugzilla.suse.com/1127080
https://bugzilla.suse.com/1131291
--
openSUSE-SU-2019:1638-1: important: Security update for gstreamer-0_10-plugins-base
openSUSE Security Update: Security update for gstreamer-0_10-plugins-base
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1638-1
Rating: important
References: #1133375
Cross-References: CVE-2019-9928
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for gstreamer-0_10-plugins-base fixes the following issues:
Security issue fixed:
- CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser
(bsc#1133375).
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2019-1638=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
gstreamer-0_10-plugin-gnomevfs-0.10.36-18.3.1
gstreamer-0_10-plugin-gnomevfs-debuginfo-0.10.36-18.3.1
gstreamer-0_10-plugins-base-0.10.36-18.3.1
gstreamer-0_10-plugins-base-debuginfo-0.10.36-18.3.1
gstreamer-0_10-plugins-base-debugsource-0.10.36-18.3.1
gstreamer-0_10-plugins-base-devel-0.10.36-18.3.1
gstreamer-0_10-plugins-base-doc-0.10.36-18.3.1
libgstapp-0_10-0-0.10.36-18.3.1
libgstapp-0_10-0-debuginfo-0.10.36-18.3.1
libgstinterfaces-0_10-0-0.10.36-18.3.1
libgstinterfaces-0_10-0-debuginfo-0.10.36-18.3.1
typelib-1_0-GstApp-0_10-0.10.36-18.3.1
typelib-1_0-GstInterfaces-0_10-0.10.36-18.3.1
- openSUSE Leap 42.3 (noarch):
gstreamer-0_10-plugins-base-lang-0.10.36-18.3.1
- openSUSE Leap 42.3 (x86_64):
gstreamer-0_10-plugins-base-32bit-0.10.36-18.3.1
gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.36-18.3.1
libgstapp-0_10-0-32bit-0.10.36-18.3.1
libgstapp-0_10-0-debuginfo-32bit-0.10.36-18.3.1
libgstinterfaces-0_10-0-32bit-0.10.36-18.3.1
libgstinterfaces-0_10-0-debuginfo-32bit-0.10.36-18.3.1
References:
https://www.suse.com/security/cve/CVE-2019-9928.html
https://bugzilla.suse.com/1133375
--
openSUSE-SU-2019:1639-1: important: Security update for gstreamer-plugins-base
openSUSE Security Update: Security update for gstreamer-plugins-base
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1639-1
Rating: important
References: #1133375
Cross-References: CVE-2019-9928
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for gstreamer-plugins-base fixes the following issue: Security
issue fixed:
- CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser
(bsc#1133375).
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2019-1639=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
gstreamer-plugins-base-1.8.3-8.3.1
gstreamer-plugins-base-debuginfo-1.8.3-8.3.1
gstreamer-plugins-base-debugsource-1.8.3-8.3.1
gstreamer-plugins-base-devel-1.8.3-8.3.1
gstreamer-plugins-base-doc-1.8.3-8.3.1
libgstallocators-1_0-0-1.8.3-8.3.1
libgstallocators-1_0-0-debuginfo-1.8.3-8.3.1
libgstapp-1_0-0-1.8.3-8.3.1
libgstapp-1_0-0-debuginfo-1.8.3-8.3.1
libgstaudio-1_0-0-1.8.3-8.3.1
libgstaudio-1_0-0-debuginfo-1.8.3-8.3.1
libgstfft-1_0-0-1.8.3-8.3.1
libgstfft-1_0-0-debuginfo-1.8.3-8.3.1
libgstpbutils-1_0-0-1.8.3-8.3.1
libgstpbutils-1_0-0-debuginfo-1.8.3-8.3.1
libgstriff-1_0-0-1.8.3-8.3.1
libgstriff-1_0-0-debuginfo-1.8.3-8.3.1
libgstrtp-1_0-0-1.8.3-8.3.1
libgstrtp-1_0-0-debuginfo-1.8.3-8.3.1
libgstrtsp-1_0-0-1.8.3-8.3.1
libgstrtsp-1_0-0-debuginfo-1.8.3-8.3.1
libgstsdp-1_0-0-1.8.3-8.3.1
libgstsdp-1_0-0-debuginfo-1.8.3-8.3.1
libgsttag-1_0-0-1.8.3-8.3.1
libgsttag-1_0-0-debuginfo-1.8.3-8.3.1
libgstvideo-1_0-0-1.8.3-8.3.1
libgstvideo-1_0-0-debuginfo-1.8.3-8.3.1
typelib-1_0-GstAllocators-1_0-1.8.3-8.3.1
typelib-1_0-GstApp-1_0-1.8.3-8.3.1
typelib-1_0-GstAudio-1_0-1.8.3-8.3.1
typelib-1_0-GstFft-1_0-1.8.3-8.3.1
typelib-1_0-GstPbutils-1_0-1.8.3-8.3.1
typelib-1_0-GstRtp-1_0-1.8.3-8.3.1
typelib-1_0-GstRtsp-1_0-1.8.3-8.3.1
typelib-1_0-GstSdp-1_0-1.8.3-8.3.1
typelib-1_0-GstTag-1_0-1.8.3-8.3.1
typelib-1_0-GstVideo-1_0-1.8.3-8.3.1
- openSUSE Leap 42.3 (x86_64):
gstreamer-plugins-base-32bit-1.8.3-8.3.1
gstreamer-plugins-base-debuginfo-32bit-1.8.3-8.3.1
gstreamer-plugins-base-devel-32bit-1.8.3-8.3.1
libgstallocators-1_0-0-32bit-1.8.3-8.3.1
libgstallocators-1_0-0-debuginfo-32bit-1.8.3-8.3.1
libgstapp-1_0-0-32bit-1.8.3-8.3.1
libgstapp-1_0-0-debuginfo-32bit-1.8.3-8.3.1
libgstaudio-1_0-0-32bit-1.8.3-8.3.1
libgstaudio-1_0-0-debuginfo-32bit-1.8.3-8.3.1
libgstfft-1_0-0-32bit-1.8.3-8.3.1
libgstfft-1_0-0-debuginfo-32bit-1.8.3-8.3.1
libgstpbutils-1_0-0-32bit-1.8.3-8.3.1
libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-8.3.1
libgstriff-1_0-0-32bit-1.8.3-8.3.1
libgstriff-1_0-0-debuginfo-32bit-1.8.3-8.3.1
libgstrtp-1_0-0-32bit-1.8.3-8.3.1
libgstrtp-1_0-0-debuginfo-32bit-1.8.3-8.3.1
libgstrtsp-1_0-0-32bit-1.8.3-8.3.1
libgstrtsp-1_0-0-debuginfo-32bit-1.8.3-8.3.1
libgstsdp-1_0-0-32bit-1.8.3-8.3.1
libgstsdp-1_0-0-debuginfo-32bit-1.8.3-8.3.1
libgsttag-1_0-0-32bit-1.8.3-8.3.1
libgsttag-1_0-0-debuginfo-32bit-1.8.3-8.3.1
libgstvideo-1_0-0-32bit-1.8.3-8.3.1
libgstvideo-1_0-0-debuginfo-32bit-1.8.3-8.3.1
- openSUSE Leap 42.3 (noarch):
gstreamer-plugins-base-lang-1.8.3-8.3.1
References:
https://www.suse.com/security/cve/CVE-2019-9928.html
https://bugzilla.suse.com/1133375
--
openSUSE-SU-2019:1640-1: moderate: Security update for libssh2_org
openSUSE Security Update: Security update for libssh2_org
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1640-1
Rating: moderate
References: #1128481 #1136570
Cross-References: CVE-2019-3860
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for libssh2_org fixes the following issues:
- Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481)
(Out-of-bounds reads with specially crafted SFTP packets)
This update was imported from the SUSE:SLE-12:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2019-1640=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
libssh2-1-1.4.3-19.9.1
libssh2-1-debuginfo-1.4.3-19.9.1
libssh2-devel-1.4.3-19.9.1
libssh2_org-debugsource-1.4.3-19.9.1
- openSUSE Leap 42.3 (x86_64):
libssh2-1-32bit-1.4.3-19.9.1
libssh2-1-debuginfo-32bit-1.4.3-19.9.1
References:
https://www.suse.com/security/cve/CVE-2019-3860.html
https://bugzilla.suse.com/1128481
https://bugzilla.suse.com/1136570
--
openSUSE-SU-2019:1645-1: important: Security update for sqlite3
openSUSE Security Update: Security update for sqlite3
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1645-1
Rating: important
References: #1136976
Cross-References: CVE-2019-8457
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for sqlite3 fixes the following issues:
Security issue fixed:
- CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when
handling invalid rtree tables (bsc#1136976).
This update was imported from the SUSE:SLE-12-SP1:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2019-1645=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
libsqlite3-0-3.8.10.2-11.10.1
libsqlite3-0-debuginfo-3.8.10.2-11.10.1
sqlite3-3.8.10.2-11.10.1
sqlite3-debuginfo-3.8.10.2-11.10.1
sqlite3-debugsource-3.8.10.2-11.10.1
sqlite3-devel-3.8.10.2-11.10.1
- openSUSE Leap 42.3 (x86_64):
libsqlite3-0-32bit-3.8.10.2-11.10.1
libsqlite3-0-debuginfo-32bit-3.8.10.2-11.10.1
- openSUSE Leap 42.3 (noarch):
sqlite3-doc-3.8.10.2-11.10.1
References:
https://www.suse.com/security/cve/CVE-2019-8457.html
https://bugzilla.suse.com/1136976
--
openSUSE-SU-2019:1646-1: moderate: Security update for wireshark
openSUSE Security Update: Security update for wireshark
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1646-1
Rating: moderate
References: #1136021
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for wireshark to version 2.4.15 fixes the following issues:
Security issue fixed:
- Fixed a denial of service in the dissection engine (bsc#1136021).
This update was imported from the SUSE:SLE-12:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2019-1646=1
Package List:
- openSUSE Leap 42.3 (x86_64):
libwireshark9-2.4.15-56.1
libwireshark9-debuginfo-2.4.15-56.1
libwiretap7-2.4.15-56.1
libwiretap7-debuginfo-2.4.15-56.1
libwscodecs1-2.4.15-56.1
libwscodecs1-debuginfo-2.4.15-56.1
libwsutil8-2.4.15-56.1
libwsutil8-debuginfo-2.4.15-56.1
wireshark-2.4.15-56.1
wireshark-debuginfo-2.4.15-56.1
wireshark-debugsource-2.4.15-56.1
wireshark-devel-2.4.15-56.1
wireshark-gtk-2.4.15-56.1
wireshark-gtk-debuginfo-2.4.15-56.1
wireshark-ui-qt-2.4.15-56.1
wireshark-ui-qt-debuginfo-2.4.15-56.1
References:
https://bugzilla.suse.com/1136021
--
openSUSE-SU-2019:1649-1: moderate: Security update for exempi
openSUSE Security Update: Security update for exempi
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1649-1
Rating: moderate
References: #1098946
Cross-References: CVE-2018-12648
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for exempi fixes the following issues:
- CVE-2018-12648: Fixed a NULL pointer dereference (crash) issue when
processing webp files (bsc#1098946).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-1649=1
Package List:
- openSUSE Leap 15.0 (i586 x86_64):
exempi-debugsource-2.4.5-lp150.2.3.1
exempi-tools-2.4.5-lp150.2.3.1
exempi-tools-debuginfo-2.4.5-lp150.2.3.1
libexempi-devel-2.4.5-lp150.2.3.1
libexempi3-2.4.5-lp150.2.3.1
libexempi3-debuginfo-2.4.5-lp150.2.3.1
- openSUSE Leap 15.0 (x86_64):
libexempi3-32bit-2.4.5-lp150.2.3.1
libexempi3-32bit-debuginfo-2.4.5-lp150.2.3.1
References:
https://www.suse.com/security/cve/CVE-2018-12648.html
https://bugzilla.suse.com/1098946
--
openSUSE-SU-2019:1650-1: important: Security update for glib2
openSUSE Security Update: Security update for glib2
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1650-1
Rating: important
References: #1103678 #1137001
Cross-References: CVE-2019-12450
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for glib2 fixes the following issues:
Security issue fixed:
- CVE-2019-12450: Fixed an improper file permission when copy operation
takes place (bsc#1137001).
Other issue addressed:
- glib2 was handling an UNKNOWN connectivity state from NetworkManager as
if there was a connection thus giving false positives to PackageKit
(bsc#1103678)
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-1650=1
Package List:
- openSUSE Leap 15.0 (i586 x86_64):
glib2-debugsource-2.54.3-lp150.3.10.1
glib2-devel-2.54.3-lp150.3.10.1
glib2-devel-debuginfo-2.54.3-lp150.3.10.1
glib2-devel-static-2.54.3-lp150.3.10.1
glib2-tools-2.54.3-lp150.3.10.1
glib2-tools-debuginfo-2.54.3-lp150.3.10.1
libgio-2_0-0-2.54.3-lp150.3.10.1
libgio-2_0-0-debuginfo-2.54.3-lp150.3.10.1
libgio-fam-2.54.3-lp150.3.10.1
libgio-fam-debuginfo-2.54.3-lp150.3.10.1
libglib-2_0-0-2.54.3-lp150.3.10.1
libglib-2_0-0-debuginfo-2.54.3-lp150.3.10.1
libgmodule-2_0-0-2.54.3-lp150.3.10.1
libgmodule-2_0-0-debuginfo-2.54.3-lp150.3.10.1
libgobject-2_0-0-2.54.3-lp150.3.10.1
libgobject-2_0-0-debuginfo-2.54.3-lp150.3.10.1
libgthread-2_0-0-2.54.3-lp150.3.10.1
libgthread-2_0-0-debuginfo-2.54.3-lp150.3.10.1
- openSUSE Leap 15.0 (noarch):
gio-branding-upstream-2.54.3-lp150.3.10.1
glib2-lang-2.54.3-lp150.3.10.1
- openSUSE Leap 15.0 (x86_64):
glib2-devel-32bit-2.54.3-lp150.3.10.1
glib2-devel-32bit-debuginfo-2.54.3-lp150.3.10.1
glib2-tools-32bit-2.54.3-lp150.3.10.1
glib2-tools-32bit-debuginfo-2.54.3-lp150.3.10.1
libgio-2_0-0-32bit-2.54.3-lp150.3.10.1
libgio-2_0-0-32bit-debuginfo-2.54.3-lp150.3.10.1
libgio-fam-32bit-2.54.3-lp150.3.10.1
libgio-fam-32bit-debuginfo-2.54.3-lp150.3.10.1
libglib-2_0-0-32bit-2.54.3-lp150.3.10.1
libglib-2_0-0-32bit-debuginfo-2.54.3-lp150.3.10.1
libgmodule-2_0-0-32bit-2.54.3-lp150.3.10.1
libgmodule-2_0-0-32bit-debuginfo-2.54.3-lp150.3.10.1
libgobject-2_0-0-32bit-2.54.3-lp150.3.10.1
libgobject-2_0-0-32bit-debuginfo-2.54.3-lp150.3.10.1
libgthread-2_0-0-32bit-2.54.3-lp150.3.10.1
libgthread-2_0-0-32bit-debuginfo-2.54.3-lp150.3.10.1
References:
https://www.suse.com/security/cve/CVE-2019-12450.html
https://bugzilla.suse.com/1103678
https://bugzilla.suse.com/1137001
--
openSUSE-SU-2019:1657-1: moderate: Security update for exempi
openSUSE Security Update: Security update for exempi
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1657-1
Rating: moderate
References: #1098946
Cross-References: CVE-2018-12648
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for exempi fixes the following issues:
- CVE-2018-12648: Fixed a NULL pointer dereference (crash) issue when
processing webp files (bsc#1098946).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2019-1657=1
Package List:
- openSUSE Leap 15.1 (i586 x86_64):
exempi-debugsource-2.4.5-lp151.3.3.1
exempi-tools-2.4.5-lp151.3.3.1
exempi-tools-debuginfo-2.4.5-lp151.3.3.1
libexempi-devel-2.4.5-lp151.3.3.1
libexempi3-2.4.5-lp151.3.3.1
libexempi3-debuginfo-2.4.5-lp151.3.3.1
- openSUSE Leap 15.1 (x86_64):
libexempi3-32bit-2.4.5-lp151.3.3.1
libexempi3-32bit-debuginfo-2.4.5-lp151.3.3.1
References:
https://www.suse.com/security/cve/CVE-2018-12648.html
https://bugzilla.suse.com/1098946
--
openSUSE-SU-2019:1658-1: moderate: Security update for libmediainfo
openSUSE Security Update: Security update for libmediainfo
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1658-1
Rating: moderate
References: #1133156 #1133157
Cross-References: CVE-2019-11372 CVE-2019-11373
Affected Products:
openSUSE Backports SLE-15
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for libmediainfo fixes the following issues:
* CVE-2019-11373: Fixed out-of-bounds read in function
File__Analyze:Get_L8 (boo#1133156)
* CVE-2019-11372: Fixed out-of-bounds read in function
MediaInfoLib:File__Tags_Helper:Synched_Test (boo#1133157)
This update was imported from the openSUSE:Leap:15.0:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15:
zypper in -t patch openSUSE-2019-1658=1
Package List:
- openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):
libmediainfo-devel-18.03-bp150.3.6.1
libmediainfo0-18.03-bp150.3.6.1
- openSUSE Backports SLE-15 (aarch64_ilp32):
libmediainfo0-64bit-18.03-bp150.3.6.1
References:
https://www.suse.com/security/cve/CVE-2019-11372.html
https://www.suse.com/security/cve/CVE-2019-11373.html
https://bugzilla.suse.com/1133156
https://bugzilla.suse.com/1133157
--
