Marcus Updateinfo to OVAL Converter 5.5 2017-03-01T04:05:35 openSUSE 13.2 Shotwell was updated to fix the following issues: * boo#958382: Shotwell did not perform TLS certificate verification when publishing photos to external services Also contains all upstream bug fixes and improvements in the current upstream version. (Moderate) SUSE bug 958382 openSUSE 13.2 The IRC client irssi was updated to 0.8.20, fixing various bugs and security issues. * CVE-2016-7044: The unformat_24bit_color function in the format parsing code in Irssi, when compiled with true-color enabled, allowed remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code. * CVE-2016-7045: The format_send_to_gui function in the format parsing code in Irssi allowed remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string. See https://irssi.org/security/irssi_sa_2016.txt for more details. * CVE-2016-7553: A information disclosure vulnerability in irssi buf.pl See https://irssi.org/2016/09/22/buf.pl-update/ for more information. (Moderate) SUSE bug 1001215 SUSE bug 999199 CVE-2016-7044 CVE-2016-7045 CVE-2016-7553 openSUSE 13.2 Chromium was updated to 54.0.2840.59 to fix security issues and bugs. The following security issues are fixed (bnc#1004465): - CVE-2016-5181: Universal XSS in Blink - CVE-2016-5182: Heap overflow in Blink - CVE-2016-5183: Use after free in PDFium - CVE-2016-5184: Use after free in PDFium - CVE-2016-5185: Use after free in Blink - CVE-2016-5187: URL spoofing - CVE-2016-5188: UI spoofing - CVE-2016-5192: Cross-origin bypass in Blink - CVE-2016-5189: URL spoofing - CVE-2016-5186: Out of bounds read in DevTools - CVE-2016-5191: Universal XSS in Bookmarks - CVE-2016-5190: Use after free in Internals - CVE-2016-5193: Scheme bypass The following bugs were fixed: - bnc#1000019: display issues in full screen mode, add --ui-disable-partial-swap to the launcher The following packaging changes are included: - The desktop sub-packages are no obsolete - The package now uses the system variants of some bundled libraries - The hangouts extension is now built (Important) SUSE bug 1000019 SUSE bug 1004465 CVE-2016-5181 CVE-2016-5182 CVE-2016-5183 CVE-2016-5184 CVE-2016-5185 CVE-2016-5186 CVE-2016-5187 CVE-2016-5188 CVE-2016-5189 CVE-2016-5190 CVE-2016-5191 CVE-2016-5192 CVE-2016-5193 openSUSE 13.2 Mozilla Firefox was updated to 49.0.2 to fix two security issues a some bugs. The following vulnerabilities were fixed: * CVE-2016-5287: Crash in nsTArray_base (bsc#1006475) * CVE-2016-5288: Web content can read cache entries (bsc#1006476) The following changes and fixes are included: * Asynchronous rendering of the Flash plugins is now enabled by default * Change D3D9 default fallback preference to prevent graphical artifacts * Network issue prevents some users from seeing the Firefox UI on startup * Web compatibility issue with file uploads * Web compatibility issue with Array.prototype.values * Diagnostic information on timing for tab switching * Fix a Canvas filters graphics issue affecting HTML5 apps (Important) SUSE bug 1006475 SUSE bug 1006476 SUSE bug 1304783 CVE-2016-5287 CVE-2016-5288 openSUSE 13.2 These are all security issues found in the FastCGI Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-2766 openSUSE 13.2 These are all security issues found in the GraphicsMagick-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-1882 CVE-2009-3736 CVE-2012-3438 openSUSE 13.2 These are all security issues found in the ImageMagick Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-0247 CVE-2012-0248 CVE-2012-1185 CVE-2012-1186 openSUSE 13.2 These are all security issues found in the MozillaFirefox Package on the GA media of openSUSE 13.2. (Moderate) CVE-2008-5913 CVE-2009-0040 CVE-2009-0652 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 CVE-2009-0777 CVE-2009-1044 CVE-2009-1169 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1310 CVE-2009-1311 CVE-2009-1312 CVE-2009-1313 CVE-2009-1563 CVE-2009-2470 CVE-2009-2654 CVE-2009-3069 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3073 CVE-2009-3074 CVE-2009-3075 CVE-2009-3077 CVE-2009-3078 CVE-2009-3079 CVE-2009-3274 CVE-2009-3370 CVE-2009-3371 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3377 CVE-2009-3378 CVE-2009-3379 CVE-2009-3380 CVE-2009-3381 CVE-2009-3383 CVE-2009-3388 CVE-2009-3389 CVE-2009-3555 CVE-2009-3979 CVE-2009-3980 CVE-2009-3982 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2010-0164 CVE-2010-0165 CVE-2010-0166 CVE-2010-0167 CVE-2010-0168 CVE-2010-0169 CVE-2010-0170 CVE-2010-0171 CVE-2010-0172 CVE-2010-0173 CVE-2010-0174 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0181 CVE-2010-0182 CVE-2010-0654 CVE-2010-1028 CVE-2010-1121 CVE-2010-1125 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-1205 CVE-2010-1206 CVE-2010-1207 CVE-2010-1208 CVE-2010-1209 CVE-2010-1210 CVE-2010-1211 CVE-2010-1212 CVE-2010-1213 CVE-2010-1214 CVE-2010-1215 CVE-2010-2751 CVE-2010-2752 CVE-2010-2753 CVE-2010-2754 CVE-2010-2755 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 CVE-2010-3170 CVE-2010-3173 CVE-2010-3174 CVE-2010-3175 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 CVE-2011-0068 CVE-2011-0069 CVE-2011-0070 CVE-2011-0079 CVE-2011-0080 CVE-2011-0081 CVE-2011-0084 CVE-2011-1187 CVE-2011-1202 CVE-2011-2366 CVE-2011-2367 CVE-2011-2368 CVE-2011-2369 CVE-2011-2370 CVE-2011-2371 CVE-2011-2372 CVE-2011-2373 CVE-2011-2374 CVE-2011-2375 CVE-2011-2377 CVE-2011-2985 CVE-2011-2986 CVE-2011-2988 CVE-2011-2989 CVE-2011-2990 CVE-2011-2991 CVE-2011-2992 CVE-2011-2993 CVE-2011-2995 CVE-2011-2996 CVE-2011-2997 CVE-2011-3000 CVE-2011-3001 CVE-2011-3002 CVE-2011-3003 CVE-2011-3004 CVE-2011-3005 CVE-2011-3026 CVE-2011-3062 CVE-2011-3101 CVE-2011-3232 CVE-2011-3648 CVE-2011-3650 CVE-2011-3651 CVE-2011-3652 CVE-2011-3654 CVE-2011-3655 CVE-2011-3658 CVE-2011-3659 CVE-2011-3660 CVE-2011-3661 CVE-2011-3663 CVE-2012-0441 CVE-2012-0442 CVE-2012-0443 CVE-2012-0444 CVE-2012-0445 CVE-2012-0446 CVE-2012-0447 CVE-2012-0449 CVE-2012-0451 CVE-2012-0452 CVE-2012-0455 CVE-2012-0456 CVE-2012-0457 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0463 CVE-2012-0464 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0475 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 CVE-2012-0759 CVE-2012-1937 CVE-2012-1938 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 CVE-2012-1948 CVE-2012-1949 CVE-2012-1950 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1956 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1960 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1965 CVE-2012-1966 CVE-2012-1967 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3965 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3971 CVE-2012-3972 CVE-2012-3973 CVE-2012-3975 CVE-2012-3976 CVE-2012-3978 CVE-2012-3980 CVE-2012-3982 CVE-2012-3983 CVE-2012-3984 CVE-2012-3985 CVE-2012-3986 CVE-2012-3988 CVE-2012-3989 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 CVE-2012-4191 CVE-2012-4192 CVE-2012-4193 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 CVE-2012-4201 CVE-2012-4202 CVE-2012-4203 CVE-2012-4204 CVE-2012-4205 CVE-2012-4207 CVE-2012-4208 CVE-2012-4209 CVE-2012-4210 CVE-2012-4212 CVE-2012-4213 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-4217 CVE-2012-4218 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5836 CVE-2012-5837 CVE-2012-5838 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 CVE-2012-5843 CVE-2013-0743 CVE-2013-0744 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0749 CVE-2013-0750 CVE-2013-0751 CVE-2013-0752 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0757 CVE-2013-0758 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0764 CVE-2013-0765 CVE-2013-0766 CVE-2013-0767 CVE-2013-0768 CVE-2013-0769 CVE-2013-0770 CVE-2013-0771 CVE-2013-0772 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0777 CVE-2013-0778 CVE-2013-0779 CVE-2013-0780 CVE-2013-0781 CVE-2013-0782 CVE-2013-0783 CVE-2013-0787 CVE-2013-0788 CVE-2013-0789 CVE-2013-0792 CVE-2013-0793 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 CVE-2013-0801 CVE-2013-1669 CVE-2013-1670 CVE-2013-1671 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 CVE-2013-1682 CVE-2013-1683 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1688 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1695 CVE-2013-1696 CVE-2013-1697 CVE-2013-1698 CVE-2013-1699 CVE-2013-1701 CVE-2013-1702 CVE-2013-1704 CVE-2013-1705 CVE-2013-1708 CVE-2013-1709 CVE-2013-1710 CVE-2013-1711 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 CVE-2013-1718 CVE-2013-1719 CVE-2013-1720 CVE-2013-1721 CVE-2013-1722 CVE-2013-1723 CVE-2013-1724 CVE-2013-1725 CVE-2013-1728 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 CVE-2013-1738 CVE-2013-5590 CVE-2013-5591 CVE-2013-5592 CVE-2013-5593 CVE-2013-5595 CVE-2013-5596 CVE-2013-5597 CVE-2013-5598 CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 CVE-2013-5602 CVE-2013-5603 CVE-2013-5604 CVE-2013-5609 CVE-2013-5610 CVE-2013-5611 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-5619 CVE-2013-6629 CVE-2013-6630 CVE-2013-6671 CVE-2013-6672 CVE-2013-6673 CVE-2014-1477 CVE-2014-1478 CVE-2014-1479 CVE-2014-1480 CVE-2014-1481 CVE-2014-1482 CVE-2014-1483 CVE-2014-1484 CVE-2014-1485 CVE-2014-1486 CVE-2014-1487 CVE-2014-1488 CVE-2014-1489 CVE-2014-1490 CVE-2014-1491 CVE-2014-1492 CVE-2014-1493 CVE-2014-1494 CVE-2014-1497 CVE-2014-1498 CVE-2014-1499 CVE-2014-1500 CVE-2014-1502 CVE-2014-1504 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 CVE-2014-1518 CVE-2014-1519 CVE-2014-1522 CVE-2014-1523 CVE-2014-1524 CVE-2014-1525 CVE-2014-1526 CVE-2014-1528 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 CVE-2014-1533 CVE-2014-1534 CVE-2014-1536 CVE-2014-1537 CVE-2014-1538 CVE-2014-1539 CVE-2014-1540 CVE-2014-1541 CVE-2014-1542 CVE-2014-1543 CVE-2014-1544 CVE-2014-1545 CVE-2014-1547 CVE-2014-1548 CVE-2014-1549 CVE-2014-1550 CVE-2014-1552 CVE-2014-1553 CVE-2014-1554 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 CVE-2014-1558 CVE-2014-1559 CVE-2014-1560 CVE-2014-1561 CVE-2014-1562 CVE-2014-1563 CVE-2014-1564 CVE-2014-1565 CVE-2014-1567 CVE-2014-1574 CVE-2014-1575 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1580 CVE-2014-1581 CVE-2014-1582 CVE-2014-1583 CVE-2014-1584 CVE-2014-1585 CVE-2014-1586 openSUSE 13.2 These are all security issues found in the MozillaThunderbird Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-0040 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0776 CVE-2009-1571 CVE-2009-3555 CVE-2010-0159 CVE-2010-0173 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0182 CVE-2010-0654 CVE-2010-1121 CVE-2010-1196 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-1205 CVE-2010-1211 CVE-2010-1212 CVE-2010-1213 CVE-2010-1585 CVE-2010-2752 CVE-2010-2753 CVE-2010-2754 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 CVE-2010-3170 CVE-2010-3173 CVE-2010-3174 CVE-2010-3175 CVE-2010-3176 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 CVE-2010-3768 CVE-2010-3769 CVE-2010-3776 CVE-2010-3777 CVE-2010-3778 CVE-2011-0053 CVE-2011-0061 CVE-2011-0062 CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 CVE-2011-0083 CVE-2011-0084 CVE-2011-0085 CVE-2011-1187 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2371 CVE-2011-2372 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 CVE-2011-2377 CVE-2011-2985 CVE-2011-2986 CVE-2011-2987 CVE-2011-2988 CVE-2011-2989 CVE-2011-2991 CVE-2011-2992 CVE-2011-3000 CVE-2011-3001 CVE-2011-3005 CVE-2011-3026 CVE-2011-3062 CVE-2011-3101 CVE-2011-3232 CVE-2011-3648 CVE-2011-3650 CVE-2011-3651 CVE-2011-3652 CVE-2011-3654 CVE-2011-3655 CVE-2011-3658 CVE-2011-3659 CVE-2011-3660 CVE-2011-3661 CVE-2011-3663 CVE-2012-0441 CVE-2012-0442 CVE-2012-0443 CVE-2012-0444 CVE-2012-0445 CVE-2012-0446 CVE-2012-0447 CVE-2012-0449 CVE-2012-0451 CVE-2012-0452 CVE-2012-0455 CVE-2012-0456 CVE-2012-0457 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0463 CVE-2012-0464 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0475 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 CVE-2012-0759 CVE-2012-1937 CVE-2012-1938 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 CVE-2012-1948 CVE-2012-1949 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1956 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1960 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1967 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3971 CVE-2012-3972 CVE-2012-3975 CVE-2012-3978 CVE-2012-3980 CVE-2012-3982 CVE-2012-3983 CVE-2012-3984 CVE-2012-3985 CVE-2012-3986 CVE-2012-3988 CVE-2012-3989 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 CVE-2012-4191 CVE-2012-4192 CVE-2012-4193 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 CVE-2012-4201 CVE-2012-4202 CVE-2012-4204 CVE-2012-4205 CVE-2012-4207 CVE-2012-4208 CVE-2012-4209 CVE-2012-4212 CVE-2012-4213 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-4217 CVE-2012-4218 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5836 CVE-2012-5837 CVE-2012-5838 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 CVE-2012-5843 CVE-2013-0743 CVE-2013-0744 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0749 CVE-2013-0750 CVE-2013-0752 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0757 CVE-2013-0758 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0764 CVE-2013-0766 CVE-2013-0767 CVE-2013-0768 CVE-2013-0769 CVE-2013-0770 CVE-2013-0771 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 CVE-2013-0787 CVE-2013-0788 CVE-2013-0789 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 CVE-2013-0801 CVE-2013-1669 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697 CVE-2013-1701 CVE-2013-1709 CVE-2013-1710 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 CVE-2013-1718 CVE-2013-1719 CVE-2013-1720 CVE-2013-1722 CVE-2013-1723 CVE-2013-1724 CVE-2013-1725 CVE-2013-1728 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 CVE-2013-1738 CVE-2013-5590 CVE-2013-5591 CVE-2013-5592 CVE-2013-5593 CVE-2013-5595 CVE-2013-5596 CVE-2013-5597 CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 CVE-2013-5602 CVE-2013-5603 CVE-2013-5604 CVE-2013-5609 CVE-2013-5610 CVE-2013-5613 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-6629 CVE-2013-6630 CVE-2013-6671 CVE-2013-6673 CVE-2014-1477 CVE-2014-1478 CVE-2014-1479 CVE-2014-1481 CVE-2014-1482 CVE-2014-1486 CVE-2014-1487 CVE-2014-1490 CVE-2014-1491 CVE-2014-1493 CVE-2014-1494 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 CVE-2014-1533 CVE-2014-1534 CVE-2014-1536 CVE-2014-1537 CVE-2014-1538 CVE-2014-1541 CVE-2014-1544 CVE-2014-1545 CVE-2014-1547 CVE-2014-1548 CVE-2014-1553 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 CVE-2014-1562 CVE-2014-1563 CVE-2014-1564 CVE-2014-1565 CVE-2014-1567 CVE-2014-1574 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1585 CVE-2014-1586 openSUSE 13.2 These are all security issues found in the a2ps Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-0466 openSUSE 13.2 These are all security issues found in the aaa_base Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-0461 openSUSE 13.2 These are all security issues found in the accountsservice Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-2737 openSUSE 13.2 These are all security issues found in the alsa Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-0035 openSUSE 13.2 These are all security issues found in the android-tools Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-1909 openSUSE 13.2 These are all security issues found in the ant Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-1571 openSUSE 13.2 These are all security issues found in the apache-commons-beanutils Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-3540 openSUSE 13.2 These are all security issues found in the apache-commons-daemon Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-2729 openSUSE 13.2 These are all security issues found in the apache-commons-httpclient Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-5783 openSUSE 13.2 These are all security issues found in the apache2 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-0023 CVE-2009-1191 CVE-2009-1195 CVE-2009-1890 CVE-2009-1891 CVE-2009-1955 CVE-2009-1956 CVE-2009-2412 CVE-2009-2699 CVE-2009-3094 CVE-2009-3095 CVE-2009-3555 CVE-2009-3560 CVE-2009-3720 CVE-2010-0408 CVE-2010-0425 CVE-2010-0434 CVE-2010-1452 CVE-2010-1623 CVE-2010-2068 CVE-2011-1176 CVE-2011-3192 CVE-2011-3368 CVE-2011-3607 CVE-2011-4317 CVE-2012-0021 CVE-2012-0031 CVE-2012-0053 CVE-2012-2687 CVE-2012-3499 CVE-2012-3502 CVE-2013-1896 CVE-2013-2249 CVE-2013-6438 CVE-2014-0098 CVE-2014-0117 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-3523 openSUSE 13.2 These are all security issues found in the apache2-mod_mono Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-4225 openSUSE 13.2 These are all security issues found in the apache2-mod_perl Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-1667 openSUSE 13.2 These are all security issues found in the apache2-mod_php5 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2006-7243 CVE-2010-2225 CVE-2010-2950 CVE-2010-3436 CVE-2010-3709 CVE-2010-3710 CVE-2010-4150 CVE-2010-4645 CVE-2011-0420 CVE-2011-0421 CVE-2011-0708 CVE-2011-1092 CVE-2011-1153 CVE-2011-1466 CVE-2011-2202 CVE-2011-3379 CVE-2011-4153 CVE-2011-4566 CVE-2011-4718 CVE-2011-4885 CVE-2012-0830 CVE-2012-1823 CVE-2012-2311 CVE-2012-2335 CVE-2012-2336 CVE-2012-2688 CVE-2012-3365 CVE-2013-1635 CVE-2013-1643 CVE-2013-1824 CVE-2013-4113 CVE-2013-4248 CVE-2013-6420 CVE-2013-6712 CVE-2013-7327 CVE-2013-7345 CVE-2014-0185 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2270 CVE-2014-2497 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-3622 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-5120 CVE-2014-5459 openSUSE 13.2 These are all security issues found in the argyllcms Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-1616 openSUSE 13.2 These are all security issues found in the aria2 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-3617 openSUSE 13.2 These are all security issues found in the augeas-lenses Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-0786 openSUSE 13.2 These are all security issues found in the automake Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-4029 openSUSE 13.2 These are all security issues found in the avahi Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-0758 CVE-2010-2244 CVE-2011-1002 openSUSE 13.2 These are all security issues found in the banshee Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-3998 openSUSE 13.2 These are all security issues found in the bash Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-2524 CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 openSUSE 13.2 These are all security issues found in the bind Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-0696 CVE-2009-4022 CVE-2010-3613 CVE-2010-3614 CVE-2010-3615 CVE-2011-0414 CVE-2011-1907 CVE-2011-1910 CVE-2011-2464 CVE-2011-4313 CVE-2012-1667 CVE-2012-3817 CVE-2012-3868 CVE-2012-4244 CVE-2012-5166 CVE-2012-5688 CVE-2012-5689 CVE-2013-2266 CVE-2013-4854 CVE-2014-0591 openSUSE 13.2 These are all security issues found in the bogofilter Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-2494 CVE-2012-5468 openSUSE 13.2 These are all security issues found in the bzip2 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-0405 openSUSE 13.2 These are all security issues found in the cifs-utils Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2012-1586 openSUSE 13.2 These are all security issues found in the clamav Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-0405 CVE-2011-2721 CVE-2011-3627 CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 openSUSE 13.2 These are all security issues found in the claws-mail Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-4507 openSUSE 13.2 These are all security issues found in the colord Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-4349 openSUSE 13.2 These are all security issues found in the coreutils Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-0221 CVE-2013-0222 CVE-2013-0223 openSUSE 13.2 These are all security issues found in the cpio Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-0624 openSUSE 13.2 These are all security issues found in the cpp48 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-5044 openSUSE 13.2 These are all security issues found in the cron Package on the GA media of openSUSE 13.2. (Moderate) CVE-2006-2607 CVE-2010-0424 openSUSE 13.2 These are all security issues found in the cups Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-0163 CVE-2009-2820 CVE-2009-3553 CVE-2010-0393 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2941 CVE-2012-5519 CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 openSUSE 13.2 These are all security issues found in the cups-filters-foomatic-rip Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-6473 CVE-2013-6474 CVE-2013-6475 CVE-2013-6476 CVE-2014-2707 CVE-2014-4336 CVE-2014-4337 CVE-2014-4338 openSUSE 13.2 These are all security issues found in the cups-pk-helper Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-4510 openSUSE 13.2 These are all security issues found in the curl Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-0037 CVE-2009-2417 CVE-2013-0249 CVE-2013-1944 CVE-2013-2174 CVE-2013-4545 CVE-2014-0015 CVE-2014-0138 CVE-2014-0139 CVE-2014-3613 CVE-2014-3620 openSUSE 13.2 These are all security issues found in the cvs Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-0804 openSUSE 13.2 These are all security issues found in the cyradm Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-3235 CVE-2011-3372 openSUSE 13.2 These are all security issues found in the cyrus-sasl Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-0688 openSUSE 13.2 These are all security issues found in the dbus-1 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-4352 CVE-2012-3524 CVE-2013-2168 CVE-2014-3477 CVE-2014-3532 CVE-2014-3533 CVE-2014-3635 CVE-2014-3636 CVE-2014-3637 CVE-2014-3638 CVE-2014-3639 openSUSE 13.2 These are all security issues found in the dbus-1-glib Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-1172 CVE-2013-0292 openSUSE 13.2 These are all security issues found in the dhcp Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-1892 CVE-2010-2156 CVE-2010-3611 CVE-2010-3616 CVE-2011-0413 CVE-2011-0997 CVE-2011-2748 CVE-2011-2749 CVE-2011-4539 CVE-2011-4868 CVE-2012-3570 CVE-2012-3571 CVE-2012-3954 CVE-2012-3955 CVE-2013-2266 openSUSE 13.2 These are all security issues found in the dhcpcd Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-0997 openSUSE 13.2 These are all security issues found in the dia Package on the GA media of openSUSE 13.2. (Moderate) CVE-2008-5984 openSUSE 13.2 These are all security issues found in the dracut Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-4453 openSUSE 13.2 These are all security issues found in the elfutils Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-0172 openSUSE 13.2 These are all security issues found in the emacs Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-0035 CVE-2014-3421 CVE-2014-3422 CVE-2014-3423 CVE-2014-3424 openSUSE 13.2 These are all security issues found in the empathy Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-3635 openSUSE 13.2 These are all security issues found in the evince Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643 openSUSE 13.2 These are all security issues found in the exif Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-2845 openSUSE 13.2 These are all security issues found in the exim Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-2023 CVE-2010-2024 CVE-2010-4344 CVE-2010-4345 CVE-2011-0017 CVE-2011-1407 CVE-2011-1764 CVE-2012-5671 CVE-2014-2957 CVE-2014-2972 openSUSE 13.2 These are all security issues found in the expat Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-2625 CVE-2009-3560 CVE-2009-3720 CVE-2012-0876 CVE-2012-1147 CVE-2012-1148 openSUSE 13.2 These are all security issues found in the fetchmail Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-2666 CVE-2010-1167 CVE-2011-1947 CVE-2011-3389 CVE-2012-3482 openSUSE 13.2 These are all security issues found in the file Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-1571 openSUSE 13.2 These are all security issues found in the freerdp Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-0250 CVE-2014-0791 openSUSE 13.2 These are all security issues found in the freetype2-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-0946 CVE-2010-2497 CVE-2010-2805 CVE-2010-3053 CVE-2010-3054 CVE-2010-3311 CVE-2010-3814 CVE-2010-3855 CVE-2011-0226 CVE-2011-3256 CVE-2011-3439 CVE-2012-1126 CVE-2012-1127 CVE-2012-1128 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 openSUSE 13.2 These are all security issues found in the ft2demos Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-0946 CVE-2010-2497 CVE-2010-2805 CVE-2010-3053 CVE-2010-3054 CVE-2010-3311 CVE-2010-3814 CVE-2011-0226 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 openSUSE 13.2 These are all security issues found in the fuse Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-3297 CVE-2011-0541 openSUSE 13.2 These are all security issues found in the g3utils Package on the GA media of openSUSE 13.2. (Moderate) CVE-2008-4936 openSUSE 13.2 These are all security issues found in the gd Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-2497 openSUSE 13.2 These are all security issues found in the gdk-pixbuf-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-2485 openSUSE 13.2 These are all security issues found in the gdk-pixbuf-loader-rsvg Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-3146 CVE-2013-1881 openSUSE 13.2 These are all security issues found in the gdm Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-1709 openSUSE 13.2 These are all security issues found in the gimp Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 CVE-2011-2896 CVE-2012-3236 CVE-2012-5576 openSUSE 13.2 These are all security issues found in the git Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-2186 openSUSE 13.2 These are all security issues found in the glib2-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2008-4316 CVE-2012-3524 openSUSE 13.2 These are all security issues found in the glibc Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-5029 CVE-2012-4412 CVE-2013-0242 CVE-2013-1914 CVE-2013-2207 CVE-2013-4237 CVE-2013-4332 CVE-2013-4458 CVE-2014-0475 CVE-2014-4043 CVE-2014-5119 CVE-2014-6040 openSUSE 13.2 These are all security issues found in the gnome-games Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-4003 openSUSE 13.2 These are all security issues found in the gnome-keyring Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-3466 openSUSE 13.2 These are all security issues found in the gnome-online-accounts Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-0240 CVE-2013-1799 openSUSE 13.2 These are all security issues found in the gnome-shell Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-4000 openSUSE 13.2 These are all security issues found in the gnutls Package on the GA media of openSUSE 13.2. (Moderate) CVE-2008-4989 CVE-2011-4128 CVE-2012-0390 CVE-2012-1569 CVE-2012-1573 CVE-2014-0092 CVE-2014-1959 CVE-2014-3466 openSUSE 13.2 These are all security issues found in the gpg2 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-2547 CVE-2013-4351 CVE-2013-4402 CVE-2014-4617 openSUSE 13.2 These are all security issues found in the gpgme Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-3564 openSUSE 13.2 These are all security issues found in the groff Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-5044 CVE-2009-5080 CVE-2009-5081 openSUSE 13.2 These are all security issues found in the gv Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-3386 openSUSE 13.2 These are all security issues found in the gvim Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-0316 openSUSE 13.2 These are all security issues found in the gzip Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-2624 CVE-2010-0001 openSUSE 13.2 These are all security issues found in the hardlink Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-3630 CVE-2011-3631 CVE-2011-3632 openSUSE 13.2 These are all security issues found in the hplip Package on the GA media of openSUSE 13.2. (Moderate) CVE-2004-0801 CVE-2010-4267 CVE-2011-2697 CVE-2011-2722 CVE-2013-4325 CVE-2013-6402 CVE-2013-6427 openSUSE 13.2 These are all security issues found in the htmldoc Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-3050 openSUSE 13.2 These are all security issues found in the hyper-v Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-2669 CVE-2012-5532 openSUSE 13.2 These are all security issues found in the ibus-pinyin Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-4509 openSUSE 13.2 These are all security issues found in the icedtea-web-javadoc Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-2513 CVE-2011-2514 CVE-2011-3377 CVE-2012-3422 CVE-2012-3423 CVE-2012-4540 CVE-2013-1926 CVE-2013-1927 CVE-2013-4349 openSUSE 13.2 These are all security issues found in the id3lib Package on the GA media of openSUSE 13.2. (Moderate) CVE-2007-4460 openSUSE 13.2 These are all security issues found in the iputils Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-2529 openSUSE 13.2 These are all security issues found in the irssi Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-1959 CVE-2010-1154 CVE-2010-1155 openSUSE 13.2 These are all security issues found in the jakarta-commons-fileupload Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-2186 CVE-2014-0050 openSUSE 13.2 These are all security issues found in the java-1_7_0-openjdk Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0547 CVE-2012-1682 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 CVE-2012-1726 CVE-2012-3136 CVE-2012-3174 CVE-2012-3216 CVE-2012-4416 CVE-2012-4681 CVE-2012-5068 CVE-2012-5069 CVE-2012-5070 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5074 CVE-2012-5075 CVE-2012-5076 CVE-2012-5077 CVE-2012-5079 CVE-2012-5081 CVE-2012-5084 CVE-2012-5085 CVE-2012-5086 CVE-2012-5087 CVE-2012-5088 CVE-2012-5089 CVE-2013-0169 CVE-2013-0401 CVE-2013-0422 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0431 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0444 CVE-2013-0450 CVE-2013-0809 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 CVE-2013-1484 CVE-2013-1485 CVE-2013-1486 CVE-2013-1488 CVE-2013-1493 CVE-2013-1500 CVE-2013-1518 CVE-2013-1537 CVE-2013-1557 CVE-2013-1569 CVE-2013-1571 CVE-2013-2383 CVE-2013-2384 CVE-2013-2407 CVE-2013-2412 CVE-2013-2415 CVE-2013-2417 CVE-2013-2419 CVE-2013-2420 CVE-2013-2421 CVE-2013-2422 CVE-2013-2423 CVE-2013-2424 CVE-2013-2426 CVE-2013-2429 CVE-2013-2430 CVE-2013-2431 CVE-2013-2436 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3829 CVE-2013-4002 CVE-2013-5772 CVE-2013-5774 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5790 CVE-2013-5797 CVE-2013-5800 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5805 CVE-2013-5806 CVE-2013-5809 CVE-2013-5814 CVE-2013-5817 CVE-2013-5820 CVE-2013-5823 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5840 CVE-2013-5842 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851 CVE-2013-5878 CVE-2013-5884 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2013-6629 CVE-2013-6954 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0408 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4264 CVE-2014-4266 CVE-2014-4268 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 openSUSE 13.2 These are all security issues found in the jhead Package on the GA media of openSUSE 13.2. (Moderate) CVE-2008-4575 CVE-2008-4641 openSUSE 13.2 These are all security issues found in the kbd Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-0460 openSUSE 13.2 These are all security issues found in the kde4-kgreeter-plugins Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-0436 openSUSE 13.2 These are all security issues found in the kdelibs4 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-3494 openSUSE 13.2 These are all security issues found in the kdenetwork4-filesharing Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-1000 openSUSE 13.2 These are all security issues found in the kernel-default Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-3939 CVE-2009-4026 CVE-2009-4027 CVE-2009-4131 CVE-2009-4138 CVE-2009-4536 CVE-2009-4538 CVE-2010-1146 CVE-2010-1436 CVE-2010-1641 CVE-2010-2066 CVE-2010-2942 CVE-2010-2954 CVE-2010-2955 CVE-2010-3081 CVE-2010-3296 CVE-2010-3297 CVE-2010-3298 CVE-2010-3301 CVE-2010-3310 CVE-2011-0711 CVE-2011-0712 CVE-2011-1020 CVE-2011-1180 CVE-2011-1577 CVE-2011-1581 CVE-2011-2203 CVE-2011-4604 CVE-2012-0056 CVE-2012-3412 CVE-2012-3520 CVE-2013-0160 CVE-2013-0231 CVE-2013-0913 CVE-2013-2850 CVE-2014-0038 CVE-2014-00691 CVE-2014-0196 openSUSE 13.2 These are all security issues found in the klogd Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-3634 openSUSE 13.2 These are all security issues found in the krb5 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2002-2443 CVE-2009-0844 CVE-2009-0845 CVE-2009-0846 CVE-2009-0847 CVE-2009-3295 CVE-2009-4212 CVE-2010-0283 CVE-2010-0628 CVE-2010-1320 CVE-2010-1321 CVE-2010-1322 CVE-2010-1323 CVE-2010-1324 CVE-2010-4020 CVE-2010-4021 CVE-2010-4022 CVE-2011-0281 CVE-2011-0282 CVE-2011-0284 CVE-2011-0285 CVE-2011-1527 CVE-2011-1528 CVE-2011-1529 CVE-2011-1530 CVE-2012-1012 CVE-2012-1013 CVE-2012-1016 CVE-2013-1415 CVE-2013-1417 CVE-2013-1418 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 CVE-2014-5351 openSUSE 13.2 These are all security issues found in the libFS-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-1996 openSUSE 13.2 These are all security issues found in the libHX28 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-2947 openSUSE 13.2 These are all security issues found in the libIlmImf-Imf_2_1-21 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-1720 CVE-2009-1721 openSUSE 13.2 These are all security issues found in the libImlib2-1 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-0991 openSUSE 13.2 These are all security issues found in the libSDL_sound-1_0-1 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2008-1686 openSUSE 13.2 These are all security issues found in the libX11-6 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-1981 CVE-2013-1997 CVE-2013-2004 openSUSE 13.2 These are all security issues found in the libXRes1 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-1988 openSUSE 13.2 These are all security issues found in the libXcursor-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-2003 openSUSE 13.2 These are all security issues found in the libXext-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-1982 openSUSE 13.2 These are all security issues found in the libXfixes-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-1983 openSUSE 13.2 These are all security issues found in the libXfont-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-2895 CVE-2013-6462 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 openSUSE 13.2 These are all security issues found in the libXi-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-1984 CVE-2013-1995 CVE-2013-1998 openSUSE 13.2 These are all security issues found in the libXinerama-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-1985 openSUSE 13.2 These are all security issues found in the libXp-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-2062 openSUSE 13.2 These are all security issues found in the libXrandr-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-1986 openSUSE 13.2 These are all security issues found in the libXrender-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-1987 openSUSE 13.2 These are all security issues found in the libXt-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-2002 CVE-2013-2005 openSUSE 13.2 These are all security issues found in the libXtst-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-2063 openSUSE 13.2 These are all security issues found in the libXv-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-1989 CVE-2013-2066 openSUSE 13.2 These are all security issues found in the libXvMC-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-1990 CVE-2013-1999 openSUSE 13.2 These are all security issues found in the libXxf86dga-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-1991 CVE-2013-2000 openSUSE 13.2 These are all security issues found in the libXxf86vm-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-2001 openSUSE 13.2 These are all security issues found in the libapr-util1 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-0023 CVE-2009-2412 CVE-2009-3560 CVE-2009-3720 CVE-2010-1623 openSUSE 13.2 These are all security issues found in the libapr1 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-2412 CVE-2011-0419 CVE-2011-1928 openSUSE 13.2 These are all security issues found in the libavutil52 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-2771 CVE-2012-2772 CVE-2012-2774 CVE-2012-2775 CVE-2012-2776 CVE-2012-2777 CVE-2012-2779 CVE-2012-2782 CVE-2012-2783 CVE-2012-2784 CVE-2012-2785 CVE-2012-2786 CVE-2012-2787 CVE-2012-2788 CVE-2012-2789 CVE-2012-2790 CVE-2012-2791 CVE-2012-2792 CVE-2012-2793 CVE-2012-2794 CVE-2012-2795 CVE-2012-2796 CVE-2012-2797 CVE-2012-2798 CVE-2012-2799 CVE-2012-2800 CVE-2012-2801 CVE-2012-2802 CVE-2012-2803 CVE-2012-2804 openSUSE 13.2 These are all security issues found in the libblkid-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-0157 openSUSE 13.2 These are all security issues found in the libcacard0 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2008-0928 CVE-2008-1945 CVE-2008-2382 CVE-2008-4539 CVE-2012-3515 CVE-2013-4148 CVE-2013-4149 CVE-2013-4150 CVE-2013-4151 CVE-2013-4526 CVE-2013-4527 CVE-2013-4529 CVE-2013-4530 CVE-2013-4531 CVE-2013-4533 CVE-2013-4534 CVE-2013-4535 CVE-2013-4536 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-4540 CVE-2013-4541 CVE-2013-4542 CVE-2013-4544 CVE-2013-6399 CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0150 CVE-2014-0182 openSUSE 13.2 These are all security issues found in the libdcerpc-binding0-32bit Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2010-0926 CVE-2010-1635 CVE-2010-1642 CVE-2010-2063 CVE-2010-3069 CVE-2011-0719 CVE-2011-2522 CVE-2011-2694 CVE-2012-0817 CVE-2012-0870 CVE-2012-1182 CVE-2012-2111 CVE-2012-6150 CVE-2013-0172 CVE-2013-0213 CVE-2013-0214 CVE-2013-0454 CVE-2013-1863 CVE-2013-4124 CVE-2013-4408 CVE-2013-4475 CVE-2013-4476 CVE-2013-4496 CVE-2013-6442 CVE-2014-0178 CVE-2014-0239 CVE-2014-0244 CVE-2014-3493 CVE-2014-3560 openSUSE 13.2 These are all security issues found in the libdmx-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-1992 openSUSE 13.2 These are all security issues found in the libecpg6 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2007-6600 CVE-2009-4034 CVE-2009-4136 CVE-2010-1169 CVE-2010-1170 CVE-2010-3433 CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 CVE-2012-2143 CVE-2012-2655 CVE-2012-3488 CVE-2012-3489 CVE-2013-0255 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 openSUSE 13.2 These are all security issues found in the libexif-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 openSUSE 13.2 These are all security issues found in the libfbembed2_5 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-2492 openSUSE 13.2 These are all security issues found in the libfreebl3 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-3170 CVE-2011-3389 CVE-2011-3640 CVE-2013-0743 CVE-2013-0791 CVE-2013-1620 CVE-2013-1739 CVE-2013-1740 CVE-2013-5605 CVE-2014-1490 CVE-2014-1491 CVE-2014-1492 CVE-2014-1568 openSUSE 13.2 These are all security issues found in the libgadu-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-6487 CVE-2014-3775 openSUSE 13.2 These are all security issues found in the libgc1 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-2673 openSUSE 13.2 These are all security issues found in the libgcrypt-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-4242 openSUSE 13.2 These are all security issues found in the libgnomesu Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-1946 openSUSE 13.2 These are all security issues found in the libgssglue-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-2709 openSUSE 13.2 These are all security issues found in the libgudev-1_0-0 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-1174 CVE-2013-4288 openSUSE 13.2 These are all security issues found in the libid3tag0 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2008-2109 openSUSE 13.2 These are all security issues found in the libimobiledevice-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-2142 openSUSE 13.2 These are all security issues found in the libjavascriptcoregtk-1_0-0 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-5112 CVE-2012-5133 openSUSE 13.2 These are all security issues found in the libjbig2 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-6369 openSUSE 13.2 These are all security issues found in the libjson-c2 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-6370 CVE-2013-6371 openSUSE 13.2 These are all security issues found in the liblcms1 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-0793 CVE-2013-4276 openSUSE 13.2 These are all security issues found in the liblightdm-gobject-1-0 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-3153 CVE-2011-3349 CVE-2011-4105 CVE-2012-1111 openSUSE 13.2 These are all security issues found in the libltdl7 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-3736 openSUSE 13.2 These are all security issues found in the liblzo2-2 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-4607 openSUSE 13.2 These are all security issues found in the libmikmod3 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2007-6720 CVE-2009-0179 CVE-2009-3995 CVE-2009-3996 CVE-2010-2546 openSUSE 13.2 These are all security issues found in the libminiupnpc10 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-3985 openSUSE 13.2 These are all security issues found in the libmms-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-2892 openSUSE 13.2 These are all security issues found in the libmodplug1 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-1761 CVE-2013-4233 CVE-2013-4234 openSUSE 13.2 These are all security issues found in the libmspack0 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-2800 CVE-2010-2801 openSUSE 13.2 These are all security issues found in the libmusicbrainz-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2006-4197 openSUSE 13.2 These are all security issues found in the libmysqlclient-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2007-5970 CVE-2008-7247 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030 CVE-2012-4414 CVE-2012-5611 CVE-2012-5612 CVE-2012-5615 CVE-2012-5627 CVE-2013-1976 openSUSE 13.2 These are all security issues found in the libneon27 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-2473 CVE-2009-2474 openSUSE 13.2 These are all security issues found in the libnewt0_52 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-2905 openSUSE 13.2 These are all security issues found in the libopenjpeg1 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-5030 CVE-2012-3358 CVE-2012-3535 CVE-2013-1447 CVE-2013-4289 CVE-2013-4290 CVE-2013-6045 CVE-2013-6052 CVE-2013-6053 CVE-2013-6054 CVE-2013-6887 openSUSE 13.2 These are all security issues found in the libopenssl-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2006-7250 CVE-2008-5077 CVE-2009-0590 CVE-2009-0591 CVE-2009-0789 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2010-0740 CVE-2010-0742 CVE-2010-1633 CVE-2010-2939 CVE-2010-3864 CVE-2010-5298 CVE-2011-0014 CVE-2011-3207 CVE-2011-3210 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2012-0027 CVE-2012-0050 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2686 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 CVE-2014-0076 CVE-2014-0160 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-5139 openSUSE 13.2 These are all security issues found in the libpango-1_0-0 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-0020 CVE-2011-0064 openSUSE 13.2 These are all security issues found in the libpcsclite1 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-0407 CVE-2010-4531 openSUSE 13.2 These are all security issues found in the libpng12-0 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-1205 CVE-2011-2501 CVE-2011-3026 CVE-2011-3045 CVE-2011-3048 CVE-2012-3386 CVE-2013-7353 CVE-2013-7354 openSUSE 13.2 These are all security issues found in the libpng16-16 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-1205 CVE-2011-2501 CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 CVE-2011-3328 CVE-2013-6954 CVE-2014-0333 openSUSE 13.2 These are all security issues found in the libpolkit0 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-0750 CVE-2011-1485 CVE-2013-4288 openSUSE 13.2 These are all security issues found in the libpoppler-cpp0 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 CVE-2009-3607 CVE-2009-3608 CVE-2013-1788 CVE-2013-1789 CVE-2013-1790 CVE-2013-4473 CVE-2013-4474 openSUSE 13.2 These are all security issues found in the libproxy-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-4504 openSUSE 13.2 These are all security issues found in the libpulse-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-3970 openSUSE 13.2 These are all security issues found in the libpurple Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-2694 CVE-2009-2703 CVE-2009-3026 CVE-2009-3083 CVE-2009-3084 CVE-2009-3085 CVE-2009-3615 CVE-2010-0013 CVE-2010-0277 CVE-2010-0420 CVE-2010-0423 CVE-2010-1624 CVE-2010-2528 CVE-2010-3711 CVE-2011-1091 CVE-2011-3594 CVE-2012-2214 CVE-2012-3374 CVE-2012-6152 CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 CVE-2013-6477 CVE-2013-6478 CVE-2013-6479 CVE-2013-6481 CVE-2013-6482 CVE-2013-6483 CVE-2013-6484 CVE-2013-6485 CVE-2013-6486 CVE-2013-6487 CVE-2014-0020 openSUSE 13.2 These are all security issues found in the libpython2_7-1_0 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-1521 CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-1753 CVE-2013-4238 CVE-2014-1912 CVE-2014-4650 CVE-2014-7185 openSUSE 13.2 These are all security issues found in the libpython3_4m1_0 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-4238 CVE-2014-2667 CVE-2014-4650 openSUSE 13.2 These are all security issues found in the libqt4-32bit Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-0945 CVE-2011-3193 CVE-2011-3922 CVE-2012-4929 CVE-2012-6093 CVE-2013-0254 CVE-2013-4549 CVE-2014-0190 openSUSE 13.2 These are all security issues found in the libraptor-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-0037 openSUSE 13.2 These are all security issues found in the libraw-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-2126 CVE-2013-2127 openSUSE 13.2 These are all security issues found in the libreoffice Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-2935 CVE-2010-2936 CVE-2014-0247 CVE-2014-3524 CVE-2014-3575 openSUSE 13.2 These are all security issues found in the libruby2_1-2_1 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-4975 openSUSE 13.2 These are all security issues found in the libserf-1-1 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-3504 openSUSE 13.2 These are all security issues found in the libsilc-1_1-2 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2008-1227 openSUSE 13.2 These are all security issues found in the libsmi Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-2891 openSUSE 13.2 These are all security issues found in the libsndfile-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-0186 CVE-2011-2696 openSUSE 13.2 These are all security issues found in the libsnmp30-32bit Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-2141 CVE-2014-2284 CVE-2014-2285 CVE-2014-3565 openSUSE 13.2 These are all security issues found in the libsoup-2_4-1 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-2054 openSUSE 13.2 These are all security issues found in the libspice-client-glib-2_0-8 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-4425 openSUSE 13.2 These are all security issues found in the libssh-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-4559 CVE-2012-4560 CVE-2012-4561 CVE-2013-0176 CVE-2014-0017 openSUSE 13.2 These are all security issues found in the libsss_idmap0 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-4341 CVE-2011-1758 CVE-2013-0219 CVE-2013-0220 CVE-2013-0287 openSUSE 13.2 These are all security issues found in the libtag-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-2396 openSUSE 13.2 These are all security issues found in the libtasn1 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-3467 CVE-2014-3468 CVE-2014-3469 openSUSE 13.2 These are all security issues found in the libthunarx-2-0 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-1588 openSUSE 13.2 These are all security issues found in the libtiff-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-2285 CVE-2009-2347 CVE-2010-2065 CVE-2010-2067 CVE-2010-2233 CVE-2010-4665 CVE-2011-0192 CVE-2011-1167 CVE-2012-1173 CVE-2012-2113 CVE-2012-3401 CVE-2012-4564 CVE-2013-1960 CVE-2013-1961 CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 openSUSE 13.2 These are all security issues found in the libudisks2-0 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-0004 openSUSE 13.2 These are all security issues found in the libupnp6 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-5958 CVE-2012-5959 CVE-2012-5960 CVE-2012-5961 CVE-2012-5962 CVE-2012-5963 CVE-2012-5964 CVE-2012-5965 openSUSE 13.2 These are all security issues found in the libvirt Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-2242 CVE-2011-1146 CVE-2011-2511 CVE-2011-4600 CVE-2012-3445 CVE-2013-0170 CVE-2013-1962 CVE-2013-2218 CVE-2013-2230 CVE-2013-4153 CVE-2013-4154 CVE-2013-4239 CVE-2013-4296 CVE-2013-4297 CVE-2013-4311 CVE-2013-4399 CVE-2013-4400 CVE-2013-4401 CVE-2013-6436 CVE-2013-6456 CVE-2013-6457 CVE-2013-6458 CVE-2014-0028 CVE-2014-0179 CVE-2014-1447 CVE-2014-3633 CVE-2014-3657 openSUSE 13.2 These are all security issues found in the libvorbis-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2008-1420 CVE-2009-3379 CVE-2012-0444 openSUSE 13.2 These are all security issues found in the libvte9 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-2738 openSUSE 13.2 These are all security issues found in the libxcb-composite0 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-2064 openSUSE 13.2 These are all security issues found in the libxerces-c-3_1 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-1885 openSUSE 13.2 These are all security issues found in the libxml2-2 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2010-4494 CVE-2011-1944 CVE-2012-5134 CVE-2013-0338 CVE-2013-1969 CVE-2014-0191 CVE-2014-3660 openSUSE 13.2 These are all security issues found in the libyaml-0-2 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-6393 CVE-2014-2525 openSUSE 13.2 These are all security issues found in the libzip-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-0421 CVE-2012-1162 CVE-2012-1163 openSUSE 13.2 These are all security issues found in the links Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-4929 openSUSE 13.2 These are all security issues found in the log4net Package on the GA media of openSUSE 13.2. (Moderate) CVE-2006-0743 openSUSE 13.2 These are all security issues found in the logrotate Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-1098 CVE-2011-1154 CVE-2011-1155 openSUSE 13.2 These are all security issues found in the lynx Package on the GA media of openSUSE 13.2. (Moderate) CVE-2008-4690 CVE-2012-4929 openSUSE 13.2 These are all security issues found in the mailman Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-0707 openSUSE 13.2 These are all security issues found in the mozilla-nspr Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-1545 openSUSE 13.2 These are all security issues found in the mutt Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-0467 openSUSE 13.2 These are all security issues found in the nano Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-1160 CVE-2010-1161 openSUSE 13.2 These are all security issues found in the nspluginwrapper Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-2486 openSUSE 13.2 These are all security issues found in the ntp Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-0159 CVE-2009-1252 CVE-2013-5211 openSUSE 13.2 These are all security issues found in the obex-data-server Package on the GA media of openSUSE 13.2. (Moderate) CVE-2008-2374 openSUSE 13.2 These are all security issues found in the obs-service-set_version Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-0593 openSUSE 13.2 These are all security issues found in the openconnect Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-3291 CVE-2012-6128 CVE-2013-7098 openSUSE 13.2 These are all security issues found in the openslp Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-3609 openSUSE 13.2 These are all security issues found in the opie Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-2489 CVE-2011-2490 openSUSE 13.2 These are all security issues found in the osc Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-1095 openSUSE 13.2 These are all security issues found in the pam Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-3430 CVE-2010-3431 CVE-2010-3853 CVE-2011-3148 CVE-2011-3149 CVE-2014-2583 openSUSE 13.2 These are all security issues found in the pam-modules Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-3172 openSUSE 13.2 These are all security issues found in the pam_krb5 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2008-3825 CVE-2009-1384 openSUSE 13.2 These are all security issues found in the pam_ssh Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-1273 openSUSE 13.2 These are all security issues found in the patch Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-4651 openSUSE 13.2 These are all security issues found in the perl-32bit Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-2761 CVE-2010-4410 CVE-2010-4411 CVE-2010-4777 openSUSE 13.2 These are all security issues found in the perl-Config-IniFiles Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-2451 openSUSE 13.2 These are all security issues found in the perl-HTML-Parser Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-3627 openSUSE 13.2 These are all security issues found in the perl-LWP-Protocol-https Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-3230 openSUSE 13.2 These are all security issues found in the perl-YAML-LibYAML Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-1152 openSUSE 13.2 These are all security issues found in the ppp Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-3158 openSUSE 13.2 These are all security issues found in the procmail Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-3618 openSUSE 13.2 These are all security issues found in the python Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-4238 openSUSE 13.2 These are all security issues found in the python-cupshelpers Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-4405 openSUSE 13.2 These are all security issues found in the python-libxml2 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2012-5134 openSUSE 13.2 These are all security issues found in the python-pyOpenSSL Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-4314 openSUSE 13.2 These are all security issues found in the python-pycrypto Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-2417 CVE-2013-1445 openSUSE 13.2 These are all security issues found in the python-pymongo Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-2132 openSUSE 13.2 These are all security issues found in the python3-pip Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-5123 openSUSE 13.2 These are all security issues found in the qemu-linux-user Package on the GA media of openSUSE 13.2. (Moderate) CVE-2008-0928 CVE-2008-1945 CVE-2008-2382 CVE-2008-4539 CVE-2012-3515 openSUSE 13.2 These are all security issues found in the quagga Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-1674 CVE-2010-1675 CVE-2013-2236 openSUSE 13.2 These are all security issues found in the radvd Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-3602 openSUSE 13.2 These are all security issues found in the rhythmbox Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-3355 openSUSE 13.2 These are all security issues found in the rsync Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-1097 CVE-2014-2855 openSUSE 13.2 These are all security issues found in the rsyslog Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-3200 CVE-2013-4758 CVE-2013-6370 CVE-2013-6371 CVE-2014-3634 CVE-2014-3683 openSUSE 13.2 These are all security issues found in the rtkit Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-4326 openSUSE 13.2 These are all security issues found in the rxvt-unicode Package on the GA media of openSUSE 13.2. (Moderate) CVE-2008-1142 CVE-2014-3121 openSUSE 13.2 These are all security issues found in the seamonkey Package on the GA media of openSUSE 13.2. (Moderate) CVE-2008-5913 CVE-2009-0040 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0776 CVE-2009-1044 CVE-2009-1169 CVE-2009-1571 CVE-2009-3388 CVE-2009-3389 CVE-2009-3555 CVE-2009-3979 CVE-2009-3980 CVE-2009-3982 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3988 CVE-2010-0159 CVE-2010-0160 CVE-2010-0162 CVE-2010-0173 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0179 CVE-2010-0181 CVE-2010-0182 CVE-2010-0183 CVE-2010-0654 CVE-2010-1121 CVE-2010-1125 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-1205 CVE-2010-1206 CVE-2010-1208 CVE-2010-1209 CVE-2010-1211 CVE-2010-1212 CVE-2010-1213 CVE-2010-1214 CVE-2010-1585 CVE-2010-2751 CVE-2010-2752 CVE-2010-2753 CVE-2010-2754 CVE-2010-2760 CVE-2010-2763 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 CVE-2010-3170 CVE-2010-3173 CVE-2010-3174 CVE-2010-3175 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 CVE-2010-3766 CVE-2010-3767 CVE-2010-3768 CVE-2010-3769 CVE-2010-3770 CVE-2010-3771 CVE-2010-3772 CVE-2010-3773 CVE-2010-3775 CVE-2010-3776 CVE-2010-3777 CVE-2010-3778 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059 CVE-2011-0061 CVE-2011-0062 CVE-2011-0084 CVE-2011-1187 CVE-2011-2366 CVE-2011-2367 CVE-2011-2368 CVE-2011-2369 CVE-2011-2370 CVE-2011-2371 CVE-2011-2372 CVE-2011-2373 CVE-2011-2374 CVE-2011-2375 CVE-2011-2377 CVE-2011-2985 CVE-2011-2986 CVE-2011-2988 CVE-2011-2989 CVE-2011-2990 CVE-2011-2991 CVE-2011-2992 CVE-2011-2993 CVE-2011-2995 CVE-2011-2996 CVE-2011-2997 CVE-2011-3000 CVE-2011-3001 CVE-2011-3002 CVE-2011-3003 CVE-2011-3004 CVE-2011-3005 CVE-2011-3026 CVE-2011-3062 CVE-2011-3101 CVE-2011-3232 CVE-2011-3648 CVE-2011-3650 CVE-2011-3651 CVE-2011-3652 CVE-2011-3654 CVE-2011-3655 CVE-2011-3658 CVE-2011-3659 CVE-2011-3660 CVE-2011-3661 CVE-2011-3663 CVE-2012-0441 CVE-2012-0442 CVE-2012-0443 CVE-2012-0444 CVE-2012-0445 CVE-2012-0446 CVE-2012-0447 CVE-2012-0449 CVE-2012-0451 CVE-2012-0452 CVE-2012-0455 CVE-2012-0456 CVE-2012-0457 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0463 CVE-2012-0464 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0475 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 CVE-2012-0759 CVE-2012-1937 CVE-2012-1938 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 CVE-2012-1948 CVE-2012-1949 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1956 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1960 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1967 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3971 CVE-2012-3972 CVE-2012-3975 CVE-2012-3976 CVE-2012-3978 CVE-2012-3982 CVE-2012-3983 CVE-2012-3984 CVE-2012-3985 CVE-2012-3986 CVE-2012-3988 CVE-2012-3989 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 CVE-2012-4191 CVE-2012-4192 CVE-2012-4193 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 CVE-2012-4201 CVE-2012-4202 CVE-2012-4204 CVE-2012-4205 CVE-2012-4207 CVE-2012-4208 CVE-2012-4209 CVE-2012-4212 CVE-2012-4213 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-4217 CVE-2012-4218 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5836 CVE-2012-5838 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 CVE-2012-5843 CVE-2013-0743 CVE-2013-0744 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0749 CVE-2013-0750 CVE-2013-0751 CVE-2013-0752 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0757 CVE-2013-0758 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0764 CVE-2013-0765 CVE-2013-0766 CVE-2013-0767 CVE-2013-0768 CVE-2013-0769 CVE-2013-0770 CVE-2013-0771 CVE-2013-0772 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0777 CVE-2013-0778 CVE-2013-0779 CVE-2013-0780 CVE-2013-0781 CVE-2013-0782 CVE-2013-0783 CVE-2013-0787 CVE-2013-0788 CVE-2013-0789 CVE-2013-0792 CVE-2013-0793 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 CVE-2013-1682 CVE-2013-1683 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1688 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1695 CVE-2013-1696 CVE-2013-1697 CVE-2013-1698 CVE-2013-1699 CVE-2013-1701 CVE-2013-1702 CVE-2013-1704 CVE-2013-1705 CVE-2013-1708 CVE-2013-1709 CVE-2013-1710 CVE-2013-1711 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 CVE-2013-1718 CVE-2013-1719 CVE-2013-1720 CVE-2013-1721 CVE-2013-1722 CVE-2013-1723 CVE-2013-1724 CVE-2013-1725 CVE-2013-1728 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 CVE-2013-1738 CVE-2013-5590 CVE-2013-5591 CVE-2013-5592 CVE-2013-5593 CVE-2013-5595 CVE-2013-5596 CVE-2013-5597 CVE-2013-5598 CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 CVE-2013-5602 CVE-2013-5603 CVE-2013-5604 CVE-2013-5609 CVE-2013-5610 CVE-2013-5611 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-5619 CVE-2013-6629 CVE-2013-6630 CVE-2013-6671 CVE-2013-6672 CVE-2013-6673 CVE-2014-1477 CVE-2014-1478 CVE-2014-1479 CVE-2014-1480 CVE-2014-1481 CVE-2014-1482 CVE-2014-1483 CVE-2014-1485 CVE-2014-1486 CVE-2014-1487 CVE-2014-1488 CVE-2014-1490 CVE-2014-1491 CVE-2014-1492 CVE-2014-1493 CVE-2014-1494 CVE-2014-1497 CVE-2014-1498 CVE-2014-1499 CVE-2014-1500 CVE-2014-1502 CVE-2014-1504 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 CVE-2014-1518 CVE-2014-1519 CVE-2014-1522 CVE-2014-1523 CVE-2014-1524 CVE-2014-1525 CVE-2014-1526 CVE-2014-1528 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 CVE-2014-1533 CVE-2014-1534 CVE-2014-1536 CVE-2014-1537 CVE-2014-1538 CVE-2014-1539 CVE-2014-1540 CVE-2014-1541 CVE-2014-1542 CVE-2014-1543 CVE-2014-1545 openSUSE 13.2 These are all security issues found in the shim Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-3675 CVE-2014-3676 CVE-2014-3677 openSUSE 13.2 These are all security issues found in the socat Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-3571 CVE-2014-0019 openSUSE 13.2 These are all security issues found in the squashfs Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-4024 CVE-2012-4025 openSUSE 13.2 These are all security issues found in the squid Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-5643 openSUSE 13.2 These are all security issues found in the subversion Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-2411 CVE-2010-3315 CVE-2010-4539 CVE-2010-4644 CVE-2011-0715 CVE-2011-1752 CVE-2011-1783 CVE-2011-1921 CVE-2013-1845 CVE-2013-1846 CVE-2013-1847 CVE-2013-1849 CVE-2013-1884 CVE-2013-1968 CVE-2013-2088 CVE-2013-2112 CVE-2013-4131 CVE-2013-4246 CVE-2013-4262 CVE-2013-4277 CVE-2013-4505 CVE-2013-4558 CVE-2014-0032 CVE-2014-3522 CVE-2014-3528 openSUSE 13.2 These are all security issues found in the sudo Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-1163 CVE-2010-1646 CVE-2011-0010 CVE-2012-2337 CVE-2013-1775 CVE-2013-1776 openSUSE 13.2 These are all security issues found in the sysconfig Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-4182 openSUSE 13.2 These are all security issues found in the sysvinit-tools Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-2483 openSUSE 13.2 These are all security issues found in the telepathy-gabble Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-1000 CVE-2013-1431 openSUSE 13.2 These are all security issues found in the telepathy-idle Package on the GA media of openSUSE 13.2. (Moderate) CVE-2007-6746 openSUSE 13.2 These are all security issues found in the tftp Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-2199 openSUSE 13.2 These are all security issues found in the tigervnc Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-0011 openSUSE 13.2 These are all security issues found in the tkimg Package on the GA media of openSUSE 13.2. (Moderate) CVE-2008-0553 openSUSE 13.2 These are all security issues found in the transmission-common Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-4909 openSUSE 13.2 These are all security issues found in the unixODBC Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-1145 openSUSE 13.2 These are all security issues found in the viewvc Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-3356 CVE-2012-3357 openSUSE 13.2 These are all security issues found in the vino Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-0904 CVE-2011-0905 CVE-2011-1164 openSUSE 13.2 These are all security issues found in the w3m Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-2074 CVE-2012-4929 openSUSE 13.2 These are all security issues found in the wget Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-2252 CVE-2012-4929 openSUSE 13.2 These are all security issues found in the wireshark Package on the GA media of openSUSE 13.2. (Moderate) CVE-2009-1210 CVE-2009-1267 CVE-2009-1268 CVE-2009-1269 CVE-2009-3241 CVE-2009-3242 CVE-2009-3243 CVE-2010-1455 CVE-2010-2993 CVE-2010-3445 CVE-2010-4300 CVE-2010-4301 CVE-2010-4538 CVE-2011-0024 CVE-2011-0538 CVE-2011-0713 CVE-2011-1138 CVE-2011-1139 CVE-2011-1140 CVE-2011-1143 CVE-2011-1590 CVE-2011-1591 CVE-2011-1592 CVE-2011-1957 CVE-2011-1958 CVE-2011-1959 CVE-2011-2174 CVE-2011-2175 CVE-2011-2597 CVE-2011-2698 CVE-2011-3266 CVE-2011-3360 CVE-2011-3483 CVE-2012-2392 CVE-2012-2393 CVE-2012-2394 CVE-2012-3548 CVE-2012-4048 CVE-2012-4049 CVE-2012-4285 CVE-2012-4286 CVE-2012-4287 CVE-2012-4288 CVE-2012-4289 CVE-2012-4290 CVE-2012-4291 CVE-2012-4292 CVE-2012-4293 CVE-2012-4294 CVE-2012-4295 CVE-2012-4296 CVE-2012-4297 CVE-2012-4298 CVE-2012-5237 CVE-2012-5238 CVE-2012-5239 CVE-2012-5240 CVE-2012-5592 CVE-2012-5593 CVE-2012-5594 CVE-2012-5595 CVE-2012-5596 CVE-2012-5597 CVE-2012-5598 CVE-2012-5599 CVE-2012-5600 CVE-2012-5601 CVE-2012-5602 CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580 CVE-2013-1581 CVE-2013-1582 CVE-2013-1583 CVE-2013-1584 CVE-2013-1585 CVE-2013-1586 CVE-2013-1587 CVE-2013-1588 CVE-2013-1589 CVE-2013-1590 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 CVE-2013-3555 CVE-2013-3556 CVE-2013-3557 CVE-2013-3558 CVE-2013-3559 CVE-2013-3560 CVE-2013-3561 CVE-2013-3562 CVE-2013-4083 CVE-2013-4920 CVE-2013-4921 CVE-2013-4922 CVE-2013-4923 CVE-2013-4924 CVE-2013-4925 CVE-2013-4926 CVE-2013-4927 CVE-2013-4928 CVE-2013-4929 CVE-2013-4930 CVE-2013-4931 CVE-2013-4932 CVE-2013-4933 CVE-2013-4934 CVE-2013-4935 CVE-2013-4936 CVE-2013-5717 CVE-2013-5718 CVE-2013-5719 CVE-2013-5720 CVE-2013-5721 CVE-2013-5722 CVE-2013-6336 CVE-2013-6337 CVE-2013-6338 CVE-2013-6339 CVE-2013-6340 CVE-2013-7112 CVE-2013-7113 CVE-2013-7114 CVE-2014-2281 CVE-2014-2282 CVE-2014-2283 CVE-2014-2299 CVE-2014-2907 CVE-2014-4020 CVE-2014-5161 CVE-2014-5162 CVE-2014-5163 CVE-2014-5164 CVE-2014-5165 CVE-2014-6423 CVE-2014-6424 CVE-2014-6425 CVE-2014-6426 CVE-2014-6427 CVE-2014-6428 CVE-2014-6429 CVE-2014-6430 CVE-2014-6431 CVE-2014-6432 openSUSE 13.2 These are all security issues found in the xalan-j2 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-0107 openSUSE 13.2 These are all security issues found in the xen Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-1898 CVE-2012-0029 CVE-2012-0217 CVE-2012-2625 CVE-2012-3432 CVE-2012-3433 CVE-2012-4411 CVE-2012-4535 CVE-2012-4536 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-4544 CVE-2012-5510 CVE-2012-5511 CVE-2012-5513 CVE-2012-5514 CVE-2012-5515 CVE-2012-5525 CVE-2012-5634 CVE-2012-6075 CVE-2013-0151 CVE-2013-0152 CVE-2013-0153 CVE-2013-1442 CVE-2013-1917 CVE-2013-1918 CVE-2013-1919 CVE-2013-1922 CVE-2013-1952 CVE-2013-2007 CVE-2013-3495 CVE-2013-4355 CVE-2013-4356 CVE-2013-4361 CVE-2013-4375 CVE-2013-4416 CVE-2013-4494 CVE-2013-4540 CVE-2013-4551 CVE-2013-4553 CVE-2013-4554 CVE-2014-3124 CVE-2014-6268 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-7188 openSUSE 13.2 These are all security issues found in the xf86-video-intel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2014-4910 openSUSE 13.2 These are all security issues found in the xinetd Package on the GA media of openSUSE 13.2. (Moderate) CVE-2012-0862 CVE-2013-4342 openSUSE 13.2 These are all security issues found in the xlockmore Package on the GA media of openSUSE 13.2. (Moderate) CVE-2013-4143 openSUSE 13.2 These are all security issues found in the xorg-x11 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-0465 openSUSE 13.2 These are all security issues found in the xorg-x11-devel Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-2895 openSUSE 13.2 These are all security issues found in the xorg-x11-server Package on the GA media of openSUSE 13.2. (Moderate) CVE-2010-2240 CVE-2013-1940 CVE-2013-4396 CVE-2013-6424 openSUSE 13.2 These are all security issues found in the yast2 Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-3177 openSUSE 13.2 These are all security issues found in the yast2-core Package on the GA media of openSUSE 13.2. (Moderate) CVE-2011-2483 CVE-2011-3177 openSUSE 13.2 These are all security issues found in the zoo Package on the GA media of openSUSE 13.2. (Moderate) CVE-2006-0855 CVE-2007-1669 openSUSE 13.2 wget was updated to version 1.16 to fix one security issue. The following security issue was fixed: - Fix for symlink attack which could allow a malicious ftp server to create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP (CVE-2014-4877). (Moderate) CVE-2014-4877 openSUSE 13.2 quassel was updated to fix an out-of-bound read (CVE-2014-8483). (Moderate) SUSE bug 902670 CVE-2014-8483 openSUSE 13.2 tnftp was updated to fix the possible execution of commands by a remote attacker (CVE-2014-8517). (Moderate) SUSE bug 903011 CVE-2014-8517 openSUSE 13.2 Claws Mail was updated to version 3.11.0. Changes: + SSLv3 server connections are now disabled by default, in response to the POODLE vulnerability (CVE-2014-3566). + Several PGP/Core plugin improvements: - Indicate when a key has been revoked or has expired when displaying signature status. - When displaying the full information, show the Validity, and the Owner Trust level. Also indicate expired and revoked keys, and revoked UIDs. - The "Content-Disposition: attachment" flag in PGP/MIME signed messages has been removed. It was confusing for cetain MUAs. + A new version of the RSSyl plugin, completely redesigned and rewritten. + The results of TAB address completion in the Compose window have improved ordering. + Due to popular demand, use of the Up key in the message body in the Compose window stops at the top of the message body and does not continue up to the header fields. This reverts the behaviour introduced in version 3.10.0. + In the Compose window, when navigating with the arrow keys, selecting, and thus modifying, the Account selector is now prevented. + In the Compose window, a mnemonic (s) has been added to the Subject line. + The Queue folder is highlighted if there are messages in its sub-folders and the tree is collapsed. + When sorting messages by 'thread date', clicking the 'Date' column header will now toggle between ascending/descending and will not switch to 'date' sorting. + A new QuickSearch filter has been added that searches a header's content only. + A Reply-To field has been added to the main Template configuration. + The menubar can now be hidden, default hotkey: F12. + Fancy plugin: A user-controlled stylesheet can now be used. + Python plugin: Add flag attributes to MessageInfo object. + Python plugin: Make 'account' property of ComposeWindow read/write. + Libravatar plugin: a network timeout option has been added. + The tbird2claws.py script, for converting a Thunderbird mailbox to a Claws Mail mailbox, now handles sub-directory recursion. + Updated translations (Moderate) SUSE bug 903276 CVE-2014-3566 openSUSE 13.2 - security update: * CVE-2014-3670 [bnc#902357] * CVE-2014-3669 [bnc#902360] * CVE-2014-3668 [bnc#902368] - added patches: * php-CVE-2014-3670.patch * php-CVE-2014-3669.patch * php-CVE-2014-3668.patch (Moderate) SUSE bug 902357 SUSE bug 902360 SUSE bug 902368 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 openSUSE 13.2 libserf was updated to disable SSLv2 and SSLv3. libserf was updated to version 1.3.8 on openSUSE 13.1 and 13.2. This release also fixes a problem with handling very large gzip-encoded HTTP responses. For openSUSE 12.3 libserf 1.1.1 was patched to disable SSLv2 and SSLv3. (Moderate) CVE-2014-3566 openSUSE 13.2 - Update to version 2.10.10: + General: - Check the basic constraints extension when validating SSL/TLS certificates. This fixes a security hole that allowed a malicious man-in-the-middle to impersonate an IM server or any other https endpoint. This affected both the NSS and GnuTLS plugins (CVE-2014-3694, boo#902495). - Allow and prefer TLS 1.2 and 1.1 when using the NSS plugin for SSL (im#15909). + libpurple3 compatibility: - Encrypted account passwords are preserved until the new one is set. - Fix loading Google Talk and Facebook XMPP accounts. + Windows-Specific Changes: Don't allow overwriting arbitrary files on the file system when the user installs a smiley theme via drag-and-drop (CVE-2014-3697). + Finch: Fix build against Python 3 (im#15969). + Gadu-Gadu: Updated internal libgadu to version 1.12.0. + Groupwise: Fix potential remote crash parsing server message that indicates that a large amount of memory should be allocated (CVE-2014-3696, boo#902410). + IRC: Fix a possible leak of unencrypted data when using /me command with OTR (im#15750). + MXit: Fix potential remote crash parsing a malformed emoticon response (CVE-2014-3695, boo#902409). + XMPP: - Fix potential information leak where a malicious XMPP server and possibly even a malicious remote user could create a carefully crafted XMPP message that causes libpurple to send an XMPP message containing arbitrary memory (CVE-2014-3698, boo#902408). - Fix Facebook XMPP roster quirks (im#15041, im#15957). + Yahoo: Fix login when using the GnuTLS library for TLS connections (im#16172, boo#874606). - Drop pidgin-gstreamer1.patch: causes crashes and Video still does not work (boo#853038). Drop BuildRequires conditions switching to GStreamer 1.0. - Rebase pidgin-crash-missing-gst-registry.patch. + add pidgin-crash-missing-gst-registry.patch according to the GST doc, "gst_init" should be called before any other calls. (Moderate) SUSE bug 853038 SUSE bug 874606 SUSE bug 902408 SUSE bug 902409 SUSE bug 902410 SUSE bug 902495 CVE-2014-3694 CVE-2014-3695 CVE-2014-3696 CVE-2014-3697 CVE-2014-3698 openSUSE 13.2 ImageMagick was updated to fix three security issues. These security issues were fixed: - Out-of-bounds memory access in PCX parser (CVE-2014-8355). - Out-of-bounds memory access in resize code (CVE-2014-8354). - Out-of-bounds memory error in DCM decode (CVE-2014-8562). (Moderate) SUSE bug 903204 SUSE bug 903216 SUSE bug 903638 CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 openSUSE 13.2 sssd was updated to new upstream release 1.12.2 (bugfix release, bnc#900159) Changes: * Fixed a regression where the IPA provider did not fetch User Private Groups correctly * An important bug in the GPO access control which resulted in a wrong principal being used, was fixed. * Several new options are available for deployments that need to restrict a certain PAM service from connecting to a certain SSSD domain. For more details, see the description of pam_trusted_users and pam_public_domains options in the sssd.conf(5) man page and the domains option in the pam_sss(8) man page. * When SSSD is acting as an IPA client in setup with trusted AD domains, it is able to return group members or full group memberships for users from trusted AD domains. * Support for the "views" feature of IPA. * The GPO access control was further enhanced to allow the access control decisions while offline and map the Windows logon rights onto Linux PAM services. * The SSSD now ships a plugin for the rpc.idmapd daemon, sss_rpcidmapd(5). * A MIT Kerberos localauth plugin was added to SSSD. This plugin helps translating principals to user names in IPA-AD trust scenarios, allowing the krb5.conf configuration to be less complex. * A libwbclient plugin implementation is now part of the SSSD. The main purpose is to map Active Directory users and groups identified by their SID to POSIX users and groups for the file-server use-case. * Active Directory users ca nnow use their User Logon Name to log in. * The sss_cache tool was enhanced to allow invalidating the SSH host keys. * Groups without full POSIX information can now be used to enroll group membership (CVE-2014-0249). * Detection of transition from offline to online state was improved, resulting in fewer timeouts when SSSD is offline. * The Active Directory provider now correctly detects Windows Server 2012 R2. Previous versions would fall back to the slower non-AD path with 2012 R2. * Several other bugs related to deployments where SSSD is acting as an AD client were fixed. (Moderate) SUSE bug 900159 CVE-2014-0249 openSUSE 13.2 konversation was updated to version 1.5.1, fixing bugs and one security issue. Changes: * Konversation 1.5.1 is a maintenance release containing only bug fixes. The included changes address several minor behavioral defects and a low-risk DoS security defect in the Blowfish ECB support. The KDE Platform version dependency has increased to v4.9.0 to gain access to newer Qt socket transport security flags. * Fixed a bug causing wildcards in command alias replacement patterns not to be expanded. * Fixed a bug causing auto-joining of channels not starting in # or & to sometimes fail because the auto-join command was generated before we got the CHANTYPES pronouncement by the server. * Added a size sanity check for incoming Blowfish ECB blocks. The blind assumption of incoming blocks being the expected 12 bytes could lead to a crash or up to 11 byte information leak due to an out-of-bounds read. CVE-2014-8483. * Enabling SSL/TLS support for connections will now advertise the protocols Qt considers secure by default, instead of being hardcoded to TLSv1. * Fixed the bundled 'sysinfo' script not coping with empty lines in /etc/os-release. * Made disk space info in the bundled 'sysinfo' script more robust by forcing the C locale for 'df'. * Added an audio player type hint for Cantata to the bundled 'media' script. * Fixed some minor comparison logic errors turned up by static analysis. * Konversation now depends on KDE Platform v4.9.0 or higher. (Moderate) SUSE bug 902670 CVE-2014-8483 openSUSE 13.2 Docker was updated to version 1.3.1 to fix two security issues and several other bugs. These security issues were fixed: - Prevent fallback to SSL protocols lower than TLS 1.0 for client, daemon and registry (CVE-2014-5277). - Secure HTTPS connection to registries with certificate verification and without HTTP fallback unless `--insecure-registry` is specified. These non-security issues were fixed: - Fix issue where volumes would not be shared - Fix issue with `--iptables=false` not automatically setting `--ip-masq=false` - Fix docker run output to non-TTY stdout - Fix escaping `$` for environment variables - Fix issue with lowercase `onbuild` Dockerfile instruction - Restrict envrionment variable expansion to `ENV`, `ADD`, `COPY`, `WORKDIR`, `EXPOSE`, `VOLUME` and `USER` - docker `exec` allows you to run additional processes inside existing containers - docker `create` gives you the ability to create a container via the cli without executing a process - `--security-opts` options to allow user to customize container labels and apparmor profiles - docker `ps` filters - Wildcard support to copy/add - Move production urls to get.docker.com from get.docker.io - Allocate ip address on the bridge inside a valid cidr - Use drone.io for pr and ci testing - Ability to setup an official registry mirror - Ability to save multiple images with docker `save` go was updated to version 1.3.3 to fix one security issue and several other bugs. This security issue was fixed: - TLS client authentication issue (CVE-2014-7189). These non-security issues were fixed: - Avoid stripping debuginfo on arm, it fails (and is not necessary) - Revert the /usr/share/go/contrib symlink as it caused problems during update. Moved all go sources to /usr/share/go/contrib/src instead of /usr/share/go/contrib/src/pkg and created pkg and src symlinks in contrib to add it to GOPATH - Fixed %go_contribsrcdir value - Copy temporary macros.go as go.macros to avoid it to be built - Do not modify Source: files, because that makes the .src.rpm being tied to one specific arch. - Removed extra src folder in /usr/share/go/contrib: the goal is to transform this folder into a proper entry for GOPATH. This folder is now linked to %{_libdir}/go/contrib - go requires gcc to build sources using cgo - tools-packaging.patch: Allow building cover and vet tools in $GOROOT_TARGET/pkg/tool instead of $GOROOT/pkg/tool. This will allow building go tools as a separate package (Moderate) SUSE bug 898901 CVE-2014-5277 CVE-2014-7189 openSUSE 13.2 openSSL was updated to version 1.0.1j to fix four security issues and various other issues. These security issues were fixed: - Fix SRTP Memory Leak (CVE-2014-3513) - Session Ticket Memory Leak (CVE-2014-3567) - Add SSL 3.0 Fallback protection TLS_FALLBACK_SCSV (CVE-2014-3566) - Build option no-ssl3 is incomplete (CVE-2014-3568) (Moderate) CVE-2014-3513 CVE-2014-3567 CVE-2014-3568 openSUSE 13.2 libreoffice was updated to version 4.3.3 to fix two security issues: These security issues were fixed: - "Document as E-mail" vulnerability (bnc#900218). - Impress remote control use-after-free vulnerability (CVE-2014-3693). Various other fixes are included in the update. (Moderate) SUSE bug 900214 SUSE bug 900218 SUSE bug 900877 CVE-2014-3693 openSUSE 13.2 NonFree flash-player was updated to version 11.2.202.418 to fix 18 security issues. These security issues were fixed: - Memory corruption vulnerabilities that could lead to code execution (CVE-2014-0576, CVE-2014-0581, CVE-2014-8440, CVE-2014-8441). - Use-after-free vulnerabilities that could lead to code execution (CVE-2014-0573, CVE-2014-0588, CVE-2014-8438). - A double free vulnerability that could lead to code execution (CVE-2014-0574). - Type confusion vulnerabilities that could lead to code execution (CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0590). - Heap buffer overflow vulnerabilities that could lead to code execution (CVE-2014-0582, CVE-2014-0589). - An information disclosure vulnerability that could be exploited to disclose session tokens (CVE-2014-8437). - A heap buffer overflow vulnerability that could be exploited to perform privilege escalation from low to medium integrity level (CVE-2014-0583). - A permission issue that could be exploited to perform privilege escalation from low to medium integrity level (CVE-2014-8442). (Important) SUSE bug 905032 CVE-2014-0573 CVE-2014-0574 CVE-2014-0576 CVE-2014-0577 CVE-2014-0581 CVE-2014-0582 CVE-2014-0583 CVE-2014-0584 CVE-2014-0585 CVE-2014-0586 CVE-2014-0588 CVE-2014-0589 CVE-2014-0590 CVE-2014-8437 CVE-2014-8438 CVE-2014-8440 CVE-2014-8441 CVE-2014-8442 openSUSE 13.2 polarssl was updated to version 1.3.9 to fix two security issues. These security issues were fixed: - Lowest common hash was selected from signature_algorithms extension in TLS 1.2 (CVE-2014-8627). - Remotely-triggerable memory leak when parsing some X.509 certificates (CVE-2014-8628). (Moderate) SUSE bug 903671 SUSE bug 903672 CVE-2014-8627 CVE-2014-8628 openSUSE 13.2 dbus-1 was updated to version 1.8.10 to fix one security issue and several other issues. This security issue was fixed: - Increase dbus-daemon's RLIMIT_NOFILE rlimit to 65536 to stop an attacker from exhausting the system bus' file descriptors (CVE-2014-7824). (Moderate) CVE-2014-7824 openSUSE 13.2 libvirt was updated to fix one security issue. This security issue was fixed: - Security issue with migratable flag (CVE-2014-7823). (Moderate) SUSE bug 904176 CVE-2014-7823 openSUSE 13.2 gnutls was updated to fix one security issue. This security issue was fixed: - Parsing problem in elliptic curve blobs over TLS that could lead to remote crashes (CVE-2014-8564). (Moderate) SUSE bug 904603 CVE-2014-8564 openSUSE 13.2 This openssl update fixes a TLS handshake problem when elliptic curves are in use. (Low) SUSE bug 905037 openSUSE 13.2 ImageMagick was updated to fix one security issue. This security issue was fixed: - Crafted jpeg file could lead to DOS (CVE-2014-8716). (Moderate) SUSE bug 905260 CVE-2014-8716 openSUSE 13.2 zeromq was updated to version 4.0.5 to fix two security issues and various other bugs. These security issues were fixed: - Did not validate the other party's security handshake properly, allowing a man-in-the-middle downgrade attack (CVE-2014-7202). - Did not implement a uniqueness check on connection nonces, and the CurveZMQ RFC was ambiguous about nonce validation. This allowed replay attacks (CVE-2014-7203). Other issues fixed in this update: - CURVE mechanism does not verify short term nonces. - stream_engine is vulnerable to downgrade attacks. - assertion failure for WSAENOTSOCK on Windows. - race condition while connecting inproc sockets. - bump so library number to 4.0.0 - assertion failed: !more (fq.cpp:99) after many ZAP requests. - lost first part of message over inproc://. (Moderate) SUSE bug 898917 CVE-2014-7202 CVE-2014-7203 openSUSE 13.2 rubygem-sprockets-2_2 was updated to fix one security issue. This security issue was fixed: - Arbitrary file existence disclosure (CVE-2014-7819). (Moderate) SUSE bug 903658 CVE-2014-7819 openSUSE 13.2 rubygem-sprockets-2_1 was updated to fix one security issue. This security issue was fixed: - Arbitrary file existence disclosure (CVE-2014-7819). (Moderate) SUSE bug 903658 CVE-2014-7819 openSUSE 13.2 wireshark was updated to fix five security issues. These security issues were fixed: - SigComp UDVM buffer overflow (CVE-2014-8710). - AMQP crash (CVE-2014-8711). - NCP crashes (CVE-2014-8712, CVE-2014-8713). - TN5250 infinite loops (CVE-2014-8714). For openSUSE 12.3 and 13.1 further bug fixes and updated protocol support are described in: https://www.wireshark.org/docs/relnotes/wireshark-1.10.11.html For openSUSE 13.2 further bug fixes and updated protocol support are described in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.2.html (Moderate) SUSE bug 905245 SUSE bug 905246 SUSE bug 905247 SUSE bug 905248 CVE-2014-8710 CVE-2014-8711 CVE-2014-8712 CVE-2014-8713 CVE-2014-8714 openSUSE 13.2 rubygem-sprockets was updated to fix one security issue. This security issue was fixed: - Arbitrary file existence disclosure (CVE-2014-7819). To enable this update rubygem-tilt-1_4 was added to openSUSE and installed with the update. (Moderate) SUSE bug 903658 CVE-2014-7819 openSUSE 13.2 file was updated to fix one security issue. This security issue was fixed: - Out-of-bounds read in elf note headers (CVE-2014-3710). (Moderate) SUSE bug 902367 CVE-2014-3710 openSUSE 13.2 rubygem-actionpack-3_2 was updated to fix two security issues. These security issues were fixed: - Arbitrary file existence disclosure (CVE-2014-7829). - Arbitrary file existence disclosure (CVE-2014-7818). (Moderate) SUSE bug 903662 SUSE bug 905727 CVE-2014-7818 CVE-2014-7829 openSUSE 13.2 phpMyAdmin was updated to fix four security issues. For openSUSE 12.3 and 13.1, phpMyAdmin was updated to 4.1.14.7. For openSUSE 13.2, phpMyAdmin was updated to to 4.2.12. These security issues were fixed: - XSS vulnerability in error reporting functionality (CVE-2014-8960). - Local file inclusion vulnerability (CVE-2014-8959). - Multiple XSS vulnerabilities (CVE-2014-8958). - Leakage of line count of an arbitrary file (CVE-2014-8961). (Moderate) SUSE bug 906485 SUSE bug 906486 SUSE bug 906487 SUSE bug 906488 CVE-2014-8958 CVE-2014-8959 CVE-2014-8960 CVE-2014-8961 openSUSE 13.2 clamav was updated to version 0.98.5 to fix two security issues. These security issues were fixed: - Segmentation fault when processing certain files (CVE-2013-6497). - Heap-based buffer overflow when scanning crypted PE files (CVE-2014-9050). The following non-security issues were fixed: - Support for the XDP file format and extracting, decoding, and scanning PDF files within XDP files. - Addition of shared library support for LLVM versions 3.1 - 3.5 for the purpose of just-in-time(JIT) compilation of ClamAV bytecode signatures. - Enhancements to the clambc command line utility to assist ClamAV bytecode signature authors by providing introspection into compiled bytecode programs. - Resolution of many of the warning messages from ClamAV compilation. - Improved detection of malicious PE files. - ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode (bnc#904207). - Fix server socket setup code in clamd (bnc#903489). - Change updateclamconf to prefer the state of the old config file even for commented-out options (bnc#903719). (Important) SUSE bug 903489 SUSE bug 903719 SUSE bug 904207 SUSE bug 906077 SUSE bug 906770 CVE-2013-6497 CVE-2014-9050 openSUSE 13.2 This MozillaFirefox update fixes several security and non security issues. Changes in MozillaFirefox: - update to Firefox 34.0.5 (bnc#908009) * Default search engine changed to Yahoo! for North America * Default search engine changed to Yandex for Belarusian, Kazakh, and Russian locales * Improved search bar (en-US only) * Firefox Hello real-time communication client * Easily switch themes/personas directly in the Customizing mode * Implementation of HTTP/2 (draft14) and ALPN * Disabled SSLv3 * MFSA 2014-83/CVE-2014-1587/CVE-2014-1588 Miscellaneous memory safety hazards * MFSA 2014-84/CVE-2014-1589 (bmo#1043787) XBL bindings accessible via improper CSS declarations * MFSA 2014-85/CVE-2014-1590 (bmo#1087633) XMLHttpRequest crashes with some input streams * MFSA 2014-86/CVE-2014-1591 (bmo#1069762) CSP leaks redirect data via violation reports * MFSA 2014-87/CVE-2014-1592 (bmo#1088635) Use-after-free during HTML5 parsing * MFSA 2014-88/CVE-2014-1593 (bmo#1085175) Buffer overflow while parsing media content * MFSA 2014-89/CVE-2014-1594 (bmo#1074280) Bad casting from the BasicThebesLayer to BasicContainerLayer - rebased patches - limit linker memory usage for %ix86 - update to Firefox 33.1 * Adding DuckDuckGo as a search option (upstream) * Forget Button added * Enhanced Tiles * Privacy tour introduced - fix typo in GStreamer Recommends - Disable elf-hack for aarch64 - Enable EGL for aarch64 - Limit RAM usage during link for %arm - Fix _constraints for ARM - use proper macros for ARM - use '--disable-optimize' not only on 32-bit x86, but on 32-bit arm too to fix compiling. - pass '-Wl,--no-keep-memory' to linker to reduce required memory during linking on arm. - update to Firefox 33.0.2 * Fix a startup crash with some combination of hardware and drivers 33.0.1 * Firefox displays a black screen at start-up with certain graphics drivers - adjusted _constraints for ARM - added mozilla-bmo1088588.patch to fix build with EGL (bmo#1088588) - define /usr/share/myspell as additional dictionary location and remove add-plugins.sh finally (bnc#900639) - use Firefox default optimization flags instead of -Os - specfile cleanup (Moderate) SUSE bug 900639 SUSE bug 908009 CVE-2014-1587 CVE-2014-1588 CVE-2014-1589 CVE-2014-1590 CVE-2014-1591 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 openSUSE 13.2 icecast was updated to fix one security issue. This security issue was fixed: - Possible leak of on-connect scripts (CVE-2014-9018). (Moderate) SUSE bug 906538 CVE-2014-9018 openSUSE 13.2 flac was updated to fix two security issues. These security issues were fixed: - Stack overflow may result in arbitrary code execution (CVE-2014-8962). - Heap overflow via specially crafted .flac files (CVE-2014-9028). (Moderate) SUSE bug 906831 SUSE bug 907016 CVE-2014-8962 CVE-2014-9028 openSUSE 13.2 docker was updated to version 1.3.2 to fix two security issues. These security issues were fixed: - Symbolic and hardlink issues leading to privilege escalation (CVE-2014-6407). - Potential container escalation (CVE-2014-6408). There non-security issues were fixed: - Fix deadlock in docker ps -f exited=1 - Fix a bug when --volumes-from references a container that failed to start - --insecure-registry now accepts CIDR notation such as 10.1.0.0/16 - Private registries whose IPs fall in the 127.0.0.0/8 range do no need the --insecure-registry flag - Skip the experimental registry v2 API when mirroring is enabled - Fixed minor packaging issues. (Important) SUSE bug 907012 SUSE bug 907014 CVE-2014-6407 CVE-2014-6408 openSUSE 13.2 openvpn was updated to fix a denial-of-service vulnerability where an authenticated client could stop the server by triggering a server-side ASSERT (bnc#907764,CVE-2014-8104), (Important) SUSE bug 907764 CVE-2014-8104 openSUSE 13.2 chromium was updated to version 39.0.2171.65 to fix 13 security issues. These security issues were fixed: - Use-after-free in pepper plugins (CVE-2014-7906). - Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chromebefore 39.0.2171.65, al... (CVE-2014-7903). - Uninitialized memory read in Skia (CVE-2014-7909). - Unspecified security issues (CVE-2014-7910). - Integer overflow in media (CVE-2014-7908). - Integer overflow in the opj_t2_read_packet_data function infxcodec/fx_libopenjpeg/libopenjpeg20/t2.... (CVE-2014-7901). - Use-after-free in blink (CVE-2014-7907). - Address bar spoofing (CVE-2014-7899). - Buffer overflow in Skia (CVE-2014-7904). - Use-after-free vulnerability in the CPDF_Parser (CVE-2014-7900). - Use-after-free vulnerability in PDFium allows DoS (CVE-2014-7902). - Flaw allowing navigation to intents that do not have the BROWSABLE category (CVE-2014-7905). - Double-free in Flash (CVE-2014-0574). (Important) SUSE bug 906317 SUSE bug 906318 SUSE bug 906319 SUSE bug 906320 SUSE bug 906321 SUSE bug 906322 SUSE bug 906323 SUSE bug 906324 SUSE bug 906326 SUSE bug 906327 SUSE bug 906328 SUSE bug 906330 CVE-2014-0574 CVE-2014-7899 CVE-2014-7900 CVE-2014-7901 CVE-2014-7902 CVE-2014-7903 CVE-2014-7904 CVE-2014-7905 CVE-2014-7906 CVE-2014-7907 CVE-2014-7908 CVE-2014-7909 CVE-2014-7910 openSUSE 13.2 This libyaml update fixes the following security issue: - bnc#907809: assert failure when processing wrapped strings (CVE-2014-9130) (Moderate) SUSE bug 907809 CVE-2014-9130 openSUSE 13.2 NonFree flash-player received a security update to version to 11.2.202.425 (bsc#909219), which fixes: APSB14-27, CVE-2014-0580, CVE-2014-0587, CVE-2014-8443, CVE-2014-9162, CVE-2014-9163, CVE-2014-9164 (Important) SUSE bug 909219 CVE-2014-0580 CVE-2014-0587 CVE-2014-8443 CVE-2014-9162 CVE-2014-9163 CVE-2014-9164 openSUSE 13.2 This cpio update fixes the following secuirty issue: - fix an OOB write with cpio -i (bnc#907456) (CVE-2014-9112) (Moderate) SUSE bug 907456 CVE-2014-9112 openSUSE 13.2 This libjpeg update fixes several security and non security issues: - bnc#906761: Passing special crafted jpeg file smashes stack (CVE-2014-9092) - bnc#771791: Fixed heap overflow (Moderate) SUSE bug 771791 SUSE bug 807183 SUSE bug 906761 CVE-2014-9092 openSUSE 13.2 This perl-Plack update fixes the following security issue: - bnc#892328: trailing slashes removed leading to source code disclosure (CVE-2014-5269) (Moderate) SUSE bug 892328 CVE-2014-5269 openSUSE 13.2 phpMyAdmin on openSUSE 12.3 and 13.1 was updated to 4.1.14.8. This update fixes one vulnerability. - Security fixes: * PMASA-2014-17 (CVE-2014-9218, CWE-661 CWE-400) [boo#908363] http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php - sf#4611 [security] DOS attack with long passwords phpMyAdmin on openSUSE 13.2 was updated to 4.2.13.1 (2014-12-03) - Security fixes: * PMASA-2014-18 (CVE-2014-9219, CWE-661 CWE-79) [boo#908364] http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php - sf#4612 [security] XSS vulnerability in redirection mechanism * PMASA-2014-17 (CVE-2014-9218, CWE-661 CWE-400) [boo#908363] http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php - sf#4611 [security] DOS attack with long passwords - Bugfixes: - sf#4604 Query history not being deleted - sf#4057 db/table query string parameters no longer work - sf#4605 Unseen messages in tracking - sf#4606 Tracking report export as SQL dump does not work - sf#4607 Syntax error during db_copy operation - sf#4608 SELECT permission issues with relations and restricted access (Moderate) SUSE bug 908363 SUSE bug 908364 CVE-2014-9218 CVE-2014-9219 openSUSE 13.2 rrdtools was updated to add check to the imginfo format to prevent crash or code execution. (bnc#828003, CVE-2013-2131.) (Moderate) SUSE bug 828003 CVE-2013-2131 openSUSE 13.2 mutt was updated to fix a security issue with a heap-based buffer overflow in mutt_substrdup() (CVE-2014-9116). (Moderate) SUSE bug 907453 CVE-2014-9116 openSUSE 13.2 Firebird server crashes when handling a malformed network packet. (Important) SUSE bug 908127 openSUSE 13.2 jasper was updated to fix one security issue. This security issue was fixed: - Heap overflows in libjasper (CVE-2014-9029). (Moderate) SUSE bug 906364 CVE-2014-9029 openSUSE 13.2 seamonkey was updated to version 2.31 to fix 20 security issues. These security issues were fixed: - Miscellaneous memory safety hazards (CVE-2014-1587, CVE-2014-1588). - XBL bindings accessible via improper CSS declarations (CVE-2014-1589). - XMLHttpRequest crashes with some input streams (CVE-2014-1590). - CSP leaks redirect data via violation reports (CVE-2014-1591). - Use-after-free during HTML5 parsing (CVE-2014-1592). - Buffer overflow while parsing media content (CVE-2014-1593). - Bad casting from the BasicThebesLayer to BasicContainerLayer (CVE-2014-1594). - Miscellaneous memory safety hazards (CVE-2014-1574, CVE-2014-1575). - Buffer overflow during CSS manipulation (CVE-2014-1576). - Web Audio memory corruption issues with custom waveforms (CVE-2014-1577). - Out-of-bounds write with WebM video (CVE-2014-1578). - Further uninitialized memory use during GIF rendering (CVE-2014-1580). - Use-after-free interacting with text directionality (CVE-2014-1581). - Key pinning bypasses (CVE-2014-1582, CVE-2014-1584). - Inconsistent video sharing within iframe (CVE-2014-1585, CVE-2014-1586). - Accessing cross-origin objects via the Alarms API (only relevant for installed web apps) (CVE-2014-1583). This non-security issue was fixed: - define /usr/share/myspell as additional dictionary location and remove add-plugins.sh finally (bnc#900639). (Moderate) SUSE bug 894370 SUSE bug 900639 SUSE bug 900941 SUSE bug 908009 CVE-2014-1574 CVE-2014-1575 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1580 CVE-2014-1581 CVE-2014-1582 CVE-2014-1583 CVE-2014-1584 CVE-2014-1585 CVE-2014-1586 CVE-2014-1587 CVE-2014-1588 CVE-2014-1589 CVE-2014-1590 CVE-2014-1591 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 openSUSE 13.2 This MozillaThunderbird update fixes several security and non security issues: Changes in MozillaThunderbird: - update to Thunderbird 31.3.0 (bnc#908009) * MFSA 2014-83/CVE-2014-1587 Miscellaneous memory safety hazards * MFSA 2014-85/CVE-2014-1590 (bmo#1087633) XMLHttpRequest crashes with some input streams * MFSA 2014-87/CVE-2014-1592 (bmo#1088635) Use-after-free during HTML5 parsing * MFSA 2014-88/CVE-2014-1593 (bmo#1085175) Buffer overflow while parsing media content * MFSA 2014-89/CVE-2014-1594 (bmo#1074280) Bad casting from the BasicThebesLayer to BasicContainerLayer - fix bashism in mozilla.sh script - Limit RAM usage during link for ARM - remove add-plugins.sh and use /usr/share/myspell directly (bnc#900639) (Moderate) SUSE bug 900639 SUSE bug 908009 CVE-2014-1587 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 openSUSE 13.2 The network timeservice ntp was updated to fix critical security issues (bnc#910764, CERT VU#852879) * A potential remote code execution problem was found inside ntpd. The functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure() where updated to avoid buffer overflows that could be exploited. (CVE-2014-9295) * Furthermore a problem inside the ntpd error handling was found that is missing a return statement. This could also lead to a potentially attack vector. (CVE-2014-9296) (Critical) SUSE bug 910764 CVE-2014-9295 CVE-2014-9296 openSUSE 13.2 The openSUSE 13.2 kernel was updated to version 3.16.7. These security issues were fixed: - CVE-2014-9322: A local privilege escalation in the x86_64 32bit compatibility signal handling was fixed, which could be used by local attackers to crash the machine or execute code. (bnc#910251) - CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allowed local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite. (bnc#907818) - CVE-2014-8133: Insufficient validation of TLS register usage could leak information from the kernel stack to userspace. (bnc#909077) - CVE-2014-3673: The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346, bnc#902349). - CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that triggered an incorrect uncork within the side-effect interpreter (bnc#902349). - CVE-2014-3688: The SCTP implementation in the Linux kernel before 3.17.4 allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351). - CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application (bnc#904013). - CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk (bnc#905100). These non-security issues were fixed: - ahci: Check and set 64-bit DMA mask for platform AHCI driver (bnc#902632). - ahci/xgene: Remove logic to set 64-bit DMA mask (bnc#902632). - ahci_xgene: Skip the PHY and clock initialization if already configured by the firmware (bnc#902632). - ALSA: hda - Add mute LED control for Lenovo Ideapad Z560 (bnc#665315). - ALSA: hda/realtek - Add alc_update_coef*_idx() helper (bnc#905068). - ALSA: hda/realtek - Change EAPD to verb control (bnc#905068). - ALSA: hda/realtek - Optimize alc888_coef_init() (bnc#905068). - ALSA: hda/realtek - Restore default value for ALC668 (bnc#905068). - ALSA: hda/realtek - Update Initial AMP for EAPD control (bnc#905068). - ALSA: hda/realtek - Update restore default value for ALC282 (bnc#905068). - ALSA: hda/realtek - Update restore default value for ALC283 (bnc#905068). - ALSA: hda/realtek - Use alc_write_coef_idx() in alc269_quanta_automake() (bnc#905068). - ALSA: hda/realtek - Use tables for batch COEF writes/updtes (bnc#905068). - ALSA: usb-audio: Do not resubmit pending URBs at MIDI error recovery. - arm64: Add architectural support for PCI (bnc#902632). - arm64: adjust el0_sync so that a function can be called (bnc#902632). - arm64: Do not call enable PCI resources when specify PCI_PROBE_ONLY (bnc#902632). - arm64: dts: Add X-Gene reboot driver dts node (bnc#902632). - arm64/efi: efistub: cover entire static mem footprint in PE/COFF .text (bnc#902632). - arm64/efi: efistub: do not abort if base of DRAM is occupied (bnc#902632). - arm64: fix bug for reloading FPSIMD state after cpu power off (bnc#902632). - arm64: fix VTTBR_BADDR_MASK (bnc#902632). - arm64: fpsimd: fix a typo in fpsimd_save_partial_state ENDPROC (bnc#902632). - arm64/mustang: Disable sgenet and xgenet (bnc#902632). - arm64: Select reboot driver for X-Gene platform (bnc#902632). - arm: Add APM Mustang network driver (bnc#902632). - arm/arm64: KVM: Fix and refactor unmap_range (bnc#902632). - arm: Define PCI_IOBASE as the base of virtual PCI IO space (bnc#902632). - asm-generic/io.h: Fix ioport_map() for !CONFIG_GENERIC_IOMAP (bnc#902632). - ax88179_178a: fix bonding failure (bsc#908253). - btrfs: Fix and enhance merge_extent_mapping() to insert best fitted extent map. - btrfs: fix crash of btrfs_release_extent_buffer_page. - btrfs: fix invalid leaf slot access in btrfs_lookup_extent(). - btrfs: fix kfree on list_head in btrfs_lookup_csums_range error cleanup. - btrfs: fix lockups from btrfs_clear_path_blocking. - btrfs: fix race that makes btrfs_lookup_extent_info miss skinny extent items. - btrfs: Fix the wrong condition judgment about subset extent map. - btrfs: fix wrong accounting of raid1 data profile in statfs. - btrfs: send, do not delay dir move if there is a new parent inode. - config: armv7hl: Disable CONFIG_USB_MUSB_TUSB6010 (bnc#906914). - cpufreq: arm_big_little: fix module license spec (bnc#902632). - Delete patches.rpmify/chipidea-clean-up-dependencies (bnc#903986). - Disable Exynos cpufreq modules. - drivers/net/fddi/skfp/h/skfbi.h: Remove useless PCI_BASE_2ND macros (bnc#902632). - drm/i915: Keep vblank interrupts enabled while enabling/disabling planes (bnc#904097). - drm: Implement O_NONBLOCK support on /dev/dri/cardN (bnc#904097). - drm/nv50/disp: fix dpms regression on certain boards (bnc#902728). - drm/radeon: add locking around atombios scratch space usage (bnc#904932). - drm/radeon: add missing crtc unlock when setting up the MC (bnc#904932). - drm/radeon/dpm: disable ulv support on SI (bnc#904932). - drm/radeon: fix endian swapping in vbios fetch for tdp table (bnc#904932). - drm/radeon: fix speaker allocation setup (bnc#904932). - drm/radeon: initialize sadb to NULL in the audio code (bnc#904932). - drm/radeon: make sure mode init is complete in bandwidth_update (bnc#904932). - drm/radeon: report disconnected for LVDS/eDP with PX if ddc fails (bnc#904417). - drm/radeon: set correct CE ram size for CIK (bnc#904932). - drm/radeon: Use drm_malloc_ab instead of kmalloc_array (bnc#904932). - drm/radeon: use gart for DMA IB tests (bnc#904932). - drm/radeon: use gart memory for DMA ring tests (bnc#904932). - drm/tilcdc: Fix the error path in tilcdc_load() (bko#86071). - hp_accel: Add support for HP ZBook 15 (bnc#905329). - ideapad-laptop: Change Lenovo Yoga 2 series rfkill handling (bnc#904289). - Input: i8042 - also set the firmware id for MUXed ports (bnc#897112). - Input: psmouse - add psmouse_matches_pnp_id helper function (bnc#897112). - Input: psmouse - add support for detecting FocalTech PS/2 touchpads (bnc#897112). - Input: synaptics - add min/max quirk for Lenovo T440s (bnc#903748). - irqchip: gic: preserve gic V2 bypass bits in cpu ctrl register (bnc#902632). - iwlwifi: dvm: drop non VO frames when flushing (bnc#900786). - KEYS: Allow special keys (eg. DNS results) to be invalidated by CAP_SYS_ADMIN (bnc#904717). - KEYS: Fix stale key registration at error path (bnc#908163). - KEYS: Fix the size of the key description passed to/from userspace (bnc#904717). - KEYS: Increase root_maxkeys and root_maxbytes sizes (bnc#904717). - KEYS: request_key() should reget expired keys rather than give EKEYEXPIRED (bnc#904717). - KEYS: Simplify KEYRING_SEARCH_{NO,DO}_STATE_CHECK flags (bnc#904717). - KVM: ARM: Add arm,gic-400 compatible support (bnc#902632). - KVM: ARM: Hack to enable VGIC mapping on 64k PAGE_SIZE kernels (bnc#902633). - Limit xgbe a0 driver to arm64 - net/xgbe: Add A0 silicon support (bnc#902632). - of/pci: Add pci_get_new_domain_nr() and of_get_pci_domain_nr() (bnc#902632). - of/pci: Add pci_register_io_range() and pci_pio_to_address() (bnc#902632). - of/pci: Add support for parsing PCI host bridge resources from DT (bnc#902632). - of/pci: Fix the conversion of IO ranges into IO resources (bnc#902632). - of/pci: Move of_pci_range_to_resource() to of/address.c (bnc#902632). - parport: parport_pc, do not remove parent devices early (bnc#856659). - PCI: Add generic domain handling (bnc#902632). - PCI: Add pci_remap_iospace() to map bus I/O resources (bnc#902632). - PCI: xgene: Add APM X-Gene PCIe driver (bnc#902632). - power: reset: Add generic SYSCON register mapped reset (bnc#902632). - power: reset: Remove X-Gene reboot driver (bnc#902632). - quirk for Lenovo Yoga 3: no rfkill switch (bnc#904289). - reiserfs: destroy allocated commit workqueue. - rtc: ia64: allow other architectures to use EFI RTC (bnc#902632). - scripts/tags.sh: Do not specify kind-spec for emacs ctags/etags. - scripts/tags.sh: fix DEFINE_HASHTABLE in emacs case. - tags.sh: Fixup regex definition for etags. - ttusb-dec: buffer overflow in ioctl (bnc#905739). - usb: Add support for Synopsis H20AHB EHCI host controller (bnc#902632). - usb: fix hcd h20ahb driver depends (bnc#902632). - usb: uvc: add a quirk for Dell XPS M1330 webcam (bnc#904539). - usb: uvc: Fix destruction order in uvc_delete() (bnc#897736). (Important) SUSE bug 665315 SUSE bug 856659 SUSE bug 897112 SUSE bug 897736 SUSE bug 900786 SUSE bug 902346 SUSE bug 902349 SUSE bug 902351 SUSE bug 902632 SUSE bug 902633 SUSE bug 902728 SUSE bug 903748 SUSE bug 903986 SUSE bug 904013 SUSE bug 904097 SUSE bug 904289 SUSE bug 904417 SUSE bug 904539 SUSE bug 904717 SUSE bug 904932 SUSE bug 905068 SUSE bug 905100 SUSE bug 905329 SUSE bug 905739 SUSE bug 906914 SUSE bug 907818 SUSE bug 908163 SUSE bug 908253 SUSE bug 909077 SUSE bug 910251 CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 CVE-2014-7826 CVE-2014-7841 CVE-2014-8133 CVE-2014-9090 CVE-2014-9322 openSUSE 13.2 This libksba update fixes the following security issue: - bnc#907074: buffer overflow in OID processing (CVE-2014-9087) (Moderate) SUSE bug 907074 CVE-2014-9087 openSUSE 13.2 This unbound update fixes the following secuirty issue. - boo#908990: following endless delegations (CVE-2014-8602) (Moderate) SUSE bug 908990 CVE-2014-8602 openSUSE 13.2 This mailx update fixes the following security issue: bsc#909208: shell command injection via crafted email addresses (CVE-2004-2771, CVE-2014-7844) (Moderate) SUSE bug 909208 CVE-2004-2771 CVE-2014-7844 openSUSE 13.2 This X.Org update fixes the following security and non security issues: - Add and update security patches. (bnc#907268, CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102, CVE-2014-8103) http://lists.x.org/archives/xorg-announce/2014-December/002501.html - Fixes rendering of some icewm and xfwm themes. (bnc#908258, bnc#856931) (Moderate) SUSE bug 856931 SUSE bug 907268 SUSE bug 908258 CVE-2014-8091 CVE-2014-8092 CVE-2014-8093 CVE-2014-8094 CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8098 CVE-2014-8099 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102 CVE-2014-8103 openSUSE 13.2 This rpm update fixes the following security and non security issues: - honor --noglob in install mode [bnc#892431] - check for bad invalid name sizes [bnc#908128] [CVE-2014-8118] - create files with mode 0 [bnc#906803] [CVE-2013-6435] This update also includes version updates of rpm-python and python3-rpm. (Moderate) SUSE bug 892431 SUSE bug 906803 SUSE bug 908128 CVE-2013-6435 CVE-2014-8118 openSUSE 13.2 This file update fixes the following two security issues: - bsc#910252: multiple denial of service issues (resource consumption) (CVE-2014-8116) - bsc#910253: denial of service issue (resource consumption) (CVE-2014-8117) (Moderate) openSUSE 13.2 This docker version update fixes the following security and non security issues and adds additional features. - Updated to 1.4.0 (2014-12-11): * Notable Features since 1.3.0: - Set key=value labels to the daemon (displayed in `docker info`), applied with new `-label` daemon flag - Add support for `ENV` in Dockerfile of the form: `ENV name=value name2=value2...` - New Overlayfs Storage Driver - `docker info` now returns an `ID` and `Name` field - Filter events by event name, container, or image - `docker cp` now supports copying from container volumes - Fixed `docker tag`, so it honors `--force` when overriding a tag for existing image. - Changes introduced by 1.3.3 (2014-12-11): * Security: - Fix path traversal vulnerability in processing of absolute symbolic links (CVE-2014-9356) - (bnc#909709) - Fix decompression of xz image archives, preventing privilege escalation (CVE-2014-9357) - (bnc#909710) - Validate image IDs (CVE-2014-9358) - (bnc#909712) * Runtime: - Fix an issue when image archives are being read slowly * Client: - Fix a regression related to stdin redirection - Fix a regression with `docker cp` when destination is the current directory (Moderate) SUSE bug 909709 SUSE bug 909710 SUSE bug 909712 CVE-2014-9356 CVE-2014-9357 CVE-2014-9358 openSUSE 13.2 This Apache Subversion update fixes the following security and non security issues. - Apache Subversion 1.8.11 - This release addresses two security issues: [boo#909935] * CVE-2014-3580: mod_dav_svn DoS from invalid REPORT requests. * CVE-2014-8108: mod_dav_svn DoS from use of invalid transaction names. - Client-side bugfixes: * checkout/update: fix file externals failing to follow history and subsequently silently failing * patch: don't skip targets in valid --git difs * diff: make property output in diffs stable * diff: fix diff of local copied directory with props * diff: fix changelist filter for repos-WC and WC-WC * remove broken conflict resolver menu options that always error out * improve gpg-agent support * fix crash in eclipse IDE with GNOME Keyring * fix externals shadowing a versioned directory * fix problems working on unix file systems that don't support permissions * upgrade: keep external registrations * cleanup: iprove performance of recorded timestamp fixups * translation updates for German - Server-side bugfixes: * disable revprop caching feature due to cache invalidation problems * skip generating uniquifiers if rep-sharing is not supported * mod_dav_svn: reject requests with missing repository paths * mod_dav_svn: reject requests with invalid virtual transaction names * mod_dav_svn: avoid unneeded memory growth in resource walking (Moderate) SUSE bug 909935 CVE-2014-3580 CVE-2014-8108 openSUSE 13.2 Apache2 was updated to fix bugs and security issues. Security issues fixed: CVE-2013-5704: Added a change to fix a flaw in the way mod_headers handled chunked requests. Adds "MergeTrailers" directive to restore legacy behavior [bnc#871310], CVE-2014-8109: Fixes handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments. Bugfixes: - changed apache2.service file to fix situation where apache won't start at boot when using an encrypted certificate because user isn't prompted for password during boot [bnc#792309]. - added <IfModule> around SSLSessionCache to avoid failing to start [bnc#842377], [bnc#849445] and [bnc#864166]. (Moderate) SUSE bug 792309 SUSE bug 842377 SUSE bug 849445 SUSE bug 864166 SUSE bug 871310 SUSE bug 909715 CVE-2013-5704 CVE-2014-8109 openSUSE 13.2 This libreoffice update fixes the following security and non secuirty issues: - Fix for CVE-2014-9093 bnc#907636. - Fix typo %{libdir} -> %{_libdir} - Remove dangling symlinks from previous versions bnc#884942. - Fix build with boost 1.56 (Moderate) SUSE bug 884942 SUSE bug 907636 CVE-2014-9093 openSUSE 13.2 This update fixes the following security issues: - CVE-2015-0236: libvirt: access control bypass bsc#914693 - bnc#905086: libvirt cannot properly determine cpu flags with qemu-kvm - Fixed allowing devices for containers. (Moderate) SUSE bug 905086 SUSE bug 914693 CVE-2015-0236 openSUSE 13.2 vorbis-tools was updated to fix one security issue. This security issue was fixed: - Segfault when trying to encode trivial raw input (CVE-2014-9640). (Moderate) SUSE bug 914938 CVE-2014-9640 openSUSE 13.2 privoxy was updated to version 3.0.23 to fix three security issues. These security issues were fixed: - Fixed a DoS issue in case of client requests with incorrect chunk-encoded body. When compiled with assertions enabled (the default) they could previously cause Privoxy to abort() (CVE-2015-1380). - Fixed multiple segmentation faults and memory leaks in the pcrs code. This fix also increases the chances that an invalid pcrs command is rejected as such (CVE-2015-1381). - Client requests with body that can't be delivered no longer cause pipelined requests behind them to be rejected as invalid (CVE-2015-1382). (Moderate) SUSE bug 914934 CVE-2015-1380 CVE-2015-1381 CVE-2015-1382 openSUSE 13.2 virtualbox was updated to version 4.2.28 to fix eight security issues. These security issues were fixed: - OpenSSL fixes for VirtualBox (CVE-2014-0224) - Unspecified vulnerability in the Oracle VM VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0418 (CVE-2015-0377, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2015-0427 (CVE-2014-6595, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6588, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6589, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6590, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2014-6595 (CVE-2015-0427, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377 (CVE-2015-0418, bnc#914447). For the full changelog please read https://www.virtualbox.org/wiki/Changelog-4.2 (Moderate) SUSE bug 914447 CVE-2014-0224 CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0377 CVE-2015-0418 CVE-2015-0427 openSUSE 13.2 NonFree flash-player was updated to version 11.2.202.442 to fix 18 security issues. These security issues were fixed: - Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322). - Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330). - Type confusion vulnerabilities that could lead to code execution (CVE-2015-0317, CVE-2015-0319). - Heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-0323, CVE-2015-0327). - Buffer overflow vulnerability that could lead to code execution (CVE-2015-0324). - Null pointer dereference issues (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328). More information is available at https://helpx.adobe.com/security/products/flash-player/apsb15-04.html (Critical) SUSE bug 915918 CVE-2015-0313 CVE-2015-0314 CVE-2015-0315 CVE-2015-0316 CVE-2015-0317 CVE-2015-0318 CVE-2015-0319 CVE-2015-0320 CVE-2015-0321 CVE-2015-0322 CVE-2015-0323 CVE-2015-0324 CVE-2015-0325 CVE-2015-0326 CVE-2015-0327 CVE-2015-0328 CVE-2015-0329 CVE-2015-0330 openSUSE 13.2 unzip was updated to fix security issues. The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification (CVE-2014-8139), the test_compr_eb() (CVE-2014-8140) and the getZip64Data() functions (CVE-2014-8141). The input errors may result in in arbitrary code execution. More info can be found in the oCert announcement: http://seclists.org/oss-sec/2014/q4/1127 (Moderate) SUSE bug 909214 CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 openSUSE 13.2 The follow issues were fixed with this update: - CVE-2014-8137 double-free in jas_iccattrval_destroy()(bnc#909474) - CVE-2014-8138 heap overflow in jas_decode() (bnc#909475) (Moderate) SUSE bug 909474 SUSE bug 909475 CVE-2014-8137 openSUSE 13.2 grep was updated to fix one security issue. This security issue was fixed: - Heap buffer overrun with a carefully crafted combination of input and regexp (CVE-2015-1345). (Moderate) SUSE bug 914695 CVE-2015-1345 openSUSE 13.2 openvas-manager was updated to fix one security issue. This security issue was fixed: * CVE-2014-9220: SQL injection vulnerability (bnc#908427) (Moderate) SUSE bug 908427 CVE-2014-9220 openSUSE 13.2 rsync was updated to fix one security issue. This security issue was fixed: - Path spoofing attack vulnerability (CVE-2014-9512). (Moderate) SUSE bug 915410 CVE-2014-9512 openSUSE 13.2 was updated to version 7.40.0 to fix two security issues. These security issues were fixed: - CVE-2014-8150: CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allowed remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL (bnc#911363). - CVE-2014-3707: The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, did not properly copy HTTP POST data for an easy handle, which triggered an out-of-bounds read that allowed remote web servers to read sensitive memory information (bnc#901924). These non-security issues were fixed: - http_digest: Added support for Windows SSPI based authentication - version info: Added Kerberos V5 to the supported features - Makefile: Added VC targets for WinIDN - SSL: Add PEM format support for public key pinning - smtp: Added support for the conversion of Unix newlines during mail send - smb: Added initial support for the SMB/CIFS protocol - Added support for HTTP over unix domain sockets, - via CURLOPT_UNIX_SOCKET_PATH and --unix-socket - sasl: Added support for GSS-API based Kerberos V5 authentication (Moderate) SUSE bug 901924 SUSE bug 911363 CVE-2014-3707 CVE-2014-8150 openSUSE 13.2 krb5 was updated to fix five security issues. These security issues were fixed: - CVE-2014-5351: current keys returned when randomizing the keys for a service principal (bnc#897874) - CVE-2014-5352: An authenticated attacker could cause a vulnerable application (including kadmind) to crash or to execute arbitrary code (bnc#912002). - CVE-2014-9421: An authenticated attacker could cause kadmind or other vulnerable server application to crash or to execute arbitrary code (bnc#912002). - CVE-2014-9422: An attacker who possess the key of a particularly named principal (such as "kad/root") could impersonate any user to kadmind and perform administrative actions as that user (bnc#912002). - CVE-2014-9423: An attacker could attempt to glean sensitive information from the four or eight bytes of uninitialized data output by kadmind or other libgssrpc server application. Because MIT krb5 generally sanitizes memory containing krb5 keys before freeing it, it is unlikely that kadmind would leak Kerberos key information, but it is not impossible (bnc#912002). This non-security issue was fixed: - Work around replay cache creation race (bnc#898439). (Moderate) SUSE bug 897874 SUSE bug 898439 SUSE bug 912002 CVE-2014-5351 CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 openSUSE 13.2 The XEN virtualization was updated to fix bugs and security issues: Security issues fixed: CVE-2015-0361: XSA-116: xen: xen crash due to use after free on hvm guest teardown CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation CVE-2014-9030: XSA-113: Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling CVE-2014-8867: XSA-112: xen: Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor CVE-2014-8866: XSA-111: xen: Excessive checking in compatibility mode hypercall argument translation CVE-2014-8595: XSA-110: xen: Missing privilege level checks in x86 emulation of far branches CVE-2014-8594: XSA-109: xen: Insufficient restrictions on certain MMU update hypercalls CVE-2013-3495: XSA-59: xen: Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts CVE-2014-5146, CVE-2014-5149: xen: XSA-97 Long latency virtual-mmu operations are not preemptible Bugs fixed: - Restore missing fixes from block-dmmd script - bnc#904255 - XEN boot hangs in early boot on UEFI system - Fix missing banner by restoring figlet program - bnc#903357 - Corrupted save/restore test leaves orphaned data in xenstore - bnc#903359 - Temporary migration name is not cleaned up after migration - bnc#903850 - Xen: guest user mode triggerable VM exits not handled by hypervisor - bnc#866902 - Xen save/restore of HVM guests cuts off disk and networking - bnc#901317 - increase limit domUloader to 32MB - bnc#898772 - SLES 12 RC3 - XEN Host crashes when assigning non-VF device (SR-IOV) to guest - bnc#882089 - Windows 2012 R2 fails to boot up with greater than 60 vcpus - bsc#900292 - xl: change default dump directory - Update xen2libvirt.py to better detect and handle file formats - bnc#882089 - Windows 2012 R2 fails to boot up with greater than 60 vcpus - bnc#897906 - libxc: check return values on mmap() and madvise() on xc_alloc_hypercall_buffer() - bnc#896023 - Adjust xentop column layout (Important) SUSE bug 826717 SUSE bug 866902 SUSE bug 882089 SUSE bug 889526 SUSE bug 896023 SUSE bug 897906 SUSE bug 898772 SUSE bug 900292 SUSE bug 901317 SUSE bug 903357 SUSE bug 903359 SUSE bug 903850 SUSE bug 903967 SUSE bug 903970 SUSE bug 904255 SUSE bug 905465 SUSE bug 905467 SUSE bug 906439 SUSE bug 906996 SUSE bug 910681 CVE-2013-3495 CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595 CVE-2014-8866 CVE-2014-8867 CVE-2014-9030 CVE-2014-9065 CVE-2014-9066 CVE-2015-0361 openSUSE 13.2 This update fixes the following security issue: - CVE-2015-0552: Avoid path traversal (boo#911814, bgo#742331, CVE-2015-0552). (Moderate) SUSE bug 911814 CVE-2015-0552 openSUSE 13.2 jython was updated to fix one security issue. This security issue was fixed: - CVE-2013-2027: Creates executables class files with wrong permissions (Moderate) SUSE bug 916224 CVE-2013-2027 openSUSE 13.2 tcpdump was updated to fix three security issues. These security issues were fixed: - CVE-2014-8767: Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allowed remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame (bnc#905870 905871). - CVE-2014-8769: tcpdump 3.8 through 4.6.2 might allowed remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access (bnc#905871 905872). - CVE-2014-8768: Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allowed remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame (bnc#905871). (Moderate) SUSE bug 905870 SUSE bug 905871 SUSE bug 905872 CVE-2014-8767 CVE-2014-8768 CVE-2014-8769 openSUSE 13.2 clamav was updated to version 0.98.6 that fixes bugs and several security issues: * bsc#916217, CVE-2015-1461: Remote attackers can have unspecified impact via Yoda's crypter or mew packer files. * bsc#916214, CVE-2015-1462: Unspecified impact via acrafted upx packer file. * bsc#916215, CVE-2015-1463: Remote attackers can cause a denial of service via a crafted petite packer file. * bsc#915512, CVE-2014-9328: heap out of bounds condition with crafted upack packer files. (Important) SUSE bug 915512 SUSE bug 916214 SUSE bug 916215 SUSE bug 916217 CVE-2014-9328 CVE-2015-1461 CVE-2015-1462 CVE-2015-1463 openSUSE 13.2 roundcubemail was updated to version 1.0.5 to fix one security issue. This security issue was fixed: - CVE-2015-1433: program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 did not properly quote strings, which allowed remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email (bnc#915789). Various non-security bugs were resolved in this update. Please see the changes file for details. (Moderate) SUSE bug 863569 SUSE bug 915789 CVE-2015-1433 openSUSE 13.2 dbus-1, dbus-1-x11 were updated to version 1.8.16 to fix one security issue. This update fixes the following security issue: - CVE-2015-0245: Do not allow non-uid-0 processes to send forged ActivationFailure messages. On Linux systems with systemd activation, this would allow a local denial of service (bnc#916343). These additional security hardenings are included: - Do not allow calls to UpdateActivationEnvironment from uids other than the uid of the dbus-daemon. If a system service installs unsafe security policy rules that allow arbitrary method calls (such as CVE-2014-8148) then this prevents memory consumption and possible privilege escalation via UpdateActivationEnvironment. - Do not allow calls to UpdateActivationEnvironment or the Stats interface on object paths other than /org/freedesktop/DBus. Some system services install unsafe security policy rules that allow arbitrary method calls to any destination, method and interface with a specified object path. (Moderate) SUSE bug 916343 CVE-2015-0245 openSUSE 13.2 mdadm was updated to fix one security issue. This security issue was fixed: - CVE-2014-5220: mdcheck doesn't validate the input of mdadm --detail --export, possible command injection (bnc#910500). (Low) SUSE bug 910500 CVE-2014-5220 openSUSE 13.2 perl-YAML-LibYAML was updated to version 0.59 to fix four security issues. These security issues were fixed: - CVE-2013-6393: The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allowed remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow (bnc#860617, bnc#911782). - CVE-2012-1152: Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allowed remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function (bnc#751503). - CVE-2014-9130: scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allowed context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping (bnc#907809, bnc#911782). - CVE-2014-2525: Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allowed context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file (bnc#868944, bnc#911782). These non-security issues were fixed: - PR/23 Better scalar dump heuristics - More closely match YAML.pm - Add a VERSION statement to YAML::LibYAML (issue#8) - Applied fix for PR/21. nawglan++ - Use Swim cpan-tail block functions in doc - Get YAML::XS using latest libyaml - Fix for https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure - Fix e1 test failure on 5.21.4 - Remove =travis section - Meta 0.0.2 - Eliminate spurious trailing whitespace - Add t/000-compile-modules.t - Fix swim errors - Add badges to doc - Fix ReadMe - Fix Meta and add Contributing. - Doc fix. GitHub-Issue-#6. Thanks to Debian Perl Group for finding this. - Test::Base tests needed 'inc' in @INC - Switch to Zilla::Dist - No longer dep on Test::Base, Spiffy, and Filter::Util::Call - Remove test/changes.t - Removed another C++ // style comment. jdb++ - Removed C++ // style comments, for better portability. jdb++ - Using the latest libyaml codebase - https://github.com/yaml/libyaml/tree/perl-yaml-xs - Changes have been made to start moving libyaml to 1.2 (Moderate) SUSE bug 751503 SUSE bug 860617 SUSE bug 868944 SUSE bug 907809 SUSE bug 911782 CVE-2012-1152 CVE-2013-6393 CVE-2014-2525 CVE-2014-9130 openSUSE 13.2 php5 was updated to fix five security issues. These security issues were fixed: - CVE-2015-0231: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142 (bnc#910659). - CVE-2015-0232: The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image (bnc#914690). - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019 (bnc#910659). - CVE-2014-9427: sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap was used to read a .php file, did not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which caused an out-of-bounds read and might (1) allowed remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping (bnc#911664). For openSUSE 13.2 this additional security issue was fixed: - CVE-2014-9426: The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempted to perform a free operation on a stack-based character array, which allowed remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors (bnc#911663). (Moderate) SUSE bug 907519 SUSE bug 910659 SUSE bug 911663 SUSE bug 911664 SUSE bug 914690 CVE-2014-8142 CVE-2014-9426 CVE-2014-9427 CVE-2015-0231 CVE-2015-0232 openSUSE 13.2 xorg-x11-server was updated to fix one security issue. This security issue was fixed: - CVE-2015-0255: Information leak in the XkbSetGeometry request of X servers (bnc#915810). (Moderate) SUSE bug 915810 CVE-2015-0255 openSUSE 13.2 tigervnc was updated to fix one security issue. This security issue was fixed: - CVE-2015-0255: Information leak in the XkbSetGeometry request of X servers (bnc#915810). (Moderate) SUSE bug 915810 CVE-2015-0255 openSUSE 13.2 Glibc was updated to fix several security issues. - Avoid infinite loop in nss_dns getnetbyname (CVE-2014-9402, bsc#910599, BZ #17630) - wordexp fails to honour WRDE_NOCMD (CVE-2014-7817, bsc#906371, BZ #17625) - Fix invalid file descriptor reuse while sending DNS query (CVE-2013-7423, bsc#915526, BZ #15946) - Fix buffer overflow in wscanf (CVE-2015-1472, bsc#916222, BZ #16618) (Moderate) SUSE bug 906371 SUSE bug 910599 SUSE bug 915526 SUSE bug 916222 CVE-2013-7423 CVE-2014-7817 CVE-2014-9402 CVE-2015-1472 openSUSE 13.2 samba was updated to fix two security issues. These security issues were fixed: - CVE-2015-0240: Ensure we don't call talloc_free on an uninitialized pointer (bnc#917376). - CVE-2014-8143: Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allowed remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation (bnc#914279). Several non-security issues were fixed, please refer to the changes file. (Important) SUSE bug 914279 SUSE bug 917376 CVE-2014-8143 CVE-2015-0240 openSUSE 13.2 Changes in libsndfile: two buffer read overflows in sd2_parse_rsrc_fork() (CVE-2014-9496, bnc#911796): backported upstream fix patches (Moderate) SUSE bug 911796 CVE-2014-9496 openSUSE 13.2 cups was updated to fix one security issue. This security issue was fixed: - CVE-2014-9679: A malformed compressed raster file can trigger a buffer overflow in cupsRasterReadPixels (bnc#917799). (Moderate) SUSE bug 917799 CVE-2014-9679 openSUSE 13.2 snack was updated to fix one security issue. This security issue was fixed: - CVE-2012-6303: Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allowed remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file (bnc#793860). (Important) SUSE bug 793860 CVE-2012-6303 openSUSE 13.2 MozillaFirefox, mozilla-nss were updated to fix 18 security issues. MozillaFirefox was updated to version 36.0. These security issues were fixed: - CVE-2015-0835, CVE-2015-0836: Miscellaneous memory safety hazards - CVE-2015-0832: Appended period to hostnames can bypass HPKP and HSTS protections - CVE-2015-0830: Malicious WebGL content crash when writing strings - CVE-2015-0834: TLS TURN and STUN connections silently fail to simple TCP connections - CVE-2015-0831: Use-after-free in IndexedDB - CVE-2015-0829: Buffer overflow in libstagefright during MP4 video playback - CVE-2015-0828: Double-free when using non-default memory allocators with a zero-length XHR - CVE-2015-0827: Out-of-bounds read and write while rendering SVG content - CVE-2015-0826: Buffer overflow during CSS restyling - CVE-2015-0825: Buffer underflow during MP3 playback - CVE-2015-0824: Crash using DrawTarget in Cairo graphics library - CVE-2015-0823: Use-after-free in Developer Console date with OpenType Sanitiser - CVE-2015-0822: Reading of local files through manipulation of form autocomplete - CVE-2015-0821: Local files or privileged URLs in pages can be opened into new tabs - CVE-2015-0819: UI Tour whitelisted sites in background tab can spoof foreground tabs - CVE-2015-0820: Caja Compiler JavaScript sandbox bypass mozilla-nss was updated to version 3.17.4 to fix the following issues: - CVE-2014-1569: QuickDER decoder length issue (bnc#910647). - bmo#1084986: If an SSL/TLS connection fails, because client and server don't have any common protocol version enabled, NSS has been changed to report error code SSL_ERROR_UNSUPPORTED_VERSION (instead of reporting SSL_ERROR_NO_CYPHER_OVERLAP). - bmo#1112461: libpkix was fixed to prefer the newest certificate, if multiple certificates match. - bmo#1094492: fixed a memory corruption issue during failure of keypair generation. - bmo#1113632: fixed a failure to reload a PKCS#11 module in FIPS mode. - bmo#1119983: fixed interoperability of NSS server code with a LibreSSL client. (Important) SUSE bug 910647 SUSE bug 917597 CVE-2014-1569 CVE-2015-0819 CVE-2015-0820 CVE-2015-0821 CVE-2015-0822 CVE-2015-0823 CVE-2015-0824 CVE-2015-0825 CVE-2015-0826 CVE-2015-0827 CVE-2015-0828 CVE-2015-0829 CVE-2015-0830 CVE-2015-0831 CVE-2015-0832 CVE-2015-0834 CVE-2015-0835 CVE-2015-0836 openSUSE 13.2 postgresql93 was updated to version 9.3.6 to fix four security issues. These security issues were fixed: - CVE-2015-0241: Fix buffer overruns in to_char() (bnc#916953). - CVE-2015-0243: Fix buffer overruns in contrib/pgcrypto (bnc#916953). - CVE-2015-0244: Fix possible loss of frontend/backend protocol synchronization after an error (bnc#916953). - CVE-2014-8161: Fix information leak via constraint-violation error messages (bnc#916953). (Moderate) SUSE bug 916953 CVE-2014-8161 CVE-2015-0241 CVE-2015-0243 CVE-2015-0244 openSUSE 13.2 python-rope was updated to fix one security issue. This security issue was fixed: - CVE-2014-3539: Disable dynamic object analysis by default (bnc#916890). (Low) SUSE bug 916890 CVE-2014-3539 openSUSE 13.2 apache2 was updated to fix one security issue. This security issue was fixed: - CVE-2015-0228: Mod_lua websocket DoS (bnc#918352). (Moderate) SUSE bug 918352 CVE-2015-0228 openSUSE 13.2 vsftpd was updated to fix one security issue. This security issue was fixed: - CVE-2015-1419: vsftpd config option deny_file was not handled correctly (bnc#915522). Note: deny_file shouldn't be used to restrict access, as stated in the documentation. Please use more reliable methods. (Low) SUSE bug 900326 SUSE bug 915522 CVE-2015-1419 openSUSE 13.2 php5 was updated to fix two security issues. These security issues were fixed: - CVE-2014-9652: Out of bounds read in mconvert() (bnc#917150). - CVE-2015-0273: Use after free vulnerability in unserialize() with DateTimeZone (bnc#918768). (Important) SUSE bug 917150 SUSE bug 918768 CVE-2014-9652 CVE-2015-0273 openSUSE 13.2 chromium was updated to version 40.0.2214.111 to fix 31 vulnerabilities. These security issues were fixed: - CVE-2015-1209: Use-after-free in DOM (bnc#916841). - CVE-2015-1210: Cross-origin-bypass in V8 bindings (bnc#916843). - CVE-2015-1211: Privilege escalation using service workers (bnc#916838). - CVE-2015-1212: Various fixes from internal audits, fuzzing and other initiatives (bnc#916840). - CVE-2014-7923: Memory corruption in ICU (bnc#914468). - CVE-2014-7924: Use-after-free in IndexedDB (bnc#914468). - CVE-2014-7925: Use-after-free in WebAudio (bnc#914468). - CVE-2014-7926: Memory corruption in ICU (bnc#914468). - CVE-2014-7927: Memory corruption in V8 (bnc#914468). - CVE-2014-7928: Memory corruption in V8 (bnc#914468). - CVE-2014-7930: Use-after-free in DOM (bnc#914468). - CVE-2014-7931: Memory corruption in V8 (bnc#914468). - CVE-2014-7929: Use-after-free in DOM (bnc#914468). - CVE-2014-7932: Use-after-free in DOM (bnc#914468). - CVE-2014-7933: Use-after-free in FFmpeg (bnc#914468). - CVE-2014-7934: Use-after-free in DOM (bnc#914468). - CVE-2014-7935: Use-after-free in Speech (bnc#914468). - CVE-2014-7936: Use-after-free in Views (bnc#914468). - CVE-2014-7937: Use-after-free in FFmpeg (bnc#914468). - CVE-2014-7938: Memory corruption in Fonts (bnc#914468). - CVE-2014-7939: Same-origin-bypass in V8 (bnc#914468). - CVE-2014-7940: Uninitialized-value in ICU (bnc#914468). - CVE-2014-7941: Out-of-bounds read in UI (bnc#914468). - CVE-2014-7942: Uninitialized-value in Fonts (bnc#914468). - CVE-2014-7943: Out-of-bounds read in Skia - CVE-2014-7944: Out-of-bounds read in PDFium - CVE-2014-7945: Out-of-bounds read in PDFium - CVE-2014-7946: Out-of-bounds read in Fonts - CVE-2014-7947: Out-of-bounds read in PDFium - CVE-2014-7948: Caching error in AppCache - CVE-2015-1205: Various fixes from internal audits, fuzzing and other initiatives These non-security issues were fixed: - Fix using 'echo' command in chromium-browser.sh script (Important) SUSE bug 914468 SUSE bug 916838 SUSE bug 916840 SUSE bug 916841 SUSE bug 916843 CVE-2014-7923 CVE-2014-7924 CVE-2014-7925 CVE-2014-7926 CVE-2014-7927 CVE-2014-7928 CVE-2014-7929 CVE-2014-7930 CVE-2014-7931 CVE-2014-7932 CVE-2014-7933 CVE-2014-7934 CVE-2014-7935 CVE-2014-7936 CVE-2014-7937 CVE-2014-7938 CVE-2014-7939 CVE-2014-7940 CVE-2014-7941 CVE-2014-7942 CVE-2014-7943 CVE-2014-7944 CVE-2014-7945 CVE-2014-7946 CVE-2014-7947 CVE-2014-7948 CVE-2015-1205 CVE-2015-1209 CVE-2015-1210 CVE-2015-1211 CVE-2015-1212 openSUSE 13.2 MozillaThunderbird was updated to version 31.5.0 to fix four security issues. These security issues were fixed: - CVE-2015-0836: Miscellaneous memory safety hazards - CVE-2015-0831: Use-after-free in IndexedDB - CVE-2015-0827: Out-of-bounds read and write while rendering SVG content - CVE-2015-0822: Reading of local files through manipulation of form autocomplete (Important) SUSE bug 917597 CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0836 openSUSE 13.2 LibTIFF was updated fix various security issues that could lead to crashes of the image decoder. (CVE-2014-9655, CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2015-1547) (Moderate) SUSE bug 914890 SUSE bug 916925 SUSE bug 916927 CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9655 CVE-2015-1547 openSUSE 13.2 This update fixes previous security update, which was not considered as complete. (Moderate) SUSE bug 912214 CVE-2014-9556 openSUSE 13.2 Percona Toolkit and XtraBackup were updated to fix bugs and security issues. Percona XtraBackup was vulnerable to MITM attack which could allow exfiltration of MySQL configuration information via the --version-check option. [boo#919298] CVE-2015-1027 lp#1408375. The openSUSE package has the version check disabled by default. Percona Toolkit was updated to 2.2.13: * Feature lp#1391240: pt-kill added query fingerprint hash to output * Fixed lp#1402668: pt-mysql-summary fails on cluster in Donor/Desynced status * Fixed lp#1396870: pt-online-schema-change CTRL+C leaves terminal in inconsistent state * Fixed lp#1396868: pt-online-schema-change --ask-pass option error * Fixed lp#1266869: pt-stalk fails to start if $HOME environment variable is not set * Fixed lp#1019479: pt-table-checksum does not work with sql_mode ONLY_FULL_GROUP_BY * Fixed lp#1394934: pt-table-checksum error in debug mode * Fixed lp#1321297: pt-table-checksum reports diffs on timestamp columns in 5.5 vs 5.6 * Fixed lp#1399789: pt-table-checksum fails to find pxc nodes when wsrep_node_incoming_address is set to AUTO * Fixed lp#1388870: pt-table-checksum has some errors with different time zones * Fixed lp#1408375: vulnerable to MITM attack which would allow exfiltration of MySQL configuration information via --version-check [boo#919298] [CVE-2015-1027] * Fixed lp#1404298: missing MySQL5.7 test files for pt-table-checksum * Fixed lp#1403900: added sandbox and fixed sakila test db for 5.7 Percona XtraBackup was updated to version 2.2.9: * xtrabackup_galera_info file isn't overwritten during the Galera auto-recovery. lp#1418584. * Percona XtraBackup now sets the maximum supported session value for lock_wait_timeout variable to prevent unnecessary timeouts when the global value is changed from the default. lp#1410339. * New option --backup-locks, enabled by default, has been implemented to control if backup locks will be used even if they are supported by the server. To disable backup locks innobackupex should be run with innobackupex --no-backup-locks option. lp#1418820. (Low) SUSE bug 919298 CVE-2015-1027 openSUSE 13.2 The SSH Terminal emulator putty was updated to the new upstream release 0.64, fixing security issues and bugs: Security fix: PuTTY no longer retains the private half of users' keys in memory by mistake after authenticating with them. [bsc#920167] (CVE-2015-2157) New feature: Support for SSH connection sharing, so that multiple instances of PuTTY to the same host can share a single SSH connection instead of all having to log in independently. Bug fix: IPv6 literals are handled sensibly throughout the suite, if you enclose them in square brackets to prevent the colons being mistaken for a :port suffix. (Moderate) SUSE bug 920167 CVE-2015-2157 openSUSE 13.2 The automount service autofs was updated to prevent a potential privilege escalation via interpreter load path for program-based automount maps. (bsc#917977 CVE-2014-8169) (Moderate) SUSE bug 917977 CVE-2014-8169 openSUSE 13.2 cacti was updated to version 0.8.8c [boo#920399] This update fixes four vulnerabilities and adds some compatible features. - Security fixes not previously patched: - CVE-2014-2326 - XSS issue via CDEF editing - CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability - CVE-2014-2328 - Remote Command Execution Vulnerability in graph export - CVE-2014-4002 - XSS issues in multiple files - CVE-2014-5025 - XSS issue via data source editing - CVE-2014-5026 - XSS issues in multiple files - Security fixes now upstream: - CVE-2013-5588 - XSS issue via installer or device editing - CVE-2013-5589 - SQL injection vulnerability in device editing New features: - New graph tree view - Updated graph list and graph preview - Refactor graph tree view to remove GPL incompatible code - Updated command line database upgrade utility - Graph zooming now from everywhere (Moderate) SUSE bug 920399 CVE-2014-2327 CVE-2014-4002 CVE-2014-5025 CVE-2014-5026 openSUSE 13.2 osc was updated to fix a security issue and some non-security bugs. osc was updated to 0.151.0, fixing the following vulnerability: * fixed shell command injection via crafted _service files CVE-2015-0778 boo#901643 The following non-security bugs were fixed: * fix times when data comes from OBS backend * support updateing the link in target package for submit requests * various minor bugfixes (Important) SUSE bug 901643 CVE-2015-0778 openSUSE 13.2 NonFree Adobe Flash Player was updated to 11.2.202.451 (bsc#922033). These security issues were fixed: - Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339). - Type confusion vulnerabilities that could lead to code execution (CVE-2015-0334, CVE-2015-0336). - A vulnerability that could lead to a cross-domain policy bypass (CVE-2015-0337). - A vulnerability that could lead to a file upload restriction bypass (CVE-2015-0340). - An integer overflow vulnerability that could lead to code execution (CVE-2015-0338). - Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0341, CVE-2015-0342). (Critical) SUSE bug 922033 CVE-2015-0332 CVE-2015-0333 CVE-2015-0334 CVE-2015-0335 CVE-2015-0336 CVE-2015-0337 CVE-2015-0338 CVE-2015-0339 CVE-2015-0340 CVE-2015-0341 CVE-2015-0342 openSUSE 13.2 Wireshark was updated to 1.10.13 on openSUSE 13.1 to fix bugs and security issues. Wireshark was updated to 1.12.4 on openSUSE 13.2 to fix bugs and security issues. The following security issues were fixed in 1.10.13: * The WCP dissector could crash. wnpa-sec-2015-07 CVE-2015-2188 [bnc#920696] * The pcapng file parser could crash. wnpa-sec-2015-08 CVE-2015-2189 [bnc#920697] * The TNEF dissector could go into an infinite loop. wnpa-sec-2015-10 CVE-2015-2191 [bnc#920699] - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.10.13.html The following security issues were fixed in 1.12.4: - The following security issues were fixed: * The ATN-CPDLC dissector could crash. wnpa-sec-2015-06 CVE-2015-2187 [bnc#920695] * The WCP dissector could crash. wnpa-sec-2015-07 CVE-2015-2188 [bnc#920696] * The pcapng file parser could crash. wnpa-sec-2015-08 CVE-2015-2189 [bnc#920697] * The LLDP dissector could crash. wnpa-sec-2015-09 CVE-2015-2190 [bnc#920698] * The TNEF dissector could go into an infinite loop. wnpa-sec-2015-10 CVE-2015-2191 [bnc#920699] * The SCSI OSD dissector could go into an infinite loop. wnpa-sec-2015-11 CVE-2015-2192 [bnc#920700] - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.4.html (Moderate) SUSE bug 920695 SUSE bug 920696 SUSE bug 920697 SUSE bug 920698 SUSE bug 920699 SUSE bug 920700 CVE-2015-2187 CVE-2015-2188 CVE-2015-2189 CVE-2015-2190 CVE-2015-2191 CVE-2015-2192 openSUSE 13.2 Chromium was updated to 41.0.2272.76 (bnc#920825) Security fixes: * CVE-2015-1212: Out-of-bounds write in media * CVE-2015-1213: Out-of-bounds write in skia filters * CVE-2015-1214: Out-of-bounds write in skia filters * CVE-2015-1215: Out-of-bounds write in skia filters * CVE-2015-1216: Use-after-free in v8 bindings * CVE-2015-1217: Type confusion in v8 bindings * CVE-2015-1218: Use-after-free in dom * CVE-2015-1219: Integer overflow in webgl * CVE-2015-1220: Use-after-free in gif decoder * CVE-2015-1221: Use-after-free in web databases * CVE-2015-1222: Use-after-free in service workers * CVE-2015-1223: Use-after-free in dom * CVE-2015-1230: Type confusion in v8 * CVE-2015-1224: Out-of-bounds read in vpxdecoder * CVE-2015-1225: Out-of-bounds read in pdfium * CVE-2015-1226: Validation issue in debugger * CVE-2015-1227: Uninitialized value in blink * CVE-2015-1228: Uninitialized value in rendering * CVE-2015-1229: Cookie injection via proxies * CVE-2015-1231: Various fixes from internal audits * Multiple vulnerabilities in V8 fixed at the tip of the 4.1 branch (Important) SUSE bug 920825 CVE-2015-1212 CVE-2015-1213 CVE-2015-1214 CVE-2015-1215 CVE-2015-1216 CVE-2015-1217 CVE-2015-1218 CVE-2015-1219 CVE-2015-1220 CVE-2015-1221 CVE-2015-1222 CVE-2015-1223 CVE-2015-1224 CVE-2015-1225 CVE-2015-1226 CVE-2015-1227 CVE-2015-1228 CVE-2015-1229 CVE-2015-1230 CVE-2015-1231 openSUSE 13.2 vorbis-tools was updated to fix division by zero and integer overflow by crafted WAV files (CVE-2014-9638, CVE-2014-9639, bnc#914439, bnc#914441). (Moderate) SUSE bug 914439 SUSE bug 914441 CVE-2014-9638 CVE-2014-9639 openSUSE 13.2 The GNOME Display Manager was updated to fix one security issue: - Removed gdm-fingerprint and gdm-smartcard pamfiles that allowed unlocking the screen without password or fingerprint if fingerprint reader support was enabled. (boo#900836). (Moderate) SUSE bug 900836 openSUSE 13.2 glusterfs was updated to fix a fragment header infinite loop denial of service attack (CVE-2014-3619). (Moderate) SUSE bug 919879 CVE-2014-3619 openSUSE 13.2 libssh2_org was updated to version 1.5.0 to fix bugs and a security issue. Changes in 1.5.0: Added Windows Cryptography API: Next Generation based backend Bug fixes: - Security Advisory: Using `SSH_MSG_KEXINIT` data unbounded, CVE-2015-1782 - missing _libssh2_error in _libssh2_channel_write - knownhost: Fix DSS keys being detected as unknown. - knownhost: Restore behaviour of `libssh2_knownhost_writeline` with short buffer. - libssh2.h: on Windows, a socket is of type SOCKET, not int - libssh2_priv.h: a 1 bit bit-field should be unsigned - windows build: do not export externals from static library - Fixed two potential use-after-frees of the payload buffer - Fixed a few memory leaks in error paths - userauth: Fixed an attempt to free from stack on error - agent_list_identities: Fixed memory leak on OOM - knownhosts: Abort if the hosts buffer is too small - sftp_close_handle: ensure the handle is always closed - channel_close: Close the channel even in the case of errors - docs: added missing libssh2_session_handshake.3 file - docs: fixed a bunch of typos - userauth_password: pass on the underlying error code - _libssh2_channel_forward_cancel: accessed struct after free - _libssh2_packet_add: avoid using uninitialized memory - _libssh2_channel_forward_cancel: avoid memory leaks on error - _libssh2_channel_write: client spins on write when window full - windows build: fix build errors - publickey_packet_receive: avoid junk in returned pointers - channel_receive_window_adjust: store windows size always - userauth_hostbased_fromfile: zero assign to avoid uninitialized use - configure: change LIBS not LDFLAGS when checking for libs - agent_connect_unix: make sure there's a trailing zero - MinGW build: Fixed redefine warnings. - sftpdir.c: added authentication method detection. - Watcom build: added support for WinCNG build. - configure.ac: replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS - sftp_statvfs: fix for servers not supporting statfvs extension - knownhost.c: use LIBSSH2_FREE macro instead of free - Fixed compilation using mingw-w64 - knownhost.c: fixed that 'key_type_len' may be used uninitialized - configure: Display individual crypto backends on separate lines - examples on Windows: check for WSAStartup return code - examples on Windows: check for socket return code - agent.c: check return code of MapViewOfFile - kex.c: fix possible NULL pointer de-reference with session->kex - packet.c: fix possible NULL pointer de-reference within listen_state - tests on Windows: check for WSAStartup return code - userauth.c: improve readability and clarity of for-loops - examples on Windows: use native SOCKET-type instead of int - packet.c: i < 256 was always true and i would overflow to 0 - kex.c: make sure mlist is not set to NULL - session.c: check return value of session_nonblock in debug mode - session.c: check return value of session_nonblock during startup - userauth.c: make sure that sp_len is positive and avoid overflows - knownhost.c: fix use of uninitialized argument variable wrote - openssl: initialise the digest context before calling EVP_DigestInit() - libssh2_agent_init: init ->fd to LIBSSH2_INVALID_SOCKET - configure.ac: Add zlib to Requires.private in libssh2.pc if using zlib - configure.ac: Rework crypto library detection - configure.ac: Reorder --with-* options in --help output - configure.ac: Call zlib zlib and not libz in text but keep option names - Fix non-autotools builds: Always define the LIBSSH2_OPENSSL CPP macro - sftp: seek: Don't flush buffers on same offset - sftp: statvfs: Along error path, reset the correct 'state' variable. - sftp: Add support for fsync (OpenSSH extension). - _libssh2_channel_read: fix data drop when out of window - comp_method_zlib_decomp: Improve buffer growing algorithm - _libssh2_channel_read: Honour window_size_initial - window_size: redid window handling for flow control reasons - knownhosts: handle unknown key types (Moderate) SUSE bug 921070 CVE-2015-1782 openSUSE 13.2 krb5 was updated to fix three security issues. Remote authenticated users could cause denial of service. On openSUSE 13.1 and 13.2 krb5 was updated to fix the following vulnerabilities: - bnc#910457: CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name - bnc#918595: CVE-2014-5355: krb5: denial of service in krb5_read_message On openSUSE 13.1 krb5 was updated to fix the following vulnerability: - bnc#910458: CVE-2014-5354: NULL pointer dereference when using keyless entries (Moderate) SUSE bug 910457 SUSE bug 910458 SUSE bug 918595 CVE-2014-5353 CVE-2014-5354 CVE-2014-5355 openSUSE 13.2 OpenSSL was updated to fix various security issues. Following security issues were fixed: - CVE-2015-0209: A Use After Free following d2i_ECPrivatekey error was fixed which could lead to crashes for attacker supplied Elliptic Curve keys. This could be exploited over SSL connections with client supplied keys. - CVE-2015-0286: A segmentation fault in ASN1_TYPE_cmp was fixed that could be exploited by attackers when e.g. client authentication is used. This could be exploited over SSL connections. - CVE-2015-0287: A ASN.1 structure reuse memory corruption was fixed. This problem can not be exploited over regular SSL connections, only if specific client programs use specific ASN.1 routines. - CVE-2015-0288: A X509_to_X509_REQ NULL pointer dereference was fixed, which could lead to crashes. This function is not commonly used, and not reachable over SSL methods. - CVE-2015-0289: Several PKCS7 NULL pointer dereferences were fixed, which could lead to crashes of programs using the PKCS7 APIs. The SSL apis do not use those by default. - CVE-2015-0293: Denial of service via reachable assert in SSLv2 servers, could be used by remote attackers to terminate the server process. Note that this requires SSLv2 being allowed, which is not the default. (Moderate) SUSE bug 919648 SUSE bug 920236 SUSE bug 922488 SUSE bug 922496 SUSE bug 922499 SUSE bug 922500 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 openSUSE 13.2 libarchive was updated to fix a directory traversal in the bsdcpio tool, which allowed attackers supplying crafted archives to overwrite files. (CVE-2015-2304) Also, a integer overflow was fixed that could also overflow buffers. (CVE-2013-0211) (Moderate) SUSE bug 800024 SUSE bug 920870 CVE-2013-0211 CVE-2015-2304 openSUSE 13.2 SeaMonkey was updated to 2.33 (bnc#917597) * MFSA 2015-11/CVE-2015-0835/CVE-2015-0836 Miscellaneous memory safety hazards * MFSA 2015-12/CVE-2015-0833 (bmo#945192) Invoking Mozilla updater will load locally stored DLL files (Windows only) * MFSA 2015-13/CVE-2015-0832 (bmo#1065909) Appended period to hostnames can bypass HPKP and HSTS protections * MFSA 2015-14/CVE-2015-0830 (bmo#1110488) Malicious WebGL content crash when writing strings * MFSA 2015-15/CVE-2015-0834 (bmo#1098314) TLS TURN and STUN connections silently fail to simple TCP connections * MFSA 2015-16/CVE-2015-0831 (bmo#1130514) Use-after-free in IndexedDB * MFSA 2015-17/CVE-2015-0829 (bmo#1128939) Buffer overflow in libstagefright during MP4 video playback * MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675) Double-free when using non-default memory allocators with a zero-length XHR * MFSA 2015-19/CVE-2015-0827 (bmo#1117304) Out-of-bounds read and write while rendering SVG content * MFSA 2015-20/CVE-2015-0826 (bmo#1092363) Buffer overflow during CSS restyling * MFSA 2015-21/CVE-2015-0825 (bmo#1092370) Buffer underflow during MP3 playback * MFSA 2015-22/CVE-2015-0824 (bmo#1095925) Crash using DrawTarget in Cairo graphics library * MFSA 2015-23/CVE-2015-0823 (bmo#1098497) Use-after-free in Developer Console date with OpenType Sanitiser * MFSA 2015-24/CVE-2015-0822 (bmo#1110557) Reading of local files through manipulation of form autocomplete * MFSA 2015-25/CVE-2015-0821 (bmo#1111960) Local files or privileged URLs in pages can be opened into new tabs * MFSA 2015-26/CVE-2015-0819 (bmo#1079554) UI Tour whitelisted sites in background tab can spoof foreground tabs * MFSA 2015-27CVE-2015-0820 (bmo#1125398) Caja Compiler JavaScript sandbox bypass Update to SeaMonkey 2.32.1 * fixed MailNews feeds not updating * fixed selected profile in Profile Manager not remembered * fixed opening a bookmark folder in tabs on Linux * fixed Troubleshooting Information (about:support) with the Modern theme (Moderate) SUSE bug 917597 CVE-2015-0819 CVE-2015-0820 CVE-2015-0821 CVE-2015-0822 CVE-2015-0823 CVE-2015-0824 CVE-2015-0825 CVE-2015-0826 CVE-2015-0827 CVE-2015-0828 CVE-2015-0829 CVE-2015-0830 CVE-2015-0831 CVE-2015-0832 CVE-2015-0833 CVE-2015-0834 CVE-2015-0835 CVE-2015-0836 openSUSE 13.2 less was updated to fix one minor security issue: Malformed UTF-8 data could have caused an out of bounds read in the UTF-8 decoding routines, causing an invalid read access. (bnc#921719) (CVE-2014-9488) (Low) SUSE bug 921719 CVE-2014-9488 openSUSE 13.2 Tor was updated to 0.2.4.26 to fix several security issues: The release: Contains several medium-level security fixes for relays and exit nodes and also updates the list of directory authorities. * Directory authority updates * relay crashes trough assertion (CVE-2015-2688) * exit node crash through assertion under high DNS load (CVE-2015-2689) * update geoip/geoip6 to the March 3 2015 (Moderate) SUSE bug 923284 CVE-2015-2688 CVE-2015-2689 openSUSE 13.2 MozillaFirefox was updated to Firefox 36.0.4 to fix two critical security issues found during Pwn2Own: * MFSA 2015-28/CVE-2015-0818 (bmo#1144988) Privilege escalation through SVG navigation * MFSA 2015-29/CVE-2015-0817 (bmo#1145255) Code execution through incorrect JavaScript bounds checking elimination Als fixed were the following bugs: - Copy the icons to /usr/share/icons instead of symlinking them: in preparation for containerized apps (e.g. xdg-app) as well as AppStream metadata extraction, there are a couple locations that need to be real files for system integration (.desktop files, icons, mime-type info). - update to Firefox 36.0.1 Bugfixes: * Disable the usage of the ANY DNS query type (bmo#1093983) * Hello may become inactive until restart (bmo#1137469) * Print preferences may not be preserved (bmo#1136855) * Hello contact tabs may not be visible (bmo#1137141) * Accept hostnames that include an underscore character ("_") (bmo#1136616) * WebGL may use significant memory with Canvas2d (bmo#1137251) * Option -remote has been restored (bmo#1080319) (Important) SUSE bug 923534 CVE-2015-0817 CVE-2015-0818 openSUSE 13.2 Libzip was updated to fix one security issue. A zip file with an unusually large number of entries could have caused an integer overflow leading to a write past the heap boundary, crashing the application. (CVE-2015-2331 bnc#923240) (Moderate) SUSE bug 923240 CVE-2015-2331 openSUSE 13.2 libXFont was updated to fix three vulnerabilities when parsing BDF files (bnc#921978) As libXfont is used by the X server to read font files, and an unprivileged user with access to the X server can tell the X server to read a given font file from a path of their choosing, these vulnerabilities have the potential to allow unprivileged users to run code with the privileges of the X server. The following vulnerabilities were fixed: * The BDF parser could allocate the a wrong buffer size, leading to out of bound writes (CVE-2015-1802) * The BDF parser could crash when trying to read an invalid pointer (CVE-2015-1803) * The BDF parser could read 32 bit metrics values into 16 bit integers, causing an out-of-bound memory access though integer overflow (CVE-2015-1804) (Important) SUSE bug 921978 CVE-2015-1802 CVE-2015-1803 CVE-2015-1804 openSUSE 13.2 tcpdump was updated to fix five vulnerabilities in protocol printers When running tcpdump, a remote unauthenticated user could have crashed the application or, potentially, execute arbitrary code by injecting crafted packages into the network. The following vulnerabilities were fixed: * IPv6 mobility printer remote DoS (CVE-2015-0261, bnc#922220) * PPP printer remote DoS (CVE-2014-9140, bnc#923142) * force printer remote DoS (CVE-2015-2155, bnc#922223) * ethernet printer remote DoS (CVE-2015-2154, bnc#922222) * tcp printer remote DoS (CVE-2015-2153, bnc#922221) (Moderate) SUSE bug 922220 SUSE bug 922221 SUSE bug 922222 SUSE bug 922223 SUSE bug 923142 CVE-2014-9140 CVE-2015-0261 CVE-2015-2153 CVE-2015-2154 CVE-2015-2155 openSUSE 13.2 mercurial was updated to fix a command Injection via sshpeer._validaterepo() (CVE-2014-9462, bnc#923070). (Moderate) SUSE bug 923070 CVE-2014-9462 openSUSE 13.2 gnutls was updated to fix a security issue: A certificate algorithm consistency checking issue was fixed (CVE-2015-0294). (Moderate) SUSE bug 919938 CVE-2015-0294 openSUSE 13.2 freetype2 was updated to fix various vulnerabilities that could lead to crashes or potentially code execution when parsing fonts. (Moderate) SUSE bug 916847 SUSE bug 916856 SUSE bug 916857 SUSE bug 916858 SUSE bug 916859 SUSE bug 916860 SUSE bug 916861 SUSE bug 916862 SUSE bug 916863 SUSE bug 916864 SUSE bug 916865 SUSE bug 916867 SUSE bug 916868 SUSE bug 916870 SUSE bug 916871 SUSE bug 916872 SUSE bug 916873 SUSE bug 916874 SUSE bug 916879 SUSE bug 916881 CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9659 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9666 CVE-2014-9667 CVE-2014-9668 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 openSUSE 13.2 rubygem-bunder was updated to fix security vulnerabilities and non-security issues The following security issues were fixed: * Hide credentials while warning about gems with ambiguous sources * Warn when more than one top-level source is present * Bundler may install gems from a different source than expected (CVE-2013-0334) (bnc#898205) In addition, rubygem-bundler was udpated to 1.8.4 to fix non-security issues. (Moderate) SUSE bug 898205 CVE-2013-0334 openSUSE 13.2 SeaMonkey was updated to 2.33.1 to fix several vulnerabilities. The following vulnerabilities were fixed: * Privilege escalation through SVG navigation (CVE-2015-0818) * Code execution through incorrect JavaScript bounds checking elimination (CVE-2015-0817) (Important) SUSE bug 923534 CVE-2015-0817 CVE-2015-0818 openSUSE 13.2 The graphics drawing library gd was updated to fix one security issue. The following vulnerability was fixed: * possible buffer read overflow (CVE-2014-9709) (Low) SUSE bug 923945 CVE-2014-9709 openSUSE 13.2 python-django was updated to 1.6.11 to fix security issues and non-security bugs. THe following vulnerabilities were fixed: * Made is_safe_url() reject URLs that start with control characters to mitigate possible XSS attack via user-supplied redirect URLs (bnc#923176, CVE-2015-2317) * Fixed an infinite loop possibility in strip_tags() (bnc#923172, CVE-2015-2316) * WSGI header spoofing via underscore/dash conflation (bnc#913053, CVE-2015-0219) * Mitigated possible XSS attack via user-supplied redirect URLs * Denial-of-service attack against ``django.views.static.serve`` (bnc#913056, CVE-2015-0221) * Database denial-of-service with ``ModelMultipleChoiceField`` (bnc#913055, CVE-2015-0222) The update also contains fixes for non-security bugs, functional and stability issues. (Moderate) SUSE bug 913053 SUSE bug 913055 SUSE bug 913056 SUSE bug 923172 SUSE bug 923176 CVE-2015-0219 CVE-2015-0221 CVE-2015-0222 CVE-2015-2316 CVE-2015-2317 openSUSE 13.2 PHP was updated to fix several security issues. The following vulnerabilities were fixed: * A specially crafted GIF file could cause a buffer read overflow in php-gd (CVE-2014-9709 bnc#923946) * Memory was use after it was freed in PHAR (CVE-2015-2301 bnc#922022) * heap overflow vulnerability in regcomp.c (CVE-2015-2305 bnc#922452) * heap buffer overflow in Enchant (CVE-2014-9705 bnc#922451) For openSUSE 13.2, the following additional vulnerability was fixed: * A specially crafted zip file could lead to writing past the heap boundary (CVE-2015-2331 bnc#922894) (Moderate) SUSE bug 922022 SUSE bug 922451 SUSE bug 922452 SUSE bug 922894 SUSE bug 923946 CVE-2014-9705 CVE-2014-9709 CVE-2015-2301 CVE-2015-2305 CVE-2015-2331 openSUSE 13.2 libgit2 was updated to fix an arbitrary command execution vulnerability on case-insentitive file systems. The following vulnerability was fixed: * When using programs using libgit2 on case-insensitive filesystems, .git/config could be overwritten, which allowed execution of arbitrary commands (boo#925040, CVE-2014-9390). The configuration is uncommon as all default file systems on openSUSE are case sensitive. Additionally, on openSUSE 13.2 libgit2 was updated to version 0.21.5 to backport further critical fixes. (Moderate) SUSE bug 925040 CVE-2014-9390 openSUSE 13.2 Apache Subversion was updated to 1.8.13 to fix three vulnerabilities and a number of non-security bugs. This release fixes three vulnerabilities: * Subversion HTTP servers with FSFS repositories were vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. (bsc#923793 CVE-2015-0202) * Subversion mod_dav_svn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. (bsc#923794 CVE-2015-0248) * Subversion HTTP servers allow spoofing svn:author property values for new revisions (bsc#923795 CVE-2015-0251) Non-security fixes: * fixes number of client and server side non-security bugs * improved working copy performance * reduction of resource use * stability improvements * usability improvements * fix sample configuration comments in subversion.conf [boo#916286] * fix bashisms in mailer-init.sh script (Moderate) SUSE bug 916286 SUSE bug 923793 SUSE bug 923794 SUSE bug 923795 CVE-2015-0202 CVE-2015-0248 CVE-2015-0251 openSUSE 13.2 Mozilla Firefox and Thunderbird were updated to fix several important vulnerabilities. Mozilla Firefox was updated to 37.0.1. Mozilla Thunderbird was updated to 31.6.0. mozilla-nspr was updated to 4.10.8 as a dependency. The following vulnerabilities were fixed in Mozilla Firefox: * Miscellaneous memory safety hazards (MFSA 2015-30/CVE-2015-0814/CVE-2015-0815 boo#925392) * Use-after-free when using the Fluendo MP3 GStreamer plugin (MFSA 2015-31/CVE-2015-0813 bmo#1106596 boo#925393) * Add-on lightweight theme installation approval bypassed through MITM attack (MFSA 2015-32/CVE-2015-0812 bmo#1128126 boo#925394) * resource:// documents can load privileged pages (MFSA 2015-33/CVE-2015-0816 bmo#1144991 boo#925395) * Out of bounds read in QCMS library (MFSA-2015-34/CVE-2015-0811 bmo#1132468 boo#925396) * Incorrect memory management for simple-type arrays in WebRTC (MFSA-2015-36/CVE-2015-0808 bmo#1109552 boo#925397) * CORS requests should not follow 30x redirections after preflight (MFSA-2015-37/CVE-2015-0807 bmo#1111834 boo#925398) * Memory corruption crashes in Off Main Thread Compositing (MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 bmo#1135511 bmo#1099437 boo#925399) * Use-after-free due to type confusion flaws (MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (mo#1134560 boo#925400) * Same-origin bypass through anchor navigation (MFSA-2015-40/CVE-2015-0801 bmo#1146339 boo#925401) * Windows can retain access to privileged content on navigation to unprivileged pages (MFSA-2015-42/CVE-2015-0802 bmo#1124898 boo#925402) The following vulnerability was fixed in functionality that was not released as an update to openSUSE: * Certificate verification could be bypassed through the HTTP/2 Alt-Svc header (MFSA 2015-44/CVE-2015-0799 bmo#1148328 bnc#926166) The functionality added in 37.0 and thus removed in 37.0.1 was: * Opportunistically encrypt HTTP traffic where the server supports HTTP/2 AltSvc The following functionality was added or updated in Mozilla Firefox: * Heartbeat user rating system * Yandex set as default search provider for the Turkish locale * Bing search now uses HTTPS for secure searching * Improved protection against site impersonation via OneCRL centralized certificate revocation * some more behaviour changes for TLS The following vulnerabilities were fixed in Mozilla Thunderbird: * Miscellaneous memory safety hazards (MFSA 2015-30/CVE-2015-0814/CVE-2015-0815 boo#925392) * Use-after-free when using the Fluendo MP3 GStreamer plugin (MFSA 2015-31/CVE-2015-0813 bmo#1106596 boo#925393) * resource:// documents can load privileged pages (MFSA 2015-33/CVE-2015-0816 bmo#1144991 boo#925395) * CORS requests should not follow 30x redirections after preflight (MFSA-2015-37/CVE-2015-0807 bmo#1111834 boo#925398) * Same-origin bypass through anchor navigation (MFSA-2015-40/CVE-2015-0801 bmo#1146339 boo#925401) mozilla-nspr was updated to 4.10.8 as a dependency and received the following changes: * bmo#573192: remove the stack-based PRFileDesc cache. * bmo#756047: check for _POSIX_THREAD_PRIORITY_SCHEDULING > 0 instead of only checking if the identifier is defined. * bmo#1089908: Fix variable shadowing in _PR_MD_LOCKFILE. Use PR_ARRAY_SIZE to get the array size of _PR_RUNQ(t->cpu). * bmo#1106600: Replace PR_ASSERT(!"foo") with PR_NOT_REACHED("foo") to fix clang -Wstring-conversion warnings. (Important) SUSE bug 925368 SUSE bug 925392 SUSE bug 925393 SUSE bug 925394 SUSE bug 925395 SUSE bug 925396 SUSE bug 925397 SUSE bug 925398 SUSE bug 925399 SUSE bug 925400 SUSE bug 925401 SUSE bug 925402 SUSE bug 926166 CVE-2015-0799 CVE-2015-0801 CVE-2015-0802 CVE-2015-0803 CVE-2015-0804 CVE-2015-0805 CVE-2015-0806 CVE-2015-0807 CVE-2015-0808 CVE-2015-0811 CVE-2015-0812 CVE-2015-0813 CVE-2015-0814 CVE-2015-0815 CVE-2015-0816 openSUSE 13.2 The IRC client quassel was updated to fix two security issues. The following vulnerabilities were fixed: * quassel could crash when receiving an overlength CTCP query containing only multibyte characters (bnc#924930 CVE-2015-2778) * quassel could incorrectly split a message in the middle of a multibyte character, leading to DoS (bnc#924933 CVE-2015-2779) (Moderate) SUSE bug 924930 SUSE bug 924933 CVE-2015-2778 CVE-2015-2779 openSUSE 13.2 PHP was updated to fix three security issues. The following vulnerabilities were fixed: * use-after-free vulnerability in the process_nested_data function (CVE-2015-2787 bnc#924972) * unserialize SoapClient type confusion (bnc#925109) * move_uploaded_file truncates a pathNAME upon encountering a x00 character (CVE-2015-2348 bnc#924970) (Moderate) SUSE bug 924970 SUSE bug 924972 SUSE bug 925109 CVE-2015-2348 CVE-2015-2787 openSUSE 13.2 The bitmap to vector graphic tracing utility potrace was updated to fix one security issue. The following vulnerability was fixed: - Very large bitmaps could trigger a buffer overflow, crashing the program and causing denial of service (bsc#924904, CVE-2013-7437) (Low) SUSE bug 924904 CVE-2013-7437 openSUSE 13.2 Chromium was updated to 41.0.2272.118 to fix two security issues. The following vulnerabilities were fixed: * A combination of V8, Gamepad and IPC bugs could lead to remote code execution outside of the sandbox (CVE-2015-1233, boo#925713) * Buffer overflow via race condition in GPU (CVE-2015-1234, boo#925714) (Important) SUSE bug 925713 SUSE bug 925714 CVE-2015-1233 CVE-2015-1234 openSUSE 13.2 - CVE-2014-8135: libvirt: local denial of service in storage driver 87b9437f-CVE-2014-8135.patch bsc#910860 - CVE-2014-8136: libvirt: local denial of service in qemu driver 2bdcd29c-CVE-2014-8136.patch bsc#910862 - CVE-2014-8131: Fix possible deadlock and segfault in qemuConnectGetAllDomainStats() 57023c0a-CVE-2014-8131.patch, cb104ef7-CVE-2014-8131.patch bsc#909274 - Get /proc/sys/net/ipv[46] read-write for wicked to work in containers. bsc#904432. ba9b7252-sys-net-rw.patch - Fix potential crasher in virt-aa-helper 2222123-virt-aa-helper-crash.patch - ip link add now needs the 'name' parameter. 433b427-iplink-name.patch - Fixes for virt-sandbox-service to work: - Allow adding virt-sandbox service config to apparmor rules. c264eea-virt-aa-helper-sandbox.patch - fix symlink resolving for containers to start. 72fecf1-lxc-resolve-symlinks.patch - fix unmounting file system if it contains the source to mount. e50457d-lxc-unmount-check.patch - Remove security_driver = "none" in qemu config. This completely disabled all security drivers instead of probing them. - Changed default value of QEMU's security_default_confined to 0 to keep QEMU domains unconfined by default. (Moderate) SUSE bug 904432 SUSE bug 909274 SUSE bug 910860 SUSE bug 910862 CVE-2014-8131 CVE-2014-8135 CVE-2014-8136 openSUSE 13.2 NonFree Adobe Flash Player was updated to 11.2.202.429 (bsc#913057): * APSB15-01, CVE-2015-0301, CVE-2015-0302, CVE-2015-0303, CVE-2015-0304, CVE-2015-0305, CVE-2015-0306, CVE-2015-0307, CVE-2015-0308, CVE-2015-0309. - Disable flash player on machines without SSE2 (bnc#856386). More information can be found on http://helpx.adobe.com/security/products/flash-player/apsb15-01.html (Important) SUSE bug 856386 SUSE bug 913057 CVE-2015-0301 CVE-2015-0302 CVE-2015-0303 CVE-2015-0304 CVE-2015-0305 CVE-2015-0306 CVE-2015-0307 CVE-2015-0308 CVE-2015-0309 openSUSE 13.2 Tor was updated to 0.2.4.27 to fix two security issues that could be used by an attacker to crash hidden services, or crash clients visiting hidden services. Hidden services should upgrade as soon as possible. The following security issues were fixed: * A malicious client could trigger an assertion failure and halt a hidden service. (CVE-2015-2928) * A client could crash with an assertion failure when parsing a malformed hidden service descriptor. (CVE-2015-2929) This release also backports a simple improvement to make hidden services a bit less vulnerable to denial-of-service attacks: * Introduction points no longer allow multiple INTRODUCE1 cells to arrive on the same circuit. This should make it more expensive for attackers to overwhelm hidden services with introductions. (Moderate) SUSE bug 926097 CVE-2015-2928 CVE-2015-2929 openSUSE 13.2 The Linux kernel was updated to fix bugs and security issues: Following security issues were fixed: CVE-2015-2830: A flaw was found in the way the Linux kernels 32-bit emulation implementation handled forking or closing of a task with an int80 entry. A local user could have potentially used this flaw to escalate their privileges on the system. CVE-2015-2042: A kernel information leak in rds sysctl files was fixed. CVE-2014-9683: Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename. CVE-2015-0275: A BUG_ON in ext4 was fixed which could be triggered by local users. CVE-2015-2666: A buffer overflow when loading microcode files into the kernel could be used by the administrator to execute code in the kernel, bypassing secure boot measures. - CVE-2015-1421: Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel allowed remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data. - CVE-2015-2150: XSA-120: Guests were permitted to modify all bits of the PCI command register of passed through cards, which could lead to Host system crashes. - CVE-2015-0777: The XEN usb backend could leak information to the guest system due to copying uninitialized memory. - CVE-2015-1593: A integer overflow reduced the effectiveness of the stack randomization on 64-bit systems. - CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel did not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which made it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address. - CVE-2014-9428: The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel used an incorrect length field during a calculation of an amount of memory, which allowed remote attackers to cause a denial of service (mesh-node system crash) via fragmented packets. - CVE-2014-8160: net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel generated incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allowed remote attackers to bypass intended access restrictions via packets with disallowed port numbers. - CVE-2014-9529: Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. - CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the Linux kernel did not restrict the number of Rock Ridge continuation entries, which allowed local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image. - CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image. - CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel did not properly choose memory locations for the vDSO area, which made it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD. - CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel through did not properly maintain the semantics of rename_lock, which allowed local users to cause a denial of service (deadlock and system hang) via a crafted application. - CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel used an improper paravirt_enabled setting for KVM guest kernels, which made it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value. Following bugs were fixed: - powerpc/pci: Fix IO space breakage after of_pci_range_to_resource() change (bnc#922542). - cifs: fix use-after-free bug in find_writable_file (bnc#909477). - usb: Do not allow usb_alloc_streams on unconfigured devices (bsc#920581). - fuse: honour max_read and max_write in direct_io mode (bnc#918954). - switch iov_iter_get_pages() to passing maximal number of pages (bnc#918954). - bcache: fix a livelock in btree lock v2 (bnc#910440) (bnc#910440). Updated because another version went upstream - drm/i915: Initialise userptr mmu_notifier serial to 1 (bnc#918970). - NFS: Don't try to reclaim delegation open state if recovery failed (boo#909634). - NFSv4: Ensure that we call FREE_STATEID when NFSv4.x stateids are revoked (boo#909634). - NFSv4: Fix races between nfs_remove_bad_delegation() and delegation return (boo#909634). - NFSv4: Ensure that we remove NFSv4.0 delegations when state has expired (boo#909634). - Fixing lease renewal (boo#909634). - bcache: Fix a bug when detaching (bsc#908582). - fix a leak in bch_cached_dev_run() (bnc#910440). - bcache: unregister reboot notifier when bcache fails to register a block device (bnc#910440). - bcache: fix a livelock in btree lock (bnc#910440). - bcache: [BUG] clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing device (bnc#910440). - bcache: Add a cond_resched() call to gc (bnc#910440). - storvsc: ring buffer failures may result in I/O freeze (bnc#914175). - ALSA: seq-dummy: remove deadlock-causing events on close (boo#916608). - ALSA: pcm: Zero-clear reserved fields of PCM status ioctl in compat mode (boo#916608). - ALSA: bebob: Uninitialized id returned by saffirepro_both_clk_src_get (boo#916608). - ALSA: hda - Fix built-in mic on Compaq Presario CQ60 (bnc#920604). - ALSA: hda - Fix regression of HD-audio controller fallback modes (bsc#921313). - [media] sound: Update au0828 quirks table (boo#916608). - [media] sound: simplify au0828 quirk table (boo#916608). - ALSA: usb-audio: Add mic volume fix quirk for Logitech Webcam C210 (boo#916608). - ALSA: usb-audio: extend KEF X300A FU 10 tweak to Arcam rPAC (boo#916608). - ALSA: usb-audio: Add ctrl message delay quirk for Marantz/Denon devices (boo#916608). - ALSA: usb-audio: Fix memory leak in FTU quirk (boo#916608). - ALSA: usb-audio: Fix device_del() sysfs warnings at disconnect (boo#916608). - ALSA: hda - Add new GPU codec ID 0x10de0072 to snd-hda (boo#916608). - ALSA: hda - Fix wrong gpio_dir & gpio_mask hint setups for IDT/STAC codecs (boo#916608). - ALSA: hda/realtek - New codec support for ALC298 (boo#916608). - ALSA: hda/realtek - New codec support for ALC256 (boo#916608). - ALSA: hda/realtek - Add new Dell desktop for ALC3234 headset mode (boo#916608). - ALSA: hda - Add EAPD fixup for ASUS Z99He laptop (boo#916608). - ALSA: hda - Fix built-in mic at resume on Lenovo Ideapad S210 (boo#916608). - ALSA: hda/realtek - Add headset Mic support for new Dell machine (boo#916608). - ALSA: hda_intel: Add DeviceIDs for Sunrise Point-LP (boo#916608). - ALSA: hda_intel: Add Device IDs for Intel Sunrise Point PCH (boo#916608). - ALSA: hda - add codec ID for Braswell display audio codec (boo#916608). - ALSA: hda - add PCI IDs for Intel Braswell (boo#916608). - ALSA: hda - Add dock support for Thinkpad T440 (17aa:2212) (boo#916608). - ALSA: hda - Set up GPIO for Toshiba Satellite S50D (bnc#915858). - rpm/kernel-binary.spec.in: Fix build if there is no *.crt file - mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled process being killed (VM Functionality bnc#910150). - Input: evdev - fix EVIOCG{type} ioctl (bnc#904899). - mnt: Implicitly add MNT_NODEV on remount when it was implicitly added by mount (bsc#907988). - Btrfs: fix scrub race leading to use-after-free (bnc#915456). - Btrfs: fix setup_leaf_for_split() to avoid leaf corruption (bnc#915454). - Btrfs: fix fsync log replay for inodes with a mix of regular refs and extrefs (bnc#915425). - Btrfs: fix fsync when extend references are added to an inode (bnc#915425). - Btrfs: fix directory inconsistency after fsync log replay (bnc#915425). - Btrfs: make xattr replace operations atomic (bnc#913466). - Btrfs: fix directory recovery from fsync log (bnc#895797). - Btrfs: simplify insert_orphan_item (boo#926385). - Btrfs: set proper message level for skinny metadata. - Btrfs: make sure we wait on logged extents when fsycning two subvols. - Btrfs: fix lost return value due to variable shadowing. - Btrfs: fix leak of path in btrfs_find_item. - Btrfs: fix fsync data loss after adding hard link to inode. - Btrfs: fix fs corruption on transaction abort if device supports discard. - Btrfs: fix data loss in the fast fsync path. - Btrfs: don't delay inode ref updates during log replay. - Btrfs: do not move em to modified list when unpinning. - Btrfs:__add_inode_ref: out of bounds memory read when looking for extended ref. - Btrfs: fix inode eviction infinite loop after cloning into it (boo#905088). - bcache: add mutex lock for bch_is_open (bnc#908612). - bcache: Correct printing of btree_gc_max_duration_ms (bnc#908610). - bcache: fix crash with incomplete cache set (bnc#908608). - bcache: fix memory corruption in init error path (bnc#908606). - bcache: Fix more early shutdown bugs (bnc#908605). - bcache: fix use-after-free in btree_gc_coalesce() (bnc#908604). - bcache: Fix an infinite loop in journal replay (bnc#908603). - bcache: fix typo in bch_bkey_equal_header (bnc#908598). - bcache: Make sure to pass GFP_WAIT to mempool_alloc() (bnc#908596). - bcache: fix crash on shutdown in passthrough mode (bnc#908594). - bcache: fix lockdep warnings on shutdown (bnc#908593). - bcache allocator: send discards with correct size (bnc#908592). - bcache: Fix to remove the rcu_sched stalls (bnc#908589). - bcache: Fix a journal replay bug (bnc#908588). - Update x86_64 config files: CONFIG_SENSORS_NCT6683=m The nct6683 driver is already enabled on i386 and history suggests that it not being enabled on x86_64 is by mistake. - rpm/kernel-binary.spec.in: Own the modules directory in the devel package (bnc#910322) - Revert "iwlwifi: mvm: treat EAPOLs like mgmt frames wrt rate" (bnc#900811). - mm: free compound page with correct order (bnc#913695). - drm/i915: More cautious with pch fifo underruns (boo#907039). - Refresh patches.arch/arm64-0039-generic-pci.patch (fix PCI bridge support) - x86/microcode/intel: Fish out the stashed microcode for the BSP (bsc#903589). - x86, microcode: Reload microcode on resume (bsc#903589). - x86, microcode: Don't initialize microcode code on paravirt (bsc#903589). - x86, microcode, intel: Drop unused parameter (bsc#903589). - x86, microcode, AMD: Do not use smp_processor_id() in preemtible context (bsc#903589). - x86, microcode: Update BSPs microcode on resume (bsc#903589). - x86, microcode, AMD: Fix ucode patch stashing on 32-bit (bsc#903589). - x86, microcode: Fix accessing dis_ucode_ldr on 32-bit (bsc#903589). - x86, microcode, AMD: Fix early ucode loading on 32-bit (bsc#903589). - Bluetooth: Add support for Broadcom BCM20702A0 variants firmware download (bnc#911311). - drm/radeon: fix sad_count check for dce3 (bnc#911356). - drm/i915: Don't call intel_prepare_page_flip() multiple times on gen2-4 (bnc#911835). - udf: Check component length before reading it. - udf: Check path length when reading symlink. - udf: Verify symlink size before loading it. - udf: Verify i_size when loading inode. - arm64: Enable DRM - arm64: Enable generic PHB driver (bnc#912061). - ACPI / video: Add some Samsung models to disable_native_backlight list (boo#905681). - asus-nb-wmi: Add another wapf=4 quirk (boo#911438). - asus-nb-wmi: Add wapf4 quirk for the X550VB (boo#911438). - asus-nb-wmi: Add wapf4 quirk for the U32U (boo#911438). - asus-nb-wmi: Add wapf4 quirk for the X550CC (boo#911438). - asus-nb-wmi: Constify asus_quirks DMI table (boo#911438). - asus-nb-wmi: Add wapf4 quirk for the X550CL (boo#911438). - asus-nb-wmi.c: Rename x401u quirk to wapf4 (boo#911438). - asus-nb-wmi: Add ASUSTeK COMPUTER INC. X200CA (boo#911438). - WAPF 4 for ASUSTeK COMPUTER INC. X75VBP WLAN ON (boo#911438). - Input: synaptics - gate forcepad support by DMI check (bnc#911578). - ext4: introduce aging to extent status tree (bnc#893428). - ext4: cleanup flag definitions for extent status tree (bnc#893428). - ext4: limit number of scanned extents in status tree shrinker (bnc#893428). - ext4: move handling of list of shrinkable inodes into extent status code (bnc#893428). - ext4: change LRU to round-robin in extent status tree shrinker (bnc#893428). - ext4: cache extent hole in extent status tree for ext4_da_map_blocks() (bnc#893428). - ext4: fix block reservation for bigalloc filesystems (bnc#893428). - ext4: track extent status tree shrinker delay statictics (bnc#893428). - ext4: improve extents status tree trace point (bnc#893428). - rpm/kernel-binary.spec.in: Provide name-version-release for kgraft packages (bnc#901925) - rpm/kernel-binary.spec.in: Fix including the secure boot cert in /etc/uefi/certs - doc/README.SUSE: update Solid Driver team contacts - rpm/kernel-binary.spec.in: Do not sign firmware files (bnc#867199) - Port module signing changes from SLE11-SP3 (fate#314508) - doc/README.PATCH-POLICY.SUSE: add patch policy / best practices document after installation. - Update config files. (boo#925479) Do not set CONFIG_SYSTEM_TRUSTED_KEYRING until we need it in future openSUSE version: e.g. MODULE_SIG, IMA, PKCS7(new), KEXEC_BZIMAGE_VERIFY_SIG(new) - Input: xpad - use proper endpoint type (bnc#926397). - md: don't require sync_min to be a multiple of chunk_size (bnc#910500). (Important) SUSE bug 867199 SUSE bug 893428 SUSE bug 895797 SUSE bug 900811 SUSE bug 901925 SUSE bug 903589 SUSE bug 903640 SUSE bug 904899 SUSE bug 905088 SUSE bug 905681 SUSE bug 907039 SUSE bug 907818 SUSE bug 907988 SUSE bug 908582 SUSE bug 908588 SUSE bug 908589 SUSE bug 908592 SUSE bug 908593 SUSE bug 908594 SUSE bug 908596 SUSE bug 908598 SUSE bug 908603 SUSE bug 908604 SUSE bug 908605 SUSE bug 908606 SUSE bug 908608 SUSE bug 908610 SUSE bug 908612 SUSE bug 909077 SUSE bug 909078 SUSE bug 909477 SUSE bug 909634 SUSE bug 910150 SUSE bug 910322 SUSE bug 910440 SUSE bug 910500 SUSE bug 911311 SUSE bug 911325 SUSE bug 911326 SUSE bug 911356 SUSE bug 911438 SUSE bug 911578 SUSE bug 911835 SUSE bug 912061 SUSE bug 912202 SUSE bug 912429 SUSE bug 912705 SUSE bug 913059 SUSE bug 913466 SUSE bug 913695 SUSE bug 914175 SUSE bug 915425 SUSE bug 915454 SUSE bug 915456 SUSE bug 915577 SUSE bug 915858 SUSE bug 916608 SUSE bug 917830 SUSE bug 917839 SUSE bug 918333 SUSE bug 918954 SUSE bug 918970 SUSE bug 919018 SUSE bug 919032 SUSE bug 919463 SUSE bug 920581 SUSE bug 920604 SUSE bug 921313 SUSE bug 922542 SUSE bug 922944 SUSE bug 925479 SUSE bug 926240 SUSE bug 926385 SUSE bug 926397 SUSE bug 927018 CVE-2014-8134 CVE-2014-8160 CVE-2014-8559 CVE-2014-9419 CVE-2014-9420 CVE-2014-9428 CVE-2014-9529 CVE-2014-9584 CVE-2014-9585 CVE-2014-9683 CVE-2015-0275 CVE-2015-0777 CVE-2015-1421 CVE-2015-1593 CVE-2015-2042 CVE-2015-2150 CVE-2015-2666 CVE-2015-2830 openSUSE 13.2 NonFree Adobe Flash Player was updated to 11.2.202.457 to fix several security issues that could lead to remote code execution. An exploit for CVE-2015-3043 was reported to exist in the wild. The following vulnerabilities were fixed: * Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043). * Type confusion vulnerability that could lead to code execution (CVE-2015-0356). * Buffer overflow vulnerability that could lead to code execution (CVE-2015-0348). * Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039). * Double-free vulnerabilities that could lead to code execution (CVE-2015-0346, CVE-2015-0359). * Memory leak vulnerabilities that could be used to bypass ASLR (CVE-2015-0357, CVE-2015-3040). * Security bypass vulnerability that could lead to information disclosure (CVE-2015-3044). (Important) SUSE bug 927089 CVE-2015-0346 CVE-2015-0347 CVE-2015-0348 CVE-2015-0349 CVE-2015-0350 CVE-2015-0351 CVE-2015-0352 CVE-2015-0353 CVE-2015-0354 CVE-2015-0355 CVE-2015-0356 CVE-2015-0357 CVE-2015-0358 CVE-2015-0359 CVE-2015-0360 CVE-2015-3038 CVE-2015-3039 CVE-2015-3040 CVE-2015-3041 CVE-2015-3042 CVE-2015-3043 CVE-2015-3044 openSUSE 13.2 rubygem-rest-client was updated to fix one security issue. The following vulnerability was fixed: - Application logging of password information in plaintext could have allowed a local attacker to gain access to this information (bnc#917802) (Moderate) SUSE bug 917802 openSUSE 13.2 The network monitoring tool ntop was updated to fix one security issue. The following vulnerability was fixed: - Lack of filtering in the title parameter of links to rrdPlugin allowed cross-site-scripting (XSS) attacks against users of the web interface (bsc#882971, CVE-2014-4165) (Moderate) SUSE bug 882971 CVE-2014-4165 openSUSE 13.2 The streaming server icecast was updated to fix a remote denial of service vulnerability. A remote attacker could crash icecast and cause denial of service when URL Auth is configured and used with stream_auth without credentials (bnc#926402 CVE-2015-3026) (Moderate) SUSE bug 926402 CVE-2015-3026 openSUSE 13.2 Chromium was updated to latest stable release 42.0.2311.90 to fix security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-1235: Cross-origin-bypass in HTML parser. * CVE-2015-1236: Cross-origin-bypass in Blink. * CVE-2015-1237: Use-after-free in IPC. * CVE-2015-1238: Out-of-bounds write in Skia. * CVE-2015-1240: Out-of-bounds read in WebGL. * CVE-2015-1241: Tap-Jacking. * CVE-2015-1242: Type confusion in V8. * CVE-2015-1244: HSTS bypass in WebSockets. * CVE-2015-1245: Use-after-free in PDFium. * CVE-2015-1246: Out-of-bounds read in Blink. * CVE-2015-1247: Scheme issues in OpenSearch. * CVE-2015-1248: SafeBrowsing bypass. * CVE-2015-1249: Various fixes from internal audits, fuzzing and other initiatives. * CVE-2015-3333: Multiple vulnerabilities in V8 fixed at the tip of the 4.2 branch (currently 4.2.77.14). * CVE-2015-3336: fullscreen and UI locking without user confirmeation * CVE-2015-3335: unspecified impact of crafed programs running in NaCl sandbox * CVE-2015-3334: "Media: Allowed by you" sometimes not shown in a permissions table New functionality added: * A number of new apps, extension and Web Platform APIs (including the Push API!) * Lots of under the hood changes for stability and performance (Moderate) SUSE bug 927302 CVE-2015-1235 CVE-2015-1236 CVE-2015-1237 CVE-2015-1238 CVE-2015-1240 CVE-2015-1241 CVE-2015-1242 CVE-2015-1244 CVE-2015-1245 CVE-2015-1246 CVE-2015-1247 CVE-2015-1248 CVE-2015-1249 CVE-2015-3333 CVE-2015-3334 CVE-2015-3335 CVE-2015-3336 openSUSE 13.2 Mozilla Firefox was updated to 37.0.2 to fix one security issue. The following vulnerability was fixed: * CVE-2015-2706: Memory corruption during failed plugin initialization (bmo#1141081 MFSA 2015-45 bnc#928116) (Moderate) SUSE bug 928116 CVE-2015-2706 openSUSE 13.2 NTP was updated to fix two security vulnerabilities: * ntpd could accept unauthenticated packets with symmetric key crypto. (CVE-2015-1798) * ntpd authentication did not protect symmetric associations against DoS attacks (CVE-2015-1799) (Moderate) SUSE bug 924202 CVE-2015-1798 CVE-2015-1799 openSUSE 13.2 OpenJDK was updated to 2.5.5 - OpenJdk 7u79 to fix security issues and bugs: The following vulnerabilities were fixed: * CVE-2015-0458: Deployment: unauthenticated remote attackers could execute arbitrary code via multiple protocols. * CVE-2015-0459: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. * CVE-2015-0460: Hotspot: unauthenticated remote attackers could execute arbitrary code via multiple protocols. * CVE-2015-0469: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. * CVE-2015-0477: Beans: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols * CVE-2015-0478: JCE: unauthenticated remote attackers could read some JAVA accessible data via multiple protocols * CVE-2015-0480: Tools: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols and cause a partial denial of service (partial DOS) * CVE-2015-0484: JavaFX: unauthenticated remote attackers could read, update, insert or delete access some Java accessible data via multiple protocols and cause a partial denial of service (partial DOS). * CVE-2015-0488: JSSE: unauthenticated remote attackers could cause a partial denial of service (partial DOS). * CVE-2015-0491: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. * CVE-2015-0492: JavaFX: unauthenticated remote attackers could execute arbitrary code via multiple protocols. (Important) SUSE bug 927591 CVE-2015-0458 CVE-2015-0459 CVE-2015-0460 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0484 CVE-2015-0488 CVE-2015-0491 CVE-2015-0492 openSUSE 13.2 OpenJDK was updated to jdk8u45-b14 to fix security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-0458: Deployment: unauthenticated remote attackers could execute arbitrary code via multiple protocols. * CVE-2015-0459: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. * CVE-2015-0460: Hotspot: unauthenticated remote attackers could execute arbitrary code via multiple protocols. * CVE-2015-0469: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. * CVE-2015-0470: Hotspot: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols * CVE-2015-0477: Beans: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols * CVE-2015-0478: JCE: unauthenticated remote attackers could read some JAVA accessible data via multiple protocols * CVE-2015-0480: Tools: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols and cause a partial denial of service (partial DOS) * CVE-2015-0484: JavaFX: unauthenticated remote attackers could read, update, insert or delete access some Java accessible data via multiple protocols and cause a partial denial of service (partial DOS). * CVE-2015-0486: Deployment: unauthenticated remote attackers could read some JAVA accessible data via multiple protocols * CVE-2015-0488: JSSE: unauthenticated remote attackers could cause a partial denial of service (partial DOS). * CVE-2015-0491: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. * CVE-2015-0492: JavaFX: unauthenticated remote attackers could execute arbitrary code via multiple protocols. (Important) SUSE bug 927591 CVE-2015-0458 CVE-2015-0459 CVE-2015-0460 CVE-2015-0469 CVE-2015-0470 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0484 CVE-2015-0486 CVE-2015-0488 CVE-2015-0491 CVE-2015-0492 openSUSE 13.2 curl was updated to fix four security issues. The following vulnerabilities were fixed: * CVE-2015-3143: curl could re-use NTML authenticateds connections * CVE-2015-3144: curl could access memory out of bounds with zero length host names * CVE-2015-3145: curl cookie parser could access memory out of boundary * CVE-2015-3148: curl could treat Negotiate as not connection-oriented (Moderate) SUSE bug 927556 SUSE bug 927607 SUSE bug 927608 SUSE bug 927746 CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148 openSUSE 13.2 python-pillow was updated to 2.7.0 to fix security issues and bugs. The following vulnerabilities were fixed: * CVE-2014-9601: Remote attackers could cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. * CVE-2014-3598: Remote attackers could cause a denial of service using specially crafted image files via Jpeg2KImagePlugin * CVE-2014-3589: Remote attackers could cause a denial of service using specially crafted image files via IcnsImagePlugin (Moderate) SUSE bug 921566 CVE-2014-3589 CVE-2014-3598 CVE-2014-9601 openSUSE 13.2 util-linux was updated to fix a security issue, where local attackers might be able to execute code as root with a prepared USB stick (CVE-2014-9114 bsc#907434). (Moderate) SUSE bug 907434 CVE-2014-9114 openSUSE 13.2 DirectFB was updated to fix two security issues. The following vulnerabilities were fixed: * CVE-2014-2977: Multiple integer signedness errors could allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow. * CVE-2014-2978: Remote attackers could cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write. (Important) SUSE bug 878345 SUSE bug 878349 CVE-2014-2977 CVE-2014-2978 openSUSE 13.2 The wireless network encryption and authentication daemon wpa_supplicant was updated to fix a security issue. The following vulnerability was fixed: * CVE-2015-1863: A buffer overflow in handling SSIDs in P2P management frames allowed attackers in radio range to crash, expose memory content or potentially execute arbitrary code. (Important) SUSE bug 927558 CVE-2015-1863 openSUSE 13.2 PHP was updated to fix three security issues. The following vulnerabilities were fixed: * CVE-2015-3330: Specially crafted PHAR files could, when executed under Apache httpd 2.4 (apache2handler), allow arbitrary code execution (bnc#928506) * CVE-2015-3329: Specially crafted PHAR data could lead to disclosure of sensitive information due to a buffer overflow (bnc#928506) * CVE-2015-2783: Specially crafted PHAR data could lead to disclosure of sensitive information due to a buffer over-read (bnc#928511) On openSUSE 13.2, the following bug was fixed: * boo#927147: php5-fpm did not start correctly (Important) SUSE bug 927147 SUSE bug 928408 SUSE bug 928506 SUSE bug 928511 CVE-2015-2783 CVE-2015-3329 CVE-2015-3330 openSUSE 13.2 The regular expression library pcre was updated to 8.37 to fix three security issues and a number of bugs and correctness issues. The following vulnerabilities were fixed: * CVE-2015-2325: Specially crafted regular expressions could have caused a heap buffer overlow in compile_branch(), potentially allowing the execution of arbitrary code. (boo#924960) * CVE-2015-2326: Specially crafted regular expressions could have caused a heap buffer overlow in pcre_compile2(), potentially allowing the execution of arbitrary code. [boo#924961] * CVE-2014-8964: Specially crafted regular expression could have caused a denial of service (crash) or have other unspecified impact. [boo#906574] (Moderate) SUSE bug 906574 SUSE bug 924960 SUSE bug 924961 CVE-2014-8964 CVE-2015-2325 CVE-2015-2326 openSUSE 13.2 Chromium was updated to 42.0.2311.135 to fix security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-1243: Use-after-free in DOM * CVE-2015-1250: Various fixes from internal audits, fuzzing and other initiatives. (Moderate) SUSE bug 929075 CVE-2015-1243 CVE-2015-1250 openSUSE 13.2 libssh was updated to fix one security issue. The following vulnerability was fixed: * CVE-2015-3146: Specially crafted packages inserted into a connection could have lead to a client or server process crash via a null pointer dereference. (Low) SUSE bug 928323 CVE-2015-3146 openSUSE 13.2 curl was updated to 7.42.1 to fix one security issue. The following vulnerability was fixed: * CVE-2015-3153: curl could have sent sensitive HTTP headers also to proxies (bnc#928533) (Moderate) SUSE bug 928533 CVE-2015-3153 openSUSE 13.2 LibreOffice was updated to 4.3.7 to fix one security issue and a number of bugs. The following vulnerability was fixed: * CVE-2015-1774: Specially crafted HWP documents could have led to an application crash or possibly the execution of arbitrary code (boo#919409) The following non-security bugs were fixed: * boo#881214: Failed to launch reprots wizard in libreoffice-base with error "java.lang.NoClassDefFoundError" In addition this update contains all upstream fixes of the 4.3.7 series. (Moderate) SUSE bug 881214 SUSE bug 919409 CVE-2015-1774 openSUSE 13.2 GNU parallel was updated to version 20150422 to fix one security issue, several bugs and add functionality. The following vulnerability was fixed: * A local attacker could make a user overwrite one of his own files with a single byte when using --compress, --tmux, --pipe, --cat or --fifo when guessing random file names within a time window of 15 ms. [boo#928664] In addition, the update to 20150422 adds a number of bug fixes, improvements and new features. (Low) SUSE bug 928664 openSUSE 13.2 The DNS server dnsmasq was updated to fix one security issue. The following vulnerability was fixed: * CVE-2015-3294: A remote unauthenticated attacker could have caused a denial of service (DoS) or read heap memory, potentially disclosing information such as performed DNS queries or encryption keys. (bsc#928867) (Moderate) SUSE bug 928867 CVE-2015-3294 openSUSE 13.2 The ASN.1 parsing library libtasn1 was updated to fix one memory handling issue. The following vulnerability was fixed: * CVE-2015-2806: A stack-based buffer overflow in libtasn1 allowed remote attackers to have unspecified impact via unknown vectors. (Low) SUSE bug 924828 CVE-2015-2806 openSUSE 13.2 Qemu was updated to v2.1.3: See http://wiki.qemu-project.org/ChangeLog/2.1 for more information. This update includes a security fix: * CVE-2015-3456: Fixed a buffer overflow in the floppy drive emulation, which could be used to denial of service attacks or potential code execution against the host. (Important) SUSE bug 929339 CVE-2015-3456 openSUSE 13.2 docker was updated to version 1.6.1 to fix several security and non-security issues. - Updated to version 1.6.1 (2015-05-07) [bnc#930235] * Security - Fix read/write /proc paths (CVE-2015-3630) - Prohibit VOLUME /proc and VOLUME / (CVE-2015-3631) - Fix opening of file-descriptor 1 (CVE-2015-3627) - Fix symlink traversal on container respawn allowing local privilege escalation (CVE-2015-3629) - Prohibit mount of /sys * Runtime - Update Apparmor policy to not allow mounts - Updated libcontainer-apparmor-fixes.patch: adapt patch to reflect changes introduced by docker 1.6.1 (Moderate) SUSE bug 930235 CVE-2015-3627 CVE-2015-3629 CVE-2015-3630 CVE-2015-3631 openSUSE 13.2 The ClamAV antivirus engine was updated to version 0.98.7 to fix several security and non-security issues. The following vulnerabilities were fixed (bsc#929192): * CVE-2015-2170: Fix crash in upx decoder with crafted file. Discovered and patch supplied by Sebastian Andrzej Siewior. * CVE-2015-2221: Fix infinite loop condition on crafted y0da cryptor file. Identified and patch suggested by Sebastian Andrzej Siewior. * CVE-2015-2222: Fix crash on crafted petite packed file. Reported and patch supplied by Sebastian Andrzej Siewior. * CVE-2015-2668: Fix an infinite loop condition on a crafted "xz" archive file. This was reported by Dimitri Kirchner and Goulven Guiheux. * CVE-2015-2305: Apply upstream patch for possible heap overflow in Henry Spencer's regex library. The following bugfixes were applyed (bsc#929192): * Fix false negatives on files within iso9660 containers. This issue was reported by Minzhuan Gong. * Fix a couple crashes on crafted upack packed file. Identified and patches supplied by Sebastian Andrzej Siewior. * Fix a crash during algorithmic detection on crafted PE file. Identified and patch supplied by Sebastian Andrzej Siewior. * Fix compilation error after ./configure --disable-pthreads. Reported and fix suggested by John E. Krokes. * Fix segfault scanning certain HTML files. Reported with sample by Kai Risku. * Improve detections within xar/pkg files. * Improvements to PDF processing: decryption, escape sequence handling, and file property collection. * Scanning/analysis of additional Microsoft Office 2003 XML format. (Moderate) SUSE bug 929192 CVE-2015-2170 CVE-2015-2221 CVE-2015-2222 CVE-2015-2305 CVE-2015-2668 openSUSE 13.2 NonFree The Adobe flash-player package was updated to version 11.2.202.460 to fix several security issues. The following vulnerabilities were fixed (bsc#930677): * APSB15-09, CVE-2015-3044, CVE-2015-3077, CVE-2015-3078, CVE-2015-3079, CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083, CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087, CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3091, CVE-2015-3092, CVE-2015-3093 More information can be found at the Adobe Security Bulletin APSB15-09: https://helpx.adobe.com/security/products/flash-player/apsb15-09.html (Important) SUSE bug 930677 CVE-2015-3044 CVE-2015-3077 CVE-2015-3078 CVE-2015-3079 CVE-2015-3080 CVE-2015-3081 CVE-2015-3082 CVE-2015-3083 CVE-2015-3084 CVE-2015-3085 CVE-2015-3086 CVE-2015-3087 CVE-2015-3088 CVE-2015-3089 CVE-2015-3090 CVE-2015-3091 CVE-2015-3092 CVE-2015-3093 openSUSE 13.2 The Mozilla Thunderbird email, news, and chat client was updated to version 31.7.0 to fix several security issues. The following vulnerabilities were fixed (bnc#930622): * MFSA 2015-46/CVE-2015-2708 Miscellaneous memory safety hazards * MFSA 2015-47/CVE-2015-0797 (bmo#1080995) Buffer overflow parsing H.264 video with Linux Gstreamer * MFSA 2015-48/CVE-2015-2710 (bmo#1149542) Buffer overflow with SVG content and CSS * MFSA 2015-51/CVE-2015-2713 (bmo#1153478) Use-after-free during text processing with vertical text enabled * MFSA 2015-54/CVE-2015-2716 (bmo#1140537) Buffer overflow when parsing compressed XML * MFSA 2015-57/CVE-2011-3079 (bmo#1087565) Privilege escalation through IPC channel messages (Moderate) SUSE bug 930622 CVE-2011-3079 CVE-2015-0797 CVE-2015-2708 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716 openSUSE 13.2 The Mozilla Firefox web browser was updated to version 38.0.1 to fix several security and non-security issues. This update also includes a Mozilla Network Security Services (NSS) update to version 3.18.1. The following vulnerabilities and issues were fixed: Changes in Mozilla Firefox: - update to Firefox 38.0.1 stability and regression fixes * Systems with first generation NVidia Optimus graphics cards may crash on start-up * Users who import cookies from Google Chrome can end up with broken websites * Large animated images may fail to play and may stop other images from loading - update to Firefox 38.0 (bnc#930622) * New tab-based preferences * Ruby annotation support * more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/ security fixes: * MFSA 2015-46/CVE-2015-2708/CVE-2015-2709 Miscellaneous memory safety hazards * MFSA 2015-47/VE-2015-0797 (bmo#1080995) Buffer overflow parsing H.264 video with Linux Gstreamer * MFSA 2015-48/CVE-2015-2710 (bmo#1149542) Buffer overflow with SVG content and CSS * MFSA 2015-49/CVE-2015-2711 (bmo#1113431) Referrer policy ignored when links opened by middle-click and context menu * MFSA 2015-50/CVE-2015-2712 (bmo#1152280) Out-of-bounds read and write in asm.js validation * MFSA 2015-51/CVE-2015-2713 (bmo#1153478) Use-after-free during text processing with vertical text enabled * MFSA 2015-53/CVE-2015-2715 (bmo#988698) Use-after-free due to Media Decoder Thread creation during shutdown * MFSA 2015-54/CVE-2015-2716 (bmo#1140537) Buffer overflow when parsing compressed XML * MFSA 2015-55/CVE-2015-2717 (bmo#1154683) Buffer overflow and out-of-bounds read while parsing MP4 video metadata * MFSA 2015-56/CVE-2015-2718 (bmo#1146724) Untrusted site hosting trusted page can intercept webchannel responses * MFSA 2015-57/CVE-2011-3079 (bmo#1087565) Privilege escalation through IPC channel messages Changes in Mozilla NSS: - update to 3.18.1 * Firefox target release 38 * No new functionality is introduced in this release. Notable Changes: * The following CA certificate had the Websites and Code Signing trust bits restored to their original state to allow more time to develop a better transition strategy for affected sites: - OU = Equifax Secure Certificate Authority * The following CA certificate was removed: - CN = e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi * The following intermediate CA certificate has been added as actively distrusted because it was mis-used to issue certificates for domain names the holder did not own or control: - CN=MCSHOLDING TEST, O=MCSHOLDING, C=EG * The version number of the updated root CA list has been set to 2.4 - update to 3.18 * Firefox target release 38 New functionality: * When importing certificates and keys from a PKCS#12 source, it's now possible to override the nicknames, prior to importing them into the NSS database, using new API SEC_PKCS12DecoderRenameCertNicknames. * The tstclnt test utility program has new command-line options -C, -D, -b and -R. Use -C one, two or three times to print information about the certificates received from a server, and information about the locally found and trusted issuer certificates, to diagnose server side configuration issues. It is possible to run tstclnt (Moderate) SUSE bug 930622 CVE-2011-3079 CVE-2015-2708 CVE-2015-2709 CVE-2015-2710 CVE-2015-2711 CVE-2015-2712 CVE-2015-2713 CVE-2015-2715 CVE-2015-2716 CVE-2015-2717 CVE-2015-2718 openSUSE 13.2 The distributed IRC client quassel was updated to fix one security issue. The following vulnerability was fixed: * CVE-2015-3427: The SQL injection fix for CVE-2013-4422 was incomplete (boo#928728) (Moderate) SUSE bug 928728 CVE-2015-3427 openSUSE 13.2 LibVNCServer was updated to version 0.9.10 to fix several security and non-security issues. The following issues were fixed: - Remove xorg-x11-devel from buildRequires, X libraries are not directly used/linked - libvncserver-0.9.10-ossl.patch: Update, do not RAND_load_file("/dev/urandom", 1024) if the the PRNG is already seeded. (It always is on linux) - Update to version 0.9.10 + Moved the whole project from sourceforge to https://libvnc.github.io/. + Cleaned out the autotools build system which now uses autoreconf. + Updated noVNC HTML5 client to latest version. + Split out x11vnc sources into separate repository at https://github.com/LibVNC/x11vnc + Split out vncterm sources into separate repository at https://github.com/LibVNC/vncterm + Split out VisualNaCro sources into separate repository at https://github.com/LibVNC/VisualNaCro + Merged Debian patches. + Fixed some security-related buffer overflow cases. + Added compatibility headers to make LibVNCServer/LibVNCClient build on native Windows 8. + Update LZO to version 2.07, fixing CVE-2014-4607. + Merged patches from KDE/krfb. + Can now do IPv6 without IPv4. + Fixed a use-after-free issue in scale.c. - Update Url and download source to new project home - Remove LibVNCServer-0.9.9-no_x11vnc.patch; upstream splited it out of main tarball - Rebase libvncserver-ossl.patch to upstream changes > libvncserver-0.9.10-ossl.patch - Remove linuxvnc subpackage; like x11vnc, it has been splited out but is depreciated and unmaintained. (Moderate) CVE-2014-4607 openSUSE 13.2 The libraw library was updated to fix one security issue. The following vulnerability was fixed: * boo#930683: CVE-2015-3885: dcraw/libraw: input sanitization errors (Moderate) SUSE bug 930683 CVE-2015-3885 openSUSE 13.2 Wireshark was updated to 1.12.5 to fix security issues and bugs. The following vulnerabilities have been fixed: * CVE-2015-3808, CVE-2015-3809: The LBMR dissector could go into an infinite loop. (wnpa-sec-2015-12) * CVE-2015-3810: The WebSocket dissector could recurse excessively. (wnpa-sec-2015-13) * CVE-2015-3811: The WCP dissector could crash while decompressing data. (wnpa-sec-2015-14) * CVE-2015-3812: The X11 dissector could leak memory. (wnpa-sec-2015-15) * CVE-2015-3813: The packet reassembly code could leak memory. (wnpa-sec-2015-16) * CVE-2015-3814: The IEEE 802.11 dissector could go into an infinite loop. (wnpa-sec-2015-17) * CVE-2015-3815: The Android Logcat file parser could crash. (wnpa-sec-2015-18) (Moderate) SUSE bug 930689 CVE-2015-3808 CVE-2015-3809 CVE-2015-3810 CVE-2015-3811 CVE-2015-3812 CVE-2015-3813 CVE-2015-3814 CVE-2015-3815 openSUSE 13.2 This update for vsftpd fixes the following security issue: - Fixed deny_file parsing to do more what is expected. bnc#900326 (Low) SUSE bug 900326 openSUSE 13.2 coreutils was updated to fix a bug in 'sort': Fixed memory handling error with case insensitive sort using UTF-8 (boo#928749). (Moderate) SUSE bug 928749 CVE-2013-0221 CVE-2013-0222 CVE-2013-0223 openSUSE 13.2 glibc was updated to fix security issues and bugs: - Separate internal state between getXXent and getXXbyYY NSS calls (CVE-2014-8121, bsc#918187, BZ #18007) - Fix read past end of pattern in fnmatch (bsc#920338, BZ #17062, BZ #18032, BZ #18036) - Fix buffer overflow in nss_dns (CVE-2015-1781, bsc#927080, BZ #18287) Also this bug got fixed: - Simplify handling of nameserver configuration in resolver (bsc#917539) (Moderate) SUSE bug 917539 SUSE bug 918187 SUSE bug 920338 SUSE bug 927080 CVE-2014-8121 CVE-2015-1781 openSUSE 13.2 GNU parallel was updated to 20150522 to complete a fix one security issue and augment a fix for another. The following vulnerabilities were fixed: * The security issue for --sshlogin + --fifo/--cat has been fixed. * After further security analysis the issue fixed in 20150422 also fixed the problem for --tmux. (Moderate) SUSE bug 932143 openSUSE 13.2 mysql-connector-java was updated to 5.1.35 to fix one security issue and a number of bugs. The following vulnerability was fixed: * CVE-2015-2575: Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Connectors accessible data as well as read access to a subset of MySQL Connectors accessible data. In addition, mysql-connector-java was updated to 5.1.35 to fix a number of upstream bugs, details of which listed in CHANGES as well as http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html (Moderate) SUSE bug 927981 CVE-2015-2575 openSUSE 13.2 Chromium was updated to 43.0.2357.65 to fix security issues and bugs. The following vulnerabilities were fixed: - CVE-2015-1251: Use-after-free in Speech (boo#931659) - CVE-2015-1252: Sandbox escape in Chrome (boo#931671) - CVE-2015-1253: Cross-origin bypass in DOM (boo#931670) - CVE-2015-1254: Cross-origin bypass in Editing (boo#931669) - CVE-2015-1255: Use-after-free in WebAudio (boo#931674) - CVE-2015-1256: Use-after-free in SVG (boo#931664) - CVE-2015-1257: Container-overflow in SVG (boo#931665) - CVE-2015-1258: Negative-size parameter in Libvpx (boo#931666) - CVE-2015-1259: Uninitialized value in PDFium (boo#931667) - CVE-2015-1260: Use-after-free in WebRTC (boo#931668) - CVE-2015-1261: URL bar spoofing (boo#931673) - CVE-2015-1262: Uninitialized value in Blink (boo#931672) - CVE-2015-1263: Insecure download of spellcheck dictionary (boo#931663) - CVE-2015-1264: Cross-site scripting in bookmarks (boo#931661) - CVE-2015-1265: Various fixes from internal audits, fuzzing and other initiatives (boo#931660) - Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch (currently 4.3.61.21) (Moderate) SUSE bug 931659 SUSE bug 931660 SUSE bug 931661 SUSE bug 931663 SUSE bug 931664 SUSE bug 931665 SUSE bug 931666 SUSE bug 931667 SUSE bug 931668 SUSE bug 931669 SUSE bug 931670 SUSE bug 931671 SUSE bug 931672 SUSE bug 931673 SUSE bug 931674 CVE-2015-1251 CVE-2015-1252 CVE-2015-1253 CVE-2015-1254 CVE-2015-1255 CVE-2015-1256 CVE-2015-1257 CVE-2015-1258 CVE-2015-1259 CVE-2015-1260 CVE-2015-1261 CVE-2015-1262 CVE-2015-1263 CVE-2015-1264 CVE-2015-1265 openSUSE 13.2 - Fix CVE-2013-7441 (boo#931987) * CVE-2013-7441.patch - Fix CVE-2015-0847 (boo#930173) * nbd_signaling_CVE-2015-0847.patch (Moderate) SUSE bug 930173 SUSE bug 931987 CVE-2013-7441 CVE-2015-0847 openSUSE 13.2 * Update to version 2.9.4 - fix exec environment for mount and umount (bsc#931452, CVE-2015-3202) - properly restore the default signal handler - fix directory file handle passed to ioctl() method. - fix for uids/gids larger than 2147483647 - initialize stat buffer passed to getattr() and fgetattr() (Moderate) SUSE bug 931452 CVE-2015-3202 openSUSE 13.2 php5 was updated to fix four security issues. The following vulnerabilities were fixed: * CVE-2015-4024: Multipart/form-data remote dos Vulnerability (bnc#931421) * CVE-2015-4026: pcntl_exec() does not check path validity (bnc#931776) * CVE-2015-4022: overflow in ftp_genlist() resulting in heap overflow (bnc#931772) * CVE-2015-4021: memory corruption in phar_parse_tarfile when entry filename starts with NULL (bnc#931769) (Moderate) SUSE bug 931421 SUSE bug 931769 SUSE bug 931772 SUSE bug 931776 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4026 openSUSE 13.2 e2fsprogs was updated to fix one security issue. The following vulnerability was fixed: * CVE-2015-1572: A local user could have executed arbitrary code by causing a crafted block group descriptor to be marked as dirty. (boo#918346) (Moderate) SUSE bug 918346 CVE-2015-1572 openSUSE 13.2 MozillaFirefox was updated to version 35.0 (bnc#910669) Notable features: * Firefox Hello with new rooms-based conversations model * Implemented HTTP Public Key Pinning Extension (for enhanced authentication of encrypted connections) Security fixes: * MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 Miscellaneous memory safety hazards * MFSA 2015-02/CVE-2014-8637 (bmo#1094536) Uninitialized memory use during bitmap rendering * MFSA 2015-03/CVE-2014-8638 (bmo#1080987) sendBeacon requests lack an Origin header * MFSA 2015-04/CVE-2014-8639 (bmo#1095859) Cookie injection through Proxy Authenticate responses * MFSA 2015-05/CVE-2014-8640 (bmo#1100409) Read of uninitialized memory in Web Audio * MFSA 2015-06/CVE-2014-8641 (bmo#1108455) Read-after-free in WebRTC * MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only) Gecko Media Plugin sandbox escape * MFSA 2015-08/CVE-2014-8642 (bmo#1079658) Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension * MFSA 2015-09/CVE-2014-8636 (bmo#987794) XrayWrapper bypass through DOM objects - obsolete tracker-miner-firefox < 0.15 because it leads to startup crashes (bnc#908892) (Important) SUSE bug 908892 SUSE bug 910669 CVE-2014-8634 CVE-2014-8635 CVE-2014-8636 CVE-2014-8637 CVE-2014-8638 CVE-2014-8639 CVE-2014-8640 CVE-2014-8641 CVE-2014-8642 CVE-2014-8643 openSUSE 13.2 zeromq was updated to fix one security issue and two non-security bugs. The following vulnerabilities were fixed: * CVE-2014-9721: zeromq protocol downgrade attack on sockets using the ZMTP v3 protocol (boo#931978) The following bugs were fixed: * boo#912460: avoid curve test to hang for ppc ppc64 ppc64le architectures * boo#907584: zeromq package could not be updated due to a file conflict, split tools into a separate subpackage (Moderate) SUSE bug 907584 SUSE bug 912460 SUSE bug 931978 CVE-2014-9721 openSUSE 13.2 The ftp server ProFTPD was updated to 1.3.5a to fix one security issue. The following vulnerability was fixed: * CVE-2015-3306: Unauthenticated copying of files via SITE CPFR/CPTO allowed by mod_copy (boo#927290) In addition, proftpd was updated to 1.3.5a to fix a number of upstream bugs and improve functionality. (Moderate) SUSE bug 927290 CVE-2013-4359 CVE-2015-3306 openSUSE 13.2 wpa_supplicant was updated to fix three security issues. The following vulnerabilities were fixed: CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding (boo#930077) CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing (boo#930078) CVE-2015-4143: EAP-pwd missing payload length validation (boo#930079) (Moderate) SUSE bug 930077 SUSE bug 930078 SUSE bug 930079 CVE-2015-4141 CVE-2015-4142 CVE-2015-4143 openSUSE 13.2 NonFree Adobe Flash Player was updated to 11.2.202.466 to fix multiple security issues. The following vulnerabilities were fixed: * CVE-2015-3096: bypass for CVE-2014-5333 * CVE-2015-3098: vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure * CVE-2015-3099: vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure * CVE-2015-3100: stack overflow vulnerability that could lead to code execution * CVE-2015-3102: vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure * CVE-2015-3103: use-after-free vulnerabilities that could lead to code execution * CVE-2015-3104: integer overflow vulnerability that could lead to code execution * CVE-2015-3105: memory corruption vulnerability that could lead to code execution * CVE-2015-3106: use-after-free vulnerabilities that could lead to code execution * CVE-2015-3107: use-after-free vulnerabilities that could lead to code execution * CVE-2015-3108: memory leak vulnerability that could be used to bypass ASLR (Important) SUSE bug 934088 CVE-2015-3096 CVE-2015-3098 CVE-2015-3099 CVE-2015-3100 CVE-2015-3102 CVE-2015-3103 CVE-2015-3104 CVE-2015-3105 CVE-2015-3106 CVE-2015-3107 CVE-2015-3108 openSUSE 13.2 Tidy was updated to fix one security issue. The following vulnerability was fixed: * A heap-based buffer overflow in tidy could have unspecified impact when processing user-supplied input. (Moderate) SUSE bug 933588 openSUSE 13.2 This update fixes the following issues: - CVE-2015-1158 and CVE-2015-1159 fixes a possible privilege escalation via cross-site scripting and bad print job submission used to replace cupsd.conf on server (CUPS STR#4609 CERT-VU-810572 CVE-2015-1158 CVE-2015-1159 bugzilla.suse.com bsc#924208). In general it is crucial to limit access to CUPS to trustworthy users who do not misuse their permission to submit print jobs which means to upload arbitrary data onto the CUPS server, see https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings and cf. the entries about CVE-2012-5519 below. (Critical) SUSE bug 924208 CVE-2012-5519 CVE-2015-1158 CVE-2015-1159 openSUSE 13.2 PHP was updated to fix one security issue. The following vulnerability was fixed: * CVE-2015-4148: A type confusion flay in SoapClient could lead to information disclosure [bnc#933227] (Moderate) SUSE bug 933227 CVE-2015-4148 openSUSE 13.2 coreutils was updated to fix one security issue and one non-security bug. The following vulnerability was fixed: * CVE-2015-4042: Use a later version of the patch that fixed (boo#928749, CVE-2015-4041), also avoiding I18N issue The following bug was fixed: * boo#933396: adjust reference to info nodes in man pages (Moderate) SUSE bug 928749 SUSE bug 933396 CVE-2015-4041 CVE-2015-4042 openSUSE 13.2 dpkg and update-alternatives were updated to 1.16.16 to fix one security issue and severan non-security bugs. The following vulnerabilities were fixed: * CVE-2015-0840: Specially crafted deb packages could have been used to bypass source package integrity verification in local installs (boo#926749) Also contains a number of upstream bugs and improvements. (Moderate) SUSE bug 926749 CVE-2015-0840 openSUSE 13.2 strongswan was updated to fix a rogue servers vulnerability, that may enable rogue servers able to authenticate itself with certificate issued by any CA the client trusts, to gain user credentials from a client in certain IKEv2 setups (bsc#933591,CVE-2015-4171). More information can be found on https://www.strongswan.org/blog/2015/06/08/strongswan-vulnerability-%28cve-2015-4171%29.html (Moderate) SUSE bug 933591 CVE-2015-4171 openSUSE 13.2 Busybox was updated to fix one security issue. The following vulnerability was fixed: * CVE-2014-9645: fixed a potential modprobe filter bypassing rule by filtering / (boo#914660) (Moderate) SUSE bug 914660 CVE-2014-9645 openSUSE 13.2 Xen was updated to 4.4.2 to fix multiple vulnerabilities and non-security bugs. The following vulnerabilities were fixed: * CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu (XSA-128) (boo#931625) * CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests (XSA-129) (boo#931626) * CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error messages (XSA-130) (boo#931627) * CVE-2015-4106: Unmediated PCI register access in qemu (XSA-131) (boo#931628) * CVE-2015-4164: DoS through iret hypercall handler (XSA-136) (boo#932996) * CVE-2015-4163: GNTTABOP_swap_grant_ref operation misbehavior (XSA-134) (boo#932790) * CVE-2015-3209: heap overflow in qemu pcnet controller allowing guest to host escape (XSA-135) (boo#932770) * CVE-2015-3456: Fixed a buffer overflow in the floppy drive emulation, which could be used to denial of service attacks or potential code execution against the host. () * CVE-2015-3340: Xen did not initialize certain fields, which allowed certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. () * CVE-2015-2752: Long latency MMIO mapping operations are not preemptible (XSA-125 boo#922705) * CVE-2015-2756: Unmediated PCI command register access in qemu (XSA-126 boo#922706) * CVE-2015-2751: Certain domctl operations may be abused to lock up the host (XSA-127 boo#922709) * CVE-2015-2151: Hypervisor memory corruption due to x86 emulator flaw (boo#919464 XSA-123) * CVE-2015-2045: Information leak through version information hypercall (boo#918998 XSA-122) * CVE-2015-2044: Information leak via internal x86 system device emulation (boo#918995 (XSA-121) * CVE-2015-2152: HVM qemu unexpectedly enabling emulated VGA graphics backends (boo#919663 XSA-119) * CVE-2014-3615: information leakage when guest sets high resolution (boo#895528) The following non-security bugs were fixed: * xentop: Fix memory leak on read failure * boo#923758: xen dmesg contains bogus output in early boot * boo#921842: Xentop doesn't display disk statistics for VMs using qdisks * boo#919098: L3: XEN blktap device intermittently fails to connect * boo#882089: Windows 2012 R2 fails to boot up with greater than 60 vcpus * boo#903680: Problems with detecting free loop devices on Xen guest startup * boo#861318: xentop reports "Found interface vif101.0 but domain 101 does not exist." * boo#901488: Intel ixgbe driver assigns rx/tx queues per core resulting in irq problems on servers with a large amount of CPU cores * boo#910254: SLES11 SP3 Xen VT-d igb NIC doesn't work * boo#912011: high ping latency after upgrade to latest SLES11SP3 on xen Dom0 * boo#906689: let systemd schedule xencommons after network-online.target and remote-fs.target so that xendomains has access to remote shares The following functionality was enabled or enhanced: * Enable spice support in qemu for x86_64 * Add Qxl vga support * Enhancement to virsh/libvirtd "send-key" command (FATE#317240) * Add domain_migrate_constraints_set API to Xend's http interface (FATE#317239) (Important) SUSE bug 861318 SUSE bug 882089 SUSE bug 895528 SUSE bug 901488 SUSE bug 903680 SUSE bug 906689 SUSE bug 910254 SUSE bug 912011 SUSE bug 918995 SUSE bug 918998 SUSE bug 919098 SUSE bug 919464 SUSE bug 919663 SUSE bug 921842 SUSE bug 922705 SUSE bug 922706 SUSE bug 922709 SUSE bug 923758 SUSE bug 927967 SUSE bug 929339 SUSE bug 931625 SUSE bug 931626 SUSE bug 931627 SUSE bug 931628 SUSE bug 932770 SUSE bug 932790 SUSE bug 932996 CVE-2014-3615 CVE-2015-2044 CVE-2015-2045 CVE-2015-2151 CVE-2015-2152 CVE-2015-2751 CVE-2015-2752 CVE-2015-2756 CVE-2015-3209 CVE-2015-3340 CVE-2015-3456 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106 CVE-2015-4163 CVE-2015-4164 openSUSE 13.2 The git web frontend cgit was updated to 0.11.2 to fix security issues and bugs. The following vulnerabilities were fixed: * CVE-2014-9390: arbitrary command execution vulnerability on case-insensitive file systems in git. Malicious commits could affect client users on all platforms using case-insensitive file systems when using vulnerable git versions. In addition cgit was updated to 0.11.2 with minor improvements and bug fixes. The embedded git version was updated to 2.4.3. (Moderate) SUSE bug 910756 CVE-2014-9390 openSUSE 13.2 The XWayland portion of the x.org X11 server was updated to fix one security issue. The following vulnerability was fixed: * CVE-2015-3164: Unauthorised local client access in XWayland (boo#934102) (Moderate) SUSE bug 934102 CVE-2015-3164 openSUSE 13.2 libwmf was updated to fix two security issues. The following vulnerabilities were fixed: * CVE-2015-0848: An attacker that could trick a victim into opening a specially crafted WMF file with BMP portions in a libwmf based application could have executed arbitrary code with the user's privileges. (boo#933109) * CVE-2015-0848: An attacker that could trick a victim into opening a specially crafted WMF file in a libwmf based application could have executed arbitrary code through incorrect run-length encoding. (boo#933109) (Moderate) SUSE bug 933109 CVE-2015-0848 CVE-2015-4588 openSUSE 13.2 cacti was updated to 0.8.8d to fix multiple security issues and bugs. The following vulnerabilities were fixed: * SQL injection VN: JVN#78187936 / TN:JPCERT#98968540 * Cacti Cross-Site Scripting Vulnerability Notification [FG-VD-15-017] * SQL Injection and Location header injection from cdef id CVE-2015-4342 * SQL injection in graph templates Also contains bug fixes in the upstream 0.8.8d release. (Moderate) SUSE bug 934187 CVE-2015-4342 openSUSE 13.2 Curl was updated to fix two security issues and enable metalink support The following vulnerabilities were fixed: * CVE-2015-3236: libcurl could have wrongly send HTTP credentials when re-using connections (boo#934501) * CVE-2015-3237: libcurl could have been tricked by a malicious SMB server to send off data it did not intend to (boo#934502) The following feature was enabled: * boo#851126: enable metalink support. (Moderate) SUSE bug 851126 SUSE bug 934501 SUSE bug 934502 CVE-2015-3236 CVE-2015-3237 openSUSE 13.2 openssl was updated to fix six security issues. The following vulnerabilities were fixed: * CVE-2015-4000: The Logjam Attack / weakdh.org. Rject connections with DH parameters shorter than 768 bits, generates 2048-bit DH parameters by default. (boo#931698) * CVE-2015-1788: Malformed ECParameters causes infinite loop (boo#934487) * CVE-2015-1789: Exploitable out-of-bounds read in X509_cmp_time (boo#934489) * CVE-2015-1790: PKCS7 crash with missing EnvelopedContent (boo#934491) * CVE-2015-1792: CMS verify infinite loop with unknown hash function (boo#934493) * CVE-2015-1791: race condition in NewSessionTicket (boo#933911) * CVE-2015-3216: Crash in ssleay_rand_bytes due to locking regression (boo#933898) (Important) SUSE bug 931698 SUSE bug 933898 SUSE bug 933911 SUSE bug 934487 SUSE bug 934489 SUSE bug 934491 SUSE bug 934493 SUSE bug 934494 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3216 CVE-2015-4000 openSUSE 13.2 chromium was updated to 43.0.2357.130 to fix several security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-1266: Scheme validation error in WebUI * CVE-2015-1268: Cross-origin bypass in Blink * CVE-2015-1267: Cross-origin bypass in Blink * CVE-2015-1269: Normalization error in HSTS/HPKP preload list * boo#935022: Prevent Chromium from downloading a binary blob for speech recognition Contains the following non-security changes: * resolved browser font magnification/scaling issue. * Fixed an issue where sometimes a blank page would print * Icons not displaying properly on Linux (Moderate) SUSE bug 935022 SUSE bug 935723 CVE-2015-1266 CVE-2015-1267 CVE-2015-1268 CVE-2015-1269 openSUSE 13.2 NonFree Adobe Flash Player was updated to 11.2.202.468 to fix one security issue. The following vulnerability was fixed: * CVE-2015-3113: A heap buffer overflow vulnerability could have allowed code execution (bsc#935701, APSB15-14) (Important) SUSE bug 935701 CVE-2015-3113 openSUSE 13.2 roundcubemail was updated to version 1.0.6 to fix many minor bugs and two security issues. The security-related fixes in particular are: - security improvement in DBMail driver of password plugin - security improvement in contact photo handling (Low) openSUSE 13.2 p7zip was update to fix one security issue. The following vulnerability was fixed: * CVE-2015-1038: Attackers could have written to arbitrary files via a symlink attack in a specially crafted archive (boo#912878) (Moderate) SUSE bug 912878 CVE-2015-1038 openSUSE 13.2 rubygem-RedCloth was updated to fix one security issue. The following vulnerability was fixed: CVE-2012-6684: A cross-site scripting (XSS) vulnerability allowed remote attackers to inject arbitrary web script or HTML via a javascript: URI (boo#912212) (Moderate) SUSE bug 912212 CVE-2012-6684 openSUSE 13.2 phpMyAdmin was updated to 4.2.13.3 to fix three security issues. The following vulnerabilities were fixed: * CVE-2015-3902: CSRF vulnerability in setup (PMASA-2015-2, boo#930992) * CVE-2015-3903: Vulnerability allowing man-in-the-middle attack (PMASA-2015-3, boo#930993) * CVE-2015-2206: Risk of BREACH attack (PMASA-2015-1, boo#920773) Also contains all upstream bug fixes in the 4.2.13 branch. (Moderate) SUSE bug 920773 SUSE bug 930992 SUSE bug 930993 CVE-2015-2206 CVE-2015-3902 CVE-2015-3903 openSUSE 13.2 The PHP script interpreter was updated to receive various security fixes: * CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization type confusion. * CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type confusion issues in unserialize() with various SOAP methods. * CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type confusion issue after unserialize. * CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data. * CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist() that could result in a heap overflow. * CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]: Added missing null byte checks for paths in various PHP extensions. (Important) SUSE bug 935224 SUSE bug 935225 SUSE bug 935226 SUSE bug 935227 SUSE bug 935232 SUSE bug 935234 SUSE bug 935274 SUSE bug 935275 CVE-2015-3411 CVE-2015-3412 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 CVE-2015-4605 CVE-2015-4643 CVE-2015-4644 openSUSE 13.2 NonFree flash-player was updated to fix one security issue. This security issue was fixed: - CVE-2015-5119: Unspecified vulnerability allowing remote attackers to take over the system (bsc#937339). (Critical) SUSE bug 937339 CVE-2015-5119 openSUSE 13.2 mysql-community-server was updated to version 5.6.25 to fix one security issue. This security issue was fixed: * CVE-2015-4000: Logjam Attack: mysql uses 512 bit dh groups in SSL (bsc#934789). For other changes and details please check http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-25.html (Moderate) SUSE bug 934789 CVE-2015-4000 openSUSE 13.2 tiff was updated to version 4.0.4 to fix six security issues found by fuzzing initiatives. These security issues were fixed: - CVE-2014-8127: Out-of-bounds write (bnc#914890). - CVE-2014-9655: Access of uninitialized memory (bnc#916927). - CVE-2014-8130: Out-of-bounds write (bnc#914890). - CVE-2015-1547: Use of uninitialized memory in NeXTDecode (bnc#916925). - CVE-2014-8129: Out-of-bounds write (bnc#914890). - CVE-2014-8128: Out-of-bounds write (bnc#914890). (Moderate) SUSE bug 914890 SUSE bug 916925 SUSE bug 916927 CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9655 CVE-2015-1547 openSUSE 13.2 libwmf was updated to fix four security issues. These security issues were fixed: - CVE-2015-4588: Heap overflow (bnc#933109). - CVE-2015-4696: Use after free (bnc#936062). - CVE-2015-4695: Heap buffer over read (bnc#936058). - CVE-2015-0848: Heap overflow (bnc#933109). (Moderate) SUSE bug 933109 SUSE bug 936058 SUSE bug 936062 CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696 openSUSE 13.2 Wireshark was updated to 1.12.6 to fix two security issues. The following vulnerabilities were fixed: - CVE-2015-4651: The WCCP dissector crashed when reading specially crafted packages from the network or a capture files (wnpa-sec-2015-19, boo#935157). - CVE-2015-4652: The GSM DTAP dissector crashed when reading specially crafted packages from the network or a capture file (wnpa-sec-2015-20, boo#935158). This update also contains further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.6.html (Moderate) SUSE bug 935157 SUSE bug 935158 CVE-2015-4651 CVE-2015-4652 openSUSE 13.2 MariaDB was updated to its current minor version, fixing bugs and security issues. These updates include a fix for Logjam (CVE-2015-4000), making MariaDB work with client software that no longer allows short DH groups over SSL, as e.g. our current openssl packages. On openSUSE 13.1, MariaDB was updated to 5.5.44. On openSUSE 13.2, MariaDB was updated from 10.0.13 to 10.0.20. Please read the release notes of MariaDB https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/ for more information. (Important) SUSE bug 859345 SUSE bug 914370 SUSE bug 924663 SUSE bug 934789 SUSE bug 936407 SUSE bug 936408 SUSE bug 936409 CVE-2014-6464 CVE-2014-6469 CVE-2014-6491 CVE-2014-6494 CVE-2014-6496 CVE-2014-6500 CVE-2014-6507 CVE-2014-6555 CVE-2014-6559 CVE-2014-6568 CVE-2014-8964 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0411 CVE-2015-0432 CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2325 CVE-2015-2326 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-3152 CVE-2015-4000 openSUSE 13.2 MozillaFirefox was updated to version 39.0 to fix 21 security issues. These security issues were fixed: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2727: Local files or privileged URLs in pages can be opened into new tabs (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2729: Out-of-bound read while computing an oscillator rendering range in Web Audio (bsc#935979). - CVE-2015-2731: Use-after-free in Content Policy due to microtask execution error (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). - CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2741: Key pinning is ignored when overridable errors are encountered (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935979). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). New features: - Share Hello URLs with social networks - Support for 'switch' role in ARIA 1.1 (web accessibility) - SafeBrowsing malware detection lookups enabled for downloads (Mac OS X and Linux) - Support for new Unicode 8.0 skin tone emoji - Removed support for insecure SSLv3 for network communications - Disable use of RC4 except for temporarily whitelisted hosts - NPAPI Plug-in performance improved via asynchronous initialization mozilla-nss was updated to version 3.19.2 to fix some of the security issues listed above. (Important) SUSE bug 932142 SUSE bug 933439 SUSE bug 935979 CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2727 CVE-2015-2728 CVE-2015-2729 CVE-2015-2730 CVE-2015-2731 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2741 CVE-2015-2743 CVE-2015-4000 openSUSE 13.2 NonFree Adobe Flash Player was updated to 11.2.202.438 to fix one security isssue. http://helpx.adobe.com/security/products/flash-player/apsb15-02.html (APSB15-02, CVE-2015-0310) (Critical) SUSE bug 914333 CVE-2015-0310 openSUSE 13.2 libunwind was updated to fix one security issue. This security issue was fixed: - CVE-2015-3239: Off-by-one in dwarf_to_unw_regnum() (bsc#936786). (Low) SUSE bug 936786 CVE-2015-3239 openSUSE 13.2 cups-filters was updated to fix three security issues. These security issues were fixed: - CVE-2015-2265: The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allowed remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707 (bsc#921753). - CVE-2015-3279: Texttopdf integer overflow (incomplete fix for CVE-2015-3258) (bsc#937018). - CVE-2015-3258: Texttopdf heap-based buffer overflow (bsc#936281). (Moderate) SUSE bug 921753 SUSE bug 936281 SUSE bug 937018 CVE-2015-2265 CVE-2015-3258 CVE-2015-3279 openSUSE 13.2 bind was updated to fix three security issues. These security issues were fixed: - CVE-2015-1349: named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allowed remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use (bsc#918330). - CVE-2014-8500: ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 did not limit delegation chaining, which allowed remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals (bsc#908994). - CVE-2015-4620: Resolver crash when validating (bsc#936476). (Moderate) SUSE bug 908994 SUSE bug 918330 SUSE bug 936476 SUSE bug 937028 CVE-2014-8500 CVE-2015-1349 CVE-2015-4620 openSUSE 13.2 MozillaThunderbird was updated to fix 20 security issues. These security issues were fixed: - CVE-2015-2727: Mozilla Firefox 38.0 and Firefox ESR 38.0 allowed user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. NOTE: this vulnerability exists because of a CVE-2015-0821 regression (bsc#935979). - CVE-2015-2725: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bsc#935979). - CVE-2015-2736: The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allowed remote attackers to have an unspecified impact via a crafted ZIP archive (bsc#935979). - CVE-2015-2724: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bsc#935979). - CVE-2015-2730: Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, did not properly perform Elliptical Curve Cryptography (ECC) multiplications, which made it easier for remote attackers to spoof ECDSA signatures via unspecified vectors (bsc#935979). - CVE-2015-2743: PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allowed remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass (bsc#935979). - CVE-2015-2740: Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allowed remote attackers to cause a denial of service or have unspecified other impact via unknown vectors (bsc#935979). - CVE-2015-2741: Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allowed user-assisted man-in-the-middle attackers to bypass intended access restrictions by triggering a (1) expired certificate or (2) mismatched hostname for a domain with pinning enabled (bsc#935979). - CVE-2015-2728: The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a "type confusion" issue (bsc#935979). - CVE-2015-2729: The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 did not properly calculate an oscillator rendering range, which allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors (bsc#935979). - CVE-2015-2739: The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors (bsc#935979). - CVE-2015-2738: The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors (bsc#935979). - CVE-2015-2737: The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors (bsc#935979). - CVE-2015-2721: Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, did not properly determine state transitions for the TLS state machine, which allowed man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue (bsc#935979). - CVE-2015-2735: nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allowed remote attackers to have an unspecified impact via a crafted ZIP archive (bsc#935979). - CVE-2015-2734: The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors (bsc#935979). - CVE-2015-2733: Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allowed remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker (bsc#935979). - CVE-2015-2722: Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allowed remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker (bsc#935979). - CVE-2015-2731: Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allowed remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers removal of a DOM object on the basis of a Content Policy (bsc#935979). - CVE-2015-4000: The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, did not properly convey a DHE_EXPORT choice, which allowed man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue (bsc#931600). (Important) SUSE bug 931600 SUSE bug 935979 CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2727 CVE-2015-2728 CVE-2015-2729 CVE-2015-2730 CVE-2015-2731 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2741 CVE-2015-2743 CVE-2015-4000 openSUSE 13.2 NonFree Adobe Flash Player was updated to 11.2.202.491 to fix two security issues. The following vulnerabilities were fixed: * CVE-2015-5122: Specially crafted Flash content allowed attackers to execute arbitrary code via a use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation. * CVE-2015-5123: Specially crafted Flash content allowed attackers to execute arbitrary code via a use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation. (Important) SUSE bug 937752 CVE-2015-5122 CVE-2015-5123 openSUSE 13.2 libidn was updated to version 1.31 to fix one security issue. This security issue was fixed: - CVE-2015-2059: Out-of-bounds read with stringprep on invalid UTF-8 (bsc#923241). (Moderate) SUSE bug 923241 CVE-2015-2059 openSUSE 13.2 rubygem-rack was updated to fix one security issue. This security issue was fixed: - CVE-2015-3225: Potential Denial of Service Vulnerability in Rack (bsc#934797). (Moderate) SUSE bug 934797 CVE-2015-3225 openSUSE 13.2 rubygem-rack-1_3 was updated to fix one security issue. This security issue was fixed: - CVE-2015-3225: Potential Denial of Service Vulnerability in Rack (bsc#934797). (Moderate) SUSE bug 934797 CVE-2015-3225 openSUSE 13.2 This update fixes the following security issues: * CVE-2014-8148: - Do not allow calls to UpdateActivationEnvironment from uids other than the uid of the dbus-daemon. If a system service installs unsafe security policy rules that allow arbitrary method calls (such as CVE-2014-8148) then this prevents memory consumption and possible privilege escalation via UpdateActivationEnvironment. * CVE-2012-3524: Don't access environment variables (bnc#912016) (Moderate) SUSE bug 912016 CVE-2012-3524 CVE-2014-8148 openSUSE 13.2 rubygem-rack-1_4 was updated to fix one security issue. This security issue was fixed: - CVE-2015-3225: Potential Denial of Service Vulnerability in Rack (bsc#934797). (Moderate) SUSE bug 934797 CVE-2015-3225 openSUSE 13.2 rubygem-jquery-rails was updated to fix one security issue. This security issue was fixed: - CVE-2015-1840: CSRF Vulnerability in jquery-ujs and jquery-rails (bsc#934795). (Moderate) SUSE bug 934795 CVE-2015-1840 openSUSE 13.2 libcryptopp was updated to fix one security issue. This security issue was fixed: - CVE-2015-2141: The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 did not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allowed remote attackers to obtain private keys via a timing attack (bsc#936435). (Moderate) SUSE bug 936435 CVE-2015-2141 openSUSE 13.2 pdns, pdns-recursor were updated to fix two security issues. These security issues were fixed: - CVE-2015-1868: The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allowed remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself (bsc#927569). - CVE-2015-5470: Complete fix for CVE-2015-1868 (bsc#927569). (Moderate) SUSE bug 927569 CVE-2015-1868 CVE-2015-5470 openSUSE 13.2 rubygem-activesupport-3_2 was updated to fix one security issue. This security issue was fixed: - CVE-2015-3227: Possible Denial of Service attack in Active Support (bsc#934800). (Moderate) SUSE bug 934800 CVE-2015-3227 openSUSE 13.2 libressl was updated to version 2.2.1 to fix 16 security issues. LibreSSL is a fork of OpenSSL. Because of that CVEs affecting OpenSSL often also affect LibreSSL. These security issues were fixed: - CVE-2014-3570: The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k did not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (bsc#912296). - CVE-2014-3572: The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allowed remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (bsc#912015). - CVE-2015-1792: The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function (bsc#934493). - CVE-2014-8275: OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k did not enforce certain constraints on certificate data, which allowed remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (bsc#912018). - CVE-2015-0209: Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import (bsc#919648). - CVE-2015-1789: The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback (bsc#934489). - CVE-2015-1788: The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b did not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allowed remote attackers to cause a denial of service (infinite loop) via a session that used an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication (bsc#934487). - CVE-2015-1790: The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that used ASN.1 encoding and lacks inner EncryptedContent data (bsc#934491). - CVE-2015-0287: The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a did not reinitialize CHOICE and ADB data structures, which might allowed attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse (bsc#922499). - CVE-2015-0286: The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a did not properly perform boolean-type comparisons, which allowed remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that used the certificate-verification feature (bsc#922496). - CVE-2015-0289: The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a did not properly handle a lack of outer ContentInfo, which allowed attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (bsc#922500). - CVE-2015-0288: The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allowed attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key (bsc#920236). - CVE-2014-8176: The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allowed remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data (bsc#934494). - CVE-2015-4000: The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, did not properly convey a DHE_EXPORT choice, which allowed man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue (bsc#931600). - CVE-2015-0205: The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allowed remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (bsc#912293). - CVE-2015-0206: Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allowed remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection (bsc#912292). (Important) SUSE bug 912015 SUSE bug 912018 SUSE bug 912292 SUSE bug 912293 SUSE bug 912296 SUSE bug 919648 SUSE bug 920236 SUSE bug 922496 SUSE bug 922499 SUSE bug 922500 SUSE bug 931600 SUSE bug 934487 SUSE bug 934489 SUSE bug 934491 SUSE bug 934493 SUSE bug 934494 SUSE bug 937891 CVE-2014-3570 CVE-2014-3572 CVE-2014-8176 CVE-2014-8275 CVE-2015-0205 CVE-2015-0206 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792 CVE-2015-4000 openSUSE 13.2 ansible was updated to fix one security issue. This security issue was fixed: - CVE-2015-3908: Fixed improper TLS Certificate Validation (bsc#938161). (Moderate) SUSE bug 938161 CVE-2015-3908 openSUSE 13.2 Cacti was updated to 0.8.8e to fix several security issues. The following vulnerabilities were fixed: * Multiple XSS and SQL injection vulnerabilities [boo#937997] * CVE-2015-4634: SQL injection in graphs.php [boo#937997] In addition, this update contains upstream bug fixes. (Moderate) SUSE bug 937997 CVE-2015-4634 openSUSE 13.2 OpenJDK was updated to 2.6.1 - OpenJDK 7u85 to fix security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2596: Difficult to exploit vulnerability in the Hotspot component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data. * CVE-2015-2597: Easily exploitable vulnerability in the Install component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2613: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. * CVE-2015-2619: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2627: Very difficult to exploit vulnerability in the Install component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2628: Easily exploitable vulnerability in the CORBA component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. * CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. * CVE-2015-4729: Very difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. * CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4736: Difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). * CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. (Important) SUSE bug 937828 SUSE bug 938248 CVE-2015-2590 CVE-2015-2596 CVE-2015-2597 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2627 CVE-2015-2628 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4736 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 openSUSE 13.2 OpenJDK was updated to 2.6.1 - OpenJDK 8u51 to fix security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2597: Easily exploitable vulnerability in the Install component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2613: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. * CVE-2015-2619: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2627: Very difficult to exploit vulnerability in the Install component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2628: Easily exploitable vulnerability in the CORBA component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2659: Easily exploitable vulnerability in the Security component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). * CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. * CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. * CVE-2015-4729: Very difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. * CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4736: Difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). * CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. (Important) SUSE bug 937828 SUSE bug 938248 CVE-2015-2590 CVE-2015-2597 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2627 CVE-2015-2628 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2659 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4736 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 openSUSE 13.2 Chromium was updated to 44.0.2403.89 to fix multiple security issues. The following vulnerabilities were fixed: * CVE-2015-1271: Heap-buffer-overflow in pdfium * CVE-2015-1273: Heap-buffer-overflow in pdfium * CVE-2015-1274: Settings allowed executable files to run immediately after download * CVE-2015-1275: UXSS in Chrome for Android * CVE-2015-1276: Use-after-free in IndexedDB * CVE-2015-1279: Heap-buffer-overflow in pdfium * CVE-2015-1280: Memory corruption in skia * CVE-2015-1281: CSP bypass * CVE-2015-1282: Use-after-free in pdfium * CVE-2015-1283: Heap-buffer-overflow in expat * CVE-2015-1284: Use-after-free in blink * CVE-2015-1286: UXSS in blink * CVE-2015-1287: SOP bypass with CSS * CVE-2015-1270: Uninitialized memory read in ICU * CVE-2015-1272: Use-after-free related to unexpected GPU process termination * CVE-2015-1277: Use-after-free in accessibility * CVE-2015-1278: URL spoofing using pdf files * CVE-2015-1285: Information leak in XSS auditor * CVE-2015-1288: Spell checking dictionaries fetched over HTTP * CVE-2015-1289: Various fixes from internal audits, fuzzing and other initiatives * CVE-2015-5605: Rgular-expression implementation mishandles interrupts, DoS via JS The following non-security changes are included: * A number of new apps/extension APIs * Lots of under the hood changes for stability and performance * Pepper Flash plugin updated to 18.0.0.209 (Important) SUSE bug 939077 CVE-2015-1270 CVE-2015-1271 CVE-2015-1272 CVE-2015-1273 CVE-2015-1274 CVE-2015-1275 CVE-2015-1276 CVE-2015-1277 CVE-2015-1278 CVE-2015-1279 CVE-2015-1280 CVE-2015-1281 CVE-2015-1282 CVE-2015-1283 CVE-2015-1284 CVE-2015-1285 CVE-2015-1286 CVE-2015-1287 CVE-2015-1288 CVE-2015-1289 CVE-2015-5605 openSUSE 13.2 This update fixes the following security issues: + The WCCP dissector could crash wnpa-sec-2015-01 CVE-2015-0559 CVE-2015-0560 [boo#912365] + The LPP dissector could crash. wnpa-sec-2015-02 CVE-2015-0561 [boo#912368] + The DEC DNA Routing Protocol dissector could crash. wnpa-sec-2015-03 CVE-2015-0562 [boo#912369] + The SMTP dissector could crash. wnpa-sec-2015-04 CVE-2015-0563 [boo#912370] + Wireshark could crash while decypting TLS/SSL sessions. wnpa-sec-2015-05 CVE-2015-0564 [boo#912372] (Moderate) SUSE bug 912365 SUSE bug 912368 SUSE bug 912369 SUSE bug 912370 SUSE bug 912372 CVE-2015-0559 CVE-2015-0560 CVE-2015-0561 CVE-2015-0562 CVE-2015-0563 CVE-2015-0564 openSUSE 13.2 lxc was updated to fix two security issues. The following vulnerabilities were fixed: * CVE-2015-1331: directory traversal flaw allowing arbitrary file creation as the root user (bnc#938522) * CVE-2015-1334: AppArmor or SELinux confinement escape via fake /proc (bnc#938523) (Moderate) SUSE bug 938522 SUSE bug 938523 CVE-2015-1331 CVE-2015-1334 openSUSE 13.2 OpenLDAP was updated to fix two security issues and one bug. The following vulnerabilities were fixed: * CVE-2015-1546: slapd crash in valueReturnFilter cleanup (bnc#916914) * CVE-2015-1545: slapd crashes on search with deref control and empty attr list (bnc#916897) The following non-security bug was fixed: * boo#905959: Prevent connection-0 (internal connection) from show up in the monitor backend (Moderate) SUSE bug 905959 SUSE bug 916897 SUSE bug 916914 CVE-2015-1545 CVE-2015-1546 openSUSE 13.2 libuser was updated to fix on security issue. The following vulnerability was fixed: * CVE-2015-3246: local root exploit through passwd file handling (boo#937533) (Important) SUSE bug 937533 CVE-2015-3246 openSUSE 13.2 This update fixes the following issue: CVE-2014-9324: The GenericInterface in OTRS Help Desk access-control problems (bnc#910988) (Moderate) SUSE bug 910988 CVE-2014-9324 openSUSE 13.2 bind was updated to fix one security issue. This security issue was fixed: - CVE-2015-5477: Remote DoS via TKEY queries (boo#939567) Exposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling. (Important) SUSE bug 939567 CVE-2015-5477 openSUSE 13.2 PHP was updated to fix two security issues. The following vulnerabilities were fixed: * CVE-2015-5589: PHP could be crashed when processing an invalid file with the "phar" extension with a segfault in Phar::convertToData, leading to Denial of Service (DOS) (boo#938721) * CVE-2015-5590: PHP could be crashed or have unspecified other impact due to a buffer overlow in phar_fix_filepath (boo#938719) (Moderate) SUSE bug 938719 SUSE bug 938721 CVE-2015-5589 CVE-2015-5590 openSUSE 13.2 Ghostscript was updated to fix one security issue. The following vulnerability was fixed: * CVE-2015-3228: Specially crafted files could have caused an interger overflow, resulting in a crash of the application or unspecified other impact (bsc#939342) (Low) SUSE bug 939342 CVE-2015-3228 openSUSE 13.2 This update fixes the following security issues: - denial-of-service vulnerability, which can be triggered by an IKEv2 Key Exchange payload, that contains the Diffie-Hellman group 1025 (bsc#910491,CVE-2014-9221). - Applied an upstream patch reverting to store algorithms in the registration order again as ordering them by identifier caused weaker algorithms to be proposed first by default (bsc#897512). (Moderate) SUSE bug 897048 SUSE bug 897512 SUSE bug 910491 CVE-2014-9221 openSUSE 13.2 - fix for CVE-2015-3622 in bundled libtasn1 (bsc#929414) * invalid read in octet string * added gnutls-CVE-2015-3622.patch - fix for GNUTLS-SA-2015-2 (bsc#929690) * ServerKeyExchange signature issue * added gnutls-GNUTLS-SA-2015-2.patch (Moderate) SUSE bug 929414 SUSE bug 929690 CVE-2015-3622 openSUSE 13.2 The openSUSE 13.2 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-3290: A flaw was found in the way the Linux kernels nested NMI handler and espfix64 functionalities interacted during NMI processing. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. - CVE-2015-3212: A race condition flaw was found in the way the Linux kernels SCTP implementation handled Address Configuration lists when performing Address Configuration Change (ASCONF). A local attacker could use this flaw to crash the system via a race condition triggered by setting certain ASCONF options on a socket. - CVE-2015-5364: A remote denial of service (hang) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-5366: A remote denial of service (unexpected error returns) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-4700: A local user could have created a bad instruction in the JIT processed BPF code, leading to a kernel crash (bnc#935705). - CVE-2015-1420: Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bnc#915517). - CVE-2015-4692: The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call (bnc#935542). - CVE-2015-4167 CVE-2014-9728 CVE-2014-9730 CVE-2014-9729 CVE-2014-9731: Various problems in the UDF filesystem were fixed that could lead to crashes when mounting prepared udf filesystems. - CVE-2015-4002: drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel did not ensure that certain length values are sufficiently large, which allowed remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions (bnc#933934). - CVE-2015-4003: The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel allowed remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet (bnc#933934). - CVE-2015-4001: Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel allowed remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet (bnc#933934). - CVE-2015-4036: A potential memory corruption in vhost/scsi was fixed. - CVE-2015-2922: The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel allowed remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message (bnc#922583). - CVE-2015-3636: It was found that the Linux kernels ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system. - CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux kernel used an incorrect data type in a sysctl table, which allowed local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry (bnc#919007). - CVE-2015-3339: Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel allowed local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. - CVE-2015-1465: The IPv4 implementation in the Linux kernel did not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allowed remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets (bnc#916225). The following non-security bugs were fixed: - ALSA: ak411x: Fix stall in work callback (boo#934755). - ALSA: emu10k1: Emu10k2 32 bit DMA mode (boo#934755). - ALSA: emu10k1: Fix card shortname string buffer overflow (boo#934755). - ALSA: emu10k1: do not deadlock in proc-functions (boo#934755). - ALSA: emux: Fix mutex deadlock at unloading (boo#934755). - ALSA: emux: Fix mutex deadlock in OSS emulation (boo#934755). - ALSA: hda - Add AZX_DCAPS_SNOOP_OFF (and refactor snoop setup) (boo#934755). - ALSA: hda - Add Conexant codecs CX20721, CX20722, CX20723 and CX20724 (boo#934755). - ALSA: hda - Add common pin macros for ALC269 family (boo#934755). - ALSA: hda - Add dock support for ThinkPad X250 (17aa:2226) (boo#934755). - ALSA: hda - Add dock support for Thinkpad T450s (17aa:5036) (boo#934755). - ALSA: hda - Add headphone quirk for Lifebook E752 (boo#934755). - ALSA: hda - Add headset mic quirk for Dell Inspiron 5548 (boo#934755). - ALSA: hda - Add mute-LED mode control to Thinkpad (boo#934755). - ALSA: hda - Add one more node in the EAPD supporting candidate list (boo#934755). - ALSA: hda - Add pin configs for ASUS mobo with IDT 92HD73XX codec (boo#934755). - ALSA: hda - Add ultra dock support for Thinkpad X240 (boo#934755). - ALSA: hda - Add workaround for CMI8888 snoop behavior (boo#934755). - ALSA: hda - Add workaround for MacBook Air 5,2 built-in mic (boo#934755). - ALSA: hda - Disable runtime PM for Panther Point again (boo#934755). - ALSA: hda - Do not access stereo amps for mono channel widgets (boo#934755). - ALSA: hda - Fix Dock Headphone on Thinkpad X250 seen as a Line Out (boo#934755). - ALSA: hda - Fix headphone pin config for Lifebook T731 (boo#934755). - ALSA: hda - Fix noise on AMD radeon 290x controller (boo#934755). - ALSA: hda - Fix probing and stuttering on CMI8888 HD-audio controller (boo#934755). - ALSA: hda - One more Dell macine needs DELL1_MIC_NO_PRESENCE quirk (boo#934755). - ALSA: hda - One more HP machine needs to change mute led quirk (boo#934755). - ALSA: hda - Set GPIO 4 low for a few HP machines (boo#934755). - ALSA: hda - Set single_adc_amp flag for CS420x codecs (boo#934755). - ALSA: hda - Treat stereo-to-mono mix properly (boo#934755). - ALSA: hda - change three SSID quirks to one pin quirk (boo#934755). - ALSA: hda - fix "num_steps = 0" error on ALC256 (boo#934755). - ALSA: hda - fix a typo by changing mute_led_nid to cap_mute_led_nid (boo#934755). - ALSA: hda - fix headset mic detection problem for one more machine (boo#934755). - ALSA: hda - fix mute led problem for three HP laptops (boo#934755). - ALSA: hda - set proper caps for newer AMD hda audio in KB/KV (boo#934755). - ALSA: hda/realtek - ALC292 dock fix for Thinkpad L450 (boo#934755). - ALSA: hda/realtek - Add a fixup for another Acer Aspire 9420 (boo#934755). - ALSA: hda/realtek - Enable the ALC292 dock fixup on the Thinkpad T450 (boo#934755). - ALSA: hda/realtek - Fix Headphone Mic does not recording for ALC256 (boo#934755). - ALSA: hda/realtek - Make more stable to get pin sense for ALC283 (boo#934755). - ALSA: hda/realtek - Support Dell headset mode for ALC256 (boo#934755). - ALSA: hda/realtek - Support HP mute led for output and input (boo#934755). - ALSA: hda/realtek - move HP_LINE1_MIC1_LED quirk for alc282 (boo#934755). - ALSA: hda/realtek - move HP_MUTE_LED_MIC1 quirk for alc282 (boo#934755). - ALSA: hdspm - Constrain periods to 2 on older cards (boo#934755). - ALSA: pcm: Do not leave PREPARED state after draining (boo#934755). - ALSA: snd-usb: add quirks for Roland UA-22 (boo#934755). - ALSA: usb - Creative USB X-Fi Pro SB1095 volume knob support (boo#934755). - ALSA: usb-audio: Add mic volume fix quirk for Logitech Quickcam Fusion (boo#934755). - ALSA: usb-audio: Add quirk for MS LifeCam HD-3000 (boo#934755). - ALSA: usb-audio: Add quirk for MS LifeCam Studio (boo#934755). - ALSA: usb-audio: Do not attempt to get Lifecam HD-5000 sample rate (boo#934755). - ALSA: usb-audio: Do not attempt to get Microsoft Lifecam Cinema sample rate (boo#934755). - ALSA: usb-audio: add MAYA44 USB+ mixer control names (boo#934755). - ALSA: usb-audio: do not try to get Benchmark DAC1 sample rate (boo#934755). - ALSA: usb-audio: do not try to get Outlaw RR2150 sample rate (boo#934755). - ALSA: usb-audio: fix missing input volume controls in MAYA44 USB(+) (boo#934755). - Automatically Provide/Obsolete all subpackages of old flavors (bnc#925567) - Fix kABI for ak411x structs (boo#934755). - Fix kABI for snd_emu10k1 struct (boo#934755). - HID: add ALWAYS_POLL quirk for a Logitech 0xc007 (bnc#929624). - HID: add HP OEM mouse to quirk ALWAYS_POLL (bnc#929624). - HID: add quirk for PIXART OEM mouse used by HP (bnc#929624). - HID: usbhid: add always-poll quirk (bnc#929624). - HID: usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#929624). - HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#929624). - HID: usbhid: enable always-poll quirk for Elan Touchscreen 009b (bnc#929624). - HID: usbhid: enable always-poll quirk for Elan Touchscreen 0103 (bnc#929624). - HID: usbhid: enable always-poll quirk for Elan Touchscreen 016f (bnc#929624). - HID: usbhid: fix PIXART optical mouse (bnc#929624). - HID: usbhid: more mice with ALWAYS_POLL (bnc#929624). - HID: usbhid: yet another mouse with ALWAYS_POLL (bnc#929624). - HID: yet another buggy ELAN touchscreen (bnc#929624). - Input: synaptics - handle spurious release of trackstick buttons (bnc#928693). - Input: synaptics - re-route tracksticks buttons on the Lenovo 2015 series (bnc#928693). - Input: synaptics - remove TOPBUTTONPAD property for Lenovos 2015 (bnc#928693). - Input: synaptics - retrieve the extended capabilities in query $10 (bnc#928693). - NFSv4: When returning a delegation, do not reclaim an incompatible open mode (bnc#934202). - Refresh patches.xen/xen-blkfront-indirect (bsc#922235). - Update config files: extend CONFIG_DPM_WATCHDOG_TIMEOUT to 60 (bnc#934397) - arm64: mm: Remove hack in mmap randomized layout Fix commit id and mainlined information - bnx2x: Fix kdump when iommu=on (bug#921769). - client MUST ignore EncryptionKeyLength if CAP_EXTENDED_SECURITY is set (bnc#932348). - config/armv7hl: Disable AMD_XGBE_PHY The AMD XGBE ethernet chip is only used on ARM64 systems. - config: disable XGBE on non-ARM hardware It is documented as being present only on AMD SoCs. - cpufreq: fix a NULL pointer dereference in __cpufreq_governor() (bsc#924664). - drm/i915/bdw: PCI IDs ending in 0xb are ULT (boo#935913). - drm/i915/chv: Remove Wait for a previous gfx force-off (boo#935913). - drm/i915/dp: only use training pattern 3 on platforms that support it (boo#935913). - drm/i915/dp: there is no audio on port A (boo#935913). - drm/i915/hsw: Fix workaround for server AUX channel clock divisor (boo#935913). - drm/i915/vlv: remove wait for previous GFX clk disable request (boo#935913). - drm/i915/vlv: save/restore the power context base reg (boo#935913). - drm/i915: Add missing MacBook Pro models with dual channel LVDS (boo#935913). - drm/i915: BDW Fix Halo PCI IDs marked as ULT (boo#935913). - drm/i915: Ban Haswell from using RCS flips (boo#935913). - drm/i915: Check obj->vma_list under the struct_mutex (boo#935913). - drm/i915: Correct the IOSF Dev_FN field for IOSF transfers (boo#935913). - drm/i915: Dell Chromebook 11 has PWM backlight (boo#935913). - drm/i915: Disable caches for Global GTT (boo#935913). - drm/i915: Do a dummy DPCD read before the actual read (bnc#907714). - drm/i915: Do not complain about stolen conflicts on gen3 (boo#935913). - drm/i915: Do not leak pages when freeing userptr objects (boo#935913). - drm/i915: Dont enable CS_PARSER_ERROR interrupts at all (boo#935913). - drm/i915: Evict CS TLBs between batches (boo#935913). - drm/i915: Fix DDC probe for passive adapters (boo#935913). - drm/i915: Fix and clean BDW PCH identification (boo#935913). - drm/i915: Force the CS stall for invalidate flushes (boo#935913). - drm/i915: Handle failure to kick out a conflicting fb driver (boo#935913). - drm/i915: Ignore SURFLIVE and flip counter when the GPU gets reset (boo#935913). - drm/i915: Ignore VBT backlight check on Macbook 2, 1 (boo#935913). - drm/i915: Invalidate media caches on gen7 (boo#935913). - drm/i915: Kick fbdev before vgacon (boo#935913). - drm/i915: Only fence tiled region of object (boo#935913). - drm/i915: Only warn the first time we attempt to mmio whilst suspended (boo#935913). - drm/i915: Unlock panel even when LVDS is disabled (boo#935913). - drm/i915: Use IS_HSW_ULT() in a HSW specific code path (boo#935913). - drm/i915: cope with large i2c transfers (boo#935913). - drm/i915: do not warn if backlight unexpectedly enabled (boo#935913). - drm/i915: drop WaSetupGtModeTdRowDispatch:snb (boo#935913). - drm/i915: save/restore GMBUS freq across suspend/resume on gen4 (boo#935913). - drm/i915: vlv: fix IRQ masking when uninstalling interrupts (boo#935913). - drm/i915: vlv: fix save/restore of GFX_MAX_REQ_COUNT reg (boo#935913). - drm/radeon: retry dcpd fetch (bnc#931580). - ftrace/x86/xen: use kernel identity mapping only when really needed (bsc#873195, bsc#886272, bsc#903727, bsc#927725) - guards: Add support for an external filelist in --check mode This will allow us to run --check without a kernel-source.git work tree. - guards: Include the file name also in the "Not found" error - guards: Simplify help text - hyperv: Add processing of MTU reduced by the host (bnc#919596). - ideapad_laptop: Lenovo G50-30 fix rfkill reports wireless blocked (boo#939394). - ipv6: do not delete previously existing ECMP routes if add fails (bsc#930399). - ipv6: fix ECMP route replacement (bsc#930399). - ipv6: replacing a rt6_info needs to purge possible propagated rt6_infos too (bsc#930399). - kABI: protect linux/slab.h include in of/address. - kabi/severities: ignore already-broken but acceptable kABI changes - SYSTEM_TRUSTED_KEYRING=n change removed system_trusted_keyring - Commits 3688875f852 and ea5ed8c70e9 changed iov_iter_get_pages prototype - KVM changes are intermodule dependencies - kabi: Fix CRC for dma_get_required_mask. - kabi: add kABI reference files - libata: Blacklist queued TRIM on Samsung SSD 850 Pro (bsc#926156). - libata: Blacklist queued TRIM on all Samsung 800-series (bnc#930599). - net: ppp: Do not call bpf_prog_create() in ppp_lock (bnc#930488). - rpm/kernel-obs-qa.spec.in: Do not fail if the kernel versions do not match - rt2x00: do not align payload on modern H/W (bnc#932844). - rtlwifi: rtl8192cu: Fix kernel deadlock (bnc#927786). - thermal: step_wise: Revert optimization (boo#925961). - tty: Fix pty master poll() after slave closes v2 (bsc#937138). arm64: mm: Remove hack in mmap randomize layout (bsc#937033) - udf: Remove repeated loads blocksize (bsc#933907). - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bnc#937226). - x86, apic: Handle a bad TSC more gracefully (boo#935530). - x86/PCI: Use host bridge _CRS info on Foxconn K8M890-8237A (bnc#907092). - x86/PCI: Use host bridge _CRS info on systems with >32 bit addressing (bnc#907092). - x86/microcode/amd: Do not overwrite final patch levels (bsc#913996). - x86/microcode/amd: Extract current patch level read to a function (bsc#913996). - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032). - xenbus: add proper handling of XS_ERROR from Xenbus for transactions. - xhci: Calculate old endpoints correctly on device reset (bnc#938976). (Important) SUSE bug 907092 SUSE bug 907714 SUSE bug 915517 SUSE bug 916225 SUSE bug 919007 SUSE bug 919596 SUSE bug 921769 SUSE bug 922583 SUSE bug 925567 SUSE bug 925961 SUSE bug 927786 SUSE bug 928693 SUSE bug 929624 SUSE bug 930488 SUSE bug 930599 SUSE bug 931580 SUSE bug 932348 SUSE bug 932844 SUSE bug 933934 SUSE bug 934202 SUSE bug 934397 SUSE bug 934755 SUSE bug 935530 SUSE bug 935542 SUSE bug 935705 SUSE bug 935913 SUSE bug 937226 SUSE bug 938976 SUSE bug 939394 CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731 CVE-2015-1420 CVE-2015-1465 CVE-2015-2041 CVE-2015-2922 CVE-2015-3212 CVE-2015-3290 CVE-2015-3339 CVE-2015-3636 CVE-2015-4001 CVE-2015-4002 CVE-2015-4003 CVE-2015-4036 CVE-2015-4167 CVE-2015-4692 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366 openSUSE 13.2 NonFree - Security update to 11.2.202.508 (bsc#941239): * APSB15-19: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563 (Critical) SUSE bug 941239 CVE-2015-3107 CVE-2015-5124 CVE-2015-5125 CVE-2015-5127 CVE-2015-5128 CVE-2015-5129 CVE-2015-5130 CVE-2015-5131 CVE-2015-5132 CVE-2015-5133 CVE-2015-5134 CVE-2015-5539 CVE-2015-5540 CVE-2015-5541 CVE-2015-5544 CVE-2015-5545 CVE-2015-5546 CVE-2015-5547 CVE-2015-5548 CVE-2015-5549 CVE-2015-5550 CVE-2015-5551 CVE-2015-5552 CVE-2015-5553 CVE-2015-5554 CVE-2015-5555 CVE-2015-5556 CVE-2015-5557 CVE-2015-5558 CVE-2015-5559 CVE-2015-5560 CVE-2015-5561 CVE-2015-5562 CVE-2015-5563 openSUSE 13.2 - update to Firefox 40.0 (bnc#940806) * Added protection against unwanted software downloads * Suggested Tiles show sites of interest, based on categories from your recent browsing history * Hello allows adding a link to conversations to provide context on what the conversation will be about * New style for add-on manager based on the in-content preferences style * Improved scrolling, graphics, and video playback performance with off main thread compositing (GNU/Linux only) * Graphic blocklist mechanism improved: Firefox version ranges can be specified, limiting the number of devices blocked security fixes: * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety hazards * MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with malformed MP3 file * MFSA 2015-81/CVE-2015-4477 (bmo#1179484) Use-after-free in MediaStream playback * MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of non-configurable JavaScript object properties * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues in libstagefright * MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting through Mozilla Maintenance Service with hard links (only affected Windows) * MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with Updater and malicious MAR file (does not affect openSUSE RPM packages which do not ship the updater) * MFSA 2015-86/CVE-2015-4483 (bmo#1148732) Feed protocol with POST bypasses mixed content protections * MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared memory in JavaScript * MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf when scaling bitmap images * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) Buffer overflows on Libvpx when decoding WebM video * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection * MFSA 2015-91/CVE-2015-4490 (bmo#1086999) Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification * MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in XMLHttpRequest with shared workers - added mozilla-no-stdcxx-check.patch - removed obsolete patches * mozilla-add-glibcxx_use_cxx11_abi.patch * firefox-multilocale-chrome.patch - rebased patches - requires version 40 of the branding package - removed browser/searchplugins/ location as it's not valid anymore - includes security update to Firefox 39.0.3 (bnc#940918) * MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058) Same origin violation and local file stealing via PDF reader (Important) SUSE bug 940806 SUSE bug 940918 CVE-2015-4473 CVE-2015-4474 CVE-2015-4475 CVE-2015-4477 CVE-2015-4478 CVE-2015-4479 CVE-2015-4480 CVE-2015-4481 CVE-2015-4482 CVE-2015-4483 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4490 CVE-2015-4491 CVE-2015-4492 CVE-2015-4493 CVE-2015-4495 openSUSE 13.2 subversion was updated to version 1.8.14 to fix two security issues. These security issues were fixed: - CVE-2015-3187: Information leak (only paths) that were hidden by path-based authz (bsc#939517). - CVE-2015-3184: Information leak in mixed anonymous/authenticated httpd (dav) configurations (bsc#939514). (Moderate) SUSE bug 939514 SUSE bug 939517 CVE-2015-3184 CVE-2015-3187 openSUSE 13.2 - Version bump to 4.2.32 bnc#938408 CVE-2015-2594 * Storage: fixed a crash when taking snapshots (4.2.30 regression) * ExtPack: don't fail if the TMP directory contains non-latin1 characters (bug #14159) * Main: implemented dedicated event processing queue * Linux hosts: fixed a bug which made the netfilter driver ignore certain events (bug #12264) Also included from Version bump to 4.2.30 bnc#935900 CVE-2015-3456: * Various small fixes here and there - Fix the multiinstall on kernel modules to avoid conflicts bnc#925663 - Drop smap.diff fails to apply to the latest release (Moderate) SUSE bug 925663 SUSE bug 935900 SUSE bug 938408 CVE-2015-2594 CVE-2015-3456 openSUSE 13.2 Wireshark was updated to fix several security vulnerabilities and bugs. - Wireshark 1.12.7 [boo#941500] The following vulnerabilities have been fixed: * Wireshark could crash when adding an item to the protocol tree. wnpa-sec-2015-21 * Wireshark could attempt to free invalid memory. wnpa-sec-2015-22 * Wireshark could crash when searching for a protocol dissector. wnpa-sec-2015-23 * The ZigBee dissector could crash. wnpa-sec-2015-24 * The GSM RLC/MAC dissector could go into an infinite loop. wnpa-sec-2015-25 * The WaveAgent dissector could crash. wnpa-sec-2015-26 * The OpenFlow dissector could go into an infinite loop. wnpa-sec-2015-27 * Wireshark could crash due to invalid ptvcursor length checking. wnpa-sec-2015-28 * The WCCP dissector could crash. wnpa-sec-2015-29 * Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html (Low) SUSE bug 941500 openSUSE 13.2 xfsprogs was updated to fix one security vulnerability and bugs. - Handle unwanted data disclosure in xfs_metadump (bsc#939367, CVE-2012-2150) - Fix definition of leaf attribute block to avoid gcc optimization xfsprogs-fix-leaf-block-definition (Moderate) SUSE bug 939367 CVE-2012-2150 openSUSE 13.2 - Fix CVE-2015-3908 to remove tabs and use spaces instead. This broke python parsing and in consequence Ansible. (bnc #941863) (Moderate) SUSE bug 941863 CVE-2015-3908 openSUSE 13.2 This update to Thunderbird 38.2.0 fixes the following issues (bnc#940806): * MFSA 2015-79/CVE-2015-4473 Miscellaneous memory safety hazards * MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with malformed MP3 file * MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of non-configurable JavaScript object properties * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues in libstagefright * MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting through Mozilla Maintenance Service with hard links (only affected Windows) * MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with Updater and malicious MAR file (does not affect openSUSE RPM packages which do not ship the updater) * MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared memory in JavaScript * MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf when scaling bitmap images * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) Buffer overflows on Libvpx when decoding WebM video * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection * MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in XMLHttpRequest with shared workers (Moderate) SUSE bug 940806 CVE-2015-4473 CVE-2015-4475 CVE-2015-4478 CVE-2015-4479 CVE-2015-4480 CVE-2015-4481 CVE-2015-4482 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 CVE-2015-4492 CVE-2015-4493 openSUSE 13.2 MozillaFirefox was updated to version 40.0.3 to fix two security issues and several bugs. Changes in MozillaFirefox: - update to Firefox 40.0.3 (bnc#943550) * Disable the asynchronous plugin initialization (bmo#1198590) * Fix a segmentation fault in the GStreamer support (bmo#1145230) * Fix a regression with some Japanese fonts used in the <input> field (bmo#1194055) * On some sites, the selection in a select combox box using the mouse could be broken (bmo#1194733) security fixes * MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278, bsc#943557) Use-after-free when resizing canvas element during restyling * MFSA 2015-95/CVE-2015-4498 (bmo#1042699, bsc#943558) Add-on notification bypass through data URLs (Moderate) SUSE bug 943550 CVE-2015-4497 CVE-2015-4498 openSUSE 13.2 This update fixes two security vulnerabilities (bsc#920057): * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]. See http://www.cs.tau.ac.il/~tromer/radioexp/ for details. * Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical] (Moderate) SUSE bug 920057 CVE-2014-3591 CVE-2015-0837 openSUSE 13.2 Gnutls was updated to fix one security issue. The following vulnerability was fixed: * CVE-2015-6251: Decoding specific certificates with very long DistinguishedName (DN) entries could have caused a double free, which may have resulted in a Denial of Service (GNUTLS-SA-2015-3) (Moderate) SUSE bug 941794 CVE-2015-6251 openSUSE 13.2 net-snmp was updated to fix one secuirty vulnerability and 2 bugs. - Fix an incompletely initialized vulnerability within the snmp_pdu_parse() function of snmp_api.c. (bnc#940188, CVE-2015-5621) - Add build requirement 'procps' to fix a net-snmp-config error. (bsc#935863) - Stop snmptrapd on removal. (Moderate) SUSE bug 935863 SUSE bug 940188 CVE-2015-5621 openSUSE 13.2 Tor was updated to fix one logging privacy issue. The following issue was fixed: * Malformed hostnames in socks5 requests were written to the log regardless of SafeLogging option (CWE-532) [boo#943362] (Low) SUSE bug 943362 openSUSE 13.2 gdk-pixbuf was updated to version 2.31.6 to fix a secuirty vulnerability and several bugs. - Update to version 2.31.6 (boo#942801): + Really fix bgo#752297. This is CVE-2015-4491. + Updated translations. - Update to version 2.31.5: + Add support for g_autoptr for all object types (bgo#750497). + Avoid a possible divide-by-zero in the pixbuf loader (bgo#750440). + Remove gettext .pot file hack (bgo#743574). + Be more careful about integer overflow (bgo#752297). + Updated translations. - Drop README from docs as it is now empty. - Add generic www.gnome.org URL to silence a few lint warnings. - Update to version 2.31.4: + SVGZ icons in notification GNOME3 (bgo#648815). + gdk_pixbuf_apply_embedded_orientation is not working (bgo#725582). + Updated translations. - Update to version 2.31.3: + API changes: Revert an annotation change that broke bindings. + Build fixes: - Clean up configure - Fix Visual Studio build - Define MAP_ANONYMOUS when needed - Include gi18n-lib.h where needed + Updated translations. - Update to version 2.31.2: + API changes: - Deprecate GdkPixdata. - Add gdk_pixbuf_get_options() helper to list set options. - Annotations fixes for various functions. - Remove incorrect info about area-prepared signal. + Image format support changes: - Flag multi-page TIFF files. - Fix memory usage for GIF animations, add note about minimum frame length. - Return an error for truncated PNG files. - Add density (DPI) support for JPEG, PNG and TIFF. - Fix reading CMYK JPEG files generated by Photoshop. - Allow saving 1-bit mono TIFF files as used in faxes. - Simplify loader names. - Fix loading GIF files when the first write is short. - Add progressive loading to ICNS files. - Add support for 256x256 ICO files. - Fix reading MS AMCap2 BMP files. + Other: - Honour requested depth in Xlib. - Special-case compositing/copying with no scaling. - Add relocation support to OSX and Linux. - Prefer gdk-pixbuf's loaders to the GDI+ ones on Windows. - fix bashism in post script (Moderate) SUSE bug 942801 CVE-2015-4491 openSUSE 13.2 perl-XML-LibXML was updated to version 2.0.121 to fix one security vulnerability. - Fix "expand_entities" option that was not preserved under some circumstances. (bsc#929237, CVE-2015-3451) (Moderate) SUSE bug 929237 CVE-2015-3451 openSUSE 13.2 libvdpau was updated to use secure_getenv() instead of getenv() for several variables so it can be more safely used in setuid applications. * CVE-2015-5198: libvdpau: incorrect check for security transition (bnc#943967) * CVE-2015-5199: libvdpau: directory traversal in dlopen (bnc#943968) * CVE-2015-5200: libvdpau: vulnerability in trace functionality (bnc#943969) (Moderate) SUSE bug 943967 SUSE bug 943968 SUSE bug 943969 CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 openSUSE 13.2 roundcubemail was updated to 1.0.4 fixing bugs and security issues. Changes: * Disable TinyMCE contextmenu plugin as there are more cons than pros in using it (#1490118) * Fix bug where show_real_foldernames setting wasn't honored on compose page (#1490153) * Fix issue where Archive folder wasn't protected in Folder Manager (#1490154) * Fix compatibility with PHP 5.2. in rcube_imap_generic (#1490115) * Fix setting flags on servers with no PERMANENTFLAGS response (#1490087) * Fix regression in SHAA password generation in ldap driver of password plugin (#1490094) * Fix displaying of HTML messages with absolutely positioned elements in Larry skin (#1490103) * Fix font style display issue in HTML messages with styled <span> elements (#1490101) * Fix download of attachments that are part of TNEF message (#1490091) * Fix handling of uuencoded messages if messages_cache is enabled (#1490108) * Fix handling of base64-encoded attachments with extra spaces (#1490111) * Fix handling of UNKNOWN-CTE response, try do decode content client-side (#1490046) * Fix bug where creating subfolders in shared folders wasn't possible without ACL extension (#1490113) * Fix reply scrolling issue with text mode and start message below the quote (#1490114) * Fix possible issues in skin/skin_path config handling (#1490125) * Fix lack of delimiter for recipient addresses in smtp_log (#1490150) * Fix generation of Blowfish-based password hashes (#1490184) * Fix bugs where CSRF attacks were still possible on some requests (CVE-2014-9587) (Moderate) SUSE bug 913095 CVE-2014-9587 openSUSE 13.2 Squid was updated to fix a security issue. If the Squid HTTP Proxy configured with client-first SSL bumping did not correctly validate server certificate. (CVE-2015-3455) (Moderate) SUSE bug 929493 CVE-2015-3455 openSUSE 13.2 Spice was updated to fix a heap corruption in the spice server (CVE-2015-3247). (Moderate) SUSE bug 944460 CVE-2015-3247 openSUSE 13.2 sblim-sfcb was updated to fix a security issue with a crash due to a null pointer dereference in lookupProviders() (CVE-2015-5185) (Moderate) SUSE bug 942628 CVE-2015-5185 openSUSE 13.2 elfutils was updated to fix a directory traversal vulnerability (bnc#911662 CVE-2014-9447) (Moderate) SUSE bug 911662 CVE-2014-9447 openSUSE 13.2 remind was updated to fix a buffer overflow in DumpSysVar (CVE-2015-5957) (bnc#940924) (Moderate) SUSE bug 940924 CVE-2015-5957 openSUSE 13.2 python Django was updated to fix a remote denial of service (resource exhaustion) possibility in the auth views module. (bsc#941587, CVE-2015-5963) (Moderate) SUSE bug 941587 CVE-2015-5963 openSUSE 13.2 Chromium was updated to the 45.0.2454.85 of the stable channel to fix multiple security issues. The following vulnerabilities were fixed: * CVE-2015-1291: Cross-origin bypass in DOM * CVE-2015-1292: Cross-origin bypass in ServiceWorker * CVE-2015-1293: Cross-origin bypass in DOM * CVE-2015-1294: Use-after-free in Skia * CVE-2015-1295: Use-after-free in Printing * CVE-2015-1296: Character spoofing in omnibox * CVE-2015-1297: Permission scoping error in WebRequest * CVE-2015-1298: URL validation error in extensions * CVE-2015-1299: Use-after-free in Blink * CVE-2015-1300: Information leak in Blink * CVE-2015-1301: Various fixes from internal audits, fuzzing and other initiatives. (Moderate) SUSE bug 944144 CVE-2015-1291 CVE-2015-1292 CVE-2015-1293 CVE-2015-1294 CVE-2015-1295 CVE-2015-1296 CVE-2015-1297 CVE-2015-1298 CVE-2015-1299 CVE-2015-1300 CVE-2015-1301 openSUSE 13.2 libgcrypt was updated to include countermeasures against Lenstra's fault attack on RSA Chinese Remainder Theorem optimization in RSA. A signature verification step was updated to protect against leaks of private keys in case of hardware faults or implementation errors in numeric libraries. GnuPG already performed this check by itself and was not affected. This fix is equivalent, but not equal to CVE-2015-5738 (Low) SUSE bug 944835 openSUSE 13.2 The systemd service in criu was disabled as a temporary workaround for possibile security issues (CVE-2015-5228, CVE-2015-5231, bsc#943105) (Moderate) SUSE bug 943105 CVE-2015-5228 CVE-2015-5231 openSUSE 13.2 The following issues were fixed in this update: - CVE-2014-8090: Denial Of Service XML Expansion (bnc#905326) - CVE-2014-8080: Denial Of Service XML Expansion (bnc#902851) (Moderate) SUSE bug 902851 SUSE bug 905326 CVE-2014-8080 CVE-2014-8090 openSUSE 13.2 BIND was updated to fix a denial of service against servers performing validation on DNSSEC-signed records (CVE-2015-5722, bsc#944066). (Important) SUSE bug 944066 CVE-2015-5722 openSUSE 13.2 The icedtea-web java plugin was updated to 1.6.1. Changes included: * Enabled Entry-Point attribute check * permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. * fixed DownloadService * comments in deployment.properties now should persists load/save * fixed bug in caching of files with query * fixed issues with recreating of existing shortcut * trustAll/trustNone now processed correctly * headless no longer shows dialogues * RH1231441 Unable to read the text of the buttons of the security dialogue * Fixed RH1233697 icedtea-web: applet origin spoofing (CVE-2015-5235, bsc#944208) * Fixed RH1233667 icedtea-web: unexpected permanent authorization of unsigned applets (CVE-2015-5234, bsc#944209) * MissingALACAdialog made available also for unsigned applications (but ignoring actual manifest value) and fixed * NetX - fixed issues with -html shortcuts - fixed issue with -html receiving garbage in width and height * PolicyEditor - file flag made to work when used standalone - file flag and main argument cannot be used in combination * Fix generation of man-pages with some versions of "tail" Also included is the update to 1.6 * Massively improved offline abilities. Added Xoffline switch to force work without inet connection. * Improved to be able to run with any JDK * JDK 6 and older no longer supported * JDK 8 support added (URLPermission granted if applicable) * JDK 9 supported * Added support for Entry-Point manifest attribute * Added KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK deployment property to control scan of Manifest file * starting arguments now accept also -- abbreviations * Added new documentation * Added support for menu shortcuts - both javaws applications/applets and html applets are supported * added support for -html switch for javaws. Now you can run most of the applets without browser at all * Control Panel - PR1856: ControlPanel UI improvement for lower resolutions (800*600) * NetX - PR1858: Java Console accepts multi-byte encodings - PR1859: Java Console UI improvement for lower resolutions (800*600) - RH1091563: [abrt] icedtea-web-1.5-2.fc20: Uncaught exception java.lang.ClassCastException in method sun.applet.PluginAppletViewer$8.run() - Dropped support for long unmaintained -basedir argument - Returned support for -jnlp argument - RH1095311, PR574 - References class sun.misc.Ref removed in OpenJDK 9 - fixed, and so buildable on JDK9 * Plugin - PR1743 - Intermittant deadlock in PluginRequestProcessor - PR1298 - LiveConnect - problem setting array elements (applet variables) from JS - RH1121549: coverity defects - Resolves method overloading correctly with superclass heirarchy distance * PolicyEditor - codebases can be renamed in-place, copied, and pasted - codebase URLs can be copied to system clipboard - displays a progress dialog while opening or saving files - codebases without permissions assigned save to file anyway (and re-appear on next open) - PR1776: NullPointer on save-and-exit - PR1850: duplicate codebases when launching from security dialogs - Fixed bug where clicking "Cancel" on the "Save before Exiting" dialog could result in the editor exiting without saving changes - Keyboard accelerators and mnemonics greatly improved - "File - New" allows editing a new policy without first selecting the file to save to * Common - PR1769: support signed applets which specify Sandbox permissions in their manifests * Temporary Permissions in security dialog now multi-selectable and based on PolicyEditor permissions - Update to 1.5.2 * NetX - RH1095311, PR574 - References class sun.misc.Ref removed in OpenJDK 9 - fixed, and so buildable on JDK9 - RH1154177 - decoded file needed from cache - fixed NPE in https dialog - empty codebase behaves as "." (Important) SUSE bug 755054 SUSE bug 830880 SUSE bug 944208 SUSE bug 944209 CVE-2012-4540 CVE-2015-5234 CVE-2015-5235 openSUSE 13.2 NonFree Adobe Flash Player was updated to 11.2.202.521 (APSB15-23 bsc#946880) fixing several security issues: More information can be found on: https://helpx.adobe.com/security/products/flash-player/apsb15-23.html (Critical) SUSE bug 946880 CVE-2015-5567 CVE-2015-5568 CVE-2015-5570 CVE-2015-5571 CVE-2015-5572 CVE-2015-5573 CVE-2015-5574 CVE-2015-5575 CVE-2015-5576 CVE-2015-5577 CVE-2015-5578 CVE-2015-5579 CVE-2015-5580 CVE-2015-5581 CVE-2015-5582 CVE-2015-5584 CVE-2015-5587 CVE-2015-5588 CVE-2015-6676 CVE-2015-6677 CVE-2015-6678 CVE-2015-6679 CVE-2015-6682 openSUSE 13.2 This update provides version 2.4.18 of cyrus-imapd * Security fix: handle urlfetch range starting outside message range * A bunch of cleanups and fixes to compiling * A bunch of sieve cleanups * Enhanced SSL/TLS configuration options * Disable use of SSLv2/SSLv3 * Allow SQL backend for mboxlist and statuscache (thanks Julien Coloos) * Fixed T116: correct LIST response for domains starting with 'inbox.' * Fixed T76: fixed lmtpd userdeny db checks (thanks Leena Heino) * Fixed bug #3856: lmtpd now performs userdeny checks * Fixed bug #3848: support charset aliases in encoded headers * Fixed bug #3853: disconnect_on_vanished_mailbox: release mailbox lock before exiting (thanks Wolfgang Breyha) * Fixed bug #3415: fixed nntpd LIST/GROUP bug * Fixed bug #3784: no longer crash in THREAD REFERENCES when messages reference themselves * Fixed bug #3757: don't segfault on mailbox close with no user (Moderate) SUSE bug 945844 openSUSE 13.2 The MySQL Community Server edition was updated to 5.6.26, fixing security issues and bugs. All changes: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-26.html * Fixed CVEs: CVE-2015-2617, CVE-2015-2648, CVE-2015-2611, CVE-2015-2582 CVE-2015-4752, CVE-2015-4756, CVE-2015-2643, CVE-2015-4772 CVE-2015-4761, CVE-2015-4757, CVE-2015-4737, CVE-2015-4771 CVE-2015-4769, CVE-2015-2639, CVE-2015-2620, CVE-2015-2641 CVE-2015-2661, CVE-2015-4767 * disable Performance Schema by default. Since MySQL 5.6.6 upstream enabled Performance Schema by default which results in increased memory usage. The added option disable Performance Schema again in order to decrease MySQL memory usage [bnc#852477]. * install INFO_BIN and INFO_SRC, noticed in MDEV-6912 * remove superfluous '--group' parameter from mysql-systemd-helper * make -devel package installable in the presence of LibreSSL * cleanup after the update-message if it was displayed * add 'exec' to mysql-systemd-helper to shutdown mysql/mariadb cleanly [bnc#943096] (Moderate) SUSE bug 852477 SUSE bug 902396 SUSE bug 938412 SUSE bug 942908 SUSE bug 943096 CVE-2015-2582 CVE-2015-2611 CVE-2015-2617 CVE-2015-2620 CVE-2015-2639 CVE-2015-2641 CVE-2015-2643 CVE-2015-2648 CVE-2015-2661 CVE-2015-4737 CVE-2015-4752 CVE-2015-4756 CVE-2015-4757 CVE-2015-4761 CVE-2015-4767 CVE-2015-4769 CVE-2015-4771 CVE-2015-4772 openSUSE 13.2 The PHP5 script interpreter was updated to fix various security issues: * CVE-2015-6831: A use after free vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#942291] [bnc#942294] [bnc#942295] * CVE-2015-6832: A dangling pointer in the unserialization of ArrayObject items could be used to crash php or potentially execute code. [bnc#942293] * CVE-2015-6833: A directory traversal when extracting ZIP files could be used to overwrite files outside of intended area. [bnc#942296] * CVE-2015-6834: A Use After Free Vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945403] * CVE-2015-6835: A Use After Free Vulnerability in session unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945402] * CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428] * CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed. [bnc#945412] (Important) SUSE bug 942291 SUSE bug 942293 SUSE bug 942294 SUSE bug 942295 SUSE bug 942296 SUSE bug 945402 SUSE bug 945403 SUSE bug 945412 SUSE bug 945428 CVE-2015-6831 CVE-2015-6832 CVE-2015-6833 CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 openSUSE 13.2 MozillaFirefox was updated to Firefox 41.0 (bnc#947003) Security issues fixed: * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards * MFSA 2015-97/CVE-2015-4503 (bmo#994337) Memory leak in mozTCPSocket to servers * MFSA 2015-98/CVE-2015-4504 (bmo#1132467) Out of bounds read in QCMS library with ICC V4 profile attributes * MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only) Site attribute spoofing on Android by pasting URL with unknown scheme * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only) Arbitrary file manipulation by local user through Mozilla updater * MFSA 2015-101/CVE-2015-4506 (bmo#1192226) Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-102/CVE-2015-4507 (bmo#1192401) Crash when using debugger with SavedStacks in JavaScript * MFSA 2015-103/CVE-2015-4508 (bmo#1195976) URL spoofing in reader mode * MFSA 2015-104/CVE-2015-4510 (bmo#1200004) Use-after-free with shared workers and IndexedDB * MFSA 2015-105/CVE-2015-4511 (bmo#1200148) Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 (bmo#1198435) Use-after-free while manipulating HTML media content * MFSA 2015-107/CVE-2015-4512 (bmo#1170390) Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems * MFSA 2015-108/CVE-2015-4502 (bmo#1105045) Scripted proxies can access inner window * MFSA 2015-109/CVE-2015-4516 (bmo#904886) JavaScript immutable property enforcement can be bypassed * MFSA 2015-110/CVE-2015-4519 (bmo#1189814) Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869) Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/ CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/ CVE-2015-7180 Vulnerabilities found through code inspection * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860, bmo#1190526) (Windows only) Memory safety errors in libGLES in the ANGLE graphics library * MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only) Information disclosure via the High Resolution Time API (Important) SUSE bug 947003 CVE-2015-4476 CVE-2015-4500 CVE-2015-4501 CVE-2015-4502 CVE-2015-4503 CVE-2015-4504 CVE-2015-4505 CVE-2015-4506 CVE-2015-4507 CVE-2015-4508 CVE-2015-4509 CVE-2015-4510 CVE-2015-4511 CVE-2015-4512 CVE-2015-4516 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7178 CVE-2015-7179 CVE-2015-7180 openSUSE 13.2 python-PyJWT was updated to fix unsafe usage of asymmetric keys in combination with HMAC algorithm (bsc#935544) (Moderate) SUSE bug 935544 openSUSE 13.2 phpMyAdmin was updated to the latest supported upstream release 4.4.14. Besides all upstream bug fixes and improvements, it fixes the following vulnerability: * CVE-2015-6830: reCaptcha bypass boo#945420 (Low) SUSE bug 945420 CVE-2015-6830 openSUSE 13.2 MozillaThunderbird was updated to fix 17 security issues. These security issues were fixed: - CVE-2015-4509: Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176 (bsc#947003). - CVE-2015-4520: Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header (bsc#947003). - CVE-2015-4521: The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003). - CVE-2015-4522: The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow (bsc#947003). - CVE-2015-4500: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bsc#947003). - CVE-2015-4511: Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to execute arbitrary code via a crafted header in a WebM video (bsc#947003). - CVE-2015-7178: The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content (bsc#947003). - CVE-2015-7179: The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted (1) OpenGL or (2) WebGL content (bsc#947003). - CVE-2015-4506: Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allowed remote attackers to execute arbitrary code via a crafted VP9 file (bsc#947003). - CVE-2015-4517: NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003). - CVE-2015-4505: updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allowed local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service (bsc#947003). - CVE-2015-4519: Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element (bsc#947003). - CVE-2015-7180: The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003). - CVE-2015-7176: The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 used an incorrect argument to the sscanf function, which might allowed remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003). - CVE-2015-7177: The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003). - CVE-2015-7174: The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow (bsc#947003). - CVE-2015-7175: The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow (bsc#947003). (Important) SUSE bug 947003 CVE-2015-4500 CVE-2015-4505 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7178 CVE-2015-7179 CVE-2015-7180 openSUSE 13.2 seamonkey was updated to fix 25 security issues. These security issues were fixed: - CVE-2015-4520: Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header (bsc#947003). - CVE-2015-4521: The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003). - CVE-2015-4522: The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow (bsc#947003). - CVE-2015-4502: js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandled certain receiver arguments, which allowed remote attackers to bypass intended window access restrictions via a crafted web site (bsc#947003). - CVE-2015-4503: The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandled array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allowed remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application (bsc#947003). - CVE-2015-4500: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bsc#947003). - CVE-2015-4501: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bsc#947003). - CVE-2015-4506: Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allowed remote attackers to execute arbitrary code via a crafted VP9 file (bsc#947003). - CVE-2015-4507: The SavedStacks class in the JavaScript implementation in Mozilla Firefox before 41.0, when the Debugger API is enabled, allowed remote attackers to cause a denial of service (getSlotRef assertion failure and application exit) or possibly execute arbitrary code via a crafted web site (bsc#947003). - CVE-2015-4504: The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allowed remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image (bsc#947003). - CVE-2015-4505: updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allowed local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service (bsc#947003). - CVE-2015-7180: The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003). - CVE-2015-4509: Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176 (bsc#947003). - CVE-2015-7178: The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content (bsc#947003). - CVE-2015-7179: The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted (1) OpenGL or (2) WebGL content (bsc#947003). - CVE-2015-7176: The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 used an incorrect argument to the sscanf function, which might allowed remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003). - CVE-2015-7177: The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003). - CVE-2015-7174: The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow (bsc#947003). - CVE-2015-7175: The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow (bsc#947003). - CVE-2015-4511: Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to execute arbitrary code via a crafted header in a WebM video (bsc#947003). - CVE-2015-4510: Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) by leveraging improper interaction between shared workers and the IndexedDB implementation (bsc#947003). - CVE-2015-4512: gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the Cairo library with 32-bit color-depth surface creation followed by 16-bit color-depth surface display, which allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) by using a CANVAS element to trigger 2D rendering (bsc#947003). - CVE-2015-4517: NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003). - CVE-2015-4516: Mozilla Firefox before 41.0 allowed remote attackers to bypass certain ECMAScript 5 (aka ES5) API protection mechanisms and modify immutable properties, and consequently execute arbitrary JavaScript code with chrome privileges, via a crafted web page that did not use ES5 APIs (bsc#947003). - CVE-2015-4519: Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element (bsc#947003). (Important) SUSE bug 935979 SUSE bug 947003 CVE-2015-4500 CVE-2015-4501 CVE-2015-4502 CVE-2015-4503 CVE-2015-4504 CVE-2015-4505 CVE-2015-4506 CVE-2015-4507 CVE-2015-4509 CVE-2015-4510 CVE-2015-4511 CVE-2015-4512 CVE-2015-4516 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7178 CVE-2015-7179 CVE-2015-7180 openSUSE 13.2 vorbis-tools was updated to fix a buffer overflow in aiff_open(), that could be used to crash or potentially execute code when opening aiff format files. (CVE-2015-6749, bsc#943795). (Moderate) SUSE bug 943795 CVE-2015-6749 openSUSE 13.2 redis was updated to version 2.8.22 (boo#934048) to fix a LUA sandbox update. (CVE-2015-4335) Details can be found on http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/ For the other changes see in the package: /usr/share/doc/packages/redis/00-RELEASENOTES (Moderate) SUSE bug 934048 CVE-2015-4335 openSUSE 13.2 Apache2 was updated to fix security issues. - CVE-2015-3185: The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x did not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior. [bnc#938723] - CVE-2015-3183: The chunked transfer coding implementation in the Apache HTTP Server did not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c. [bnc#938728] On openSUSE 13.1: - CVE-2015-4000: Fix Logjam vulnerability: change the default SSLCipherSuite cipherstring to disable export cipher suites and deploy Ephemeral Elliptic-Curve Diffie-Hellman (ECDHE) ciphers. Adjust 'gensslcert' script to generate a strong and unique Diffie Hellman Group and append it to the server certificate file [bnc#931723]. (Moderate) SUSE bug 931723 SUSE bug 938723 SUSE bug 938728 CVE-2015-3183 CVE-2015-3185 CVE-2015-4000 openSUSE 13.2 froxlor was updated to version 0.9.34 (bnc#846355), fixing bugs and bringing features. (Moderate) SUSE bug 846355 CVE-2014-0185 openSUSE 13.2 conntrack-tools was updated to fix one security issue. The following vulnerability was fixed: * CVE-2015-6496: Fix a possible crash if conntrackd sees DCCP, SCTP and ICMPv6 traffic and the corresponding kernel modules that track this traffic are not available. (boo#942149) (Moderate) SUSE bug 942149 CVE-2015-6496 openSUSE 13.2 IPython was updated to fix a cross-site-scripting vulnerability in handling local foldernames. (CVE-2015-6938, bnc#945828) (Moderate) SUSE bug 945828 CVE-2015-6938 openSUSE 13.2 lxc was update to fix one security issue. The following vulnerability was fixed: * CVE-2015-1335: A directory traversal flaw while lxc-start is initially setting up the mounts for a container (boo#946744) (Moderate) SUSE bug 946744 CVE-2015-1335 openSUSE 13.2 Chromium was updated to 45.0.2454.101 to fix two security issues. The following vulnerabilities were fixed: * CVE-2015-1303: Cross-origin bypass in DOM [boo#947504] * CVE-2015-1304: Cross-origin bypass in V8 [boo#947507] (Important) SUSE bug 947504 SUSE bug 947507 CVE-2015-1303 CVE-2015-1304 openSUSE 13.2 Polkit was updated to 0.113 to fix four security issues. The following vulnerabilities were fixed: * CVE-2015-4625: a local privilege escalation due to predictable authentication session cookie values. (boo#935119) * CVE-2015-3256: various memory corruption vulnerabilities in use of the JavaScript interpreter, possibly leading to local privilege escalation. (boo#943816) * CVE-2015-3255: a memory corruption vulnerability in handling duplicate action IDs, possibly leading to local privilege escalation. (boo#939246) * CVE-2015-3218: Allowed any local user to crash polkitd. (boo#933922) (Important) SUSE bug 933922 SUSE bug 935119 SUSE bug 939246 SUSE bug 943816 CVE-2015-3218 CVE-2015-3255 CVE-2015-3256 CVE-2015-4625 openSUSE 13.2 NonFree Adobe Flash Player was updated to 11.2.202.535 to fix a number of security issues. (boo#950169, APSB15-25) The following vulnerabilities were fixed: * CVE-2015-7628: Vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure * CVE-2015-5569: Defense-in-depth feature in the Flash broker API * CVE-2015-7629, CVE-2015-7631, CVE-2015-7643, CVE-2015-7644: Use-after-free vulnerabilities that could lead to code execution * CVE-2015-7632: Buffer overflow vulnerability that could lead to code execution * CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, CVE-2015-7634: Memory corruption vulnerabilities that could lead to code execution (Important) SUSE bug 950169 CVE-2015-5569 CVE-2015-7625 CVE-2015-7626 CVE-2015-7627 CVE-2015-7628 CVE-2015-7629 CVE-2015-7630 CVE-2015-7631 CVE-2015-7632 CVE-2015-7633 CVE-2015-7634 CVE-2015-7643 CVE-2015-7644 openSUSE 13.2 Spice was updated to fix four security issues. The following vulnerabilities were fixed: * CVE-2015-3247: heap corruption in the spice server (bsc#944460) * CVE-2015-5261: Guest could have accessed host memory using crafted images (bsc#948976) * CVE-2015-5260: Insufficient validation of surface_id parameter could have caused a crash (bsc#944460) * CVE-2013-4282: Buffer overflow in password handling (bsc#848279) (Moderate) SUSE bug 848279 SUSE bug 944460 SUSE bug 944787 SUSE bug 948976 CVE-2013-4282 CVE-2015-3247 CVE-2015-5260 CVE-2015-5261 openSUSE 13.2 jakarta-taglibs-standard was updated to fix one security issue. This security issue was fixed: - CVE-2015-0254: Apache Standard Taglibs before 1.2.3 allowed remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension (bsc#920813). (Moderate) SUSE bug 920813 CVE-2015-0254 openSUSE 13.2 rsync was updated to fix one security issue. This security issue was fixed: - CVE-2014-8242: Checksum collisions leading to a denial of service (bsc#900914). This non-security issue was fixed: - reintroduce "use slp" directive (bsc#922710) * disable it by default * slp doesn't seem to be used much and it often caused problems (eg boo#898513, bsc#922710) (Moderate) SUSE bug 898513 SUSE bug 900914 SUSE bug 922710 CVE-2014-8242 openSUSE 13.2 NonFree flash-player was updated to fix one security issue. This security issue was fixed: - CVE-2015-7645: Critical vulnerability affecting 11.2.202.535 used in Pawn Storm (APSA15-05) (bsc#950474). (Critical) SUSE bug 950474 CVE-2015-7645 openSUSE 13.2 Docker was updated to 1.8.3 to fix two security issues. The following vulnerabilities were fixed: * CVE-2014-8178: layer IDs lead to local graph poisoning (boo#949660) * CVE-2014-8179: manifest validation and parsing logic errors allow pull-by-digest validation bypass In addition, the following change is included: * --disable-legacy-registry to prevent a daemon from using a v1 registry (Moderate) SUSE bug 949660 CVE-2014-8178 CVE-2014-8179 openSUSE 13.2 openssl was updated to 1.0.1k to fix various security issues and bugs. More information can be found in the openssl advisory: http://openssl.org/news/secadv_20150108.txt Following issues were fixed: * CVE-2014-3570 (bsc#912296): Bignum squaring (BN_sqr) may have produced incorrect results on some platforms, including x86_64. * CVE-2014-3571 (bsc#912294): Fixed crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. * CVE-2014-3572 (bsc#912015): Don't accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. * CVE-2014-8275 (bsc#912018): Fixed various certificate fingerprint issues. * CVE-2015-0204 (bsc#912014): Only allow ephemeral RSA keys in export ciphersuites * CVE-2015-0205 (bsc#912293): A fixwas added to prevent use of DH client certificates without sending certificate verify message. * CVE-2015-0206 (bsc#912292): A memory leak was fixed in dtls1_buffer_record. (Important) SUSE bug 911399 SUSE bug 912014 SUSE bug 912015 SUSE bug 912018 SUSE bug 912292 SUSE bug 912293 SUSE bug 912294 SUSE bug 912296 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 openSUSE 13.2 python-django was updated to fix two security issues. These security issues were fixed: - CVE-2015-5144: Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 used an incorrect regular expression, which allowed remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator (bsc#937523). - CVE-2015-5143: The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allowed remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys (bsc#937522). (Moderate) SUSE bug 937522 SUSE bug 937523 CVE-2015-5143 CVE-2015-5144 openSUSE 13.2 MozillaFirefox was updated to version 41.0.2 to fix one security issue. This security issue was fixed: - CVE-2015-7184: Cross-origin restriction bypass using Fetch (bsc#950686). These non-security issues were fixed: * Fix a startup crash related to Yandex toolbar and Adblock Plus (bmo#1209124) * Fix potential hangs with Flash plugins (bmo#1185639) * Fix a regression in the bookmark creation (bmo#1206376) * Fix a startup crash with some Intel Media Accelerator 3150 graphic cards (bmo#1207665) * Fix a graphic crash, occurring occasionally on Facebook (bmo#1178601) (Important) SUSE bug 949983 SUSE bug 950686 CVE-2015-7184 openSUSE 13.2 Chromium was update do the stable release 46.0.2490.71 to fix security issues. The following vulnerabilities were fixed: * CVE-2015-6755: Cross-origin bypass in Blink * CVE-2015-6756: Use-after-free in PDFium * CVE-2015-6757: Use-after-free in ServiceWorker * CVE-2015-6758: Bad-cast in PDFium * CVE-2015-6759: Information leakage in LocalStorage * CVE-2015-6760: Improper error handling in libANGLE * CVE-2015-6761: Memory corruption in FFMpeg * CVE-2015-6762: CORS bypass via CSS fonts * CVE-2015-6763: Various fixes from internal audits, fuzzing and other initiatives. * CVE-2015-7834: Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch (Moderate) SUSE bug 950290 CVE-2015-6755 CVE-2015-6756 CVE-2015-6757 CVE-2015-6758 CVE-2015-6759 CVE-2015-6760 CVE-2015-6761 CVE-2015-6762 CVE-2015-6763 CVE-2015-6764 CVE-2015-7834 openSUSE 13.2 libevent was updated to fixed heap overflows in buffer API (bsc#897243 CVE-2014-6272) (Moderate) SUSE bug 897243 CVE-2014-6272 openSUSE 13.2 nodejs was updated to version 4.2.1 to fix one security issue. This security issue was fixed: - CVE-2015-7384: HTTP Denial of Service Vulnerability (bsc#948602). Various other issues were fixed, please see the changelog. (Important) SUSE bug 948045 SUSE bug 948602 CVE-2015-7384 openSUSE 13.2 libressl was updated to fix two security issues. These security issues were fixed: - CVE-2015-5333: Memory leak when decoding X.509 certificates (boo#950707) - CVE-2015-5334: Buffer overflow when decoding X.509 certificates (boo#950708) (Moderate) SUSE bug 950707 SUSE bug 950708 CVE-2015-5333 CVE-2015-5334 openSUSE 13.2 haproxy was updated to fix two security issues. These security issues were fixed: - CVE-2015-3281: The buffer_slow_realign function in HAProxy did not properly realign a buffer that is used for pending outgoing data, which allowed remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request (bsc#937042). - Changed DH parameters to prevent Logjam attack. These non-security issues were fixed: - BUG/MAJOR: buffers: make the buffer_slow_realign() function respect output data - BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id - MEDIUM: ssl: replace standards DH groups with custom ones - BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten - MINOR: ssl: add a destructor to free allocated SSL ressources - BUG/MINOR: ssl: Display correct filename in error message - MINOR: ssl: load certificates in alphabetical order - BUG/MEDIUM: checks: fix conflicts between agent checks and ssl healthchecks - BUG/MEDIUM: ssl: force a full GC in case of memory shortage - BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of OOM. - BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates - MINOR: ssl: add statement to force some ssl options in global. - MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER formatted certs (Important) SUSE bug 937042 SUSE bug 937202 CVE-2015-3281 openSUSE 13.2 wireshark was updated to version 1.12.8 to fix ten security issues. These security issues were fixed: - CVE-2015-6247: The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 did not validate a certain offset value, which allowed remote attackers to cause a denial of service (infinite loop) via a crafted packet (bsc#941500). - CVE-2015-6246: The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500). - CVE-2015-6245: epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 used incorrect integer data types, which allowed remote attackers to cause a denial of service (infinite loop) via a crafted packet (bsc#941500). - CVE-2015-6244: The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500). - CVE-2015-6243: The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions (bsc#941500). - CVE-2015-6242: The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 did not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allowed remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet (bsc#941500). - CVE-2015-6241: The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 did not properly terminate a data structure after a failure to locate a number within a string, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500). - CVE-2015-7830: pcapng file parser could crash while copying an interface filter (bsc#950437). - CVE-2015-6249: The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 did not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500). - CVE-2015-6248: The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 did not check whether the expected amount of data is available, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500). (Moderate) SUSE bug 941500 SUSE bug 950437 CVE-2015-6241 CVE-2015-6242 CVE-2015-6243 CVE-2015-6244 CVE-2015-6245 CVE-2015-6246 CVE-2015-6247 CVE-2015-6248 CVE-2015-6249 CVE-2015-7830 openSUSE 13.2 squid was updated to fix one security issue. This security issue was fixed: - CVE-2014-9749: Nonce replay vulnerability in Digest authentication (bsc#949942). (Moderate) SUSE bug 949942 CVE-2014-9749 openSUSE 13.2 The openSUSE 13.2 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: * CVE-2015-3290: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform improperly relied on espfix64 during nested NMI processing, which allowed local users to gain privileges by triggering an NMI within a certain instruction window (bnc#937969) * CVE-2015-0272: It was reported that it's possible to craft a Router Advertisement message which will bring the receiver in a state where new IPv6 connections will not be accepted until correct Router Advertisement message received. (bsc#944296). * CVE-2015-5283: The sctp_init function in net/sctp/protocol.c in the Linux kernel had an incorrect sequence of protocol-initialization steps, which allowed local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished (bnc#947155). * CVE-2015-1333: Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys. (bsc#938645) * CVE-2015-5707: Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request. (bsc#940338) * CVE-2015-2925: An attacker could potentially break out of a namespace or container, depending on if he had specific rights in these containers. (bsc#926238). * CVE-2015-7872: A vulnerability in keyrings garbage collector allowed a local user to trigger an oops was found, caused by using request_key() or keyctl request2. (bsc#951440) The following non-security bugs were fixed: - input: evdev - do not report errors form flush() (bsc#939834). - NFSv4: Recovery of recalled read delegations is broken (bsc#942178). - apparmor: temporary work around for bug while unloading policy (boo#941867). - config/x86_64/ec2: Align CONFIG_STRICT_DEVMEM CONFIG_STRICT_DEVMEM is enabled in every other kernel flavor, so enable it for x86_64/ec2 as well. - kernel-obs-build: add btrfs to initrd This is needed for kiwi builds. - mmc: card: Do not access RPMB partitions for normal read/write (bnc#941104). - netback: coalesce (guest) RX SKBs as needed (bsc#919154). - rpm/kernel-obs-build.spec.in: Add virtio_rng to the initrd. This allows to feed some randomness to the OBS workers. - xfs: Fix file type directory corruption for btree directories (bsc#941305). - xfs: ensure buffer types are set correctly (bsc#941305). - xfs: inode unlink does not set AGI buffer type (bsc#941305). - xfs: set buf types when converting extent formats (bsc#941305). - xfs: set superblock buffer type correctly (bsc#941305). - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#951195). (Important) SUSE bug 919154 SUSE bug 926238 SUSE bug 937969 SUSE bug 938645 SUSE bug 939834 SUSE bug 940338 SUSE bug 941104 SUSE bug 941305 SUSE bug 941867 SUSE bug 942178 SUSE bug 944296 SUSE bug 947155 SUSE bug 951195 SUSE bug 951440 CVE-2015-0272 CVE-2015-1333 CVE-2015-2925 CVE-2015-3290 CVE-2015-5283 CVE-2015-5707 CVE-2015-7872 openSUSE 13.2 VirtualBox was updated to 4.3.32 to fix security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-4813: Windows guests with guest additions installed could cause a hang or crash of VirtualBox. * CVE-2015-4896: Remote unauthenticated users could cause crash (DoS) via the network when the Remote Display feature (RDP) is enabled. (Moderate) SUSE bug 951432 CVE-2015-4813 CVE-2015-4896 openSUSE 13.2 MozillaThunderbird was updated to Thunderbird 31.4.0 (bnc#910669) * MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 Miscellaneous memory safety hazards * MFSA 2015-03/CVE-2014-8638 (bmo#1080987) sendBeacon requests lack an Origin header * MFSA 2015-04/CVE-2014-8639 (bmo#1095859) Cookie injection through Proxy Authenticate responses (Moderate) SUSE bug 910669 CVE-2014-8634 CVE-2014-8635 CVE-2014-8638 CVE-2014-8639 openSUSE 13.2 java-1_7_0-openjdk was updated to fix 17 security issues. These security issues were fixed: - CVE-2015-4843: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (bsc#951376). - CVE-2015-4842: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via vectors related to JAXP (bsc#951376). - CVE-2015-4840: Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via unknown vectors related to 2D (bsc#951376). - CVE-2015-4872: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect integrity via unknown vectors related to Security (bsc#951376). - CVE-2015-4860: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883 (bsc#951376). - CVE-2015-4844: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (bsc#951376). - CVE-2015-4883: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860 (bsc#951376). - CVE-2015-4893: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911 (bsc#951376). - CVE-2015-4911: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893 (bsc#951376). - CVE-2015-4882: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect availability via vectors related to CORBA (bsc#951376). - CVE-2015-4881: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835 (bsc#951376). - CVE-2015-4734: Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via vectors related to JGSS (bsc#951376). - CVE-2015-4806: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries (bsc#951376). - CVE-2015-4805: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization (bsc#951376). - CVE-2015-4803: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911 (bsc#951376). - CVE-2015-4835: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881 (bsc#951376). - CVE-2015-4903: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via vectors related to RMI (bsc#951376). (Important) SUSE bug 951376 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911 openSUSE 13.2 java-1_8_0-openjdk was updated to fix 24 security issues. These security issues were fixed: - CVE-2015-4734: A remote user can exploit a flaw in the Embedded JGSS component to partially access data - CVE-2015-4803: A remote user can exploit a flaw in the JRockit JAXP component to cause partial denial of service conditions - CVE-2015-4805: A remote user can exploit a flaw in the Embedded Serialization component to gain elevated privileges - CVE-2015-4806: A remote user can exploit a flaw in the Java SE Embedded Libraries component to partially access and partially modify data - CVE-2015-4835: A remote user can exploit a flaw in the Embedded CORBA component to gain elevated privileges - CVE-2015-4842: A remote user can exploit a flaw in the Embedded JAXP component to partially access data - CVE-2015-4843: A remote user can exploit a flaw in the Java SE Embedded Libraries component to gain elevated privileges - CVE-2015-4844: A remote user can exploit a flaw in the Embedded 2D component to gain elevated privileges - CVE-2015-4860: A remote user can exploit a flaw in the Embedded RMI component to gain elevated privileges - CVE-2015-4872: A remote user can exploit a flaw in the JRockit Security component to partially modify data []. - CVE-2015-4881: A remote user can exploit a flaw in the Embedded CORBA component to gain elevated privileges - CVE-2015-4882: A remote user can exploit a flaw in the Embedded CORBA component to cause partial denial of service conditions - CVE-2015-4883: A remote user can exploit a flaw in the Embedded RMI component to gain elevated privileges - CVE-2015-4893: A remote user can exploit a flaw in the JRockit JAXP component to cause partial denial of service conditions - CVE-2015-4902: A remote user can exploit a flaw in the Java SE Deployment component to partially modify data - CVE-2015-4903: A remote user can exploit a flaw in the Embedded RMI component to partially access data - CVE-2015-4911: A remote user can exploit a flaw in the JRockit JAXP component to cause partial denial of service conditions - CVE-2015-4810: A local user can exploit a flaw in the Java SE Deployment component to gain elevated privileges - CVE-2015-4840: A remote user can exploit a flaw in the Embedded 2D component to partially access data - CVE-2015-4868: A remote user can exploit a flaw in the Java SE Embedded Libraries component to gain elevated privileges - CVE-2015-4901: A remote user can exploit a flaw in the JavaFX component to gain elevated privileges - CVE-2015-4906: A remote user can exploit a flaw in the JavaFX component to partially access data - CVE-2015-4908: A remote user can exploit a flaw in the JavaFX component to partially access data - CVE-2015-4916: A remote user can exploit a flaw in the JavaFX component to partially access data (Important) SUSE bug 951376 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4868 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4901 CVE-2015-4902 CVE-2015-4903 CVE-2015-4906 CVE-2015-4908 CVE-2015-4911 CVE-2015-4916 openSUSE 13.2 audiofile was updated to fix one security issue. This security issue was fixed: - CVE-2015-7747: Overflow when changing both number of channels and sample format (bsc#949399). (Low) SUSE bug 949399 CVE-2015-7747 openSUSE 13.2 roundcubemail was updated to version 1.0.7 to fix two security issues. These security issues were fixed: - XSS issue in drag-n-drop file uploads - Disallow unwanted access on files in the file system. The apache2 configuration file for roundcubemail allowed access to the roundcubemail/bin folder and possibly /logs, /config and /temp, if these were not symlinks (this was only the case when the configuration was manually changed) (bsc#952006) The package comes with a fixed configuration. If you modified the file "/etc/apache2/conf.d/roundcubemail.conf", please replace it with the configuration "roundcubemail.conf.rpmnew" and reapply your changes. After that, a restart of apache2 is requried. (Moderate) SUSE bug 938840 SUSE bug 952006 openSUSE 13.2 This update fixed the following security issue: - Fix CVE-2014-8132: Double free on dangling pointers in initial key exchange packet; (bsc#910790). (Moderate) SUSE bug 910790 CVE-2014-8132 openSUSE 13.2 vala was updated to fix a heap buffer overflow in generated code during build (boo#913071, CVE-2014-8154). shotwell was rebuilt using above fixed vala. (Moderate) SUSE bug 913071 CVE-2014-8154 openSUSE 13.2 wpa_supplicant was updated to fix one security issue. This security issue was fixed: - bsc#937419: Incomplete WPS and P2P NFC NDEF record payload length validation. (Moderate) SUSE bug 937419 openSUSE 13.2 postgresql93 was updated to version 9.3.10 to fix two security issues. These security issues were fixed: - CVE-2015-5288: Unchecked JSON input can crash the server (bsc#949669). - CVE-2015-5289: Memory leak in crypt() function (bsc#949670). For the full release notes, please see: http://www.postgresql.org/docs/current/static/release-9-3-10.html (Moderate) SUSE bug 949669 SUSE bug 949670 CVE-2015-5288 CVE-2015-5289 openSUSE 13.2 util-linux was updated to fix one security issue. This security issue was fixed: - CVE-2015-5218: Prevent colcrt buffer overflow (bsc#949754). This non-security issue was fixed: - bsc#903440: Calendar "cal" crash with segmentation fault when execute in background. (Moderate) SUSE bug 903440 SUSE bug 949754 CVE-2015-5218 openSUSE 13.2 sudo was updated to fix one security issue. This security issue was fixed: - CVE-2014-9680: Unsafe handling of TZ environment variable (bsc#917806). (Moderate) SUSE bug 917806 CVE-2014-9680 openSUSE 13.2 potrace was updated to fix one security issue. This security issue was fixed: - CVE-2013-7437: Multiple integer overflows in potrace 1.11 allowed remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow (bsc#924904). (Moderate) SUSE bug 924904 CVE-2013-7437 openSUSE 13.2 bouncycastle was updated to version 1.53 to fix one security issue. This security issue was fixed: - CVE-2015-7940: Invalid curve attack (bsc#951727). (Important) SUSE bug 951727 CVE-2015-7940 openSUSE 13.2 krb5 was updated to fix three security issues. These security issues were fixed: - CVE-2015-2695: Applications which call gss_inquire_context() on a partially-established SPNEGO context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process crash. (bsc#952188). - CVE-2015-2696: Applications which call gss_inquire_context() on a partially-established IAKERB context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process crash. (bsc#952189). - CVE-2015-2697: Incorrect string handling in build_principal_va can lead to DOS (bsc#952190). (Important) SUSE bug 952188 SUSE bug 952189 SUSE bug 952190 CVE-2015-2695 CVE-2015-2696 CVE-2015-2697 openSUSE 13.2 phpMyAdmin was updated to version 4.4.15.1 to fix one security issue. This security issue was fixed: - CVE-2015-7873: The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allowed remote attackers to spoof content via the url parameter (bsc#951960). (Low) SUSE bug 951960 CVE-2015-7873 openSUSE 13.2 Mozilla Firefox was updated to version 42.0, fixing bugs and security issues. Mozilla xulrunner was updated to xulrunner 38.4.0. Seamonkey was updated to 2.39. New features in Mozilla Firefox: * Private Browsing with Tracking Protection blocks certain Web elements that could be used to record your behavior across sites * Control Center that contains site security and privacy controls * Login Manager improvements * WebRTC improvements * Indicator added to tabs that play audio with one-click muting * Media Source Extension for HTML5 video available for all sites Security fixes: * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514 Miscellaneous memory safety hazards * MFSA 2015-117/CVE-2015-4515 (bmo#1046421) Information disclosure through NTLM authentication * MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692) CSP bypass due to permissive Reader mode whitelist * MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only) Firefox for Android addressbar can be removed after fullscreen mode * MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only) Reading sensitive profile files through local HTML file on Android * MFSA 2015-121/CVE-2015-7187 (bmo#1195735) disabling scripts in Add-on SDK panels has no effect * MFSA 2015-122/CVE-2015-7188 (bmo#1199430) Trailing whitespace in IP address hostnames can bypass same-origin policy * MFSA 2015-123/CVE-2015-7189 (bmo#1205900) Buffer overflow during image interactions in canvas * MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only) Android intents can be used on Firefox for Android to open privileged files * MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only) XSS attack through intents on Firefox for Android * MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only) Crash when accessing HTML tables with accessibility tools on OS X * MFSA 2015-127/CVE-2015-7193 (bmo#1210302) CORS preflight is bypassed when non-standard Content-Type headers are received * MFSA 2015-128/CVE-2015-7194 (bmo#1211262) Memory corruption in libjar through zip files * MFSA 2015-129/CVE-2015-7195 (bmo#1211871) Certain escaped characters in host of Location-header are being treated as non-escaped * MFSA 2015-130/CVE-2015-7196 (bmo#1140616) JavaScript garbage collection crash with Java applet * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 (bmo#1188010, bmo#1204061, bmo#1204155) Vulnerabilities found through code inspection * MFSA 2015-132/CVE-2015-7197 (bmo#1204269) Mixed content WebSocket policy bypass through workers * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 (bmo#1202868, bmo#1205157) NSS and NSPR memory corruption issues (fixed in mozilla-nspr and mozilla-nss packages) mozilla-nspr was updated to 4.10.10: * MFSA 2015-133/CVE-2015-7183 (bmo#1205157) memory corruption issues This update includes the update to version 4.10.9 * bmo#1021167: Leak of |poll_list| on failure in _MW_PollInternal * bmo#1030692: Make compiling nspr on windows possible again. * bmo#1088790: dosprint() doesn't support %zu and other size formats * bmo#1130787: prtime.h does not compile with MSVC's /Za (ISO C/C++ conformance) option * bmo#1153610: MIPS64: Add support for n64 ABI * bmo#1156029: Teach clang-analyzer about PR_ASSERT * bmo#1160125: MSVC version detection is broken CC is set to a wrapper (like sccache) * bmo#1163346: Add NSPR support for FreeBSD mips/mips64 * bmo#1169185: Add support for OpenRISC (or1k) * bmo:1174749: Remove configure block for iOS that uses MACOS_SDK_DIR * bmo#1174781: PR_GetInheritedFD can use uninitialized variables mozilla-nss was updated to 3.20.1: * requires NSPR 4.10.10 * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182 (bmo#1192028, bmo#1202868) memory corruption issues - Install the static libfreebl.a that is needed in order to link Sun elliptical curves provider in Java 7. This includes the update of Mozilla NSS to NSS 3.20 New functionality: * The TLS library has been extended to support DHE ciphersuites in server applications. New Functions: * SSL_DHEGroupPrefSet - Configure the set of allowed/enabled DHE group parameters that can be used by NSS for a server socket. * SSL_EnableWeakDHEPrimeGroup - Enable the use of weak DHE group parameters that are smaller than the library default's minimum size. New Types: * SSLDHEGroupType - Enumerates the set of DHE parameters embedded in NSS that can be used with function SSL_DHEGroupPrefSet. New Macros: * SSL_ENABLE_SERVER_DHE - A socket option user to enable or disable DHE ciphersuites for a server socket. Notable Changes: * For backwards compatibility reasons, the server side implementation of the TLS library keeps all DHE ciphersuites disabled by default. They can be enabled with the new socket option SSL_ENABLE_SERVER_DHE and the SSL_OptionSet or the SSL_OptionSetDefault API. * The server side implementation of the TLS implementation does not support session tickets when using a DHE ciphersuite (see bmo#1174677). * Support for the following ciphersuites has been added: - TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 - TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 - TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 * By default, the server side TLS implementation will use DHE parameters with a size of 2048 bits when using DHE ciphersuites. * NSS embeds fixed DHE parameters sized 2048, 3072, 4096, 6144 and 8192 bits, which were copied from version 08 of the Internet-Draft "Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS", Appendix A. * A new API SSL_DHEGroupPrefSet has been added to NSS, which allows a server application to select one or multiple of the embedded DHE parameters as the preferred parameters. The current implementation of NSS will always use the first entry in the array that is passed as a parameter to the SSL_DHEGroupPrefSet API. In future versions of the TLS implementation, a TLS client might signal a preference for certain DHE parameters, and the NSS TLS server side implementation might select a matching entry from the set of parameters that have been configured as preferred on the server side. * NSS optionally supports the use of weak DHE parameters with DHE ciphersuites to support legacy clients. In order to enable this support, the new API SSL_EnableWeakDHEPrimeGroup must be used. Each time this API is called for the first time in a process, a fresh set of weak DHE parameters will be randomly created, which may take a long amount of time. Please refer to the comments in the header file that declares the SSL_EnableWeakDHEPrimeGroup API for additional details. * The size of the default PQG parameters used by certutil when creating DSA keys has been increased to use 2048 bit parameters. * The selfserv utility has been enhanced to support the new DHE features. * NSS no longer supports C compilers that predate the ANSI C standard (C89). It also includes the update to NSS 3.19.3; certstore updates only * The following CA certificates were removed - Buypass Class 3 CA 1 - T?RKTRUST Elektronik Sertifika Hizmet Sağlayıcısı - SG TRUST SERVICES RACINE - TC TrustCenter Universal CA I - TC TrustCenter Class 2 CA II * The following CA certificate had the Websites trust bit turned off - ComSign Secured CA * The following CA certificates were added - T?RKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5 - T?RKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6 - Certinomis - Root CA * The version number of the updated root CA list has been set to 2.5 - Install blapi.h and algmac.h that are needed in order to build Sun elliptical curves provider in Java 7 (Important) SUSE bug 952810 CVE-2015-4513 CVE-2015-4514 CVE-2015-4515 CVE-2015-4518 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7185 CVE-2015-7186 CVE-2015-7187 CVE-2015-7188 CVE-2015-7189 CVE-2015-7190 CVE-2015-7191 CVE-2015-7192 CVE-2015-7193 CVE-2015-7194 CVE-2015-7195 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 openSUSE 13.2 Git was updated to fix one security issue. The following vulnerability was fixed: * boo#948969: remote code execution with recursive fetch of submodules (Moderate) SUSE bug 948969 openSUSE 13.2 NonFree The flash-player package was updated to fix the following security issues: - Security update to 11.2.202.548 (bsc#954512): * APSB15-28, CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7659, CVE-2015-7660, CVE-2015-7661, CVE-2015-7662, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046 (Moderate) SUSE bug 954512 CVE-2015-7651 CVE-2015-7652 CVE-2015-7653 CVE-2015-7654 CVE-2015-7655 CVE-2015-7656 CVE-2015-7657 CVE-2015-7658 CVE-2015-7659 CVE-2015-7660 CVE-2015-7661 CVE-2015-7662 CVE-2015-7663 CVE-2015-8042 CVE-2015-8043 CVE-2015-8044 CVE-2015-8046 openSUSE 13.2 The libsndfile package was updated to fix three security issues: - CVE-2015-7805: fix for heap overflow via specially crafted AIFF header (bsc#953516) - CVE-2015-8075: fix for out of bounds read access in function psf_strlcpy_crlf (bsc#953519) - CVE-2014-9756: fix a divide-by-zero issue that can lead to an DoS (bsc#953521) (Moderate) SUSE bug 953516 SUSE bug 953519 SUSE bug 953521 CVE-2014-9756 CVE-2015-7805 CVE-2015-8075 openSUSE 13.2 xen was updated to fix 12 security issues. These security issues were fixed: - CVE-2015-7972: Populate-on-demand balloon size inaccuracy can crash guests (bsc#951845). - CVE-2015-7969: Leak of main per-domain vcpu pointer array (DoS) (bsc#950703). - CVE-2015-7969: Leak of per-domain profiling-related vcpu pointer array (DoS) (bsc#950705). - CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (bsc#950706). - CVE-2015-4037: Insecure temporary file use in /net/slirp.c (bsc#932267). - CVE-2014-0222: Validate L2 table size to avoid integer overflows (bsc#877642). - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests (bsc#950367). - CVE-2015-7311: libxl fails to honour readonly flag on disks with qemu-xen (bsc#947165). - CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (bsc#939712). - CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol (bsc#939709). - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344). - CVE-2015-3259: xl command line config handling stack overflow (bsc#935634). These non-security issues were fixed: - bsc#907514: Bus fatal error and sles12 sudden reboot has been observed - bsc#910258: SLES12 Xen host crashes with FATAL NMI after shutdown of guest with VT-d NIC - bsc#918984: Bus fatal error and sles11-SP4 sudden reboot has been observed - bsc#923967: Partner-L3: Bus fatal error and sles11-SP3 sudden reboot has been observed - bsc#901488: Intel ixgbe driver assigns rx/tx queues per core resulting in irq problems on servers with a large amount of CPU cores - bsc#945167: Running command xl pci-assignable-add 03:10.1 secondly show errors - bsc#949138: Setting vcpu affinity under Xen causes libvirtd abort - bsc#944463: VUL-0: CVE-2015-5239: qemu-kvm: Integer overflow in vnc_client_read() and protocol_client_msg() - bsc#944697: VUL-1: CVE-2015-6815: qemu: net: e1000: infinite loop issue - bsc#925466: Kdump does not work in a XEN environment (Important) SUSE bug 877642 SUSE bug 901488 SUSE bug 907514 SUSE bug 910258 SUSE bug 918984 SUSE bug 923967 SUSE bug 925466 SUSE bug 932267 SUSE bug 935634 SUSE bug 938344 SUSE bug 939709 SUSE bug 939712 SUSE bug 944463 SUSE bug 944697 SUSE bug 945167 SUSE bug 947165 SUSE bug 949138 SUSE bug 950367 SUSE bug 950703 SUSE bug 950705 SUSE bug 950706 SUSE bug 951845 CVE-2014-0222 CVE-2015-3259 CVE-2015-4037 CVE-2015-5154 CVE-2015-5165 CVE-2015-5166 CVE-2015-5239 CVE-2015-6815 CVE-2015-7311 CVE-2015-7835 CVE-2015-7969 CVE-2015-7971 CVE-2015-7972 openSUSE 13.2 The dracut package was updated to fix the following security and non security issues: - CVE-2015-0794: Use mktemp instead of hardcoded filenames, possible vulnerability (bnc#935338). - Always install mdraid modules (boo#935993). - Add notice when dracut failed to install modules (bsc#952491). (Moderate) SUSE bug 935338 SUSE bug 935993 SUSE bug 952491 CVE-2015-0794 openSUSE 13.2 PuTTY was updated to 0.66 to fix security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-5309: Malicious ECH control sequences could have caused an integer overflow, buffer underrun in terminal emulator bnc#954191 Also contains all bug fixes up to the 0.66 release. (Moderate) SUSE bug 954191 CVE-2015-5309 openSUSE 13.2 NonFree Adobe Flash Player was updated to 11.2.202.440 (bsc#914463, APSA15-01, CVE-2015-0311). More information can be found on https://helpx.adobe.com/security/products/flash-player/apsa15-01.html An update of flashplayer (executable binary) for i386 is currently not available. Disabled! (Critical) SUSE bug 914463 CVE-2015-0311 openSUSE 13.2 Xscreensaver was updated to fix one security issue. The following vulnerability was fixed: * CVE-2015-8025: xscreensaver could be bypassed by disconnecting HDMI cable (bsc#952062). (Moderate) SUSE bug 952062 CVE-2015-8025 openSUSE 13.2 The krb5 package was update to fix the following security issue: - CVE-2015-2698: Fixed a memory corruption regression introduced by resolution of CVE-2015-2698 (bsc#954204). (Moderate) SUSE bug 954204 CVE-2015-2698 openSUSE 13.2 The libksba package was updated to fix the follow security issues: - Fixed an integer overflow, out of bounds read and stack overflow (bsc#926826). (Moderate) SUSE bug 926826 openSUSE 13.2 Chromium was updated to 46.0.2490.86 to fix one security issue and bugs. The following vulnerability was fixed: * CVE-2015-1302: Information leak in PDF viewer (boo#954579) The following bug fix udpates are included: * boo#950957: Change the default homepage based on the new landing page for the openSUSE Project. (Moderate) SUSE bug 950957 SUSE bug 954579 CVE-2015-1302 openSUSE 13.2 MiniUPnP was updated to fix one security issue. The following vulnerability was fixed: * CVE-2015-6031: XML parser buffer overflow (boo#950759) (Moderate) SUSE bug 950759 CVE-2015-6031 openSUSE 13.2 libpng was updated to fix some security issues: * CVE-2014-9495 [bnc#912076]: Heap-buffer overflow png_combine_row() with very wide interlaced images * CVE-2015-0973 [bnc#912929]: overflow in png_read_IDAT_data libpng is now also build with -DPNG_SAFE_LIMITS_SUPPORTED. (Important) SUSE bug 912076 SUSE bug 912929 CVE-2014-9495 CVE-2015-0973 openSUSE 13.2 This update fixes the following security issue: - CVE-2014-9390: arbitrary command execution vulnerability on case-insensitive file system ( bnc#910756) (Moderate) SUSE bug 910756 CVE-2014-9390 openSUSE 13.2 The libpng16 package was updated to fix the following security issues: - CVE-2015-8126: Fixed a buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions (bsc#954980). (Important) SUSE bug 954980 CVE-2015-8126 openSUSE 13.2 The libpng12 package was updated to fix the following security issues: - CVE-2015-8126: Fixed a buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions (bsc#954980). - CVE-2015-7981: Fixed an out-of-bound read (bsc#952051). (Important) SUSE bug 952051 SUSE bug 954980 CVE-2015-7981 CVE-2015-8126 openSUSE 13.2 The strongswan package was updated to fix the following security issue: - CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin (bsc#953817). (Moderate) SUSE bug 953817 CVE-2015-8023 openSUSE 13.2 The ppp package was updated to fix one security issue. - CVE-2015-3310: Fixed buffer overflow in radius plug-ins rc_mksid() (bnc#927841). (Moderate) SUSE bug 927841 CVE-2015-3310 openSUSE 13.2 The cyrus-imapd package was updated to fix two security issues. - CVE-2015-8077: Integer overflow in range checks (bnc#954200) - CVE-2015-8078: Integer overflow in index_urlfetch (bnc#954201) (Moderate) SUSE bug 954200 SUSE bug 954201 CVE-2015-8077 CVE-2015-8078 openSUSE 13.2 GnuPG was updated to fix two memory handling issues with potential security impact: * CVE-2015-1606: Invalid memory read using a garbled keyring (bsc#918089) * CVE-2015-1607: memcpy with overlapping ranges (bsc#918090) (Low) SUSE bug 918089 SUSE bug 918090 CVE-2015-1606 CVE-2015-1607 openSUSE 13.2 The python-Django package was updated to fix the following security issue: - CVE-2015-8213: Fixed a problem to prevent settings leak in date template filter (bnc#955412). (Moderate) SUSE bug 955412 CVE-2015-8213 openSUSE 13.2 libmspack was updated to fix a possible infinite loop caused DoS (bnc912214, CVE-2014-9556). (Moderate) SUSE bug 912214 CVE-2014-9556 openSUSE 13.2 polarssl was updated to fix a remote attack using crafted certificates. (boo#913903, CVE-2015-1182) (Moderate) SUSE bug 913903 CVE-2015-1182 openSUSE 13.2 NonFree This update for flash-player to version 11.2.202.554 fixes the following security issues in Adobe security advisory APSB15-32. * These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-8438, CVE-2015-8446). * These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-8444, CVE-2015-8443, CVE-2015-8417, CVE-2015-8416, CVE-2015-8451, CVE-2015-8047, CVE-2015-8455, CVE-2015-8045, CVE-2015-8418, CVE-2015-8060, CVE-2015-8419, CVE-2015-8408). * These updates resolve security bypass vulnerabilities (CVE-2015-8453, CVE-2015-8440, CVE-2015-8409). * These updates resolve a stack overflow vulnerability that could lead to code execution (CVE-2015-8407). * These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-8439). * These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-8445). * These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2015-8415) * These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-8050, CVE-2015-8049, CVE-2015-8437, CVE-2015-8450, CVE-2015-8449, CVE-2015-8448, CVE-2015-8436, CVE-2015-8452, CVE-2015-8048, CVE-2015-8413, CVE-2015-8412, CVE-2015-8410, CVE-2015-8411, CVE-2015-8424, CVE-2015-8422, CVE-2015-8420, CVE-2015-8421, CVE-2015-8423, CVE-2015-8425, CVE-2015-8433, CVE-2015-8432, CVE-2015-8431, CVE-2015-8426, CVE-2015-8430, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8434, CVE-2015-8435, CVE-2015-8414, CVE-2015-8454, CVE-2015-8059, CVE-2015-8058, CVE-2015-8055, CVE-2015-8057, CVE-2015-8056, CVE-2015-8061, CVE-2015-8067, CVE-2015-8066, CVE-2015-8062, CVE-2015-8068, CVE-2015-8064, CVE-2015-8065, CVE-2015-8063, CVE-2015-8405, CVE-2015-8404, CVE-2015-8402, CVE-2015-8403, CVE-2015-8071, CVE-2015-8401, CVE-2015-8406, CVE-2015-8069, CVE-2015-8070, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447). Please also see https://helpx.adobe.com/security/products/flash-player/apsb15-32.html (Important) SUSE bug 958324 CVE-2015-8045 CVE-2015-8047 CVE-2015-8048 CVE-2015-8049 CVE-2015-8050 CVE-2015-8055 CVE-2015-8056 CVE-2015-8057 CVE-2015-8058 CVE-2015-8059 CVE-2015-8060 CVE-2015-8061 CVE-2015-8062 CVE-2015-8063 CVE-2015-8064 CVE-2015-8065 CVE-2015-8066 CVE-2015-8067 CVE-2015-8068 CVE-2015-8069 CVE-2015-8070 CVE-2015-8071 CVE-2015-8401 CVE-2015-8402 CVE-2015-8403 CVE-2015-8404 CVE-2015-8405 CVE-2015-8406 CVE-2015-8407 CVE-2015-8408 CVE-2015-8409 CVE-2015-8410 CVE-2015-8411 CVE-2015-8412 CVE-2015-8413 CVE-2015-8414 CVE-2015-8415 CVE-2015-8416 CVE-2015-8417 CVE-2015-8418 CVE-2015-8419 CVE-2015-8420 CVE-2015-8421 CVE-2015-8422 CVE-2015-8423 CVE-2015-8424 CVE-2015-8425 CVE-2015-8426 CVE-2015-8427 CVE-2015-8428 CVE-2015-8429 CVE-2015-8430 CVE-2015-8431 CVE-2015-8432 CVE-2015-8433 CVE-2015-8434 CVE-2015-8435 CVE-2015-8436 CVE-2015-8437 CVE-2015-8438 CVE-2015-8439 CVE-2015-8440 CVE-2015-8441 CVE-2015-8442 CVE-2015-8443 CVE-2015-8444 CVE-2015-8445 CVE-2015-8446 CVE-2015-8447 CVE-2015-8448 CVE-2015-8449 CVE-2015-8450 CVE-2015-8451 CVE-2015-8452 CVE-2015-8453 CVE-2015-8454 CVE-2015-8455 openSUSE 13.2 MariaDB was updated to 10.0.22 to fix security issues and bugs. The following vulnerabilities were fixed in the upstream release: CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4913, CVE-2015-4792 A list of upstream changes and release notes can be found here: * https://kb.askmonty.org/en/mariadb-10022-release-notes/ * https://kb.askmonty.org/en/mariadb-10022-changelog/ The following build problems were fixed: * bsc#937787: fix main.bootstrap test (change default charset to utf8 in test result) (Important) SUSE bug 937787 CVE-2015-4792 CVE-2015-4802 CVE-2015-4807 CVE-2015-4815 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4913 openSUSE 13.2 The MozillaThunderbird package was updated to version 38.4.0 to fix several security and non security issues: Changes in MozillaThunderbird: - update to Thunderbird 38.4.0 (bnc#952810) * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514 Miscellaneous memory safety hazards * MFSA 2015-122/CVE-2015-7188 (bmo#1199430) Trailing whitespace in IP address hostnames can bypass same-origin policy * MFSA 2015-123/CVE-2015-7189 (bmo#1205900) Buffer overflow during image interactions in canvas * MFSA 2015-127/CVE-2015-7193 (bmo#1210302) CORS preflight is bypassed when non-standard Content-Type headers are received * MFSA 2015-128/CVE-2015-7194 (bmo#1211262) Memory corruption in libjar through zip files * MFSA 2015-130/CVE-2015-7196 (bmo#1140616) JavaScript garbage collection crash with Java applet * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 (bmo#1188010, bmo#1204061, bmo#1204155) Vulnerabilities found through code inspection * MFSA 2015-132/CVE-2015-7197 (bmo#1204269) Mixed content WebSocket policy bypass through workers * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 (bmo#1202868, bmo#1205157) NSS and NSPR memory corruption issues (fixed in mozilla-nspr and mozilla-nss packages) - requires NSPR 4.10.10 and NSS 3.19.2.1 - added explicit appdata provides (bnc#952325) - fix build on aarch64 by reusing the crashreporter conditional from MozillaFirefox - fix libjpeg-turbo configuration (Moderate) SUSE bug 952325 SUSE bug 952810 CVE-2015-4513 CVE-2015-4514 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7188 CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 openSUSE 13.2 MySQL was updated to 5.6.27 to fix security issues and bugs. The following vulnerabilities were fixed as part of the upstream release [boo#951391]: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789, CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890, CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910, CVE-2015-4913 Details on these and other changes can be found at: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html The following security relevant changes are included additionally: * CVE-2015-3152: MySQL lacked SSL enforcement. Using --ssl-verify-server-cert and --ssl[-*] implies that the ssl connection is required. The mysql client will now print an error if ssl is required, but the server can not handle a ssl connection [boo#924663], [boo#928962] (Important) SUSE bug 924663 SUSE bug 928962 SUSE bug 951391 CVE-2015-0286 CVE-2015-0288 CVE-2015-1789 CVE-2015-1793 CVE-2015-3152 CVE-2015-4730 CVE-2015-4766 CVE-2015-4792 CVE-2015-4800 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4833 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4862 CVE-2015-4864 CVE-2015-4866 CVE-2015-4870 CVE-2015-4879 CVE-2015-4890 CVE-2015-4895 CVE-2015-4904 CVE-2015-4905 CVE-2015-4910 CVE-2015-4913 openSUSE 13.2 hivex was updated to fix a possible denial of service due to missing size checks (bnc#908614). (Moderate) SUSE bug 908614 CVE-2014-9273 openSUSE 13.2 This update fixes the following security issues: - bsc#947165 - CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156) - bsc#950704 - CVE-2015-7970: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) (Moderate) SUSE bug 947165 SUSE bug 950704 SUSE bug 954018 SUSE bug 954405 CVE-2015-5307 CVE-2015-7311 CVE-2015-7835 CVE-2015-7970 CVE-2015-8104 openSUSE 13.2 This update fixes the following security issue: - Fix Remote code execution in xdg-open due to bad quotes handling CVE-2014-9622 (bnc#913676). (Moderate) SUSE bug 906625 SUSE bug 913676 CVE-2014-9622 openSUSE 13.2 This update fixes the following security issue: * CVE-2015-8367 - It was found that phase_one_correct function does not handle memory object’s initialization correctly, which may have unspecified impact (bsc#957517). (Low) SUSE bug 957517 CVE-2015-8367 openSUSE 13.2 This update fixes the following security issue: * CVE-2015-8126 Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions (bsc#954980) (Moderate) SUSE bug 954980 CVE-2015-8126 openSUSE 13.2 libpng16 was updated to fix one security issue. The following vulnerability was fixed: * CVE-2015-8126: previously fixed incompletely [boo#954980] (Moderate) SUSE bug 954980 CVE-2015-8126 openSUSE 13.2 OpenSSL was updated to fix three security issues. The following vulnerabilities were fixed: * CVE-2015-3194: Certificate verify crash with missing PSS parameter (bsc#957815) * CVE-2015-3195: X509_ATTRIBUTE memory leak (bsc#957812) * CVE-2015-3196: Race condition handling PSK identify hint (bsc#957813) (Moderate) SUSE bug 957812 SUSE bug 957813 SUSE bug 957815 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 openSUSE 13.2 OpenJDK was updated to 2.5.4 - OpenJDK 7u75 to fix security issues and bugs: * Security fixes - S8046656: Update protocol support - S8047125, CVE-2015-0395: (ref) More phantom object references - S8047130: Fewer escapes from escape analysis - S8048035, CVE-2015-0400: Ensure proper proxy protocols - S8049253: Better GC validation - S8050807, CVE-2015-0383: Better performing performance data handling - S8054367, CVE-2015-0412: More references for endpoints - S8055304, CVE-2015-0407: More boxing for DirectoryComboBoxModel - S8055309, CVE-2015-0408: RMI needs better transportation considerations - S8055479: TLAB stability - S8055489, CVE-2014-6585: Better substitution formats - S8056264, CVE-2014-6587: Multicast support improvements - S8056276, CVE-2014-6591: Fontmanager feature improvements - S8057555, CVE-2014-6593: Less cryptic cipher suite management - S8058982, CVE-2014-6601: Better verification of an exceptional invokespecial - S8059485, CVE-2015-0410: Resolve parsing ambiguity - S8061210, CVE-2014-3566: Issues in TLS (Important) SUSE bug 914041 CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0400 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 openSUSE 13.2 Chromium was updated to 47.0.2526.80 to fix security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-6788: Type confusion in extensions * CVE-2015-6789: Use-after-free in Blink * CVE-2015-6790: Escaping issue in saved pages * CVE-2015-6791: Various fixes from internal audits, fuzzing and other initiatives The following vulnerabilities were fixed in 47.0.2526.73: * CVE-2015-6765: Use-after-free in AppCache * CVE-2015-6766: Use-after-free in AppCache * CVE-2015-6767: Use-after-free in AppCache * CVE-2015-6768: Cross-origin bypass in DOM * CVE-2015-6769: Cross-origin bypass in core * CVE-2015-6770: Cross-origin bypass in DOM * CVE-2015-6771: Out of bounds access in v8 * CVE-2015-6772: Cross-origin bypass in DOM * CVE-2015-6764: Out of bounds access in v8 * CVE-2015-6773: Out of bounds access in Skia * CVE-2015-6774: Use-after-free in Extensions * CVE-2015-6775: Type confusion in PDFium * CVE-2015-6776: Out of bounds access in PDFium * CVE-2015-6777: Use-after-free in DOM * CVE-2015-6778: Out of bounds access in PDFium * CVE-2015-6779: Scheme bypass in PDFium * CVE-2015-6780: Use-after-free in Infobars * CVE-2015-6781: Integer overflow in Sfntly * CVE-2015-6782: Content spoofing in Omnibox * CVE-2015-6783: Signature validation issue in Android Crazy Linker. * CVE-2015-6784: Escaping issue in saved pages * CVE-2015-6785: Wildcard matching issue in CSP * CVE-2015-6786: Scheme bypass in CSP * CVE-2015-6787: Various fixes from internal audits, fuzzing and other initiatives. * Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23) (Important) SUSE bug 957519 SUSE bug 958481 CVE-2015-6764 CVE-2015-6765 CVE-2015-6766 CVE-2015-6767 CVE-2015-6768 CVE-2015-6769 CVE-2015-6770 CVE-2015-6771 CVE-2015-6772 CVE-2015-6773 CVE-2015-6774 CVE-2015-6775 CVE-2015-6776 CVE-2015-6777 CVE-2015-6778 CVE-2015-6779 CVE-2015-6780 CVE-2015-6781 CVE-2015-6782 CVE-2015-6783 CVE-2015-6784 CVE-2015-6785 CVE-2015-6786 CVE-2015-6787 CVE-2015-6788 CVE-2015-6789 CVE-2015-6790 CVE-2015-6791 openSUSE 13.2 This update for libXfont fixes the following issue: - A negative DWIDTH is legal. This was broken by the security fix for CVE-2015-1804. (boo#958383). (Moderate) SUSE bug 958383 CVE-2015-1804 openSUSE 13.2 LibreSSL was updated to fix two security issues inherited from OpenSSL. The following vulnerabilities were fixed: * CVE-2015-3194: NULL pointer dereference in client side certificate validation * CVE-2015-3195: Memory leak in PKCS7 - not reachable from TLS/SSL (Moderate) SUSE bug 958768 CVE-2015-3194 CVE-2015-3195 openSUSE 13.2 Mozilla seamonkey was updated to SeaMonkey 2.32 (bnc#910669) * MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 Miscellaneous memory safety hazards * MFSA 2015-02/CVE-2014-8637 (bmo#1094536) Uninitialized memory use during bitmap rendering * MFSA 2015-03/CVE-2014-8638 (bmo#1080987) sendBeacon requests lack an Origin header * MFSA 2015-04/CVE-2014-8639 (bmo#1095859) Cookie injection through Proxy Authenticate responses * MFSA 2015-05/CVE-2014-8640 (bmo#1100409) Read of uninitialized memory in Web Audio * MFSA 2015-06/CVE-2014-8641 (bmo#1108455) Read-after-free in WebRTC * MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only) Gecko Media Plugin sandbox escape * MFSA 2015-08/CVE-2014-8642 (bmo#1079658) Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension * MFSA 2015-09/CVE-2014-8636 (bmo#987794) XrayWrapper bypass through DOM objects - use GStreamer 1.0 from 13.2 on (Important) SUSE bug 910669 CVE-2014-8634 CVE-2014-8635 CVE-2014-8636 CVE-2014-8637 CVE-2014-8638 CVE-2014-8639 CVE-2014-8640 CVE-2014-8641 CVE-2014-8642 CVE-2014-8643 openSUSE 13.2 Quassel was updated to fix a remote DoS security issue. The following vulnerability was fixed: * CVE-2015-8547: Remote DoS in Quassel core (Moderate) SUSE bug 958928 CVE-2015-8547 openSUSE 13.2 Chromium was updated to 47.0.2525.106 to fix security issues. Vulnerabilities were fixed under the following collective identifier: * CVE-2015-6792: Fixes from internal audits and fuzzing. [boo#959458] (Important) SUSE bug 959458 CVE-2015-6792 openSUSE 13.2 This update for MozillaFirefox fixes the following security issues: * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards * MFSA 2015-135/CVE-2015-7204 (bmo#1216130) Crash with JavaScript variable assignment with unboxed objects * MFSA 2015-136/CVE-2015-7207 (bmo#1185256) Same-origin policy violation using perfomance.getEntries and history navigation * MFSA 2015-137/CVE-2015-7208 (bmo#1191423) Firefox allows for control characters to be set in cookies * MFSA 2015-138/CVE-2015-7210 (bmo#1218326) Use-after-free in WebRTC when datachannel is used after being destroyed * MFSA 2015-139/CVE-2015-7212 (bmo#1222809) Integer overflow allocating extremely large textures * MFSA 2015-140/CVE-2015-7215 (bmo#1160890) Cross-origin information leak through web workers error events * MFSA 2015-141/CVE-2015-7211 (bmo#1221444) Hash in data URI is incorrectly parsed * MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820) DOS due to malformed frames in HTTP/2 * MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078) Linux file chooser crashes on malformed images due to flaws in Jasper library * MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221 (bmo#1201183, bmo#1178033, bmo#1199400) Buffer overflows found through code inspection * MFSA 2015-145/CVE-2015-7205 (bmo#1220493) Underflow through code inspection * MFSA 2015-146/CVE-2015-7213 (bmo#1206211) Integer overflow in MP4 playback in 64-bit versions * MFSA 2015-147/CVE-2015-7222 (bmo#1216748) Integer underflow and buffer overflow processing MP4 metadata in libstagefright * MFSA 2015-148/CVE-2015-7223 (bmo#1226423) Privilege escalation vulnerabilities in WebExtension APIs * MFSA 2015-149/CVE-2015-7214 (bmo#1228950) Cross-site reading attack through data and view-source URIs (Moderate) SUSE bug 959277 CVE-2015-7201 CVE-2015-7202 CVE-2015-7203 CVE-2015-7204 CVE-2015-7205 CVE-2015-7207 CVE-2015-7208 CVE-2015-7210 CVE-2015-7211 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7215 CVE-2015-7216 CVE-2015-7217 CVE-2015-7218 CVE-2015-7219 CVE-2015-7220 CVE-2015-7221 CVE-2015-7222 CVE-2015-7223 openSUSE 13.2 glibc was updated to fix one minor security issue and two bugs. The following vulnerability was fixed: * boo#950944: pointer guarding weakness The following bugs were fixed: * boo#955644: resource leak in resolver * boo#936251: bits/time.h misses CLOCK_TAI that is present in linux/time.h (Low) SUSE bug 936251 SUSE bug 950944 SUSE bug 955647 openSUSE 13.2 This update for ldb, samba, talloc, tdb, tevent fixes the following issues: ldb was updated to 1.1.24. + Fix ldap \00 search expression attack dos; cve-2015-3223; (bso#11325) + Fix remote read memory exploit in ldb; cve-2015-5330; (bso#11599) + Move ldb_(un)pack_data into ldb_module.h for testing + Fix installation of _ldb_text.py + Fix propagation of ldb errors through tdb + Fix bug triggered by having an empty message in database during search + Test improvements + Improved python bindings + Validate_ldb of string(generalized-time) does not accept millisecond format ".000Z"; (bso#9810) + Fix logic in ldb_val_to_time() + Allow to register extended match rules + Fixes for segfaults in pyldb + Documentation fixes + Build system improvements + Fix a typo in the comment, ldb_flags_mod_xxx -> ldb_flag_mod_xxx + Fix check for third_party + Make the successful ldb_transaction_start() message clearer + Ldb-samba: fix a memory leak in ldif_canonicalise_objectcategory() + Ldb-samba: move pyldb-utils dependency to python_samba__ldb + Build: improve detection of srcdir Samba was updated to 4.1.22. + Malicious request can cause samba ldap server to hang, spinning using cpu; CVE-2015-3223; (bso#11325); (boo#958581). + Remote read memory exploit in ldb; cve-2015-5330; (bso#11599); (boo#958586). + Insufficient symlink verification (file access outside the share); CVE-2015-5252; (bso#11395); (boo#958582). + No man in the middle protection when forcing smb encryption on the client side; CVE-2015-5296; (bso#11536); (boo#958584). + Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2); CVE-2015-5299; (bso#11529); (boo#958583). + Fix microsoft ms15-096 to prevent machine accounts from being changed into user accounts; CVE-2015-8467; (bso#11552); (boo#958585). + Fix remote dos in samba (ad) ldap server; cve-2015-7540; (bso#9187); (boo#958580). + Ensure attempt to ssh into locked account triggers "Your account is disabled....." to the console; (boo#953382). + Prevent null pointer access in samlogon fallback when security credentials are null; (boo#949022). talloc was updated to 2.1.5; (boo#954658). + Minor build fixes + Point ld_library_path to the just-built libraries while calling make test. + Disable rpath-install and silent-rules while configure. + Update to 2.1.4; (boo#951660). + Test that talloc magic differs between processes. + Increment minor version due to added talloc_test_get_magic. + Provide tests access to talloc_magic. + Test magic protection measures. + Update the samba library distribution key file 'talloc.keyring'; (bso#945116). + Update to 2.1.3; (boo#939051). + Improved python3 bindings + Documentation fixes regarding talloc_reference() and talloc_unlink() tdb was updated to version 1.3.8; (boo#954658). + Fix broken build with --disable-python + Minor build fixes + Disable rpath-install and silent-rules while configure. + Update the samba library distribution key file 'tdb.keyring'; (bso#945116). + Update to version 1.3.7. + First fix deadlock in the interaction between fcntl and mutex locking; (bso#11381) + Improved python3 bindings + Update to version 1.3.6. + Fix runtime detection for robust mutexes in the standalone build; (bso#11326). + Possible fix for the build with robust mutexes on solaris 11; (bso#11319). + Update to version 1.3.5. + Abi change: tdb_chainlock_read_nonblock() has been added, a nonblock variant of tdb_chainlock_read() + Do not build test binaries if it's not a standalone build + Fix cid 1034842 resource leak + Fix cid 1034841 resource leak + Don't let tdb_wrap_open() segfault with name==null + Update to version 1.3.4. + Toos: allow transactions with tdb_mutex_locking + Test: add tdb1-run-mutex-transaction1 test + Allow transactions on on tdb's with tdb_mutex_locking + Update to version 1.3.3. + Test: tdb_clear_if_first | tdb_mutex_locking, o_rdonly is a valid combination + Update to version 1.3.2. + Allow tdb_open_ex() with o_rdonly of tdb_feature_flag_mutex tdbs. + Fix a comment + Fix tdb_runtime_check_for_robust_mutexes() + Improve wording in a comment + Tdb.h needs bool type; obsoletes include_stdbool_bso10625.patch + Tdb_wrap: make mutexes easier to use + Tdb_wrap: only pull in samba-debug + Tdb_wrap: standalone compile without includes.h + Tdb_wrap: tdb_wrap.h doesn't need struct loadparm_context - Update to version 1.3.1. + Tools: fix a compiler warning + Defragment the freelist in tdb_allocate_from_freelist() + Add "freelist_size" sub-command to tdbtool + Use tdb_freelist_merge_adjacent in tdb_freelist_size() + Add tdb_freelist_merge_adjacent() + Add utility function check_merge_ptr_with_left_record() + Simplify tdb_free() using check_merge_with_left_record() + Add utility function check_merge_with_left_record() + Improve comments for tdb_free(). + Factor merge_with_left_record() out of tdb_free() + Fix debug message in tdb_free() + Reduce indentation in tdb_free() for merging left + Increase readability of read_record_on_left() + Factor read_record_on_left() out of tdb_free() + Build: improve detection of srcdir. tevent was update to version 0.9.26; (boo#954658). + New tevent_thread_proxy api + Minor build fixes + Update the samba library distribution key file 'tevent.keyring'; (bso#945116). + Update to 0.9.25. + Fix compile error in solaris ports backend. + Fix access after free in tevent_common_check_signal(); (bso#11308). + Improve pytevent bindings. + Testsuite fixes. + Improve the documentation of the tevent_add_fd() assumtions. it must be talloc_free'ed before closing the fd! (bso##11141); (bso#11316). + Update to 0.9.24. + Ignore unexpected signal events in the same way the epoll backend does. + Update to 0.9.23. + Update the tevent_data.dox tutrial stuff to fix some errors, including white space problems. + Use tevent_req_simple_recv_unix in a few places. + Update to 0.9.22. + Remove unused exit_code in tevent_select.c + Remove unused exit_code in tevent_poll.c + Build: improve detection of srcdir + Lib: tevent: make tevent_sig_increment atomic. + Update flags in tevent pkgconfig file + Utilize doxygen to generate the api documentation and package it. (Important) SUSE bug 939050 SUSE bug 939051 SUSE bug 949022 SUSE bug 951660 SUSE bug 953382 SUSE bug 954658 SUSE bug 958580 SUSE bug 958581 SUSE bug 958582 SUSE bug 958583 SUSE bug 958584 SUSE bug 958585 SUSE bug 958586 CVE-2015-3223 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 CVE-2015-7540 CVE-2015-8467 openSUSE 13.2 This update for subversion fixes the following issues: - Apache Subversion 1.8.15 This release fixes one security issue: Remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn caused by integer overflow when parsing skel-encoded request bodies. CVE-2015-5343 [boo#958300] * fix a segfault with old style text delta * fsfs: reduce memory allocation with Apache * mod_dav_svn: emit first log items as soon as possible * mod_dav_svn: use LimitXMLRequestBody for skel-encoded requests * swig: fix memory corruption in svn_client_copy_source_t * better configure-time detection of httpd authz fix (drop subversion-1.8.14-httpd-version-number-detection.patch, replace subversion-1.8.9-allow-httpd-2.4.6.patch with subversion-1.8.15-allow-httpd-2.4.6.patch as a result (Moderate) SUSE bug 958300 CVE-2015-5343 openSUSE 13.2 This update for bind fixes the following security issue: - CVE-2015-8000: Fix remote denial of service by misparsing incoming responses (boo#958861). (Important) SUSE bug 958861 CVE-2015-8000 openSUSE 13.2 This update for cups-filters fixes the following issues: - cups-filters-1.0.58-CVE-2015-8327-et_alii.patch adds back tick and semicolon to the list of illegal shell escape characters to fix CVE-2015-8327 and CVE-2015-8560 (boo#957531). (Moderate) SUSE bug 957531 CVE-2015-8327 CVE-2015-8560 openSUSE 13.2 This update for gummi fixes the following issues: - CVE-2015-7758: Fix an exploitable issue caused by gummi setting predictable file names in /tmp; patch taken from debian patch tracker and submitted upstream (bnc#949682). (Moderate) SUSE bug 949682 CVE-2015-7758 openSUSE 13.2 This update for grub2 fixes the following issue: Changes in grub2: - CVE-2015-8370: Fix for overflow in grub_password_get and grub_user_get functions (bnc#956631) (Important) SUSE bug 956631 CVE-2015-8370 openSUSE 13.2 - update to 2.9.3 * full changelog: http://www.xmlsoft.org/news.html * fixed CVEs: CVE-2015-8242, CVE-2015-7500, CVE-2015-7499, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-8035, CVE-2015-7942, CVE-2015-1819, CVE-2015-7941, CVE-2014-3660, CVE-2014-0191, CVE-2015-8241, CVE-2015-8317 * fixed bugs: [bsc#928193], [bsc#951734], [bsc#951735], [bsc#954429], [bsc#956018], [bsc#956021], [bsc#956260], [bsc#957105], [bsc#957106], [bsc#957107], [bsc#957109], [bsc#957110] (Moderate) SUSE bug 928193 SUSE bug 951734 SUSE bug 951735 SUSE bug 954429 SUSE bug 956018 SUSE bug 956021 SUSE bug 956260 SUSE bug 957105 SUSE bug 957106 SUSE bug 957107 SUSE bug 957109 SUSE bug 957110 CVE-2014-0191 CVE-2014-3660 CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8035 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 openSUSE 13.2 This update for polarssl fixes the following security issue: * CVE-2015-5291: Remote code execution via session tickets or SNI (boo#949380) (Moderate) SUSE bug 949380 CVE-2015-5291 openSUSE 13.2 This update fixes the following security issues: - CVE-2014-8157, CVE-2014-8158: use after free and OOB vulnerabilities (bnc#911837) (Moderate) SUSE bug 911837 CVE-2014-8157 CVE-2014-8158 openSUSE 13.2 NonFree This update for flash-player fixes the following issues: - Security update to 11.2.202.559 (boo#960317): * APSB16-01, CVE-2015-8459, CVE-2015-8460, CVE-2015-8634, CVE-2015-8635, CVE-2015-8636, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8644, CVE-2015-8645, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650, CVE-2015-8651 (Important) SUSE bug 960317 CVE-2015-8459 CVE-2015-8460 CVE-2015-8634 CVE-2015-8635 CVE-2015-8636 CVE-2015-8638 CVE-2015-8639 CVE-2015-8640 CVE-2015-8641 CVE-2015-8642 CVE-2015-8643 CVE-2015-8644 CVE-2015-8645 CVE-2015-8646 CVE-2015-8647 CVE-2015-8648 CVE-2015-8649 CVE-2015-8650 CVE-2015-8651 openSUSE 13.2 Mozilla Thunderbird was updated to 38.5.0 to fix multiple security issues. The following vulnerabilities were fixed: (boo#959277) * CVE-2015-7201: Miscellaneous memory safety hazards * CVE-2015-7210: Use-after-free in WebRTC when datachannel is used after being destroyed * CVE-2015-7212: Integer overflow allocating extremely large textures * CVE-2015-7205: Underflow through code inspection * CVE-2015-7213: Integer overflow in MP4 playback in 64-bit versions * CVE-2015-7222: Integer underflow and buffer overflow processing MP4 metadata in libstagefright * CVE-2015-7214: Cross-site reading attack through data and view-source URIs (Important) SUSE bug 959277 CVE-2015-7201 CVE-2015-7205 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222 openSUSE 13.2 This update to mozilla-nss 3.20.2 fixes the following issues: * CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (boo#952810) (Moderate) SUSE bug 959888 CVE-2015-7575 openSUSE 13.2 This update fixes the following security issue: + Security fix for a directory traversal flaw when handling git-style patches. This could allow an attacker to overwrite arbitrary files by applying a specially crafted patch. [boo#913678] [CVE-2015-1196] This update fixes the following issues: + When a file isn't being deleted because the file contents don't match the patch, the resulting message is now "Not deleting file ... as content differs from patch" instead of "File ... is not empty after patch; not deleting". + Function names in hunks (from diff -p) are now preserved in reject files [boo#904519] (Moderate) SUSE bug 904519 SUSE bug 913678 CVE-2015-1196 openSUSE 13.2 vlc was updated to the current openSUSE Tumbleweed version. live555 was also updated to the current openSUSE Tumbleweed version as a dependency. Security issues fixed: - Fix various buffer overflows and null ptr dereferencing (boo#914268, CVE-2014-9625). Other fixes: - Enable SSE2 instruction set for x86_64 - Disable fluidsynth again: the crashes we had earlier are still not all fixed. They are less, but less common makes it more difficult to debug. On openSUSE 13.1: - Update to version 2.1.5: + Core: Fix compilation on OS/2. + Access: Stability improvements for the QTSound capture module. + Mac OS X audio output: - Fix channel ordering. - Increase the buffersize. + Decoders: - Fix DxVA2 decoding of samples needing more surfaces. - Improve MAD resistance to broken mp3 streams. - Fix PGS alignment in MKV. + Qt Interface: Don't rename mp3 converted files to .raw. + Mac OS X Interface: - Correctly support video-on-top. - Fix video output event propagation on Macs with retina displays. - Stability improvements when using future VLC releases side by side. + Streaming: Fix transcode when audio format changes. + Updated translations. - Update to version 2.1.4: + Demuxers: Fix issue in WMV with multiple compressed payload and empty payloads. + Video Output: Fix subtitles size rendering on Windows. + Mac OS X: - Fix DVD playback regression. - Fix misleading error message during video playback on OS X 10.9. - Fix hardware acceleration memleaks. (Moderate) SUSE bug 914268 CVE-2014-9625 openSUSE 13.2 This update for claws-mail fixes the following security issue: * CVE-2015-8614: buffer overrun issues in Japanese character set conversion code could allow an adversary to remotely crash claws and potentially have further unspecified impact (boo#959993) (Moderate) SUSE bug 959993 CVE-2015-8614 openSUSE 13.2 This update for php5 fixes the following issues: - CVE-2015-7803: Specially crafted .phar files with a crafted TAR archive entry allowed remote attackers to cause a Denial of Service (DoS) [bsc#949961] - CVE-2015-7804: Specially crafted .phar files with a crafted ZIP archive entry referencing a file "/" allowed remote attackers to cause a Denial of Service (DoS) or potentially leak unspecified memory content [bsc#949961] - CVE-2016-1903: Specially crafted image files could allowed remote attackers read unspecified memory when rotating images [bsc#962057] (Moderate) SUSE bug 949961 SUSE bug 949962 SUSE bug 962057 CVE-2015-7803 CVE-2015-7804 CVE-2016-1903 openSUSE 13.2 This update for typo3-cms-4_7 fixes the following issues: - CVE-2014-3941: Multiple vulnerabilities (TYPO3-CORE-SA-2014-001) - CVE-2013-4701: Multiple vulnerabilities (TYPO3-CORE-SA-2014-002) - CVE-2013-7073: Multiple vulnerabilities (TYPO3-CORE-SA-2013-004) - other security fixes, e.g. preventing XSS attacks. The package was updated to last upstream version (discontinued) 4.7.20 (Moderate) SUSE bug 974993 SUSE bug 975949 CVE-2013-4701 CVE-2013-7073 CVE-2014-3941 openSUSE 13.2 This update for gd fixes the following issues: * CVE-2016-6214: Buffer over-read issue when parsing crafted TGA file [bsc#991436] * CVE-2016-6132: read out-of-bands was found in the parsing of TGA files using libgd [bsc#987577] * CVE-2016-6128: Invalid color index not properly handled [bsc#991710] * CVE-2016-6207: Integer overflow error within _gdContributionsAlloc() [bsc#991622] * CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032] (Moderate) SUSE bug 987577 SUSE bug 988032 SUSE bug 991436 SUSE bug 991622 SUSE bug 991710 CVE-2016-6128 CVE-2016-6132 CVE-2016-6161 CVE-2016-6207 CVE-2016-6214 openSUSE 13.2 This update for pdns fixes the following issues: - CVE-2016-6172: malicious primary DNS servers can crash secondaries through large transfers (boo#987872) As mitigation, the xfr-max-received-mbytes config option was added, defaulting to to 100 (MB). (Moderate) SUSE bug 987872 CVE-2016-6172 openSUSE 13.2 This update for apache2-mod_fcgid fixes the following issues: - CVE-2016-1000104 / CVE-2016-5387: A remote attacker could have set the HTTP_PROXY environment variable of CGI scripts (boo#988488) (Moderate) SUSE bug 988488 CVE-2016-1000104 CVE-2016-5387 openSUSE 13.2 iperf was updated to the the following vulnerability: - CVE-2016-4303: A malicious client could have triggered a buffer overflow / heap corruption issue by sending a specially crafted JSON string, and possibly execute arbitrary code (boo#984453) (Moderate) SUSE bug 984453 CVE-2016-4303 openSUSE 13.2 The openSUSE 13.2 kernel was updated to fix various bugs and security issues. The following security bugs were fixed: - CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid (bsc#983143). - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel mishandles NM (aka alternate name) entries containing \0 characters, which allowed local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem (bnc#980725). - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267). - CVE-2016-0758: Tags with indefinite length could have corrupted pointers in asn1_find_indefinite_length (bsc#979867). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762). - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971919 971944). - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401 bsc#978445). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548 bsc#980363). - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel did not properly randomize the legacy base address, which made it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits (bnc#974308). - CVE-2016-4581: fs/pnode.c in the Linux kernel did not properly traverse a mount propagation tree in a certain case involving a slave mount, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls (bnc#979913). - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821). - CVE-2015-3288: A security flaw was found in the Linux kernel that there was a way to arbitrary change zero page memory. (bnc#979021). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213). - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948 974646). - CVE-2016-3136: The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors (bnc#970955). - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956). - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911). - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970). - CVE-2016-3951: Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor (bnc#974418). - CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892). - CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958). - CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124). - CVE-2016-3689: The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface (bnc#971628). - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360). - CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125). - CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970909). - CVE-2015-8830: Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allowed local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression (bnc#969354 bsc#969355). - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010). - CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint (bnc#961512). - CVE-2016-2549: sound/core/hrtimer.c in the Linux kernel did not prevent recursive callback access, which allowed local users to cause a denial of service (deadlock) via a crafted ioctl call (bnc#968013). - CVE-2016-2547: sound/core/timer.c in the Linux kernel employs a locking approach that did not consider slave timer instances, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#968011). - CVE-2016-2548: sound/core/timer.c in the Linux kernel retains certain linked lists after a close or stop action, which allowed local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions (bnc#968012). - CVE-2016-2546: sound/core/timer.c in the Linux kernel uses an incorrect type of mutex, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#967975). - CVE-2016-2545: The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel did not properly maintain a certain linked list, which allowed local users to cause a denial of service (race condition and system crash) via a crafted ioctl call (bnc#967974). - CVE-2016-2544: Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time (bnc#967973). - CVE-2016-2543: The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel did not verify FIFO assignment before proceeding with FIFO clearing, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call (bnc#967972). - CVE-2015-8709: ** DISPUTED ** kernel/ptrace.c in the Linux kernel mishandles uid and gid mappings, which allowed local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states "there is no kernel bug here (bnc#959709 960561 ). - CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel did not properly identify error conditions, which allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets (bnc#966437). - CVE-2016-2384: Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor (bnc#966693). - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765). - CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check for an integer overflow, which allowed local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572 986573). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362 986365 986377). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755 984764). - CVE-2015-6526: The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel on ppc64 platforms allowed local users to cause a denial of service (infinite loop) via a deep 64-bit userspace backtrace (bnc#942702). - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213). The following non-security bugs were fixed: - ALSA: hrtimer: Handle start/stop more properly (bsc#973378). - ALSA: pcm: Fix potential deadlock in OSS emulation (bsc#968018). - ALSA: rawmidi: Fix race at copying & updating the position (bsc#968018). - ALSA: rawmidi: Make snd_rawmidi_transmit() race-free (bsc#968018). - ALSA: seq: Fix double port list deletion (bsc#968018). - ALSA: seq: Fix incorrect sanity check at snd_seq_oss_synth_cleanup() (bsc#968018). - ALSA: seq: Fix leak of pool buffer at concurrent writes (bsc#968018). - ALSA: seq: Fix lockdep warnings due to double mutex locks (bsc#968018). - ALSA: seq: Fix race at closing in virmidi driver (bsc#968018). - ALSA: seq: Fix yet another races among ALSA timer accesses (bsc#968018). - ALSA: timer: Call notifier in the same spinlock (bsc#973378). - ALSA: timer: Code cleanup (bsc#968018). - ALSA: timer: Fix leftover link at closing (bsc#968018). - ALSA: timer: Fix link corruption due to double start or stop (bsc#968018). - ALSA: timer: Fix race between stop and interrupt (bsc#968018). - ALSA: timer: Fix wrong instance passed to slave callbacks (bsc#968018). - ALSA: timer: Protect the whole snd_timer_close() with open race (bsc#973378). - ALSA: timer: Sync timer deletion at closing the system timer (bsc#973378). - ALSA: timer: Use mod_timer() for rearming the system timer (bsc#973378). - Bluetooth: vhci: Fix race at creating hci device (bsc#971799,bsc#966849). - Bluetooth: vhci: fix open_timeout vs. hdev race (bsc#971799,bsc#966849). - Bluetooth: vhci: purge unhandled skbs (bsc#971799,bsc#966849). - Btrfs: do not use src fd for printk (bsc#980348). - Refresh patches.drivers/ALSA-hrtimer-Handle-start-stop-more-properly. Fix the build error on 32bit architectures. - Refresh patches.xen/xen-netback-coalesce: Restore copying of SKBs with head exceeding page size (bsc#978469). - Refresh patches.xen/xen3-patch-3.14: Suppress atomic file position updates on /proc/xen/xenbus (bsc#970275). - Subject: [PATCH] USB: xhci: Add broken streams quirk for Frescologic device id 1009 (bnc#982706). - USB: usbip: fix potential out-of-bounds write (bnc#975945). - af_unix: Guard against other == sk in unix_dgram_sendmsg (bsc#973570). - backends: guarantee one time reads of shared ring contents (bsc#957988). - btrfs: do not go readonly on existing qgroup items (bsc#957052). - btrfs: remove error message from search ioctl for nonexistent tree. - drm/i915: Fix missing backlight update during panel disablement (bsc#941113 boo#901754). - enic: set netdev->vlan_features (bsc#966245). - ext4: fix races between buffered IO and collapse / insert range (bsc#972174). - ext4: fix races between page faults and hole punching (bsc#972174). - ext4: fix races of writeback with punch hole and zero range (bsc#972174). - ext4: move unlocked dio protection from ext4_alloc_file_blocks() (bsc#972174). - ipv4/fib: do not warn when primary address is missing if in_dev is dead (bsc#971360). - ipvs: count pre-established TCP states as active (bsc#970114). - net: core: Correct an over-stringent device loop detection (bsc#945219). - netback: do not use last request to determine minimum Tx credit (bsc#957988). - pciback: Check PF instead of VF for PCI_COMMAND_MEMORY. - pciback: Save the number of MSI-X entries to be copied later. - pciback: guarantee one time reads of shared ring contents (bsc#957988). - series.conf: move cxgb3 patch to network drivers section - usb: quirk to stop runtime PM for Intel 7260 (bnc#984464). - x86: standardize mmap_rnd() usage (bnc#974308). (Important) SUSE bug 901754 SUSE bug 941113 SUSE bug 942702 SUSE bug 945219 SUSE bug 955654 SUSE bug 957052 SUSE bug 957988 SUSE bug 959709 SUSE bug 960561 SUSE bug 961512 SUSE bug 963762 SUSE bug 963765 SUSE bug 966245 SUSE bug 966437 SUSE bug 966693 SUSE bug 966849 SUSE bug 967972 SUSE bug 967973 SUSE bug 967974 SUSE bug 967975 SUSE bug 968010 SUSE bug 968011 SUSE bug 968012 SUSE bug 968013 SUSE bug 968018 SUSE bug 968670 SUSE bug 969354 SUSE bug 969355 SUSE bug 970114 SUSE bug 970275 SUSE bug 970892 SUSE bug 970909 SUSE bug 970911 SUSE bug 970948 SUSE bug 970955 SUSE bug 970956 SUSE bug 970958 SUSE bug 970970 SUSE bug 971124 SUSE bug 971125 SUSE bug 971126 SUSE bug 971360 SUSE bug 971628 SUSE bug 971799 SUSE bug 971919 SUSE bug 971944 SUSE bug 972174 SUSE bug 973378 SUSE bug 973570 SUSE bug 974308 SUSE bug 974418 SUSE bug 974646 SUSE bug 975945 SUSE bug 978401 SUSE bug 978445 SUSE bug 978469 SUSE bug 978821 SUSE bug 978822 SUSE bug 979021 SUSE bug 979213 SUSE bug 979548 SUSE bug 979867 SUSE bug 979879 SUSE bug 979913 SUSE bug 980348 SUSE bug 980363 SUSE bug 980371 SUSE bug 980725 SUSE bug 981267 SUSE bug 982706 SUSE bug 983143 SUSE bug 983213 SUSE bug 984464 SUSE bug 984755 SUSE bug 984764 SUSE bug 986362 SUSE bug 986365 SUSE bug 986377 SUSE bug 986572 SUSE bug 986573 SUSE bug 986811 CVE-2012-6701 CVE-2013-7446 CVE-2014-9904 CVE-2015-3288 CVE-2015-6526 CVE-2015-7566 CVE-2015-8709 CVE-2015-8785 CVE-2015-8812 CVE-2015-8816 CVE-2015-8830 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2187 CVE-2016-2188 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 CVE-2016-2782 CVE-2016-2847 CVE-2016-3134 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3139 CVE-2016-3140 CVE-2016-3156 CVE-2016-3672 CVE-2016-3689 CVE-2016-3951 CVE-2016-4470 CVE-2016-4482 CVE-2016-4485 CVE-2016-4486 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4581 CVE-2016-4805 CVE-2016-4913 CVE-2016-4997 CVE-2016-5244 CVE-2016-5829 openSUSE 13.2 phpMyAdmin was updated to version 4.4.15.8 (2016-08-16) to fix the following issues: - Upstream changelog for 4.4.15.8: * Improve session cookie code for openid.php and signon.php example files * Full path disclosure in openid.php and signon.php example files * Unsafe generation of BlowfishSecret (when not supplied by the user) * Referrer leak when phpinfo is enabled * Use HTTPS for wiki links * Improve SSL certificate handling * Fix full path disclosure in debugging code * Administrators could trigger SQL injection attack against users - other fixes * Remove Swekey support - Security fixes: https://www.phpmyadmin.net/security/ * Weaknesses with cookie encryption see PMASA-2016-29 (CVE-2016-6606, CWE-661) * Multiple XSS vulnerabilities see PMASA-2016-30 (CVE-2016-6607, CWE-661) * Multiple XSS vulnerabilities see PMASA-2016-31 (CVE-2016-6608, CWE-661) * PHP code injection see PMASA-2016-32 (CVE-2016-6609, CWE-661) * Full path disclosure see PMASA-2016-33 (CVE-2016-6610, CWE-661) * SQL injection attack see PMASA-2016-34 (CVE-2016-6611, CWE-661) * Local file exposure through LOAD DATA LOCAL INFILE see PMASA-2016-35 (CVE-2016-6612, CWE-661) * Local file exposure through symlinks with UploadDir see PMASA-2016-36 (CVE-2016-6613, CWE-661) * Path traversal with SaveDir and UploadDir see PMASA-2016-37 (CVE-2016-6614, CWE-661) * Multiple XSS vulnerabilities see PMASA-2016-38 (CVE-2016-6615, CWE-661) * SQL injection vulnerability as control user see PMASA-2016-39 (CVE-2016-6616, CWE-661) * SQL injection vulnerability see PMASA-2016-40 (CVE-2016-6617, CWE-661) * Denial-of-service attack through transformation feature see PMASA-2016-41 (CVE-2016-6618, CWE-661) * SQL injection vulnerability as control user see PMASA-2016-42 (CVE-2016-6619, CWE-661) * Verify data before unserializing see PMASA-2016-43 (CVE-2016-6620, CWE-661) * SSRF in setup script see PMASA-2016-44 (CVE-2016-6621, CWE-661) * Denial-of-service attack with $cfg['AllowArbitraryServer'] = true and persistent connections see PMASA-2016-45 (CVE-2016-6622, CWE-661) * Denial-of-service attack by using for loops see PMASA-2016-46 (CVE-2016-6623, CWE-661) * Possible circumvention of IP-based allow/deny rules with IPv6 and proxy server see PMASA-2016-47 (CVE-2016-6624, CWE-661) * Detect if user is logged in see PMASA-2016-48 (CVE-2016-6625, CWE-661) * Bypass URL redirection protection see PMASA-2016-49 (CVE-2016-6626, CWE-661) * Referrer leak see PMASA-2016-50 (CVE-2016-6627, CWE-661) * Reflected File Download see PMASA-2016-51 (CVE-2016-6628, CWE-661) * ArbitraryServerRegexp bypass see PMASA-2016-52 (CVE-2016-6629, CWE-661) * Denial-of-service attack by entering long password see PMASA-2016-53 (CVE-2016-6630, CWE-661) * Remote code execution vulnerability when running as CGI see PMASA-2016-54 (CVE-2016-6631, CWE-661) * Denial-of-service attack when PHP uses dbase extension see PMASA-2016-55 (CVE-2016-6632, CWE-661) * Remove tode execution vulnerability when PHP uses dbase extension see PMASA-2016-56 (CVE-2016-6633, CWE-661) (Important) SUSE bug 994313 CVE-2016-6606 CVE-2016-6607 CVE-2016-6608 CVE-2016-6609 CVE-2016-6610 CVE-2016-6611 CVE-2016-6612 CVE-2016-6613 CVE-2016-6614 CVE-2016-6615 CVE-2016-6616 CVE-2016-6617 CVE-2016-6618 CVE-2016-6619 CVE-2016-6620 CVE-2016-6621 CVE-2016-6622 CVE-2016-6623 CVE-2016-6624 CVE-2016-6625 CVE-2016-6626 CVE-2016-6627 CVE-2016-6628 CVE-2016-6629 CVE-2016-6630 CVE-2016-6631 CVE-2016-6632 CVE-2016-6633 openSUSE 13.2 This update for typo3-cms-4_5 fixes the following issues: - CVE-2015-2047: Authentication Bypass (TYPO3-CORE-SA-2015-001) - CVE-2014-9508: Link spoofing and cache poisoning (TYPO3-CORE-SA-2014-003) - TYPO3-CORE-SA-2014-002: Multiple Vulnerabilities - CVE-2013-7073: Multiple vulnerabilities (TYPO3-CORE-SA-2013-004) This update contains the last upstream release 4.5.40, LTS discontinued since 04.2015. (Moderate) CVE-2013-7073 CVE-2014-9508 CVE-2015-2047 openSUSE 13.2 This update for MozillaFirefox, mozilla-nss fixes the following issues: Changes in MozillaFirefox: - Mozilla Firefox 48.0.1: * Fixed an audio regression impacting some major websites (bmo#1295296) * Fix a top crash in the JavaScript engine (bmo#1290469) * Fix a startup crash issue caused by Websense (bmo#1291738) * Fix a different behavior with e10s / non-e10s on <select> and mouse events (bmo#1291078) * Fix a top crash caused by plugin issues (bmo#1264530) * Fix a shutdown issue (bmo#1276920) * Fix a crash in WebRTC - added upstream patch so system plugins/extensions are correctly loaded again on x86-64 (bmo#1282843) - CVE-2016-6354: Fix for possible buffer overrun (boo#990856) Changes in mozilla-nss: - also sign libfreeblpriv3.so to allow FIPS mode again (boo#992236) (Moderate) SUSE bug 990856 SUSE bug 992236 CVE-2016-6354 openSUSE 13.2 This update for gd fixes the following issues: - Out-of-bounds read in function read_image_tga in gd_tga.c (CVE-2016-6905, boo#995034) (Moderate) SUSE bug 995034 CVE-2016-6905 openSUSE 13.2 This update for libgcrypt fixes the following issues: - RNG prediction vulnerability (boo#994157, CVE-2016-6313) (Moderate) SUSE bug 994157 CVE-2016-6313 openSUSE 13.2 This update for curl fixes the following issues: - fixing a performance regression with FTP (boo#991746) - TLS session resumption client cert bypass (boo#991389, CVE-2016-5419) - Re-using connections with wrong client cert (boo#991390, CVE-2016-5420) - use of connection struct after free (boo#991391, CVE-2016-5421) (Moderate) SUSE bug 991389 SUSE bug 991390 SUSE bug 991391 SUSE bug 991746 CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 openSUSE 13.2 java-1_8_0-openjdk was updated to version 7u95 to fix 9 security issues. (bsc#962743) - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions (Critical) SUSE bug 960996 SUSE bug 962743 CVE-2015-7575 CVE-2015-8126 CVE-2015-8472 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 openSUSE 13.2 This update for eog fixes the following issues: - Update to version 3.16.5 (boo#994819, CVE-2016-6855): + Bug fixes: - bgo#770143: CVE-2016-6855 out-of-bounds write in eog 3.10.2. - bgo#770197: eog leaks error message if loading an SVG fails. (Moderate) SUSE bug 994819 CVE-2016-6855 openSUSE 13.2 This update for MozillaThunderbird fixes the following issues: - update to Thunderbird 45.3.0 (boo#991809) * Disposition-Notification-To could not be used in mail.compose.other.header * "edit as new message" on a received message pre-filled the sender as the composing identity. * Certain messages caused corruption of the drafts summary database. security fixes: * MFSA 2016-62/CVE-2016-2836 Miscellaneous memory safety hazards * MFSA 2016-63/CVE-2016-2830 (bmo#1255270) Favicon network connection can persist when page is closed * MFSA 2016-64/CVE-2016-2838 (bmo#1279814) Buffer overflow rendering SVG with bidirectional content * MFSA 2016-65/CVE-2016-2839 (bmo#1275339) Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 * MFSA 2016-67/CVE-2016-5252 (bmo#1268854) Stack underflow during 2D graphics rendering * MFSA 2016-70/CVE-2016-5254 (bmo#1266963) Use-after-free when using alt key and toplevel menus * MFSA 2016-72/CVE-2016-5258 (bmo#1279146) Use-after-free in DTLS during WebRTC session shutdown * MFSA 2016-73/CVE-2016-5259 (bmo#1282992) Use-after-free in service workers with nested sync events * MFSA 2016-76/CVE-2016-5262 (bmo#1277475) Scripts on marquee tag can execute in sandboxed iframes * MFSA 2016-77/CVE-2016-2837 (bmo#1274637) Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback * MFSA 2016-78/CVE-2016-5263 (bmo#1276897) Type confusion in display transformation * MFSA 2016-79/CVE-2016-5264 (bmo#1286183) Use-after-free when applying SVG effects * MFSA 2016-80/CVE-2016-5265 (bmo#1278013) Same-origin policy violation using local HTML file and saved shortcut file - Fix for possible buffer overrun (boo#990856) CVE-2016-6354 (bmo#1292534) [mozilla-flex_buffer_overrun.patch] - add a screenshot to appdata.xml (Moderate) SUSE bug 990856 SUSE bug 991809 CVE-2016-2830 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-6354 openSUSE 13.2 This update for tiff fixes the following issues: - CVE-2016-3623: A divide by zero was fixed in the rgb2ycbcr tool. (bsc#974618) - CVE-2016-3945: An out-of-bounds write was fixed in the tiff2rgba tool. (bsc#974614) - CVE-2016-3990: An out-of-bounds write in horizontalDifference8() in tiffcp tool (bsc#975069) - CVE-2016-3991: An out-of-bounds write in loadImage() in tiffcrop tool (bsc#975070) (Moderate) SUSE bug 974614 SUSE bug 974618 SUSE bug 975069 SUSE bug 975070 CVE-2016-3623 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 openSUSE 13.2 java-1_7_0-openjdk was updated to version 7u95 to fix 9 security issues. (bsc#962743) - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions The following bugs were fixed: - bsc#939523: java-1_7_0-openjdk-headless had X dependencies, move libjavagtk to full package (Critical) SUSE bug 939523 SUSE bug 960996 SUSE bug 962743 CVE-2015-4871 CVE-2015-7575 CVE-2015-8126 CVE-2015-8472 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 openSUSE 13.2 gdk-pixbuf was updated to 2.32.3 to fix the following issues: Update to version 2.32.3: + Fix two crashes in the bmp loader (bgo#747605, bgo#758991) + ico: integer overflow fixes + Avoid some integer overflow possibilities in scaling code + Make relocations optional + Fix a crash due to overflow when scaling + Drop loaders for some rare image formats: wbmp, ras, pcx + Prevent testsuite failures due to lack of memory + Fix animation loading (bgo#755269) + More overflow fixes in the scaling code (bgo#754387) + Fix a crash in the tga loader + Fix several integer overflows (bgo#753908, bgo#753569) + Port animations to GTask + Translation updates - Add fixes for some crashes, taken from upstream git (boo#988745 boo#991450 CVE-2016-6352): (Moderate) SUSE bug 988745 SUSE bug 991450 CVE-2016-6352 openSUSE 13.2 This update for wget fixes the following issues: - CVE-2016-7098: Fixed a potential race condition by creating files with .tmp ext and making them accessible to the current user only. (boo#995964) (Moderate) SUSE bug 995964 CVE-2016-7098 openSUSE 13.2 Chromium was updated to 53.0.2785.101 to fix a number of security issues and bugs. The following vulnerabilities were fixed: (boo#996648) - CVE-2016-5147: Universal XSS in Blink. - CVE-2016-5148: Universal XSS in Blink. - CVE-2016-5149: Script injection in extensions. - CVE-2016-5150: Use after free in Blink. - CVE-2016-5151: Use after free in PDFium. - CVE-2016-5152: Heap overflow in PDFium. - CVE-2016-5153: Use after destruction in Blink. - CVE-2016-5154: Heap overflow in PDFium. - CVE-2016-5155: Address bar spoofing. - CVE-2016-5156: Use after free in event bindings. - CVE-2016-5157: Heap overflow in PDFium. - CVE-2016-5158: Heap overflow in PDFium. - CVE-2016-5159: Heap overflow in PDFium. - CVE-2016-5161: Type confusion in Blink. - CVE-2016-5162: Extensions web accessible resources bypass. - CVE-2016-5163: Address bar spoofing. - CVE-2016-5164: Universal XSS using DevTools. - CVE-2016-5165: Script injection in DevTools. - CVE-2016-5166: SMB Relay Attack via Save Page As. - CVE-2016-5160: Extensions web accessible resources bypass. The following upstream fixes are included: - SPDY crasher fixes - Disable NV12 DXGI video on AMD - Forward --password-store switch to os_crypt - Tell the kernel to discard USB requests when they time out. - disallow WKBackForwardListItem navigations for pushState pages - arc: bluetooth: Fix advertised uuid - fix conflicting PendingIntent for stop button and swipe away A number of tracked build system fixes are included. (boo#996032, boo#99606, boo#995932) The following tracked regression fix is included: - Re-enable widevine plugin (boo#998328) rpmlint and rpmlint-mini were updated to work around a memory exhaustion problem with this package on 32 bit (boo#969732). (Important) SUSE bug 969732 SUSE bug 995932 SUSE bug 996032 SUSE bug 99606 SUSE bug 996648 SUSE bug 998328 CVE-2016-5147 CVE-2016-5148 CVE-2016-5149 CVE-2016-5150 CVE-2016-5151 CVE-2016-5152 CVE-2016-5153 CVE-2016-5154 CVE-2016-5155 CVE-2016-5156 CVE-2016-5157 CVE-2016-5158 CVE-2016-5159 CVE-2016-5160 CVE-2016-5161 CVE-2016-5162 CVE-2016-5163 CVE-2016-5164 CVE-2016-5165 CVE-2016-5166 openSUSE 13.2 NonFree This update for flash-player fixes the following security issues (APSB16-29, boo#998589): * integer overflow vulnerability that could lead to code execution (CVE-2016-4287). * use-after-free vulnerabilities that could lead to code execution (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932) * security bypass vulnerabilities that could lead to information disclosure (CVE-2016-4271, CVE-2016-4277, CVE-2016-4278) * memory corruption vulnerabilities that could lead to code execution (CVE-2016-4182, CVE-2016-4237, CVE-2016-4238, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, CVE-2016-6924) The package description was update to reflex that the stand-alone Flash is no longer provided on x86_64 architectures (boo#977664). (Important) SUSE bug 977664 SUSE bug 998589 CVE-2016-4182 CVE-2016-4237 CVE-2016-4238 CVE-2016-4271 CVE-2016-4272 CVE-2016-4274 CVE-2016-4275 CVE-2016-4276 CVE-2016-4277 CVE-2016-4278 CVE-2016-4279 CVE-2016-4280 CVE-2016-4281 CVE-2016-4282 CVE-2016-4283 CVE-2016-4284 CVE-2016-4285 CVE-2016-4287 CVE-2016-6921 CVE-2016-6922 CVE-2016-6923 CVE-2016-6924 CVE-2016-6925 CVE-2016-6926 CVE-2016-6927 CVE-2016-6929 CVE-2016-6930 CVE-2016-6931 CVE-2016-6932 openSUSE 13.2 Chromium was updated to 53.0.2785.113 to fix a number of security issues and bugs. The following vulnerabilities were fixed: - CVE-2016-5170: Use after free in Blink - CVE-2016-5171: Use after free in Blink - CVE-2016-5172: Arbitrary Memory Read in v8 - CVE-2016-5173: Extension resource access - CVE-2016-5174: Popup not correctly suppressed - CVE-2016-5175: Various fixes from internal audits, fuzzing and other initiatives (Important) SUSE bug 998743 CVE-2016-5170 CVE-2016-5171 CVE-2016-5172 CVE-2016-5173 CVE-2016-5174 CVE-2016-5175 openSUSE 13.2 Virtualbox was updated to 5.0.26 to fix the following issues: This update fixes various security issues. - CVE-2016-3612: An unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.22 allowed remote attackers to affect confidentiality via vectors related to Core. (boo#990369). - CVE-2016-3597: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.26 allows local users to affect availability via vectors related to Core. (bsc#990370) - Update the host <-> guest KMP conflict dependencies to no longer refer to the old name (boo#983927). This is a maintenance release. The following items were fixed and/or added: - VMM: fixed a bug in the task switching code (ticket #15571) - GUI: allow to overwrite an existing file when saving a log file (bug #8034) - GUI: fixed screenshot if the VM is started in separate mode - Audio: improved recording from USB headsets and other sources which might need conversion of captured data - Audio: fixed regression of not having any audio available on Solaris hosts - VGA: fixed an occasional hang when running Windows guests with 3D enabled - Storage: fixed a possible endless reconnect loop for the iSCSI backend if connecting to the target succeeds but further I/O requests cause a disconnect - Storage: fixed a bug when resizing certain VDI images which resulted in using the whole disk on the host (bug #15582) - EFI: fixed access to devices attached to SATA port 2 and higher (bug #15607) - API: fixed video recording with VBoxHeadless (bug #15443) - API: don't crash if there is no graphics controller configured (bug #15628) - VBoxSVC: fixed several memory leaks when handling .dmg images Version bump to 5.0.24 (released 2016-06-28 by Oracle) This is a maintenance release. The following items were fixed and/or added: - VMM: reverted to the old I/O-APIC code for now to fix certain regressions with 5.0.22 (bug #15529). This means that the networking performance with certain guests will drop to the 5.0.20 level (bug #15295). One workaround is to disable GRO for Linux guests. - Main: when taking a screenshot, don't save garbage for blanked screens - NAT: correctly parse resolv.conf file with multiple separators (5.0.22 regression) - Storage: fixed a possible corruption of stream optimized VMDK images from VMware when opened in read/write mode for the first time - Audio: imlemented dynamic re-attaching of input/output devices on Mac OS X hosts - ACPI: notify the guest when the battery / AC state changes instead of relying on guest polling - Linux hosts: fixed VERR_VMM_SET_JMP_ABORTED_RESUME Guru Meditations on hosts with Linux 4.6 or later (bug #15439) Version bump to 5.0.22 (released 2016-06-16 by Oracle) This is a maintenance release. The following items were fixed and/or added: - VMM: fixes for certain Intel Atom hosts (bug #14915) - VMM: properly restore the complete FPU state for 32-bit guests on 64-bit hosts on Intel Sandy Bridge and Ivy Bridge CPUs - VMM: new I/O-APIC implementation fixing several bugs and improving the performance under certain conditions (bug #15295 and others) - VMM: fixed a potential Linux guest panic on AMD hosts - VMM: fixed a potential hang with 32-bit EFI guests on Intel CPUs (VT-x without unrestricted guest execution) - GUI: don't allow to start subsequent separate VM instances - GUI: raised upper limit for video capture screen resolution (bug #15432) - GUI: warn if the VM has less than 128MB VRAM configured and 3D enabled - Main: when monitoring DNS configuration changes on Windows hosts avoid false positives from competing DHCP renewals. This should fix NAT link flaps when host has multiple DHCP configured interfaces, in particular when the host uses OpnVPN. - Main: properly display an error message if the VRDE server cannot be enabled at runtime, for example because another service is using the same port - NAT: Initialize guest address guess for wildcard port-forwarding rules with default guest address (bug #15412) - VGA: fix for a problem which made certain legacy guests crash under certain conditions (bug #14811) - OVF: fixed import problems for some appliances using an AHCI controller created by 3rd party applications - SDK: reduced memory usage in the webservice Java bindings - Windows Additions: fixes to retain the guest display layout when resizing or disabling the guest monitors - Linux hosts: EL 6.8 fix (bug #15411) - Linux hosts: Linux 4.7 fix (bug #15459) - Linux Additions: Linux 4.7 fixes (bug #15444) - Linux Additions: fix for certain 32-bit guests (5.0.18 regression; bug #15320) - Linux Additions: fixed mouse pointer offset (5.0.18 regression; bug #15324) - Linux Additions: made old X.Org releases work again with kernels 3.11 and later (5.0.18 regression; bug #15319) - Linux Additions: fixed X.Org crash after hard guest reset (5.0.18 regression; bug #15354) - Linux Additions: don't stop the X11 setup if loading the shared folders module fails (5.0.18 regression) - Linux Additions: don't complain if the Drag and Drop service is not available on the host - Solaris Additions: added support for X.org 1.18 (Moderate) SUSE bug 983927 SUSE bug 990369 SUSE bug 990370 CVE-2016-3597 CVE-2016-3612 openSUSE 13.2 This update for php5 fixes the following security issues: * CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization * CVE-2016-7125: PHP Session Data Injection Vulnerability * CVE-2016-7126: select_colors write out-of-bounds * CVE-2016-7127: imagegammacorrect allowed arbitrary write access * CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF * CVE-2016-7129: wddx_deserialize allowed illegal memory access * CVE-2016-7130: wddx_deserialize null dereference * CVE-2016-7131: wddx_deserialize null dereference with invalid xml * CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element * CVE-2016-7134: Heap overflow in the function curl_escape (Important) SUSE bug 997206 SUSE bug 997207 SUSE bug 997208 SUSE bug 997210 SUSE bug 997211 SUSE bug 997220 SUSE bug 997225 SUSE bug 997230 SUSE bug 997248 SUSE bug 997257 CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 CVE-2016-7134 openSUSE 13.2 This update for file-roller fixes the following issue: - CVE-2016-7162: Do not follow symlinks when deleting a folder recursively. (boo#997822, bgo#698554) (Moderate) SUSE bug 997822 CVE-2016-7162 openSUSE 13.2 This update for pdns fixes the following issues: - CVE-2016-5426, CVE-2016-5427: Fix case where crafted queries can cause unexpected backend load. (boo#998159) (Moderate) SUSE bug 998159 CVE-2016-5426 CVE-2016-5427 openSUSE 13.2 This gtk2 update to version 2.24.31 fixes the following issues: Security issues fixed: - CVE-2013-7447: Fixed integer overflow in image handling (boo#966682). Bugs fixed: - Changes from version 2.24.31: + Backport many file chooser entry fixes and cleanups. + Don't crash if invisible files are deleted. + Bugs fixed: bgo#555087, bgo#586367, bgo#635287, bgo#640698, bgo#648419, bgo#672271, bgo#679333, bgo#687196, bgo#703220 (CVE-2013-7447), bgo#720330, bgo#729927, bgo#737777, bgo#752707, bgo#756450, bgo#765120, bgo#765193, bgo#768163, bgo#764996, bgo#769126. - Changes from version 2.24.30: + Win32: Build fixes. + X11: Support Randr 1.5 monitor information. + Bugs fixed: bgo#722815, bgo#612611, bgo#699652, bgo#698652, bgo#758893. + Updated translations. - Changes from version 2.24.29: + OS X: Partial aspect ratio support. + Bugs fixed: bgo#345345, bgo#745127, bgo#749507, bgo#752638, bgo#753644, bgo#753691, bgo#753992, bgo#754046. + Updated translations. GTK2 Engine and branding packages were rebuilt to match the updated gtk2 package (boo#999375). (Moderate) SUSE bug 966682 SUSE bug 999375 CVE-2013-7447 openSUSE 13.2 This update for MozillaFirefox and mozilla-nss fixes the following issues: MozillaFirefox was updated to version 49.0 (boo#999701) - New features * Updated Firefox Login Manager to allow HTTPS pages to use saved HTTP logins. * Added features to Reader Mode that make it easier on the eyes and the ears * Improved video performance for users on systems that support SSE3 without hardware acceleration * Added context menu controls to HTML5 audio and video that let users loops files or play files at 1.25x speed * Improvements in about:memory reports for tracking font memory usage - Security related fixes * MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in PropertyProvider::GetSpacingInternal CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin CVE-2016-5273 (bmo#1280387) - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList CVE-2016-5274 (bmo#1282076) - use-after-free in nsFrameManager::CaptureFrameState CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame CVE-2016-5279 (bmo#1249522) - Full local path of files is available to web pages after drag and drop CVE-2016-5280 (bmo#1289970) - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons from non-whitelisted schemes CVE-2016-5283 (bmo#928187) - <iframe src> fragment timing attack can reveal cross-origin data CVE-2016-5284 (bmo#1303127) - Add-on update site certificate pin expiration CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 - requires NSS 3.25 - Mozilla Firefox 48.0.2: * Mitigate a startup crash issue caused on Windows (bmo#1291738) mozilla-nss was updated to NSS 3.25. New functionality: * Implemented DHE key agreement for TLS 1.3 * Added support for ChaCha with TLS 1.3 * Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF * In previous versions, when using client authentication with TLS 1.2, NSS only supported certificate_verify messages that used the same signature hash algorithm as used by the PRF. This limitation has been removed. * Several functions have been added to the public API of the NSS Cryptoki Framework. New functions: * NSSCKFWSlot_GetSlotID * NSSCKFWSession_GetFWSlot * NSSCKFWInstance_DestroySessionHandle * NSSCKFWInstance_FindSessionHandle Notable changes: * An SSL socket can no longer be configured to allow both TLS 1.3 and SSLv3 * Regression fix: NSS no longer reports a failure if an application attempts to disable the SSLv2 protocol. * The list of trusted CA certificates has been updated to version 2.8 * The following CA certificate was Removed Sonera Class1 CA * The following CA certificates were Added Hellenic Academic and Research Institutions RootCA 2015 Hellenic Academic and Research Institutions ECC RootCA 2015 Certplus Root CA G1 Certplus Root CA G2 OpenTrust Root CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3 (Important) SUSE bug 999701 CVE-2016-2827 CVE-2016-5256 CVE-2016-5257 CVE-2016-5270 CVE-2016-5271 CVE-2016-5272 CVE-2016-5273 CVE-2016-5274 CVE-2016-5275 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5279 CVE-2016-5280 CVE-2016-5281 CVE-2016-5282 CVE-2016-5283 CVE-2016-5284 openSUSE 13.2 This update for openssl fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] (boo#999665) Severity: High * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (boo#999666) Severity: Low * Pointer arithmetic undefined behaviour (CVE-2016-2177) (boo#982575) * Constant time flag not preserved in DSA signing (CVE-2016-2178) (boo#983249) * DTLS buffered message DoS (CVE-2016-2179) (boo#994844) * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) (boo#990419) * DTLS replay protection DoS (CVE-2016-2181) (boo#994749) * OOB write in BN_bn2dec() (CVE-2016-2182) (boo#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (boo#995359) * Malformed SHA512 ticket DoS (CVE-2016-6302) (boo#995324) * OOB write in MDC2_Update() (CVE-2016-6303) (boo#995377) * Certificate message OOB reads (CVE-2016-6306) (boo#999668) More information can be found on https://www.openssl.org/news/secadv/20160922.txt * update expired S/MIME certs (boo#979475) * allow >= 64GB AESGCM transfers (boo#988591) * fix crash in print_notice (boo#998190) * resume reading from /dev/urandom when interrupted by a signal (boo#995075) (Important) SUSE bug 979475 SUSE bug 982575 SUSE bug 983249 SUSE bug 988591 SUSE bug 990419 SUSE bug 993819 SUSE bug 994749 SUSE bug 994844 SUSE bug 995075 SUSE bug 995324 SUSE bug 995359 SUSE bug 995377 SUSE bug 998190 SUSE bug 999665 SUSE bug 999666 SUSE bug 999668 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 openSUSE 13.2 This update for freerdp fixes the following issues: Security issues fixed: - CVE-2013-4118: Add a NULL pointer check to fix a server crash (boo#829013). - CVE-2014-0791: The remaining length in the stream is checked before doing some malloc(), which could have lead to crashes. (boo#857491). (Moderate) SUSE bug 829013 SUSE bug 857491 CVE-2013-4118 CVE-2014-0791 openSUSE 13.2 The nameserver bind was updated to fix a remote denial of service vulnerability, where a crafted packet could cause the nameserver to abort. (CVE-2016-2776, bsc#1000362) This update was imported from the SUSE:SLE-12-SP1:Update update project. (Critical) SUSE bug 1000362 CVE-2016-2776 openSUSE 13.2 The postgresql server postgresql93 was updated to 9.3.14 fixes the following issues: Update to version 9.3.14: * Fix possible mis-evaluation of nested CASE-WHEN expressions (CVE-2016-5423, boo#993454) * Fix client programs' handling of special characters in database and role names (CVE-2016-5424, boo#993453) * Fix corner-case misbehaviors for IS NULL/IS NOT NULL applied to nested composite values * Make the inet and cidr data types properly reject IPv6 addresses with too many colon-separated fields * Prevent crash in close_ps() (the point ## lseg operator) for NaN input coordinates * Fix several one-byte buffer over-reads in to_number() * Avoid unsafe intermediate state during expensive paths through heap_update() * For the other bug fixes, see the release notes: https://www.postgresql.org/docs/9.3/static/release-9-3-14.html Update to version 9.3.13: This update fixes several problems which caused downtime for users, including: - Clearing the OpenSSL error queue before OpenSSL calls, preventing errors in SSL connections, particularly when using the Python, Ruby or PHP OpenSSL wrappers - Fixed the "failed to build N-way joins" planner error - Fixed incorrect handling of equivalence in multilevel nestloop query plans, which could emit rows which didn't match the WHERE clause. - Prevented two memory leaks with using GIN indexes, including a potential index corruption risk. The release also includes many other bug fixes for reported issues, many of which affect all supported versions: - Fix corner-case parser failures occurring when operator_precedence_warning is turned on - Prevent possible misbehavior of TH, th, and Y,YYY format codes in to_timestamp() - Correct dumping of VIEWs and RULEs which use ANY (array) in a subselect - Disallow newlines in ALTER SYSTEM parameter values - Avoid possible misbehavior after failing to remove a tablespace symlink - Fix crash in logical decoding on alignment-picky platforms - Avoid repeated requests for feedback from receiver while shutting down walsender - Multiple fixes for pg_upgrade - Support building with Visual Studio 2015 - This update also contains tzdata release 2016d, with updates for Russia, Venezuela, Kirov, and Tomsk. http://www.postgresql.org/docs/current/static/release-9-3-13.html Update to version 9.3.12: - Fix two bugs in indexed ROW() comparisons - Avoid data loss due to renaming files - Prevent an error in rechecking rows in SELECT FOR UPDATE/SHARE - Fix bugs in multiple json_ and jsonb_ functions - Log lock waits for INSERT ON CONFLICT correctly - Ignore recovery_min_apply_delay until reaching a consistent state - Fix issue with pg_subtrans XID wraparound - Fix assorted bugs in Logical Decoding - Fix planner error with nested security barrier views - Prevent memory leak in GIN indexes - Fix two issues with ispell dictionaries - Avoid a crash on old Windows versions - Skip creating an erroneous delete script in pg_upgrade - Correctly translate empty arrays into PL/Perl - Make PL/Python cope with identifier names For the full release notes, see: http://www.postgresql.org/docs/9.4/static/release-9-3-12.html (Important) SUSE bug 993453 SUSE bug 993454 CVE-2016-5423 CVE-2016-5424 openSUSE 13.2 This update Chromium 53.0.2785.143 fixes the following issues (boo#1002140) - CVE-2016-5177: Use after free in V8 - CVE-2016-5178: Various fixes from internal audits The following bugfix changes are included: - Export GDK_BACKEND=x11 before starting chromium, ensuring that it's started as an Xwayland client (boo#1001135). - Changes to Sandbox to fix crashers on tumbleweed (boo#999091) (Moderate) SUSE bug 1001135 SUSE bug 1002140 SUSE bug 999091 CVE-2016-5177 CVE-2016-5178 openSUSE 13.2 This update for glibc fixes the following issues: Security issues fixed: - arm: mark __startcontext as .cantunwind (CVE-2016-6323, boo#994359, BZ #20435) Bugs fixed: - aarch64: Merge __local_multiple_threads offset with memory reference - Fix memory leak in regexp compiler (BZ #17069) - Provide correct buffer length to netgroup queries in nscd (BZ #16695) - Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (BZ #16878) - aarch64: End frame record chain correctly (BZ #17555) - _IO_wstr_overflow integer overflow (BZ #17269) - Fix nscd lookup when netgroup has wildcards (BZ #16758, BZ #16759) - Avoid overlapping addresses to stpcpy calls in nscd (BZ #16760) - resolv: Always set *resplen2 out parameter in send_dg (boo#994576, BZ #19791) - Fix memory handling in strxfrm_l (BZ #16009) - Harden tls_dtor_list with pointer mangling (BZ #19018) - open and openat ignore 'mode' with O_TMPFILE in flags (BZ #17523) (Moderate) SUSE bug 994359 SUSE bug 994576 CVE-2016-6323 openSUSE 13.2 This update for php5 fixes the following security issues: * CVE-2016-7411: Memory corruption when destructing deserialized object * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field * CVE-2016-7413: Use after free in wddx_deserialize * CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message * CVE-2016-7417: Missing type check when unserializing SplArray * CVE-2016-7418: Null pointer dereference in php_wddx_push_element (Important) SUSE bug 999679 SUSE bug 999680 SUSE bug 999682 SUSE bug 999684 SUSE bug 999685 SUSE bug 999819 SUSE bug 999820 CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 openSUSE 13.2 This update for python-Jinja2 fixes the following issues: Update to version 2.8: - Added `target` parameter to urlize function. - Added support for `followsymlinks` to the file system loader. - The truncate filter now counts the length. - Added equalto filter that helps with select filters. - Changed cache keys to use absolute file names if available instead of load names. - Fixed loop length calculation for some iterators. - Changed how Jinja2 enforces strings to be native strings in Python 2 to work when people break their default encoding. - Added :func:`make_logging_undefined` which returns an undefined object that logs failures into a logger. - If unmarshalling of cached data fails the template will be reloaded now. - Implemented a block ``set`` tag. - Default cache size was incrased to 400 from a low 50. - Fixed ``is number`` test to accept long integers in all Python versions. - Changed ``is number`` to accept Decimal as a number. - Added a check for default arguments followed by non-default arguments. This change makes ``{% macro m(x, y=1, z) %}...{% endmacro %}`` a syntax error. The previous behavior for this code was broken anyway (resulting in the default value being applied to `y`). - Add ability to use custom subclasses of ``jinja2.compiler.CodeGenerator`` and ``jinja2.runtime.Context`` by adding two new attributes to the environment (`code_generator_class` and `context_class`) (pull request ``#404``). - added support for context/environment/evalctx decorator functions on the finalize callback of the environment. - escape query strings for urlencode properly. Previously slashes were not escaped in that place. - Add 'base' parameter to 'int' filter. - Update to 2.7.3 (boo#858239, CVE-2014-0012) (Important) SUSE bug 858239 CVE-2014-0012 openSUSE 13.2 This update for Mozilla Thunderbird to version 45.4.0 fixes the following issues: - When using Thunderbird in a browser like context, for rendering HTML e-mail or feeds, it may be affected by vulnerabilities also fixed in Firefox ESR 45.4. (MFSA 2016-86, boo#999701) The following bugs were fixed in this release: - Display name was truncated if no separating space before email address - Recipient addresses were shown in wrong color in some circumstances - Additional spaces were inserted when drafts were edited. - Mail saved as template copied In-Reply-To and References from original email. - Threading broken when editing message draft, due to loss of Message-ID - "Apply columns to..." did not honor special folders (Moderate) SUSE bug 999701 openSUSE 13.2 This update for xen fixes the following issues: These security issues were fixed: - CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785) - CVE-2016-7093: Xen allowed local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation (bsc#995789) - CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792) - CVE-2016-7154: Use-after-free vulnerability in the FIFO event channel code in Xen allowed local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number (bsc#997731) - CVE-2016-6836: VMWARE VMXNET3 NIC device support was leaging information leakage. A privileged user inside guest could have used this to leak host memory bytes to a guest (boo#994761) - CVE-2016-6888: Integer overflow in packet initialisation in VMXNET3 device driver. A privileged user inside guest could have used this flaw to crash the Qemu instance resulting in DoS (bsc#994772) - CVE-2016-6833: Use-after-free issue in the VMWARE VMXNET3 NIC device support. A privileged user inside guest could have used this issue to crash the Qemu instance resulting in DoS (boo#994775) - CVE-2016-6835: Buffer overflow in the VMWARE VMXNET3 NIC device support, causing an OOB read access (bsc#994625) - CVE-2016-6834: A infinite loop during packet fragmentation in the VMWARE VMXNET3 NIC device support allowed privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994421) - CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675) - CVE-2016-5403: The virtqueue_pop function in hw/virtio/virtio.c in QEMU allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion (boo#990923) - CVE-2016-6351: The esp_do_dma function in hw/scsi/esp.c, when built with ESP/NCR53C9x controller emulation support, allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the host via vectors involving DMA read into ESP command buffer (bsc#990843) - CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675) - CVE-2016-5337: The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allowed local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information (bsc#983973) - CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allowed local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer (bsc#983984) - CVE-2016-5238: The get_cmd function in hw/scsi/esp.c in QEMU allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode (bsc#982960) - CVE-2016-4453: The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command (bsc#982225) - CVE-2016-4454: The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allowed local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read (bsc#982224) - CVE-2016-5126: Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allowed local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call (bsc#982286) - CVE-2016-5105: The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, used an uninitialized variable, which allowed local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command (bsc#982024) - CVE-2016-5106: The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allowed local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command (bsc#982025) - CVE-2016-5107: The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allowed local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors (bsc#982026) - CVE-2016-4963: The libxl device-handling allowed local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore (bsc#979670) - CVE-2016-4962: The libxl device-handling allowed local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore (bsc#979620) - CVE-2016-4952: Out-of-bounds access issue in pvsci_ring_init_msg/data routines (bsc#981276) - CVE-2014-3672: The qemu implementation in libvirt Xen allowed local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr (bsc#981264) - CVE-2016-4441: The get_cmd function in the 53C9X Fast SCSI Controller (FSC) support did not properly check DMA length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command (bsc#980724) - CVE-2016-4439: The esp_reg_write function in the 53C9X Fast SCSI Controller (FSC) support did not properly check command buffer length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the host via unspecified vectors (bsc#980716) - CVE-2016-3710: The VGA module improperly performed bounds checking on banked access to video memory, which allowed local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue (bsc#978164) - CVE-2016-3960: Integer overflow in the x86 shadow pagetable code allowed local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping (bsc#974038) - CVE-2016-4037: The ehci_advance_state function in hw/usb/hcd-ehci.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list (bsc#976111) - CVE-2016-4020: The patch_instruction function did not initialize the imm32 variable, which allowed local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR) (bsc#975907) - CVE-2016-4001: Buffer overflow in the stellaris_enet_receive function, when the Stellaris ethernet controller is configured to accept large packets, allowed remote attackers to cause a denial of service (QEMU crash) via a large packet (bsc#975130) - CVE-2016-4002: Buffer overflow in the mipsnet_receive function, when the guest NIC is configured to accept large packets, allowed remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes (bsc#975138) - CVE-2016-3158: The xrstor function did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188) - CVE-2016-3159: The fpu_fxrstor function in arch/x86/i387.c did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188) - CVE-2016-4480: The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen did not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might have allowed local guest OS users to gain privileges via a crafted mapping of memory (bsc#978295) These non-security issues were fixed: - boo#991934: xen hypervisor crash in csched_acct - boo#992224: [HPS Bug] During boot of Xen Hypervisor, Failed to get contiguous memory for DMA from Xen - boo#970135: new virtualization project clock test randomly fails on Xen - boo#971949 xl: Support (by ignoring) xl migrate --live. xl migrations are always live - boo#990970: Add PMU support for Intel E7-8867 v4 (fam=6, model=79) - boo#985503: vif-route broken - boo#978413: PV guest upgrade from sles11sp4 to sles12sp2 alpha3 failed on sles11sp4 xen host - boo#986586: out of memory (oom) during boot on "modprobe xenblk" (non xen kernel) - boo#953339, boo#953362, boo#953518, boo#984981) boo#953339, boo#953362, boo#953518, boo#984981: Implement SUSE specific unplug protocol for emulated PCI devices in PVonHVM guests to qemu-xen-upstream - boo#958848: HVM guest crash at /usr/src/packages/BUILD/ xen-4.4.2-testing/obj/default/balloon/balloon.c:407 - boo#982695: xen-4.5.2 qemu fails to boot HVM guest from xvda - boo#954872: script block-dmmd not working as expected - boo#961600: L3: poor performance when Xen HVM domU configured with max memory greater than current memory - boo#979035: restore xm migrate fixes for boo#955399/ boo#955399 - boo#963161: Windows VM getting stuck during load while a VF is assigned to it after upgrading to latest maintenance updates boo#963161 - boo#976058: Xen error running simple HVM guest (Post Alpha 2 xen+qemu) - boo#973631: AWS EC2 kdump issue - boo#961100: Migrate a fv guest from sles12 to sles12sp1 on xen fails for "Domain is not running on destination host". - boo#964427: Discarding device blocks: failed - Input/output error (Important) SUSE bug 953339 SUSE bug 953362 SUSE bug 953518 SUSE bug 954872 SUSE bug 955399 SUSE bug 958848 SUSE bug 961100 SUSE bug 961600 SUSE bug 963161 SUSE bug 964427 SUSE bug 970135 SUSE bug 971949 SUSE bug 973188 SUSE bug 973631 SUSE bug 974038 SUSE bug 975130 SUSE bug 975138 SUSE bug 975907 SUSE bug 976058 SUSE bug 976111 SUSE bug 978164 SUSE bug 978295 SUSE bug 978413 SUSE bug 979035 SUSE bug 979620 SUSE bug 979670 SUSE bug 980716 SUSE bug 980724 SUSE bug 981264 SUSE bug 981276 SUSE bug 982024 SUSE bug 982025 SUSE bug 982026 SUSE bug 982224 SUSE bug 982225 SUSE bug 982286 SUSE bug 982695 SUSE bug 982960 SUSE bug 983973 SUSE bug 983984 SUSE bug 984981 SUSE bug 985503 SUSE bug 986586 SUSE bug 988675 SUSE bug 990843 SUSE bug 990923 SUSE bug 990970 SUSE bug 991934 SUSE bug 992224 SUSE bug 994421 SUSE bug 994625 SUSE bug 994761 SUSE bug 994772 SUSE bug 994775 SUSE bug 995785 SUSE bug 995789 SUSE bug 995792 SUSE bug 997731 CVE-2014-3615 CVE-2014-3672 CVE-2016-3158 CVE-2016-3159 CVE-2016-3710 CVE-2016-3712 CVE-2016-3960 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037 CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4480 CVE-2016-4952 CVE-2016-4962 CVE-2016-4963 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6258 CVE-2016-6351 CVE-2016-6833 CVE-2016-6834 CVE-2016-6835 CVE-2016-6836 CVE-2016-6888 CVE-2016-7092 CVE-2016-7093 CVE-2016-7094 CVE-2016-7154 openSUSE 13.2 This update for kde-cli-tools5 fixes the following vulnerability: * CVE-2016-7787: user could sneak an unicode string terminator in the kdesu invocation (boo#1001916) (Moderate) SUSE bug 1001916 CVE-2016-7787 openSUSE 13.2 This update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues: * Nodejs embedded openssl version update + upgrade to 1.0.2j (CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052) + remove support for dynamic 3rd party engine modules * http: Properly validate for allowable characters in input user data. This introduces a new case where throw may occur when configuring HTTP responses, users should already be adopting try/catch here. (CVE-2016-5325, bsc#985201) * tls: properly validate wildcard certificates (CVE-2016-7099, bsc#1001652) * buffer: Zero-fill excess bytes in new Buffer objects created with Buffer.concat() (Important) SUSE bug 1001652 SUSE bug 985201 CVE-2016-1669 CVE-2016-2178 CVE-2016-2183 CVE-2016-5325 CVE-2016-6304 CVE-2016-6306 CVE-2016-7052 CVE-2016-7099 openSUSE 13.2 NonFree This update for flash-player fixes the following security issues: - CVE-2016-4273: Unspecified memory corruption vulnerability that could lead to code execution - CVE-2016-4286: Unspecified security bypass vulnerability - CVE-2016-6981: Unspecified use-after-free vulnerability that could lead to code execution - CVE-2016-6982: Unspecified memory corruption vulnerability that could lead to code execution - CVE-2016-6983: Unspecified memory corruption vulnerability that could lead to code execution - CVE-2016-6984: Unspecified memory corruption vulnerability that could lead to code execution - CVE-2016-6985: Unspecified memory corruption vulnerability that could lead to code execution - CVE-2016-6986: Unspecified memory corruption vulnerability that could lead to code execution - CVE-2016-6987: Unspecified use-after-free vulnerability that could lead to code execution - CVE-2016-6989: Unspecified memory corruption vulnerability that could lead to code execution - CVE-2016-6990: Unspecified memory corruption vulnerability that could lead to code execution - CVE-2016-6992: Unspecified type confusion vulnerability that could lead to code execution The EULA was updated to version 23.0 (boo#1003993). (Moderate) SUSE bug 1003993 SUSE bug 1004019 CVE-2016-4273 CVE-2016-4286 CVE-2016-6981 CVE-2016-6982 CVE-2016-6983 CVE-2016-6984 CVE-2016-6985 CVE-2016-6986 CVE-2016-6987 CVE-2016-6989 CVE-2016-6990 CVE-2016-6992 openSUSE 13.2 This update for systemd fixes the following issues: - CVE-2016-7796: A zero-length message received over systemd's notification socket could make manager_dispatch_notify_fd() return an error and, as a side effect, disable the notification handler completely. As the notification socket is world-writable, this could have allowed a local user to perform a denial-of-service attack against systemd. (bsc#1001765) Additionally, the following non-security fixes are included: - Fix HMAC calculation when appending a data object to journal. (bsc#1000435) - Never accept file descriptors from file systems with mandatory locking enabled. (bsc#954374) - Do not warn about missing install info with "preset". (bsc#970293) - Save /run/systemd/users/UID before starting user@.service. (bsc#996269) - Make sure that /var/lib/systemd/sysv-convert/database is always initialized. (bsc#982211) (Important) SUSE bug 1000435 SUSE bug 1001765 SUSE bug 954374 SUSE bug 970293 SUSE bug 982211 SUSE bug 996269 CVE-2016-7796 openSUSE 13.2 This update for tiff fixes the following security issues: - CVE-2016-3622: A specially crafted TIFF image could trigger a crash in tiff2rgba (boo#974449) - Various out-of-bound write vulnerabilities with unspecified impact (MSVR 35093, MSVR 35094, MSVR 35095, MSVR 35096, MSVR 35097, MSVR 35098) (Moderate) SUSE bug 974449 CVE-2016-3622 openSUSE 13.2 This update for unzip fixes the following issues: - CVE-2015-7696: Specially crafted zip files with password protection could trigger a crash and lead to denial of service (bsc#950110) - CVE-2015-7697: Specially crafted zip files could trigger an endless loop and lead to denial of service (bsc#950111) (Low) SUSE bug 950110 SUSE bug 950111 CVE-2015-7696 CVE-2015-7697 openSUSE 13.2 This update for derby fixes the following issues: - CVE-2015-1832: Remote attackers could have obtained sensitive information via an XML external entity when processing XML (bsc#1002763) (Moderate) SUSE bug 1002763 CVE-2015-1832 openSUSE 13.2 Wireshark was updated to 1.12.9 to fix a number of crashes in protocol dissectors. [boo#960382] * CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. * CVE-2015-8712: The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. * CVE-2015-8714: The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. * CVE-2015-8716: The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8717: The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8718: Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the "Match MSG/RES packets for async NLM" option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8719: The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8720: The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8721: Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression. * CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. * CVE-2015-8723: The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted * CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8725: The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. * CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. * CVE-2015-8727: The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. * CVE-2015-8728: The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet. * CVE-2015-8729: The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. * CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet. * CVE-2015-8731: The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8733: The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. (Low) SUSE bug 960382 CVE-2015-8711 CVE-2015-8712 CVE-2015-8713 CVE-2015-8714 CVE-2015-8715 CVE-2015-8716 CVE-2015-8717 CVE-2015-8718 CVE-2015-8719 CVE-2015-8720 CVE-2015-8721 CVE-2015-8722 CVE-2015-8723 CVE-2015-8724 CVE-2015-8725 CVE-2015-8726 CVE-2015-8727 CVE-2015-8728 CVE-2015-8729 CVE-2015-8730 CVE-2015-8731 CVE-2015-8732 CVE-2015-8733 openSUSE 13.2 This update for kcoreaddons fixes the following issues: - CVE-2016-7966: HTML injection in plain text viewer (boo#1002977) (Moderate) SUSE bug 1002977 CVE-2016-7966 openSUSE 13.2 This update for dbus-1 to version 1.8.22 fixes several issues. This security issue was fixed: - boo#1003898: Do not treat ActivationFailure message received from root-owned systemd name as a format string. These non-security issues were fixed: - boo#978477: Correctly reset timeouts for pending file descriptors - boo#980928: increase listen() backlog of AF_UNIX sockets to SOMAXCONN - Change the default configuration for the session bus to only allow EXTERNAL authentication (secure kernel-mediated credentials-passing), as was already done for the system bus. - Fix a memory leak when GetConnectionCredentials() succeeds (fdo#91008) - Ensure that dbus-monitor does not reply to messages intended for others (fdo#90952) - Add locking to DBusCounter's reference count and notify function (fdo#89297) - Ensure that DBusTransport's reference count is protected by the corresponding DBusConnection's lock (fdo#90312) - Correctly release DBusServer mutex before early-return if we run out of memory while copying authentication mechanisms (fdo#90021) - Correctly initialize all fields of DBusTypeReader (fdo#90021) - Fix some missing \n in verbose (debug log) messages (fdo#90004) - Clean up some memory leaks in test code (fdo#90021) (Moderate) SUSE bug 1003898 SUSE bug 978477 SUSE bug 980928 openSUSE 13.2 This update for tor fixes the following security issue: - TROVE-2016-10-001: Remote DoS vulnerability triggered by specially crafted data (boo#1005292) (Moderate) SUSE bug 1005292 openSUSE 13.2 This update for gd fixes the following issue: - CVE-2016-7568: Integer overflow in the gdImageWebpCtx function in gd_webp.c (libgd) (bsc#1001900). (Important) SUSE bug 1001900 CVE-2016-7568 openSUSE 13.2 This update for php5 fixes the following issu: - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf (bsc#1004924). - CVE-2016-7568: Integer overflow in the gdImageWebpCtx function in gd_webp.c (libgd) (bsc#1001900). - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf() (bsc#1005274). (Important) SUSE bug 1001900 SUSE bug 1004924 SUSE bug 1005274 CVE-2016-6911 CVE-2016-7568 CVE-2016-8670 openSUSE 13.2 This update for quagga fixes the following issue: - CVE-2016-1245: Fix for a zebra stack overrun in IPv6 RA receive code. (bsc#1005258). (Important) SUSE bug 1005258 CVE-2016-1245 openSUSE 13.2 This update for virtualbox fixes the following issues: - Address CVE-2016-5501, CVE-2016-5538, CVE-2016-5605, CVE-2016-5608, CVE-2016-5610, CVE-2016-5611, CVE-2016-5613 (boo#1005621). - Reduce memory needs during build. - Version bump to 5.0.28 (released 2016-10-18 by Oracle) This is a maintenance release. The following items were fixed and/or added: NAT: Don't exceed the maximum number of "search" suffixes. Patch from bug #15948. NAT: fixed parsing of port-forwarding rules with a name which contains a slash (bug #16002) NAT Network: when the host has only loopback nameserver that cannot be mapped to the guests (e.g. dnsmasq running on 127.0.1.1), make DHCP supply NAT Network DNS proxy as nameserver. Bridged Network: prevent flooding syslog with packet allocation error messages (bug #15569) USB: fixed a possible crash when detaching a USB device Audio: fixes for recording (Mac OS X hosts only) Audio: now using Audio Queues on Mac OS X hosts OVF: improve importing of VMs created by VirtualBox 5.1 VHDX: fixed cloning images with VBoxManage cloned (bug #14288) Storage: Fixed broken bandwidth limitation when the limit is very low (bug #14982) Serial: Fixed high CPU usage with certain USB to serial converters on Linux hosts (bug #7796) BIOS: fixed 4bpp scanline calculation (bug #15787) VBoxManage: Don't try to set the medium type if there is no change (bug #13850) API: fixed initialization of SAS controllers (bug #15972) Linux hosts: don't use 32-bit legacy capabilities Linux hosts / guests: fix for kernels with CONFIG_CPUMASK_OFFSTACK set (bug #16020) Linux Additions: several fixes for X11 guests running non-root X servers Linux Additions: fix for Linux 4.7 (bug #15769) Linux Additions: fix for the display kmod driver with Linux 4.8 (bugs #15890 and #15896) Windows Additions: auto-resizing fixes for Windows 10 guests (bug #15257) Windows Additions: fixes for arranging the guest screens in multi-screen scenarios Windows Additions / VGA: if the guest's power management turns a virtual screen off, blank the corresponding VM window rather than hide the VM window Windows Additions: fixed a generic bug which could lead to freezing shared folders (bug #15662) - Modify virtualbox-guest-preamble and virtualbox-host-preamble to obsolete old versions of the kernel modules. This change should fix the problem in (boo#983629). (Moderate) SUSE bug 1005621 SUSE bug 983629 CVE-2016-5501 CVE-2016-5538 CVE-2016-5605 CVE-2016-5608 CVE-2016-5610 CVE-2016-5611 CVE-2016-5613 openSUSE 13.2 The openSUSE 13.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004418). - CVE-2016-8658: Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket (bnc#1004462). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allowed local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721 (bnc#994759). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation (bnc#994748). - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296). - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack (bnc#989152) - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bnc#991608). - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the PIT counter values during state restoration, which allowed guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions (bnc#960689). - CVE-2016-1237: nfsd in the Linux kernel allowed local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c (bnc#986570). The following non-security bugs were fixed: - AF_VSOCK: Shrink the area influenced by prepare_to_wait (bsc#994520). - xen: Fix refcnt regression in xen netback introduced by changes made for bug#881008 (bnc#978094) - MSI-X: fix an error path (luckily none so far). - usb: fix typo in wMaxPacketSize validation (bsc#991665). - usb: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665). - Update patches.fixes/0002-nfsd-check-permissions-when-setting-ACLs.patch (bsc#986570 CVE#2016-1237). - Update patches.fixes/0001-posix_acl-Add-set_posix_acl.patch (bsc#986570 CVE#2016-1237). - apparmor: fix change_hat not finding hat after policy replacement (bsc#1000287). - arm64: Honor __GFP_ZERO in dma allocations (bsc#1004045). - arm64: __clear_user: handle exceptions on strb (bsc#994752). - arm64: dma-mapping: always clear allocated buffers (bsc#1004045). - arm64: perf: reject groups spanning multiple HW PMUs (bsc#1003931). - blkfront: fix an error path memory leak (luckily none so far). - blktap2: eliminate deadlock potential from shutdown path (bsc#909994). - blktap2: eliminate race from deferred work queue handling (bsc#911687). - btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600). - cdc-acm: added sanity checking for probe() (bsc#993891). - kaweth: fix firmware download (bsc#993890). - kaweth: fix oops upon failed memory allocation (bsc#993890). - netback: fix flipping mode (bsc#996664). - netback: fix flipping mode (bsc#996664). - netfront: linearize SKBs requiring too many slots (bsc#991247). - nfsd: check permissions when setting ACLs (bsc#986570). - posix_acl: Add set_posix_acl (bsc#986570). - ppp: defer netns reference release for ppp channel (bsc#980371). - tunnels: Do not apply GRO to multiple layers of encapsulation (bsc#1001486). - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices (bsc#922634). - x86: suppress lazy MMU updates during vmalloc fault processing (bsc#951155). - xen-netback-generalize.patch: Fold back into base patch. - xen3-patch-2.6.31.patch: Fold back into base patch. - xen3-patch-3.12.patch: Fold bac into base patch. - xen3-patch-3.15.patch: Fold back into base patch. - xen3-patch-3.3.patch: Fold back into base patch. - xen3-patch-3.9.patch: Fold bac into base patch. - xen3-patch-3.9.patch: Fold back into base patch. - xenbus: do not bail early from xenbus_dev_request_and_reply() (luckily none so far). - xenbus: inspect the correct type in xenbus_dev_request_and_reply(). (Important) SUSE bug 1000287 SUSE bug 1001486 SUSE bug 1003077 SUSE bug 1003925 SUSE bug 1003931 SUSE bug 1004045 SUSE bug 1004418 SUSE bug 1004462 SUSE bug 881008 SUSE bug 909994 SUSE bug 911687 SUSE bug 922634 SUSE bug 951155 SUSE bug 960689 SUSE bug 978094 SUSE bug 980371 SUSE bug 986570 SUSE bug 989152 SUSE bug 991247 SUSE bug 991608 SUSE bug 991665 SUSE bug 993890 SUSE bug 993891 SUSE bug 994296 SUSE bug 994520 SUSE bug 994748 SUSE bug 994752 SUSE bug 994759 SUSE bug 996664 SUSE bug 999600 SUSE bug 999932 CVE-2015-7513 CVE-2015-8956 CVE-2016-0823 CVE-2016-1237 CVE-2016-5195 CVE-2016-5696 CVE-2016-6327 CVE-2016-6480 CVE-2016-6828 CVE-2016-7117 CVE-2016-7425 CVE-2016-8658 openSUSE 13.2 This update for GraphicsMagick fixes the following issues: - CVE-2016-8684: Mismatch between real filesize and header values (bsc#1005123) - CVE-2016-8683: Check that filesize is reasonable compared to the header value (bsc#1005127) - CVE-2016-8682: Stack-buffer read overflow while reading SCT header (bsc#1005125) - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues (bsc#1003629) - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to heap overflow (bsc#1002422) - CVE-2016-7537: Out of bound access for corrupted pdb file (bsc#1000711) - CVE-2016-7533: Wpg file out of bound for corrupted file (bsc#1000707) - CVE-2016-7531: Pbd file out of bound access (bsc#1000704) - CVE-2016-7529: out of bound in quantum handling (bsc#1000399) - CVE-2016-7528: Out of bound access in xcf file coder (bsc#1000434) - CVE-2016-7527: out of bound access in wpg file coder: (bsc#1000436) - CVE-2016-7526: out-of-bounds write in ./MagickCore/pixel-accessor.h (bsc#1000702) - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow READ of size 1 in meta.c:465 (bsc#1000700) - CVE-2016-7522: Out of bound access for malformed psd file (bsc#1000698) - CVE-2016-7519: out-of-bounds read in coders/rle.c (bsc#1000695) - CVE-2016-7517: out-of-bounds read in coders/pict.c (bsc#1000693) - CVE-2016-7516: Out of bounds problem in rle, pict, viff and sun files (bsc#1000692) - CVE-2016-7515: Rle file handling for corrupted file (bsc#1000689) - CVE-2016-7446 CVE-2016-7447 CVE-2016-7448 CVE-2016-7449: various issues fixed in 1.3.25 (bsc#999673) - CVE-2016-7101: SGI Coder Out-Of-Bounds Read Vulnerability (bsc#1001221) - CVE-2016-6823: BMP Coder Out-Of-Bounds Write Vulnerability (bsc#1001066) - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (bsc#985442) - CVE-2015-8958: Potential DOS in sun file handling due to malformed files (bsc#1000691) - CVE-2015-8957: Buffer overflow in sun file handling (bsc#1000690) - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (bsc#1002209) - Divide by zero in WriteTIFFImage (bsc#1002206) (Moderate) SUSE bug 1000399 SUSE bug 1000434 SUSE bug 1000436 SUSE bug 1000689 SUSE bug 1000690 SUSE bug 1000691 SUSE bug 1000692 SUSE bug 1000693 SUSE bug 1000695 SUSE bug 1000698 SUSE bug 1000700 SUSE bug 1000702 SUSE bug 1000704 SUSE bug 1000707 SUSE bug 1000711 SUSE bug 1001066 SUSE bug 1001221 SUSE bug 1002206 SUSE bug 1002209 SUSE bug 1002422 SUSE bug 1003629 SUSE bug 1005123 SUSE bug 1005125 SUSE bug 1005127 SUSE bug 985442 SUSE bug 999673 CVE-2015-8957 CVE-2015-8958 CVE-2016-5688 CVE-2016-6823 CVE-2016-7101 CVE-2016-7446 CVE-2016-7447 CVE-2016-7448 CVE-2016-7449 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7519 CVE-2016-7522 CVE-2016-7524 CVE-2016-7526 CVE-2016-7527 CVE-2016-7528 CVE-2016-7529 CVE-2016-7531 CVE-2016-7533 CVE-2016-7537 CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 openSUSE 13.2 This update for guile1 fixes the following issue: - CVE-2016-8605: Thread-unsafe umask modification (bsc#1004221). (Low) SUSE bug 1004221 CVE-2016-8605 openSUSE 13.2 This update for guile fixes the following issues: - CVE-2016-8606: REPL server vulnerable to HTTP inter-protocol attacks (bsc#1004226). - CVE-2016-8605: Thread-unsafe umask modification (bsc#1004221). (Low) SUSE bug 1004221 SUSE bug 1004226 CVE-2016-8605 CVE-2016-8606 openSUSE 13.2 This update for ghostscript fixes the following issues: - CVE-2016-8602: Fixes a NULL dereference in .sethalftone5 (boo#1004237). - CVE-2013-5653, CVE-2016-7978, CVE-2016-7979: Fix multiple -dsafer related CVE's (boo#1001951). (Important) SUSE bug 1001951 SUSE bug 1004237 CVE-2013-5653 CVE-2016-7978 CVE-2016-7979 CVE-2016-8602 openSUSE 13.2 NonFree This update for Adobe Flash Player to 11.2.202.643 fixes the following vulnerability: - CVE-2016-7855: use-after-free vulnerability (APSB16-36, boo#1007098) (Important) SUSE bug 1007098 CVE-2016-7855 openSUSE 13.2 This update for ImageMagick fixes the following issues: - CVE-2016-8684: Mismatch between real filesize and header values (bsc#1005123) - CVE-2016-8683: Check that filesize is reasonable compared to the header value (bsc#1005127) - CVE-2016-8682: Stack-buffer read overflow while reading SCT header (bsc#1005125) - CVE-2016-8677: Memory allocation failure in AcquireQuantumPixels (bsc#1005328) - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues (bsc#1003629) - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to heap overflow (bsc#1002422) - CVE-2016-7799: Mogrify global buffer overflow (bsc#1002421) - CVE-2016-7540: Writing to RGF format aborts (bsc#1000394) - CVE-2016-7539: Potential DOS by not releasing memory (bsc#1000715) - CVE-2016-7538: SIGABRT for corrupted pdb file (bsc#1000712) - CVE-2016-7537: Out of bound access for corrupted pdb file (bsc#1000711) - CVE-2016-7536: SEGV reported in corrupted profile handling (bsc#1000710) - CVE-2016-7535: Out of bound access for corrupted psd file (bsc#1000709) - CVE-2016-7534: Out of bound access in generic decoder (bsc#1000708) - CVE-2016-7533: Wpg file out of bound for corrupted file (bsc#1000707) - CVE-2016-7532: Fix handling of corrupted psd file (bsc#1000706) - CVE-2016-7531: Pbd file out of bound access (bsc#1000704) - CVE-2016-7530: Out of bound in quantum handling (bsc#1000703) - CVE-2016-7529: Out of bound in quantum handling (bsc#1000399) - CVE-2016-7528: Out of bound access in xcf file coder (bsc#1000434) - CVE-2016-7527: Out of bound access in wpg file coder: (bsc#1000436) - CVE-2016-7525: Heap buffer overflow in psd file coder (bsc#1000701) - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow READ of size 1 in meta.c:465 (bsc#1000700) - CVE-2016-7523: AddressSanitizer:heap-buffer-overflow READ of size 1 meta.c:496 (bsc#1000699) - CVE-2016-7522: Out of bound access for malformed psd file (bsc#1000698) - CVE-2016-7521: Heap buffer overflow in psd file handling (bsc#1000697) - CVE-2016-7520: Heap overflow in hdr file handling (bsc#1000696) - CVE-2016-7519: Out-of-bounds read in coders/rle.c (bsc#1000695) - CVE-2016-7518: Out-of-bounds read in coders/sun.c (bsc#1000694) - CVE-2016-7517: Out-of-bounds read in coders/pict.c (bsc#1000693) - CVE-2016-7516: Out of bounds problem in rle, pict, viff and sun files (bsc#1000692) - CVE-2016-7515: Rle file handling for corrupted file (bsc#1000689) - CVE-2016-7514: Out-of-bounds read in coders/psd.c (bsc#1000688) - CVE-2016-7513: Off-by-one error leading to segfault (bsc#1000686) - CVE-2016-7101: SGI Coder Out-Of-Bounds Read Vulnerability (bsc#1001221) - CVE-2016-6823: BMP Coder Out-Of-Bounds Write Vulnerability (bsc#1001066) - CVE-2015-8959: DOS due to corrupted DDS files (bsc#1000713) - CVE-2015-8958: Potential DOS in sun file handling due to malformed files (bsc#1000691) - CVE-2015-8957: Buffer overflow in sun file handling (bsc#1000690) - CVE-2014-9907: DOS due to corrupted DDS files (bsc#1000714) - Divide by zero in WriteTIFFImage (bsc#1002206) - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (bsc#1002209) (Moderate) SUSE bug 1000394 SUSE bug 1000399 SUSE bug 1000434 SUSE bug 1000436 SUSE bug 1000686 SUSE bug 1000688 SUSE bug 1000689 SUSE bug 1000690 SUSE bug 1000691 SUSE bug 1000692 SUSE bug 1000693 SUSE bug 1000694 SUSE bug 1000695 SUSE bug 1000696 SUSE bug 1000697 SUSE bug 1000698 SUSE bug 1000699 SUSE bug 1000700 SUSE bug 1000701 SUSE bug 1000703 SUSE bug 1000704 SUSE bug 1000706 SUSE bug 1000707 SUSE bug 1000708 SUSE bug 1000709 SUSE bug 1000710 SUSE bug 1000711 SUSE bug 1000712 SUSE bug 1000713 SUSE bug 1000714 SUSE bug 1000715 SUSE bug 1001066 SUSE bug 1001221 SUSE bug 1002206 SUSE bug 1002209 SUSE bug 1002421 SUSE bug 1002422 SUSE bug 1003629 SUSE bug 1005123 SUSE bug 1005125 SUSE bug 1005127 SUSE bug 1005328 CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 CVE-2016-7522 CVE-2016-7523 CVE-2016-7524 CVE-2016-7525 CVE-2016-7527 CVE-2016-7528 CVE-2016-7529 CVE-2016-7530 CVE-2016-7531 CVE-2016-7532 CVE-2016-7533 CVE-2016-7534 CVE-2016-7535 CVE-2016-7536 CVE-2016-7537 CVE-2016-7538 CVE-2016-7539 CVE-2016-7540 CVE-2016-7799 CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8677 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 openSUSE 13.2 This update for libpng12 fixes the following issues: - CVE-2015-8540: read underflow in libpng (bsc#958791). (Moderate) SUSE bug 958791 CVE-2015-8540 openSUSE 13.2 Seamonkey was updated to 2.40 (boo#959277) to fix security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature * CVE-2015-7201/CVE-2015-7202: Miscellaneous memory safety hazards * CVE-2015-7204: Crash with JavaScript variable assignment with unboxed objects * CVE-2015-7207: Same-origin policy violation using perfomance.getEntries and history navigation * CVE-2015-7208: Firefox allows for control characters to be set in cookies * CVE-2015-7210: Use-after-free in WebRTC when datachannel is used after being destroyed * CVE-2015-7212: Integer overflow allocating extremely large textures * CVE-2015-7215: Cross-origin information leak through web workers error events * CVE-2015-7211: Hash in data URI is incorrectly parsed * CVE-2015-7218/CVE-2015-7219: DOS due to malformed frames in HTTP/2 * CVE-2015-7216/CVE-2015-7217: Linux file chooser crashes on malformed images due to flaws in Jasper library * CVE-2015-7203/CVE-2015-7220/CVE-2015-7221: Buffer overflows found through code inspection * CVE-2015-7205: Underflow through code inspection * CVE-2015-7213: Integer overflow in MP4 playback in 64-bit versions * CVE-2015-7222: Integer underflow and buffer overflow processing MP4 metadata in libstagefright * CVE-2015-7223: Privilege escalation vulnerabilities in WebExtension APIs * CVE-2015-7214: Cross-site reading attack through data and view-source URIs (Moderate) SUSE bug 959277 CVE-2015-7201 CVE-2015-7202 CVE-2015-7203 CVE-2015-7204 CVE-2015-7205 CVE-2015-7207 CVE-2015-7208 CVE-2015-7210 CVE-2015-7211 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7215 CVE-2015-7216 CVE-2015-7217 CVE-2015-7218 CVE-2015-7219 CVE-2015-7220 CVE-2015-7221 CVE-2015-7222 CVE-2015-7223 CVE-2015-7575 openSUSE 13.2 This update for bash fixes the following security issues: - CVE-2016-7543: Local attackers could have executed arbitrary commands via specially crafted SHELLOPTS+PS4 variables (bsc#1001299) - CVE-2016-0634: Malicious hostnames could have allowed arbitrary command execution when $HOSTNAME was expanded in the prompt (bsc#1000396) This update also fixes the following bugs: - fix a crash found during debugging boo#971410 - boo#976776: crash if ~/.bash_history is empty (boo#976776) (Moderate) SUSE bug 1000396 SUSE bug 1001299 SUSE bug 976776 CVE-2016-0634 CVE-2016-7543 openSUSE 13.2 This update for jasper to version 1.900.14 fixes several issues. These security issues were fixed: - CVE-2008-3522: Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer might have allowed context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (bsc#392410) - CVE-2015-5203: Double free corruption in JasPer JPEG-2000 implementation (bsc#941919). - CVE-2015-5221: Use-after-free (and double-free) in Jasper JPEG-200 (bsc#942553). - CVE-2016-1577: Double free vulnerability in the jas_iccattrval_destroy function in JasPer allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137 (bsc#968373). - CVE-2016-2116: Memory leak in the jas_iccprof_createfrombuf function in JasPer allowed remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file (bsc#968373) - CVE-2016-8690: Null pointer dereference in bmp_getdata triggered by crafted BMP image (bsc#1005084). - CVE-2016-8691, CVE-2016-8692: Missing range check on XRsiz and YRsiz fields of SIZ marker segment (bsc#1005090). - CVE-2016-8693: The memory stream interface allowed for a buffer size of zero. The case of a zero-sized buffer was not handled correctly, as it could lead to a double free (bsc#1005242). - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox() (bsc#1006591). - CVE-2016-8881: Heap overflow in jpc_getuint16() (bsc#1006593). - CVE-2016-8882: Null pointer access in jpc_pi_destroy (bsc#1006597). - CVE-2016-8883: Assert triggered in jpc_dec_tiledecode() (bsc#1006598). - CVE-2016-8886: Memory allocation failure in jas_malloc (jas_malloc.c) (bsc#1006599). For additional change description please have a look at the changelog. (Moderate) SUSE bug 1005084 SUSE bug 1005090 SUSE bug 1005242 SUSE bug 1006591 SUSE bug 1006593 SUSE bug 1006597 SUSE bug 1006598 SUSE bug 1006599 SUSE bug 392410 SUSE bug 941919 SUSE bug 942553 SUSE bug 968373 CVE-2008-3522 CVE-2015-5203 CVE-2015-5221 CVE-2016-1577 CVE-2016-2116 CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8886 openSUSE 13.2 This update for libxml2 fixes the following issues: - CVE-2016-4658: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document (boo#1005544). (Moderate) SUSE bug 1005544 CVE-2016-4658 openSUSE 13.2 This update to Chromium 54.0.2840.90: fixes the following security issues: - CVE-2016-5198: out of bounds memory access in v8 (boo#1008274) (Important) SUSE bug 1008274 CVE-2016-5198 openSUSE 13.2 This update for bind fixes the following issues: - A defect in BIND's handling of responses containing a DNAME answer had the potential to trigger assertion errors in the server remotely, thereby facilitating a denial-of-service attack. (CVE-2016-8864, bsc#1007829). (Important) SUSE bug 1007829 CVE-2016-8864 openSUSE 13.2 This update for mariadb to 10.0.27 fixes the following issues: * release notes: * https://kb.askmonty.org/en/mariadb-10027-release-notes * https://kb.askmonty.org/en/mariadb-10026-release-notes * changelog: * https://kb.askmonty.org/en/mariadb-10027-changelog * https://kb.askmonty.org/en/mariadb-10026-changelog * fixed CVE's 10.0.27: CVE-2016-5612, CVE-2016-5630, CVE-2016-6662 10.0.26: CVE-2016-5440, CVE-2016-3615, CVE-2016-3521, CVE-2016-3477 * fix: [boo#1005561], [boo#1005570], [boo#998309], [boo#989926], [boo#989922], [boo#989919], [boo#989913] - requires devel packages for aio and lzo2 - remove mariadb-10.0.21-mysql-test_main_bootstrap.patch that is no longer needed [boo#984858] - append "--ignore-db-dir=lost+found" to the mysqld options in "mysql-systemd-helper" script if "lost+found" directory is found in $datadir [boo#986251] - remove syslog.target from *.service files [boo#983938] - add systemd to deps to build on leap and friends - replace '%{_libexecdir}/systemd/system' with %{_unitdir} macro - remove useless mysql@default.service [boo#971456] - make ORDER BY optimization functions take into account multiple equalities [boo#949520] - adjust mysql-test results in order to take account of a new option (orderby_uses_equalities) added by the optimizer patch [boo#1003800] - replace all occurrences of the string "@sysconfdir@" with "/etc" in mysql-community-server-5.1.46-logrotate.patch as it wasn't expanded properly [boo#990890] (Important) SUSE bug 1003800 SUSE bug 1005561 SUSE bug 1005570 SUSE bug 949520 SUSE bug 971456 SUSE bug 983938 SUSE bug 984858 SUSE bug 986251 SUSE bug 989913 SUSE bug 989919 SUSE bug 989922 SUSE bug 989926 SUSE bug 990890 SUSE bug 998309 CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 CVE-2016-5612 CVE-2016-5630 CVE-2016-6662 openSUSE 13.2 This update for nodejs fixes the following issues: - New upstream LTS version 4.6.1 * c-ares: + CVE-2016-5180: fix for single-byte buffer overwrite - Fix nodejs-libpath.patch so ppc doesn't fail to build (Moderate) CVE-2016-5180 openSUSE 13.2 This update to MozillaFirefox fixes several security issues and bugs. Mozilla Firefox was updated to 44.0. Mozilla NSS was updated to 3.21 Mozilla NSPR was updated to 4.11. The following vulnerabilities were fixed: * CVE-2016-1930/CVE-2016-1931: Miscellaneous memory safety hazards (boo#963633) * CVE-2016-1933: Out of Memory crash when parsing GIF format images (boo#963634) * CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (boo#963635) * CVE-2015-7208/CVE-2016-1939: Firefox allows for control characters to be set in cookie names (boo#963637) * CVE-2016-1937: Missing delay following user click events in protocol handler dialog (boo#963641) * CVE-2016-1938: Errors in mp_div and mp_exptmod cryptographic functions in NSS (boo#963731) * CVE-2016-1942/CVE-2016-1943: Addressbar spoofing attacks (boo#963643) * CVE-2016-1944/CVE-2016-1945/CVE-2016-1946: Unsafe memory manipulation found through code inspection (boo#963644) * CVE-2016-1947: Application Reputation service disabled in Firefox 43 (boo#963645) The following change from Mozilla Firefox 43.0.4 is included: * Re-enable SHA-1 certificates to prevent outdated man-in-the-middle security devices from interfering with properly secured SSL/TLS connections (Important) SUSE bug 963633 SUSE bug 963634 SUSE bug 963635 SUSE bug 963637 SUSE bug 963641 SUSE bug 963643 SUSE bug 963644 SUSE bug 963645 SUSE bug 963731 CVE-2015-7208 CVE-2016-1930 CVE-2016-1931 CVE-2016-1933 CVE-2016-1935 CVE-2016-1937 CVE-2016-1938 CVE-2016-1939 CVE-2016-1942 CVE-2016-1943 CVE-2016-1944 CVE-2016-1945 CVE-2016-1946 CVE-2016-1947 openSUSE 13.2 mysql-community-server was updated to 5.6.34 to fix the following issues: * Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html * fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-5584, CVE-2016-5617, CVE-2016-5616, CVE-2016-5626, CVE-2016-3492, CVE-2016-5629, CVE-2016-5507, CVE-2016-8283, CVE-2016-5609, CVE-2016-5612, CVE-2016-5627, CVE-2016-5630, CVE-2016-8284, CVE-2016-8288, CVE-2016-3477, CVE-2016-2105, CVE-2016-3486, CVE-2016-3501, CVE-2016-3521, CVE-2016-3615, CVE-2016-3614, CVE-2016-3459, CVE-2016-5439, CVE-2016-5440 * fixes SUSE Bugs: [boo#999666], [boo#998309], [boo#1005581], [boo#1005558], [boo#1005563], [boo#1005562], [boo#1005566], [boo#1005555], [boo#1005569], [boo#1005557], [boo#1005582], [boo#1005560], [boo#1005561], [boo#1005567], [boo#1005570], [boo#1005583], [boo#1005586], [boo#989913], [boo#977614], [boo#989914], [boo#989915], [boo#989919], [boo#989922], [boo#989921], [boo#989911], [boo#989925], [boo#989926] - append "--ignore-db-dir=lost+found" to the mysqld options in "mysql-systemd-helper" script if "lost+found" directory is found in $datadir [boo#986251] - remove syslog.target from *.service files [boo#983938] - add systemd to deps to build on leap and friends - replace '%{_libexecdir}/systemd/system' with %{_unitdir} macro - remove useless mysql@default.service [boo#971456] - replace all occurrences of the string "@sysconfdir@" with "/etc" in mysql-community-server-5.6.3-logrotate.patch as it wasn't expanded properly [boo#990890] - remove '%define _rundir' as 13.1 is out of support scope - run 'usermod -g mysql mysql' only if mysql user is not in mysql group. Run 'usermod -s /bin/false/ mysql' only if mysql user doesn't have '/bin/false' shell set. - re-enable mysql profiling (Important) SUSE bug 1005555 SUSE bug 1005557 SUSE bug 1005558 SUSE bug 1005560 SUSE bug 1005561 SUSE bug 1005562 SUSE bug 1005563 SUSE bug 1005566 SUSE bug 1005567 SUSE bug 1005569 SUSE bug 1005570 SUSE bug 1005581 SUSE bug 1005582 SUSE bug 1005583 SUSE bug 1005586 SUSE bug 971456 SUSE bug 977614 SUSE bug 983938 SUSE bug 986251 SUSE bug 989911 SUSE bug 989913 SUSE bug 989914 SUSE bug 989915 SUSE bug 989919 SUSE bug 989921 SUSE bug 989922 SUSE bug 989925 SUSE bug 989926 SUSE bug 990890 SUSE bug 998309 SUSE bug 999666 CVE-2016-2105 CVE-2016-3459 CVE-2016-3477 CVE-2016-3486 CVE-2016-3492 CVE-2016-3501 CVE-2016-3521 CVE-2016-3614 CVE-2016-3615 CVE-2016-5439 CVE-2016-5440 CVE-2016-5507 CVE-2016-5584 CVE-2016-5609 CVE-2016-5612 CVE-2016-5616 CVE-2016-5617 CVE-2016-5626 CVE-2016-5627 CVE-2016-5629 CVE-2016-5630 CVE-2016-6304 CVE-2016-6662 CVE-2016-7440 CVE-2016-8283 CVE-2016-8284 CVE-2016-8288 openSUSE 13.2 NonFree This update to Adobe Flash Player 11.2.202.644 fixes the following security issues: - type confusion vulnerabilities that could lead to code execution (CVE-2016-7860, CVE-2016-7861, CVE-2016-7865) - use-after-free vulnerabilities that could lead to code execution (CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864) (Important) SUSE bug 1009217 CVE-2016-7857 CVE-2016-7858 CVE-2016-7859 CVE-2016-7860 CVE-2016-7861 CVE-2016-7862 CVE-2016-7863 CVE-2016-7864 CVE-2016-7865 openSUSE 13.2 This update to Chromium 54.0.2840.100 fixes the following vulnerabilities: - CVE-2016-5199: Heap corruption in FFmpeg (boo#1009892) - CVE-2016-5200: out of bounds memory access in v8 (boo#1009893) - CVE-2016-5201: info leak in extensions (boo#1009894) - CVE-2016-5202: various fixes from internal audits (boo#1009895) (Important) SUSE bug 1009892 SUSE bug 1009893 SUSE bug 1009894 SUSE bug 1009895 CVE-2016-5199 CVE-2016-5200 CVE-2016-5201 CVE-2016-5202 openSUSE 13.2 phpMyAdmin was updated to 4.4.15.2 to fix one security issue and one non-security bug. The following vulnerability was fixed: * CVE-2015-8669: It was possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed (boo#960282) The following bug was fixed: * boo#960854: dependency of php-json was missing (Moderate) SUSE bug 960282 SUSE bug 960854 CVE-2015-8669 openSUSE 13.2 This update to Privoxy 3.0.24 fixes two minor security issues. The vulnerabilities should not be exploitable in the binary as compiled in openSUSE. * CVE-2016-1982: Corrupt chunk-encoded content could cause an invalid read (boo#963151) * CVE-2016-1983: Empty Host headers in client requests could result in invalid reads (boo#963152) This update also contains general bug fixes and improvements as well as white and blacklist updates. (Low) SUSE bug 963151 SUSE bug 963152 CVE-2016-1982 CVE-2016-1983 openSUSE 13.2 This version fixes a number of vulnerabilities that affect pcre and applications using the libary when accepting untrusted input as regular expressions or as part thereof. Remote attackers could have caused the application to crash, disclose information or potentially execute arbitrary code. - Update to PCRE 8.39 FATE#320298 boo#972127. - CVE-2015-3210: heap buffer overflow in pcre_compile2() / compile_regex() (boo#933288) - CVE-2015-3217: pcre: PCRE Library Call Stack Overflow Vulnerability in match() (boo#933878) - CVE-2015-5073: pcre: Library Heap Overflow Vulnerability in find_fixedlength() (boo#936227) - boo#942865: heap overflow in compile_regex() - CVE-2015-8380: pcre: heap overflow in pcre_exec (boo#957566) - boo#957598: various security issues fixed in pcre 8.37 and 8.38 release - CVE-2016-1283: pcre: Heap buffer overflow in pcre_compile2 causes DoS (boo#960837) - CVE-2016-3191: pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (boo#971741) (Moderate) SUSE bug 933288 SUSE bug 933878 SUSE bug 936227 SUSE bug 942865 SUSE bug 957566 SUSE bug 957598 SUSE bug 960837 SUSE bug 971741 SUSE bug 972127 CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 CVE-2015-8380 CVE-2016-1283 CVE-2016-3191 openSUSE 13.2 This update for GraphicsMagick fixes the following security issue: * CVE-2016-8862: A memory allocation failure in AcquireMagickMemory could lead to denial of service. (boo#1007245) (Moderate) SUSE bug 1007245 CVE-2016-8862 openSUSE 13.2 This update for ImageMagick fixes the following security issue: * CVE-2016-8862: a memory allocation failure in AcquireMagickMemory was fixed. (boo#1007245) (Moderate) SUSE bug 1007245 CVE-2016-8862 openSUSE 13.2 This update for memcached fixes the following security issues: - CVE-2016-8704: Server append/prepend remote code execution (boo#1007871) - CVE-2016-8705: Server update remote code execution (boo#1007870) - CVE-2016-8706: Server ASL authentication remote code execution (boo#1007869) (Moderate) SUSE bug 1007869 SUSE bug 1007870 SUSE bug 1007871 CVE-2016-8704 CVE-2016-8705 CVE-2016-8706 openSUSE 13.2 This update for otrs fixes the following security issues: - CVE-2016-9139: execution of JavaScript in OTRS context by opening malicious attachment (OSA-2016-02, bsc#1008017) In addition, OTRS was updated to 3.3.16, containing all upstream improvements and bug fixes. (Moderate) SUSE bug 1008017 CVE-2016-9139 openSUSE 13.2 This update to Mozilla Firefox 50.0 fixes a number of security issues. The following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89): - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bmo#1292443) - CVE-2016-5292: URL parsing causes crash (bmo#1288482) - CVE-2016-5297: Incorrect argument length checking in Javascript (bmo#1303678) - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bmo#1303418) - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bmo#1299686) - CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore (bmo#1301777, bmo#1308922 (CVE-2016-9069)) - CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973) - CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges (bmo#1295324) - CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them (bmo#1298552) - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bmo#1292159) - CVE-2016-9070: Sidebar bookmark can have reference to chrome window (bmo#1281071) - CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl" (bmo#1289273) - CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s (bmo#1276976) - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in expat (bmo#1274777) - CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP (bmo#1285003) - CVE-2016-5289: Memory safety bugs fixed in Firefox 50 - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 The following vulnerabilities were fixed in Mozilla NSS 3.26.1: - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bmo#1293334) Mozilla Firefox now requires mozilla-nss 3.26.2. New features in Mozilla Firefox: - Updates to keyboard shortcuts Set a preference to have Ctrl+Tab cycle through tabs in recently used order View a page in Reader Mode by using Ctrl+Alt+R - Added option to Find in page that allows users to limit search to whole words only - Added download protection for a large number of executable file types on Windows, Mac and Linux - Fixed rendering of dashed and dotted borders with rounded corners (border-radius) - Added a built-in Emoji set for operating systems without native Emoji fonts - Blocked versions of libavcodec older than 54.35.1 - additional locale mozilla-nss was updated to 3.26.2, incorporating the following changes: - the selfserv test utility has been enhanced to support ALPN (HTTP/1.1) and 0-RTT - The following CA certificate was added: CN = ISRG Root X1 - NPN is disabled and ALPN is enabled by default - MD5 signature algorithms sent by the server in CertificateRequest messages are now properly ignored (Important) SUSE bug 1009026 SUSE bug 1010395 SUSE bug 1010399 SUSE bug 1010401 SUSE bug 1010402 SUSE bug 1010404 SUSE bug 1010405 SUSE bug 1010406 SUSE bug 1010408 SUSE bug 1010409 SUSE bug 1010410 SUSE bug 1010420 SUSE bug 1010421 SUSE bug 1010422 SUSE bug 1010423 SUSE bug 1010424 SUSE bug 1010425 SUSE bug 1010426 SUSE bug 1010427 CVE-2016-5289 CVE-2016-5290 CVE-2016-5291 CVE-2016-5292 CVE-2016-5296 CVE-2016-5297 CVE-2016-9063 CVE-2016-9064 CVE-2016-9066 CVE-2016-9067 CVE-2016-9068 CVE-2016-9069 CVE-2016-9070 CVE-2016-9071 CVE-2016-9073 CVE-2016-9074 CVE-2016-9075 CVE-2016-9076 CVE-2016-9077 openSUSE 13.2 OpenJDK java-1_8_0-openjdk was updated to jdk8u111 (icedtea 3.2.0) to fix the following issues: * Security fixes + S8146490: Direct indirect CRL checks + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (boo#1005522) + S8156794: Extend data sharing + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (boo#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (boo#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (boo#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (boo#1005527) + S8160838, CVE-2016-5597: Better HTTP service (boo#1005528) + PR3206, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (boo#1005524) * New features + PR1370: Provide option to build without debugging + PR1375: Provide option to strip and link debugging info after build + PR1537: Handle alternative Kerberos credential cache locations + PR1978: Allow use of system PCSC + PR2445: Support system libsctp + PR3182: Support building without pre-compiled headers + PR3183: Support Fedora/RHEL system crypto policy + PR3221: Use pkgconfig to detect Kerberos CFLAGS and libraries * Import of OpenJDK 8 u102 build 14 + S4515292: ReferenceType.isStatic() returns true for arrays + S4858370: JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command + S6976636: JVM/TI test ex03t001 fails assertion + S7185591: jcmd-big-script.sh ERROR: could not find app's Java pid. + S8017462: G1: guarantee fails with UseDynamicNumberOfGCThreads + S8034168: ThreadMXBean/Locks.java failed, blocked on wrong object + S8036006: [TESTBUG] sun/tools/native2ascii/NativeErrors.java fails: Process exit code was 0, but error was expected. + S8041781: Need new regression tests for PBE keys + S8041787: Need new regressions tests for buffer handling for PBE algorithms + S8043836: Need new tests for AES cipher + S8044199: Tests for RSA keys and key specifications + S8044772: TempDirTest.java still times out with -Xcomp + S8046339: sun.rmi.transport.DGCAckHandler leaks memory + S8047031: Add SocketPermission tests for legacy socket types + S8048052: Permission tests for setFactory + S8048138: Tests for JAAS callbacks + S8048147: Privilege tests with JAAS Subject.doAs + S8048356: SecureRandom default provider tests + S8048357: PKCS basic tests + S8048360: Test signed jar files + S8048362: Tests for doPrivileged with accomplice + S8048596: Tests for AEAD ciphers + S8048599: Tests for key wrap and unwrap operations + S8048603: Additional tests for MAC algorithms + S8048604: Tests for strong crypto ciphers + S8048607: Test key generation of DES and DESEDE + S8048610: Implement regression test for bug fix of 4686632 in JCE + S8048617: Tests for PKCS12 read operations + S8048618: Tests for PKCS12 write operations. + S8048619: Implement tests for converting PKCS12 keystores + S8048624: Tests for SealedObject + S8048819: Implement reliability test for DH algorithm + S8048820: Implement tests for SecretKeyFactory + S8048830: Implement tests for new functionality provided in JEP 166 + S8049237: Need new tests for X509V3 certificates + S8049321: Support SHA256WithDSA in JSSE + S8049429: Tests for java client server communications with various TLS/SSL combinations. + S8049432: New tests for TLS property jdk.tls.client.protocols + S8049814: Additional SASL client-server tests + S8050281: New permission tests for JEP 140 + S8050370: Need new regressions tests for messageDigest with DigestIOStream + S8050371: More MessageDigest tests + S8050374: More Signature tests + S8050427: LoginContext tests to cover JDK-4703361 + S8050460: JAAS login/logout tests with LoginContext + S8050461: Tests for syntax checking of JAAS configuration file + S8054278: Refactor jps utility tests + S8055530: assert(_exits.control()->is_top() || !_gvn.type(ret_phi)->empty()) failed: return value must be well defined + S8055844: [TESTBUG] test/runtime/NMT/VirtualAllocCommitUncommitRecommit.java fails on Solaris Sparc due to incorrect page size being used + S8059677: Thread.getName() instantiates Strings + S8061464: A typo in CipherTestUtils test + S8062536: [TESTBUG] Conflicting GC combinations in jdk tests + S8065076: java/net/SocketPermission/SocketPermissionTest.java fails intermittently + S8065078: NetworkInterface.getNetworkInterfaces() triggers intermittent test failures + S8066871: java.lang.VerifyError: Bad local variable type - local final String + S8068427: Hashtable deserialization reconstitutes table with wrong capacity + S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java needs to be updated for JDK-8061210 + S8069253: javax/net/ssl/TLS/TestJSSE.java failed on Mac + S8071125: Improve exception messages in URLPermission + S8072081: Supplementary characters are rejected in comments + S8072463: Remove requirement that AKID and SKID have to match when building certificate chain + S8072725: Provide more granular levels for GC verification + S8073400: Some Monospaced logical fonts have a different width + S8073872: Schemagen fails with StackOverflowError if element references containing class + S8074931: Additional tests for CertPath API + S8075286: Additional tests for signature algorithm OIDs and transformation string + S8076486: [TESTBUG] javax/security/auth/Subject/doAs/NestedActions.java fails if extra VM options are given + S8076545: Text size is twice bigger under Windows L&F on Win 8.1 with HiDPI display + S8076995: gc/ergonomics/TestDynamicNumberOfGCThreads.java failed with java.lang.RuntimeException: 'new_active_workers' missing from stdout/stderr + S8079138: Additional negative tests for XML signature processing + S8081512: Remove sun.invoke.anon classes, or move / co-locate them with tests + S8081771: ProcessTool.createJavaProcessBuilder() needs new addTestVmAndJavaOptions argument + S8129419: heapDumper.cpp: assert(length_in_bytes > 0) failed: nothing to copy + S8130150: Implement BigInteger.montgomeryMultiply intrinsic + S8130242: DataFlavorComparator transitivity exception + S8130304: Inference: NodeNotFoundException thrown with deep generic method call chain + S8130425: libjvm crash due to stack overflow in executables with 32k tbss/tdata + S8133023: ParallelGCThreads is not calculated correctly + S8134111: Unmarshaller unmarshalls XML element which doesn't have the expected namespace + S8135259: InetAddress.getAllByName only reports "unknown error" instead of actual cause + S8136506: Include sun.arch.data.model as a property that can be queried by jtreg + S8137068: Tests added in JDK-8048604 fail to compile + S8139040: Fix initializations before ShouldNotReachHere() etc. and enable -Wuninitialized on linux. + S8139581: AWT components are not drawn after removal and addition to a container + S8141243: Unexpected timezone returned after parsing a date + S8141420: Compiler runtime entries don't hold Klass* from being GCed + S8141445: Use of Solaris/SPARC M7 libadimalloc.so can generate unknown signal in hs_err file + S8141551: C2 can not handle returns with inccompatible interface arrays + S8143377: Test PKCS8Test.java fails + S8143647: Javac compiles method reference that allows results in an IllegalAccessError + S8144144: ORB destroy() leaks filedescriptors after unsuccessful connection + S8144593: Suppress not recognized property/feature warning messages from SAXParser + S8144957: Remove PICL warning message + S8145039: JAXB marshaller fails with ClassCastException on classes generated by xjc + S8145228: Java Access Bridge, getAccessibleStatesStringFromContext doesn't wrap the call to getAccessibleRole + S8145388: URLConnection.guessContentTypeFromStream returns image/jpg for some JPEG images + S8145974: XMLStreamWriter produces invalid XML for surrogate pairs on OutputStreamWriter + S8146035: Windows - With LCD antialiasing, some glyphs are not rendered correctly + S8146192: Add test for JDK-8049321 + S8146274: Thread spinning on WeakHashMap.getEntry() with concurrent use of nashorn + S8147468: Allow users to bound the size of buffers cached in the per-thread buffer caches + S8147645: get_ctrl_no_update() code is wrong + S8147807: crash in libkcms.so on linux-sparc + S8148379: jdk.nashorn.api.scripting spec. adjustments, clarifications + S8148627: RestrictTestMaxCachedBufferSize.java to 64-bit platforms + S8148820: Missing @since Javadoc tag in Logger.log(Level, Supplier) + S8148926: Call site profiling fails on braces-wrapped anonymous function + S8149017: Delayed provider selection broken in RSA client key exchange + S8149029: Secure validation of XML based digital signature always enabled when checking wrapping attacks + S8149330: Capacity of StringBuilder should not get close to Integer.MAX_VALUE unless necessary + S8149334: JSON.parse(JSON.stringify([])).push(10) creates an array containing two elements + S8149368: [hidpi] JLabel font is twice bigger than JTextArea font on Windows 7,HiDPI, Windows L&F + S8149411: PKCS12KeyStore cannot extract AES Secret Keys + S8149417: Use final restricted flag + S8149450: LdapCtx.processReturnCode() throwing Null Pointer Exception + S8149453: [hidpi] JFileChooser does not scale properly on Windows with HiDPI display and Windows L&F + S8149543: range check CastII nodes should not be split through Phi + S8149743: JVM crash after debugger hotswap with lambdas + S8149744: fix testng.jar delivery in Nashorn build.xml + S8149915: enabling validate-annotations feature for xsd schema with annotation causes NPE + S8150002: Check for the validity of oop before printing it in verify_remembered_set + S8150470: JCK: api/xsl/conf/copy/copy19 test failure + S8150518: G1 GC crashes at G1CollectedHeap::do_collection_pause_at_safepoint(double) + S8150533: Test java/util/logging/LogManagerAppContextDeadlock.java times out intermittently. + S8150704: XALAN: ERROR: 'No more DTM IDs are available' when transforming with lots of temporary result trees + S8150780: Repeated offer and remove on ConcurrentLinkedQueue lead to an OutOfMemoryError + S8151064: com/sun/jdi/RedefineAddPrivateMethod.sh fails intermittently + S8151197: [TEST_BUG] Need to backport fix for test/javax/net/ssl/TLS/TestJSSE.java + S8151352: jdk/test/sample fails with "effective library path is outside the test suite" + S8151431: DateFormatSymbols triggers this.clone() in the constructor + S8151535: TESTBUG: java/lang/invoke/AccessControlTest.java should be modified to run with JTREG 4.1 b13 + S8151731: Add new jtreg keywords to jdk 8 + S8151998: VS2010 ThemeReader.cpp(758) : error C3861: 'round': identifier not found + S8152927: Incorrect GPL header in StubFactoryDynamicBase.java reported + S8153252: SA: Hotspot build on Windows fails if make/closed folder does not exist + S8153531: Improve exception messaging for RSAClientKeyExchange + S8153641: assert(thread_state == _thread_in_native) failed: Assumed thread_in_native while heap dump + S8153673: [BACKOUT] JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command + S8154304: NullpointerException at LdapReferralException.getReferralContext + S8154722: Test gc/ergonomics/TestDynamicNumberOfGCThreads.java fails + S8157078: 8u102 L10n resource file updates + S8157838: Personalized Windows Font Size is not taken into account in Java8u102 * Import of OpenJDK 8 u111 build 14 + S6882559: new JEditorPane("text/plain","") fails for null context class loader + S8049171: Additional tests for jarsigner's warnings + S8063086: Math.pow yields different results upon repeated calls + S8140530: Creating a VolatileImage with size 0,0 results in no longer working g2d.drawString + S8142926: OutputAnalyzer's shouldXXX() calls return this + S8147077: IllegalArgumentException thrown by api/java_awt/Component/FlipBufferStrategy/indexTGF_General + S8148127: IllegalArgumentException thrown by JCK test api/java_awt/Component/FlipBufferStrategy/indexTGF_General in opengl pipeline + S8150611: Security problem on sun.misc.resources.Messages* + S8153399: Constrain AppCDS behavior (back port) + S8157653: [Parfait] Uninitialised variable in awt_Font.cpp + S8158734: JEditorPane.createEditorKitForContentType throws NPE after 6882559 + S8158994: Service Menu services + S8159684: (tz) Support tzdata2016f + S8160904: Typo in code from 8079718 fix : enableCustomValueHanlde + S8160934: isnan() is not available on older MSVC compilers + S8161141: correct bugId for JDK-8158994 fix push + S8162411: Service Menu services 2 + S8162419: closed/com/oracle/jfr/runtime/TestVMInfoEvent.sh failing after JDK-8155968 + S8162511: 8u111 L10n resource file updates + S8162792: Remove constraint DSA keySize < 1024 from jdk.jar.disabledAlgorithms in jdk8 + S8164452: 8u111 L10n resource file update - msgdrop 20 + S8165816: jarsigner -verify shows jar unsigned if it was signed with a weak algorithm + S8166381: Back out changes to the java.security file to not disable MD5 * Backports + S8078628, PR3208: Zero build fails with pre-compiled headers disabled + S8141491, PR3159, G592292: Unaligned memory access in Bits.c + S8157306, PR3121: Random infrequent null pointer exceptions in javac (enabled on AArch64 only) + S8162384, PR3122: Performance regression: bimorphic inlining may be bypassed by type speculation * Bug fixes + PR3123: Some object files built without -fPIC on x86 only + PR3126: pax-mark-vm script calls "exit -1" which is invalid in dash + PR3127, G590348: Only apply PaX markings by default on running PaX kernels + PR3199: Invalid nashorn URL + PR3201: Update infinality configure test + PR3218: PR3159 leads to build failure on clean tree * AArch64 port + S8131779, PR3220: AARCH64: add Montgomery multiply intrinsic + S8167200, PR3220: AArch64: Broken stack pointer adjustment in interpreter + S8167421, PR3220: AArch64: in one core system, fatal error: Illegal threadstate encountered + S8167595, PR3220: AArch64: SEGV in stub code cipherBlockChaining_decryptAESCrypt + S8168888, PR3220: Port 8160591: Improve internal array handling to AArch64. * Shenandoah + PR3224: Shenandoah broken when building without pre-compiled headers - S8158260, PR2991, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (boo#988651) (Important) SUSE bug 1005522 SUSE bug 1005523 SUSE bug 1005524 SUSE bug 1005525 SUSE bug 1005526 SUSE bug 1005527 SUSE bug 1005528 SUSE bug 988651 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 openSUSE 13.2 This update for php5 fixes the following issues: * CVE-2016-9137: Fixed a use after free in unserialize() in curl file deserialization [boo#1008029] (Important) SUSE bug 1008029 CVE-2016-9137 openSUSE 13.2 This update for monit fixes the following issues: - CVE-2016-7067: A malicious attacker could have used a cross-site request forgery vulnerability to trick an authenticated user to perform monit actions. Monit was updated to 5.20, containing all upstream improvements and bug fixes. The following tracked packaging bugs were fixed: - disable sslv3 according to RFC7568 (boo#974763) - fixed pid file directory (boo#971647) (Moderate) SUSE bug 1007455 SUSE bug 971647 SUSE bug 974763 CVE-2014-3566 CVE-2016-7067 openSUSE 13.2 This update for tar fixes the following issues: - extract files recursively with --files-from [boo#913058] - Fix POINTYFEATHER vulnerability - GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line [boo#1007188] [CVE-2016-6321] (Moderate) SUSE bug 1007188 SUSE bug 913058 CVE-2016-6321 openSUSE 13.2 This update for dovecot22 fixes the following issues: - dovecot insecure SSL/TLS key and certificate file creation (CVE-2016-4983, bnc#984639) (Moderate) SUSE bug 984639 CVE-2016-4983 openSUSE 13.2 This update for sudo fixes the following issues: - fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality: * noexec bypass via system() and popen() [CVE-2016-7032, boo#1007766] * noexec bypass via wordexp() [CVE-2016-7076, boo#1007501] (Moderate) SUSE bug 1007501 SUSE bug 1007766 CVE-2016-7032 CVE-2016-7076 openSUSE 13.2 This update for gnuchess fixes a security issue: - CVE-2015-8972: specially crafted user input may have caused gnuchess to crash (boo#1010143) (Low) SUSE bug 1010143 CVE-2015-8972 openSUSE 13.2 This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.8 - OpenJDK 7u121 * Security fixes + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (boo#1005522) + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (boo#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (boo#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (boo#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (boo#1005527) + S8160838, CVE-2016-5597: Better HTTP service (boo#1005528) + PR3207, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (boo#1005524) * Import of OpenJDK 7 u121 build 0 + S6624200: Regression test fails: test/closed/javax/swing/JMenuItem/4654927/bug4654927.java + S6882559: new JEditorPane("text/plain","") fails for null context class loader + S7090158: Networking Libraries don't build with javac -Werror + S7125055: ContentHandler.getContent API changed in error + S7145960: sun/security/mscapi/ShortRSAKey1024.sh failing on windows + S7187051: ShortRSAKeynnn.sh tests should do cleanup before start test + S8000626: Implement dead key detection for KeyEvent on Linux + S8003890: corelibs test scripts should pass TESTVMOPTS + S8005629: javac warnings compiling java.awt.EventDispatchThread and sun.awt.X11.XIconWindow + S8010297: Missing isLoggable() checks in logging code + S8010782: clean up source files containing carriage return characters + S8014431: cleanup warnings indicated by the -Wunused-value compiler option on linux + S8015265: revise the fix for 8007037 + S8016747: Replace deprecated PlatformLogger isLoggable(int) with isLoggable(Level) + S8020708: NLS mnemonics missing in SwingSet2/JInternalFrame demo + S8024756: method grouping tabs are not selectable + S8026741: jdk8 l10n resource file translation update 5 + S8048147: Privilege tests with JAAS Subject.doAs + S8048357: PKCS basic tests + S8049171: Additional tests for jarsigner's warnings + S8059177: jdk8u40 l10n resource file translation update 1 + S8075584: test for 8067364 depends on hardwired text advance + S8076486: [TESTBUG] javax/security/auth/Subject/doAs/NestedActions.java fails if extra VM options are given + S8077953: [TEST_BUG] com/sun/management/OperatingSystemMXBean/TestTotalSwap.java Compilation failed after JDK-8077387 + S8080628: No mnemonics on Open and Save buttons in JFileChooser + S8083601: jdk8u60 l10n resource file translation update 2 + S8140530: Creating a VolatileImage with size 0,0 results in no longer working g2d.drawString + S8142926: OutputAnalyzer's shouldXXX() calls return this + S8143134: L10n resource file translation update + S8147077: IllegalArgumentException thrown by api/java_awt/Component/FlipBufferStrategy/indexTGF_General + S8148127: IllegalArgumentException thrown by JCK test api/java_awt/Component/FlipBufferStrategy/indexTGF_General in opengl pipeline + S8150611: Security problem on sun.misc.resources.Messages* + S8157653: [Parfait] Uninitialised variable in awt_Font.cpp + S8158734: JEditorPane.createEditorKitForContentType throws NPE after 6882559 + S8159684: (tz) Support tzdata2016f + S8160934: isnan() is not available on older MSVC compilers + S8162411: Service Menu services 2 + S8162419: closed/com/oracle/jfr/runtime/TestVMInfoEvent.sh failing after JDK-8155968 + S8162511: 8u111 L10n resource file updates + S8162792: Remove constraint DSA keySize < 1024 from jdk.jar.disabledAlgorithms in jdk8 + S8164452: 8u111 L10n resource file update - msgdrop 20 + S8165816: jarsigner -verify shows jar unsigned if it was signed with a weak algorithm + S8166381: Back out changes to the java.security file to not disable MD5 * Backports + S6604109, PR3162: javax.print.PrintServiceLookup.lookupPrintServices fails SOMETIMES for Cups + S6907252, PR3162: ZipFileInputStream Not Thread-Safe + S8024046, PR3162: Test sun/security/krb5/runNameEquals.sh failed on 7u45 Embedded linux-ppc* + S8028479, PR3162: runNameEquals still cannot precisely detect if a usable native krb5 is available + S8034057, PR3162: Files.getFileStore and Files.isWritable do not work with SUBST'ed drives (win) + S8038491, PR3162: Improve synchronization in ZipFile.read() + S8038502, PR3162: Deflater.needsInput() should use synchronization + S8059411, PR3162: RowSetWarning does not correctly chain warnings + S8062198, PR3162: Add RowSetMetaDataImpl Tests and add column range validation to isdefinitlyWritable + S8066188, PR3162: BaseRowSet returns the wrong default value for escape processing + S8072466, PR3162: Deadlock when initializing MulticastSocket and DatagramSocket + S8075118, PR3162: JVM stuck in infinite loop during verification + S8076579, PR3162: Popping a stack frame after exception breakpoint sets last method param to exception + S8078495, PR3162: End time checking for native TGT is wrong + S8078668, PR3162: jar usage string mentions unsupported option '-n' + S8080115, PR3162: (fs) Crash in libgio when calling Files.probeContentType(path) from parallel threads + S8081794, PR3162: ParsePosition getErrorIndex returns 0 for TimeZone parsing problem + S8129957, PR3162: Deadlock in JNDI LDAP implementation when closing the LDAP context + S8130136, PR3162: Swing window sometimes fails to repaint partially when it becomes exposed + S8130274, PR3162: java/nio/file/FileStore/Basic.java fails when two successive stores in an iteration are determined to be equal + S8132551, PR3162: Initialize local variables before returning them in p11_convert.c + S8133207, PR3162: [TEST_BUG] ParallelProbes.java test fails after changes for JDK-8080115 + S8133666, PR3162: OperatingSystemMXBean reports abnormally high machine CPU consumption on Linux + S8135002, PR3162: Fix or remove broken links in objectMonitor.cpp comments + S8137121, PR3162: (fc) Infinite loop FileChannel.truncate + S8137230, PR3162: TEST_BUG: java/nio/channels/FileChannel/LoopingTruncate.java timed out + S8139373, PR3162: [TEST_BUG] java/net/MulticastSocket/MultiDead.java failed with timeout + S8140249, PR3162: JVM Crashing During startUp If Flight Recording is enabled + S8141491, PR3160, G592292: Unaligned memory access in Bits.c + S8144483, PR3162: One long Safepoint pause directly after each GC log rotation + S8149611, PR3160, G592292: Add tests for Unsafe.copySwapMemory * Bug fixes + S8078628, PR3151: Zero build fails with pre-compiled headers disabled + PR3128: pax-mark-vm script calls "exit -1" which is invalid in dash + PR3131: PaX marking fails on filesystems which don't support extended attributes + PR3135: Makefile.am rule stamps/add/tzdata-support-debug.stamp has a typo in add-tzdata dependency + PR3141: Pass $(CC) and $(CXX) to OpenJDK build + PR3166: invalid zip timestamp handling leads to error building bootstrap-javac + PR3202: Update infinality configure test + PR3212: Disable ARM32 JIT by default * CACAO + PR3136: CACAO is broken due to 2 new native methods in sun.misc.Unsafe (from S8158260) * JamVM + PR3134: JamVM is broken due to 2 new native methods in sun.misc.Unsafe (from S8158260) * AArch64 port + S8167200, PR3204: AArch64: Broken stack pointer adjustment in interpreter + S8168888: Port 8160591: Improve internal array handling to AArch64. + PR3211: AArch64 build fails with pre-compiled headers disabled - Changed patch: * java-1_7_0-openjdk-gcc6.patch + Rediff to changed context - Disable arm32 JIT, since its build broken (http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2942) (Moderate) SUSE bug 1005522 SUSE bug 1005523 SUSE bug 1005524 SUSE bug 1005525 SUSE bug 1005526 SUSE bug 1005527 SUSE bug 1005528 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 openSUSE 13.2 The openSUSE 13.2 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2016-0728: A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962075). - CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl (bnc#958951). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2014-8989: The Linux kernel did not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allowed local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a "negative groups" issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c (bnc#906545). - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI (bnc#937969). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8104: The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2014-9529: Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key (bnc#912202). - CVE-2015-7990: Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937 (bnc#952384 953052). - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825). - CVE-2015-7885: The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel memory via a crafted application (bnc#951627). - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product (bnc#955354). - CVE-2015-8767: A case can occur when sctp_accept() is called by the user during a heartbeat timeout event after the 4-way handshake. Since sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the listening socket but released with the new association socket. The result is a deadlock on any future attempts to take the listening socket lock. (bsc#961509) - CVE-2015-8575: Validate socket address length in sco_sock_bind() to prevent information leak (bsc#959399). - CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990). - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988). The following non-security bugs were fixed: - ALSA: hda - Disable 64bit address for Creative HDA controllers (bnc#814440). - ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504). - Input: aiptek - fix crash on detecting device without endpoints (bnc#956708). - KEYS: Make /proc/keys unconditional if CONFIG_KEYS=y (boo#956934). - KVM: x86: update masterclock values on TSC writes (bsc#961739). - NFS: Fix a NULL pointer dereference of migration recovery ops for v4.2 client (bsc#960839). - apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task (bsc#921949). - blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976). - blktap: refine mm tracking (bsc#952976). - cdrom: Random writing support for BD-RE media (bnc#959568). - genksyms: Handle string literals with spaces in reference files (bsc#958510). - ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224). - ipv6: distinguish frag queues by device for multicast and link-local packets (bsc#955422). - ipv6: fix tunnel error handling (bsc#952579). - route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224). - uas: Add response iu handling (bnc#954138). - usbvision fix overflow of interfaces array (bnc#950998). - x86/evtchn: make use of PHYSDEVOP_map_pirq. - xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157). (Important) SUSE bug 814440 SUSE bug 906545 SUSE bug 912202 SUSE bug 921949 SUSE bug 937969 SUSE bug 937970 SUSE bug 938706 SUSE bug 944296 SUSE bug 945825 SUSE bug 949936 SUSE bug 950998 SUSE bug 951627 SUSE bug 951638 SUSE bug 952384 SUSE bug 952579 SUSE bug 952976 SUSE bug 953527 SUSE bug 954138 SUSE bug 954404 SUSE bug 955224 SUSE bug 955354 SUSE bug 955422 SUSE bug 956708 SUSE bug 956934 SUSE bug 957988 SUSE bug 957990 SUSE bug 958504 SUSE bug 958510 SUSE bug 958886 SUSE bug 958951 SUSE bug 959190 SUSE bug 959399 SUSE bug 959568 SUSE bug 960839 SUSE bug 961509 SUSE bug 961739 SUSE bug 962075 CVE-2014-8989 CVE-2014-9529 CVE-2015-5157 CVE-2015-5307 CVE-2015-6937 CVE-2015-7550 CVE-2015-7799 CVE-2015-7885 CVE-2015-7990 CVE-2015-8104 CVE-2015-8215 CVE-2015-8543 CVE-2015-8550 CVE-2015-8551 CVE-2015-8552 CVE-2015-8569 CVE-2015-8575 CVE-2015-8767 CVE-2016-0728 openSUSE 13.2 This update for libcares2 fixes the following issues: - ares_create_query() single byte out of buffer write (CVE-2016-5180, boo#1007728) (Low) SUSE bug 1007728 CVE-2016-5180 openSUSE 13.2 This update for vim fixes the following security issues: - Fixed CVE-2016-1248 an arbitrary command execution vulnerability (bsc#1010685) (Important) SUSE bug 1010685 CVE-2016-1248 openSUSE 13.2 MozillaFirefox is updated to version 50.0.2 which fixes the following issues: * Firefox crashed with 3rd party Chinese IME when using IME text (fixed in version 50.0.1) * Redirection from an HTTP connection to a data: URL could inherit wrong origin after an HTTP redirect (fixed in version 50.0.1, bmo#1317641, MFSA 2016-91, boo#1012807, CVE-2016-9078) * Maliciously crafted SVG animations could cause remote code execution (fixed in version 50.0.2, bmo#1321066, MFSA 2016-92, boo##1012964, CVE-2016-9079) (Important) SUSE bug 1012807 SUSE bug 1012964 CVE-2016-9078 CVE-2016-9079 openSUSE 13.2 This update contains Mozilla Thunderbird 45.5.1 and fixes one vulnerability. In Mozilla Thunderbird, this vulnerability may be exploited when used in a browser-like context. - CVE-2016-9079: SVG Animation Remote Code Execution (MFSA 2016-92, bsc#1012964, bmo#1321066) (Important) SUSE bug 1012964 CVE-2016-9079 openSUSE 13.2 This update for pitivi fixes the following issues: * CVE-2015-0855: 'Insecure use of os.system()' (boo#960339) (Low) SUSE bug 960339 CVE-2015-0855 openSUSE 13.2 This update to phpMyAdmin 4.4.15.9 fixes security issues and bugs. The following security issues were fixed: - Unsafe generation of $cfg['blowfish_secret'] (PMASA-2016-58) - phpMyAdmin's phpinfo functionality is removed (PMASA-2016-59) - AllowRoot and allow/deny rule bypass with specially-crafted username (PMASA-2016-60) - Username matching weaknesses with allow/deny rules (PMASA-2016-61) - Possible to bypass logout timeout (PMASA-2016-62) - Full path disclosure (FPD) weaknesses (PMASA-2016-63) - Multiple XSS weaknesses (PMASA-2016-64) - Multiple denial-of-service (DOS) vulnerabilities (PMASA-2016-65) - Possible to bypass white-list protection for URL redirection (PMASA-2016-66) - BBCode injection to login page (PMASA-2016-67) - Denial-of-service (DOS) vulnerability in table partitioning (PMASA-2016-68) - Multiple SQL injection vulnerabilities (PMASA-2016-69 ) - Incorrect serialized string parsing (PMASA-2016-70) - CSRF token not stripped from the URL (PMASA-2016-71) The following bugfix changes are included: - Fix for expanding in navigation pane - Reintroduced a simplified version of PmaAbsoluteUri directive (needed with reverse proxies) - Fix editing of ENUM/SET/DECIMAL field structures - Improvements to the parser (Moderate) SUSE bug 1012271 openSUSE 13.2 This update for GraphicsMagick fixes the following security issues: - CVE-2016-9556: Maliciously crafted image headers could cause denial of service in image format detection routines (boo#1011130) - CVE-2016-9559: Maliciously crafted image headers could cause denial of service in image format detection routines for TIFF (boo#1011136) (Moderate) SUSE bug 1011130 SUSE bug 1011136 CVE-2016-9556 CVE-2016-9559 openSUSE 13.2 This update for GraphicsMagick fixes the following security issues: - CVE-2016-9556: Maliciously crafted image headers could cause denial of service in image format detection routines (boo#1011130) - CVE-2016-9559: Maliciously crafted image headers could cause denial of service in image format detection routines for TIFF (boo#1011136) (Moderate) SUSE bug 1011130 SUSE bug 1011136 CVE-2016-9556 CVE-2016-9559 openSUSE 13.2 This update for roundcubemail fixes the following issues: - A maliciously crafted email could cause untrusted code to be executed (cross site scripting using $lt;area href=javascript:...>) (boo#982003, CVE-2016-5103) - Avoid HTML styles that could cause potential click jacking (boo#1001856) - A maliciously crafted FROM value could cause extra parameters to be passed to the sendmail command (boo#1012493) - Avoid sending completely empty text parts for multipart/alternative messages - Don't create multipart/alternative messages with empty text/plain part - Improved validation of FROM argument when sending mails (Important) SUSE bug 1001856 SUSE bug 1012493 SUSE bug 982003 CVE-2016-5103 openSUSE 13.2 This update for X Window System client libraries fixes a class of privilege escalation issues. A malicious X server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission level boundaries. The following libraries have been fixed: libX11: - plugged a memory leak (boo#1002991, CVE-2016-7942). - insufficient validation of data from the X server can cause out of boundary memory read (XGetImage()) or write (XListFonts()) (boo#1002991, CVE-2016-7942). libXi: - Integer overflows in libXi can cause out of boundary memory access or endless loops (Denial of Service) (boo#1002998, CVE-2016-7945). - Insufficient validation of data in libXi can cause out of boundary memory access or endless loops (Denial of Service) (boo#1002998, CVE-2016-7946). libXrandr: - Insufficient validation of data from the X server can cause out of boundary memory writes (boo#1003000, CVE-2016-7947, CVE-2016-7948). (Moderate) SUSE bug 1002991 SUSE bug 1002998 SUSE bug 1003000 CVE-2016-7942 CVE-2016-7945 CVE-2016-7946 CVE-2016-7947 CVE-2016-7948 openSUSE 13.2 This update of libXrender fixes the following issues: - insufficient validation of data from the X server could cause out of boundary memory writes (boo#1003002, CVE-2016-7949, CVE-2016-7950) (Moderate) SUSE bug 1003002 CVE-2016-7949 CVE-2016-7950 openSUSE 13.2 This update of libXtst fixes the following security issue: - malicious data sent from an untrusted or compromised X server could cause out of boundary memory access or endless loops (Denial of Service). (boo#1003012, CVE-2016-7951, CVE-2016-7952) (Moderate) SUSE bug 1003012 CVE-2016-7951 CVE-2016-7952 openSUSE 13.2 This update for libXv fixes the following issues: - insufficient validation of data from the X server could cause memory corruption (boo#1003017, CVE-2016-5407) (Moderate) SUSE bug 1003017 CVE-2016-5407 openSUSE 13.2 This update for libXvMC fixes the following security issue: - insufficient validation of data from the X server could cause a one byte buffer read underrun (boo#1003023, CVE-2016-7953) (Moderate) SUSE bug 1003023 CVE-2016-7953 openSUSE 13.2 Tiff was updated to version 4.0.7. This update fixes the following issues: * libtiff/tif_aux.c + Fix crash in TIFFVGetFieldDefaulted() when requesting Predictor tag and that the zip/lzw codec is not configured. (http://bugzilla.maptools.org/show_bug.cgi?id=2591) * libtiff/tif_compress.c + Make TIFFNoDecode() return 0 to indicate an error and make upper level read routines treat it accordingly. (http://bugzilla.maptools.org/show_bug.cgi?id=2517) * libtiff/tif_dir.c + Discard values of SMinSampleValue and SMaxSampleValue when they have been read and the value of SamplesPerPixel is changed afterwards (like when reading a OJPEG compressed image with a missing SamplesPerPixel tag, and whose photometric is RGB or YCbCr, forcing SamplesPerPixel being 3). Otherwise when rewriting the directory (for example with tiffset, we will expect 3 values whereas the array had been allocated with just one), thus causing a out of bound read access. (CVE-2014-8127, boo#914890, duplicate: CVE-2016-3658, boo#974840) * libtiff/tif_dirread.c + In TIFFFetchNormalTag(), do not dereference NULL pointer when values of tags with TIFF_SETGET_C16_ASCII/TIFF_SETGET_C32_ASCII access are 0-byte arrays. (CVE-2016-9448, boo#1011103) + In TIFFFetchNormalTag(), make sure that values of tags with TIFF_SETGET_C16_ASCII/TIFF_SETGET_C32_ASCII access are null terminated, to avoid potential read outside buffer in _TIFFPrintField(). (CVE-2016-9297, boo#1010161) + Prevent reading ColorMap or TransferFunction if BitsPerPixel > 24, so as to avoid huge memory allocation and file read attempts + Reject images with OJPEG compression that have no TileOffsets/StripOffsets tag, when OJPEG compression is disabled. Prevent null pointer dereference in TIFFReadRawStrip1() and other functions that expect td_stripbytecount to be non NULL. (http://bugzilla.maptools.org/show_bug.cgi?id=2585) + When compiled with DEFER_STRILE_LOAD, fix regression, when reading a one-strip file without a StripByteCounts tag. + Workaround false positive warning of Clang Static Analyzer about null pointer dereference in TIFFCheckDirOffset(). * libtiff/tif_dirwrite.c + Avoid null pointer dereference on td_stripoffset when writing directory, if FIELD_STRIPOFFSETS was artificially set for a hack case in OJPEG case. Fixes (CVE-2014-8127, boo#914890, duplicate: CVE-2016-3658, boo#974840) + Fix truncation to 32 bit of file offsets in TIFFLinkDirectory() and TIFFWriteDirectorySec() when aligning directory offsets on an even offset (affects BigTIFF). * libtiff/tif_dumpmode.c + DumpModeEncode() should return 0 in case of failure so that the above mentionned functions detect the error. * libtiff/tif_fax3.c + remove dead assignment in Fax3PutEOLgdal(). * libtiff/tif_fax3.h + make Param member of TIFFFaxTabEnt structure a uint16 to reduce size of the binary. * libtiff/tif_getimage.c + Fix out-of-bound reads in TIFFRGBAImage interface in case of unsupported values of SamplesPerPixel/ExtraSamples for LogLUV/CIELab. Add explicit call to TIFFRGBAImageOK() in TIFFRGBAImageBegin(). Fix CVE-2015-8665 and CVE-2015-8683. + TIFFRGBAImageOK: Reject attempts to read floating point images. * libtiff/tif_luv.c + Fix potential out-of-bound writes in decode functions in non debug builds by replacing assert()s by regular if checks (http://bugzilla.maptools.org/show_bug.cgi?id=2522). Fix potential out-of-bound reads in case of short input data. + Validate that for COMPRESSION_SGILOG and PHOTOMETRIC_LOGL, there is only one sample per pixel. Avoid potential invalid memory write on corrupted/unexpected images when using the TIFFRGBAImageBegin() interface * libtiff/tif_next.c + Fix potential out-of-bound write in NeXTDecode() (http://bugzilla.maptools.org/show_bug.cgi?id=2508) * libtiff/tif_pixarlog.c + Avoid zlib error messages to pass a NULL string to %s formatter, which is undefined behaviour in sprintf(). + Fix out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094. + Fix potential buffer write overrun in PixarLogDecode() on corrupted/unexpected images (CVE-2016-5875, boo#987351) * libtiff/tif_predict.c + PredictorSetup: Enforce bits-per-sample requirements of floating point predictor (3). (CVE-2016-3622, boo#974449) * libtiff/tif_predict.h, libtiff/tif_predict.c + Replace assertions by runtime checks to avoid assertions in debug mode, or buffer overflows in release mode. Can happen when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105. * libtiff/tif_read.c + Fix out-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() when stripoffset is beyond tmsize_t max value + Make TIFFReadEncodedStrip() and TIFFReadEncodedTile() directly use user provided buffer when no compression (and other conditions) to save a memcpy(). * libtiff/tif_strip.c + Make TIFFNumberOfStrips() return the td->td_nstrips value when it is non-zero, instead of recomputing it. This is needed in TIFF_STRIPCHOP mode where td_nstrips is modified. Fixes a read outsize of array in tiffsplit (or other utilities using TIFFNumberOfStrips()). (CVE-2016-9273, boo#1010163) * libtiff/tif_write.c + Fix issue in error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. I'm not completely sure if that could happen in practice outside of the odd behaviour of t2p_seekproc() of tiff2pdf). The report points that a better fix could be to check the return value of TIFFFlushData1() in places where it isn't done currently, but it seems this patch is enough. Reported as MSVR 35095. + Make TIFFWriteEncodedStrip() and TIFFWriteEncodedTile() directly use user provided buffer when no compression to save a memcpy(). + TIFFWriteEncodedStrip() and TIFFWriteEncodedTile() should return -1 in case of failure of tif_encodestrip() as documented * tools/fax2tiff.c + Fix segfault when specifying -r without argument. (http://bugzilla.maptools.org/show_bug.cgi?id=2572) * tools/Makefile.am + The libtiff tools bmp2tiff, gif2tiff, ras2tiff, sgi2tiff, sgisv, and ycbcr are completely removed from the distribution. The libtiff tools rgb2ycbcr and thumbnail are only built in the build tree for testing. Old files are put in new 'archive' subdirectory of the source repository, but not in distribution archives. These changes are made in order to lessen the maintenance burden. * tools/tiff2bw.c + Fix weight computation that could result of color value overflow (no security implication). Fix http://bugzilla.maptools.org/show_bug.cgi?id=2550. * tools/tiff2pdf.c + Avoid undefined behaviour related to overlapping of source and destination buffer in memcpy() call in t2p_sample_rgbaa_to_rgb() (http://bugzilla.maptools.org/show_bug.cgi?id=2577) + Fix out-of-bounds write vulnerabilities in heap allocate buffer in t2p_process_jpeg_strip(). Reported as MSVR 35098. + Fix potential integer overflows on 32 bit builds in t2p_read_tiff_size() (http://bugzilla.maptools.org/show_bug.cgi?id=2576) + Fix read -largely- outsize of buffer in t2p_readwrite_pdf_image_tile(), causing crash, when reading a JPEG compressed image with TIFFTAG_JPEGTABLES length being one. (CVE-2016-9453, boo#1011107) + Fix write buffer overflow of 2 bytes on JPEG compressed images. Also prevents writing 2 extra uninitialized bytes to the file stream. (TALOS-CAN-0187, CVE-2016-5652, boo#1007280) * tools/tiffcp.c + Fix out-of-bounds write on tiled images with odd tile width vs image width. Reported as MSVR 35103. + Fix read of undefined variable in case of missing required tags. Found on test case of MSVR 35100. * tools/tiffcrop.c + Avoid access outside of stack allocated array on a tiled separate TIFF with more than 8 samples per pixel. (CVE-2016-5321, CVE-2016-5323, boo#984813, boo#984815) + Fix memory leak in (recent) error code path. + Fix multiple uint32 overflows in writeBufferToSeparateStrips(), writeBufferToContigTiles() and writeBufferToSeparateTiles() that could cause heap buffer overflows. (http://bugzilla.maptools.org/show_bug.cgi?id=2592) + Fix out-of-bound read of up to 3 bytes in readContigTilesIntoBuffer(). Reported as MSVR 35092. + Fix read of undefined buffer in readContigStripsIntoBuffer() due to uint16 overflow. Reported as MSVR 35100. + Fix various out-of-bounds write vulnerabilities in heap or stack allocated buffers. Reported as MSVR 35093, MSVR 35096 and MSVR 35097. + readContigTilesIntoBuffer: Fix signed/unsigned comparison warning. * tools/tiffdump.c + Fix a few misaligned 64-bit reads warned by -fsanitize + ReadDirectory: Remove uint32 cast to_TIFFmalloc() argument which resulted in Coverity report. Added more mutiplication overflow checks * tools/tiffinfo.c + Fix out-of-bound read on some tiled images. (http://bugzilla.maptools.org/show_bug.cgi?id=2517) + TIFFReadContigTileData: Fix signed/unsigned comparison warning. + TIFFReadSeparateTileData: Fix signed/unsigned comparison warning. (Important) SUSE bug 1007280 SUSE bug 1010161 SUSE bug 1010163 SUSE bug 1011103 SUSE bug 1011107 SUSE bug 914890 SUSE bug 974449 SUSE bug 974840 SUSE bug 984813 SUSE bug 984815 SUSE bug 987351 CVE-2014-8127 CVE-2015-7554 CVE-2015-8665 CVE-2015-8683 CVE-2016-3622 CVE-2016-3658 CVE-2016-5321 CVE-2016-5323 CVE-2016-5652 CVE-2016-5875 CVE-2016-9273 CVE-2016-9297 CVE-2016-9448 CVE-2016-9453 openSUSE 13.2 This update for libXfixes fixes a security issue: - insufficient validation of data from the X server could cause an integer overflow on 32 bit architectures (boo#1002995, CVE-2016-7944). (Moderate) SUSE bug 1002995 CVE-2016-7944 openSUSE 13.2 The openSUSE 13.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2015-8963: Race condition in kernel/events/core.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation (bnc#1010502). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478). - CVE-2016-7914: The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel did not check whether a slot is a leaf, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite (bnc#1010475). - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012754). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). The following non-security bugs were fixed: - bna: Add synchronization for tx ring (bsc#993739). - bonding: set carrier off for devices created through netlink (bsc#999577). - btrfs: fix extent tree corruption due to relocation (bsc#990384). - introduce NETIF_F_GSO_ENCAP_ALL helper mask (bsc#1001486). - ipv6: send NEWLINK on RA managed/otherconf changes (bsc#934067). - ipv6: send only one NEWLINK when RA causes changes (bsc#934067). - tunnels: Remove encapsulation offloads on decap (bsc#1001486). - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615). - vmxnet3: Wake queue from reset work (bsc#999907). (Important) SUSE bug 1001486 SUSE bug 1004517 SUSE bug 1007615 SUSE bug 1008833 SUSE bug 1010040 SUSE bug 1010150 SUSE bug 1010467 SUSE bug 1010475 SUSE bug 1010478 SUSE bug 1010501 SUSE bug 1010502 SUSE bug 1010711 SUSE bug 1010716 SUSE bug 1011685 SUSE bug 1012754 SUSE bug 934067 SUSE bug 990384 SUSE bug 993739 SUSE bug 999577 SUSE bug 999907 CVE-2015-8962 CVE-2015-8963 CVE-2016-7042 CVE-2016-7910 CVE-2016-7911 CVE-2016-7913 CVE-2016-7914 CVE-2016-7916 CVE-2016-8633 CVE-2016-8646 CVE-2016-8655 CVE-2016-9555 openSUSE 13.2 This update for perl-DBD-mysql fixes the following issues: - perl-DBD-mysql could crash when executing maliciously crafted prepared statements. (CVE-2016-1251, boo#1012546) (Moderate) SUSE bug 1012546 CVE-2016-1251 openSUSE 13.2 This update for libass fixes the following issues: - Fixed situations that could cause uninitialised memory to be used, leading to undefined behaviour. (boo#1002982, CVE-2016-7969, CVE-2016-7972) (Moderate) SUSE bug 1002982 CVE-2016-7969 CVE-2016-7972 openSUSE 13.2 This update to Chromium 55.0.2883.75 fixes the following vulnerabilities: - CVE-2016-9651: Private property access in V8 - CVE-2016-5208: Universal XSS in Blink - CVE-2016-5207: Universal XSS in Blink - CVE-2016-5206: Same-origin bypass in PDFium - CVE-2016-5205: Universal XSS in Blink - CVE-2016-5204: Universal XSS in Blink - CVE-2016-5209: Out of bounds write in Blink - CVE-2016-5203: Use after free in PDFium - CVE-2016-5210: Out of bounds write in PDFium - CVE-2016-5212: Local file disclosure in DevTools - CVE-2016-5211: Use after free in PDFium - CVE-2016-5213: Use after free in V8 - CVE-2016-5214: File download protection bypass - CVE-2016-5216: Use after free in PDFium - CVE-2016-5215: Use after free in Webaudio - CVE-2016-5217: Use of unvalidated data in PDFium - CVE-2016-5218: Address spoofing in Omnibox - CVE-2016-5219: Use after free in V8 - CVE-2016-5221: Integer overflow in ANGLE - CVE-2016-5220: Local file access in PDFium - CVE-2016-5222: Address spoofing in Omnibox - CVE-2016-9650: CSP Referrer disclosure - CVE-2016-5223: Integer overflow in PDFium - CVE-2016-5226: Limited XSS in Blink - CVE-2016-5225: CSP bypass in Blink - CVE-2016-5224: Same-origin bypass in SVG - CVE-2016-9652: Various fixes from internal audits, fuzzing and other initiatives The default bookmarks override was removed. The following packaging changes are included: - Switch to system libraries: harfbuzz, zlib, ffmpeg, where available. - Chromium now requires harfbuzz >= 1.3.0 (Important) SUSE bug 1013236 CVE-2016-5203 CVE-2016-5204 CVE-2016-5205 CVE-2016-5206 CVE-2016-5207 CVE-2016-5208 CVE-2016-5209 CVE-2016-5210 CVE-2016-5211 CVE-2016-5212 CVE-2016-5213 CVE-2016-5214 CVE-2016-5215 CVE-2016-5216 CVE-2016-5217 CVE-2016-5218 CVE-2016-5219 CVE-2016-5220 CVE-2016-5221 CVE-2016-5222 CVE-2016-5223 CVE-2016-5224 CVE-2016-5225 CVE-2016-5226 CVE-2016-9650 CVE-2016-9651 CVE-2016-9652 openSUSE 13.2 This update for gstreamer-0_10-plugins-bad fixes the following issues: - Maliciously crafted VMnc files (VMWare video format) could lead to crashes (CVE-2016-9445, CVE-2016-9446, boo#1010829). - Maliciously crafted NSF files (NES sound format) could lead to arbitrary code execution (CESA-2016-0001, boo#1010514). Therefore for security reasons the NSF plugin has been removed from the package. (Important) SUSE bug 1010514 SUSE bug 1010829 CVE-2016-9445 CVE-2016-9446 openSUSE 13.2 This update for gstreamer-plugins-bad fixes the following issues: - Maliciously crafted VMnc (VMware video) streams (typically contained in .avi files) could cause code execution during decoding or information leaks due to an unitialized buffer (CVE-2016-9445, CVE-2016-9446, boo#1010829). (Important) SUSE bug 1010829 CVE-2016-9445 CVE-2016-9446 openSUSE 13.2 NonFree This update for flash-player fixes the following issues: - Security update to 24.0.0.186 (bsc#1015379) APSB16-39: * These updates resolve use-after-free vulnerabilities that could have lead to code execution (CVE-2016-7872, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7892). * These updates resolve buffer overflow vulnerabilities that could have lead to code execution (CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870). * These updates resolve memory corruption vulnerabilities that could have lead to code execution (CVE-2016-7871, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876). * These updates resolve a security bypass vulnerability (CVE-2016-7890). - Update EULA to version 24.0. (Moderate) SUSE bug 1015379 CVE-2016-7867 CVE-2016-7868 CVE-2016-7869 CVE-2016-7870 CVE-2016-7871 CVE-2016-7872 CVE-2016-7873 CVE-2016-7874 CVE-2016-7875 CVE-2016-7876 CVE-2016-7877 CVE-2016-7878 CVE-2016-7879 CVE-2016-7880 CVE-2016-7881 CVE-2016-7890 CVE-2016-7892 openSUSE 13.2 This update for gc fixes the following issues: - integer overflow in GC_MALLOC_ATOMIC() (CVE-2016-9427, bsc#1011276) (Moderate) SUSE bug 1011276 CVE-2016-9427 openSUSE 13.2 This update for lxc fixes the following issue: - CVE-2016-8649: guest escape via ptrace of lxc-attach (boo#1010933). (Important) SUSE bug 1010933 CVE-2016-8649 openSUSE 13.2 This update to MozillaFirefox 50.1.0 fixes the following vulnerabilities: - CVE-2016-9894: Buffer overflow in SkiaGL - CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements - CVE-2016-9895: CSP bypass using marquee tag - CVE-2016-9896: Use-after-free with WebVR - CVE-2016-9897: Memory corruption in libGLES - CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees - CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs - CVE-2016-9904: Cross-origin information leak in shared atoms - CVE-2016-9901: Data from Pocket server improperly sanitized before execution - CVE-2016-9902: Pocket extension does not validate the origin of events - CVE-2016-9903: XSS injection vulnerability in add-ons SDK - CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1 - CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 The following bugs were fixed: - boo#1011922: fix crash after a few seconds of usage on AArch64 (Important) SUSE bug 1011922 SUSE bug 1015422 CVE-2016-9080 CVE-2016-9893 CVE-2016-9894 CVE-2016-9895 CVE-2016-9896 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9903 CVE-2016-9904 openSUSE 13.2 This update for zlib fixes the following issues: - Remove incompatible declarations of 'struct internal_state' (boo#1003577) - Avoid out-of-bounds pointer arithmetic in inftrees.c (boo#1003579, CVE-2016-9840, CVE-2016-9841) - Avoid left-shift with negative number (boo#1003580, CVE-2016-9842) - Avoid undefined behaviour in pointer arithmetic on powerpc (boo#1013882, CVE-2016-9843) (Moderate) SUSE bug 1003577 SUSE bug 1003579 SUSE bug 1003580 SUSE bug 1013882 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 openSUSE 13.2 This update for rubygem-mail, rubygem-mail-2_4, rubygem-mail-2_5 fixes the following security issues: * boo#959129: SMTP Injection via recipient email addresses (Moderate) SUSE bug 959129 openSUSE 13.2 shellinabox was updated to version 2.20 to fix the following security issues: - It was possible to fallback to the HTTP protocol even when configured for HTTPS. (CVE-2015-8400, boo#957748) - Disable secure client-initiated renegotiation - Set SSL options for increased security (disable SSLv2, SSLv3) - Protection against large HTTP requests non security fixes: - Includes some MSIE and iOS rendering fixes (Moderate) SUSE bug 957748 CVE-2015-8400 openSUSE 13.2 This security update for php5 fixes the following issues: - a call to ImageFillToBorder() could cause a stack overflow leading to stack exhaustion when the image used was not truecolor (CVE-2016-9933, boo#1015187) - deserialization of a WDDX packet containing a PDORow object could crash php (CVE-2016-9934, boo#1015188) - deserialization of a WDDX packet containing an empty boolean element could crash php (CVE-2016-9935, boo#1015189) (Moderate) SUSE bug 1015187 SUSE bug 1015188 SUSE bug 1015189 CVE-2016-9933 CVE-2016-9934 CVE-2016-9935 openSUSE 13.2 This update to phpMyAdmin 4.4.15.4 fixes the following issues (boo#964024) * CVE-2016-2038: Multiple full path disclosure vulnerabilities * CVE-2016-2039: Unsafe generation of XSRF/CSRF token * CVE-2016-2040: Multiple XSS vulnerabilities * CVE-2016-1927: Insecure password generation in JavaScript * CVE-2016-2041: Unsafe comparison of XSRF/CSRF token * CVE-2016-2042: Multiple full path disclosure vulnerabilities * CVE-2016-2043: XSS vulnerability in normalization page (Moderate) SUSE bug 964024 CVE-2016-1927 CVE-2016-2038 CVE-2016-2039 CVE-2016-2040 CVE-2016-2041 CVE-2016-2042 CVE-2016-2043 openSUSE 13.2 This security update for gd fixes the following issues: - a call to gdImageFillToBorder() could cause a stack overflow leading to stack exhaustion when the image used was not truecolor (CVE-2016-9933 ,boo#1015187) (Moderate) SUSE bug 1015187 CVE-2016-9933 openSUSE 13.2 This security update for GraphicsMagick fixes the following issues: - a memory allocation failure was fixed (CVE-2016-8866, boo#1009318) - maliciously crafted jng files could crash the identify utility (CVE-2016-9830, boo#1013640) (Moderate) SUSE bug 1009318 SUSE bug 1013640 CVE-2016-8866 CVE-2016-9830 openSUSE 13.2 This security update for ImageMagick fixes the following issues: - a maliciously crafted compressed TIFF image could cause code remote code execution in the convert utility in particular circumstances (CVE-2016-8707, boo#1014159) - a memory allocation failure was fixed (CVE-2016-8866, boo#1009318, follow up on CVE-2016-8862) - the identify utility could crash on maliciously crafted images (CVE-2016-9773, boo#1013376, follow up on CVE-2016-9556) (Important) SUSE bug 1009318 SUSE bug 1013376 SUSE bug 1014159 CVE-2016-8707 CVE-2016-8862 CVE-2016-8866 CVE-2016-9556 CVE-2016-9773 openSUSE 13.2 This update for tor fixes the following issues: - a hostile hidden service could cause tor clients to crash (boo#1016343, CVE-2016-1254) (Moderate) SUSE bug 1016343 CVE-2016-1254 openSUSE 13.2 This update for curl fixes the following issues: - CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983) The following tracked bugs only affect the test suite: - bsc#962996: Expired cookie in test 46 caused test failures (Moderate) SUSE bug 962983 SUSE bug 962996 CVE-2016-0755 openSUSE 13.2 This update to Mozilla Thunderbird 45.6.0 fixes security issues and bugs. In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. The following vulnerabilities were fixed: (boo#1015422) - CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements - CVE-2016-9895: CSP bypass using marquee tag - CVE-2016-9897: Memory corruption in libGLES - CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees - CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs - CVE-2016-9904: Cross-origin information leak in shared atoms - CVE-2016-9905: Crash in EnumerateSubDocuments - CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6 The following bugs were fixed: - The system integration dialog was shown every time when starting Thunderbird (Moderate) SUSE bug 1015422 CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9904 CVE-2016-9905 openSUSE 13.2 This update for openssl fixes the following issues: - CVE-2015-3197: A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2. (boo#963415) (Low) SUSE bug 963415 CVE-2015-3197 openSUSE 13.2 This update for rubygem-actionpack-3_2, rubygem-activesupport-3_2 fixes the following issues: - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller (boo#963329) - CVE-2016-0752: directory traversal and information leak in Action View (boo#963332) - CVE-2016-0751: rubygem-actionpack: Object Leak DoS (boo#963331) - CVE-2015-7577: Nested attributes rejection proc bypass (boo#963330) (Moderate) SUSE bug 963329 SUSE bug 963330 SUSE bug 963331 SUSE bug 963332 CVE-2015-7576 CVE-2015-7577 CVE-2016-0751 CVE-2016-0752 openSUSE 13.2 This update to MySQL 5.6.28 fixes the following issues (bsc#962779): - CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. - CVE-2016-0502: Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0503: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504. - CVE-2016-0504: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503. - CVE-2016-0505: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Options. - CVE-2016-0546: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. - CVE-2016-0594: Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0595: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0596: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0597: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0598: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0600: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. - CVE-2016-0605: Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors. - CVE-2016-0606: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect integrity via unknown vectors related to encryption. - CVE-2016-0607: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication. - CVE-2016-0608: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to UDF. - CVE-2016-0609: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to privileges. - CVE-2016-0610: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. - CVE-2016-0611: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2015-5969: Fixed information leak via mysql-systemd-helper script. (bsc#957174) - bsc#959724: Possible buffer overflow from incorrect use of strcpy() and sprintf() (Important) SUSE bug 957174 SUSE bug 959724 SUSE bug 962779 CVE-2015-5969 CVE-2015-7744 CVE-2016-0502 CVE-2016-0503 CVE-2016-0504 CVE-2016-0505 CVE-2016-0546 CVE-2016-0594 CVE-2016-0595 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0605 CVE-2016-0606 CVE-2016-0607 CVE-2016-0608 CVE-2016-0609 CVE-2016-0610 CVE-2016-0611 openSUSE 13.2 This update for mariadb fixes the following security issue: - CVE-2015-5969: Fixed information leak via mysql-systemd-helper script. (boo#957174) (Moderate) SUSE bug 957174 CVE-2015-5969 openSUSE 13.2 This update for tiff fixes the following issues: - CVE-2015-8781, CVE-2015-8782, CVE-2015-8783: Out-of-bounds writes for invalid images (boo#964225) (Moderate) SUSE bug 964225 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 openSUSE 13.2 This update for jasper fixes the following issues: - CVE-2016-2089: Specially crafted JPEG 2000 may cause JasPer to crash (boo#963983) (Moderate) SUSE bug 963983 CVE-2016-2089 openSUSE 13.2 This update for krb5 fixes the following issues: - CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database (bsc#963968) - CVE-2015-8630: An authenticated attacker with permission to modify a principal entry may have caused kadmind to crash (bsc#963964) - CVE-2015-8631: An authenticated attacker could have caused a memory leak in auditd by supplying a null principal name in request (bsc#963975) (Moderate) SUSE bug 963964 SUSE bug 963968 SUSE bug 963975 CVE-2015-8629 CVE-2015-8630 CVE-2015-8631 openSUSE 13.2 NonFree This update for flash-player fixes the following issues: - Security update to 11.2.202.569 (boo#965901): * APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985 (Important) SUSE bug 965901 CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 CVE-2016-0970 CVE-2016-0971 CVE-2016-0972 CVE-2016-0973 CVE-2016-0974 CVE-2016-0975 CVE-2016-0976 CVE-2016-0977 CVE-2016-0978 CVE-2016-0979 CVE-2016-0980 CVE-2016-0981 CVE-2016-0982 CVE-2016-0983 CVE-2016-0984 CVE-2016-0985 openSUSE 13.2 cacti was updated to fix the following vulnerabilities: - CVE-2015-8369: SQL injection in graph.php (boo#958863) - CVE-2015-8604: SQL injection in graphs_new.php (boo#960678) - CVE-2015-8377: SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php (boo#958977) - CVE-2016-2313: Authentication using web authentication as a user not in the cacti database allows complete access (boo#965930) The following non-security bugs were fixed: - boo#965864: Poller Script Parser was broken cacti-spine was updated to match the cacti version, fixing a number of upstream bugs. (Moderate) SUSE bug 958863 SUSE bug 958977 SUSE bug 960678 SUSE bug 965864 SUSE bug 965930 CVE-2015-8369 CVE-2015-8377 CVE-2015-8604 CVE-2016-2313 openSUSE 13.2 This update for libnettle fixes the following issues: - CVE-2015-8803: secp256 calculation bug (boo#964845) - CVE-2015-8804: Miscalculations on secp384 curve (boo#964847) - CVE-2015-8805: Fixed miscomputation bugs in secp-256r1 modulo functions. (boo#964849) (Moderate) SUSE bug 964845 SUSE bug 964847 SUSE bug 964849 CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 openSUSE 13.2 This update for claws-mail fixes the following issues: - CVE-2015-8614: additional fixes for buffer overrun issues which allowed remote attackers to cause a crash or have unspecified further impact (boo#959993) (Moderate) SUSE bug 959993 CVE-2015-8614 openSUSE 13.2 This update for socat fixes the following issues: Changes in socat: - update to 1.7.3.1, security fixes: * Socat security advisory 7 and MSVR-1499: "Bad DH p parameter in OpenSSL" (boo#938913 and CVE-2015-4000). * Socat security advisory 8: "Stack overflow in arguments parser" (boo#964844) - Update to version 1.7.3.0 * Too many changes to list; please read the CHANGES file for news (Moderate) SUSE bug 938913 SUSE bug 964844 CVE-2015-4000 openSUSE 13.2 This update to Chromium 48.0.2564.109 fixes the following issues: Security fixes (boo#965999): - CVE-2016-1622: Same-origin bypass in Extensions - CVE-2016-1623: Same-origin bypass in DOM - CVE-2016-1624: Buffer overflow in Brotli - CVE-2016-1625: Navigation bypass in Chrome Instant - CVE-2016-1626: Out-of-bounds read in PDFium - CVE-2016-1627: Various fixes from internal audits, fuzzing and other initiatives Non-security bug fixes: - boo#965738: resolve issues with specific banking websites when built against system libraries - boo#966082: chromium: sandbox related stacktrace printed - boo#965566: Drop libva support - Prevent graphical issues related to libjpeg - On KDE 5 kwallet5 is the default password store now (Moderate) SUSE bug 965566 SUSE bug 965738 SUSE bug 965999 SUSE bug 966082 CVE-2016-1622 CVE-2016-1623 CVE-2016-1624 CVE-2016-1625 CVE-2016-1626 CVE-2016-1627 openSUSE 13.2 This update Mozilla Thunderbird 38.6.0 fixes the following issues(boo#963520): - CVE-2016-1930: Miscellaneous memory safety hazards (boo#963632) - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (boo#963635) The following upstream fixes are included: - Filters ran on a different folder than selected (Moderate) SUSE bug 963520 SUSE bug 963632 SUSE bug 963635 CVE-2016-1930 CVE-2016-1935 openSUSE 13.2 This update for MozillaFirefox fixes the following issues: - update to Firefox 44.0.2 * MFSA 2016-13/CVE-2016-1949 (bmo#1245724, boo#966438) Same-origin-policy violation using Service Workers with plugins * Fix issue which could lead to the removal of stored passwords under certain circumstances (bmo#1242176) * Allows spaces in cookie names (bmo#1244505) * Disable opus/vorbis audio with H.264 (bmo#1245696) * Fix for graphics startup crash (GNU/Linux) (bmo#1222171) * Fix a crash in cache networking (bmo#1244076) * Fix using WebSockets in service worker controlled pages (bmo#1243942) (Moderate) SUSE bug 966438 CVE-2016-1949 openSUSE 13.2 This update for glibc fixes the following issues: - errorcheck-mutex-no-elision.patch: Don't do lock elision on an error checking mutex (boo#956716, BZ #17514) - reinitialize-dl_load_write_lock.patch: Reinitialize dl_load_write_lock on fork (boo#958315, BZ #19282) - send-dg-buffer-overflow.patch: Fix getaddrinfo stack-based buffer overflow (CVE-2015-7547, boo#961721, BZ #18665) - strftime-range-check.patch: Add range check on time fields (CVE-2015-8776, boo#962736, BZ #18985) - hcreate-overflow-check.patch: Handle overflow in hcreate (CVE-2015-8778, boo#962737, BZ #18240) - refactor-nan-parsing.patch: Refactor strtod parsing of NaN payloads (CVE-2014-9761, boo#962738, BZ #16962) - catopen-unbound-alloca.patch: Fix unbound alloca in catopen (CVE-2015-8779, boo#962739, BZ #17905) (Important) SUSE bug 956716 SUSE bug 958315 SUSE bug 961721 SUSE bug 962736 SUSE bug 962737 SUSE bug 962738 SUSE bug 962739 CVE-2014-9761 CVE-2015-7547 CVE-2015-8776 CVE-2015-8778 CVE-2015-8779 openSUSE 13.2 This update contains Chromium 48.0.2564.116 ans fixes the following security flaw: - CVE-2016-1629: Same-origin bypass in Blink and Sandbox escape in Chrome. (boo#967376) (Critical) SUSE bug 967376 CVE-2016-1629 openSUSE 13.2 This update for xdelta3 fixes the following security issue: - CVE-2014-9765: Fixed buffer overflow in main_get_appheader. (boo#965791) (Moderate) SUSE bug 965791 CVE-2014-9765 openSUSE 13.2 This update for erlang fixes the following issues: - CVE-2015-2774: Erlang/OTP was vulnerable to Poodle in its TLS-1.0 implementation - removed default support for SSL 3.0 and added padding check for TLS 1.0 (boo#924915) (Moderate) SUSE bug 924915 CVE-2015-2774 openSUSE 13.2 This update for a number of source services fixes the following issues: - boo#967265: Various code/parameter injection issues could have allowed malicious service definition to execute commands or make changes to the user's file system The following source services are affected - obs-service-source_validator - obs-service-extract_file - obs-service-download_files - obs-service-recompress - obs-service-verify_file Also contains all bug fixes and improvements from the openSUSE:Tools versions. (Important) openSUSE 13.2 This update for postgresql93 fixes the following issues: - Security and bugfix release 9.3.11: * Fix infinite loops and buffer-overrun problems in regular expressions (CVE-2016-0773, boo#966436). * Fix regular-expression compiler to handle loops of constraint arcs (CVE-2007-4772). * Prevent certain PL/Java parameters from being set by non-superusers (CVE-2016-0766, boo#966435). * Fix many issues in pg_dump with specific object types * Prevent over-eager pushdown of HAVING clauses for GROUPING SETS * Fix deparsing error with ON CONFLICT ... WHERE clauses * Fix tableoid errors for postgres_fdw * Prevent floating-point exceptions in pgbench * Make \det search Foreign Table names consistently * Fix quoting of domain constraint names in pg_dump * Prevent putting expanded objects into Const nodes * Allow compile of PL/Java on Windows * Fix "unresolved symbol" errors in PL/Python execution * Allow Python2 and Python3 to be used in the same database * Add support for Python 3.5 in PL/Python * Fix issue with subdirectory creation during initdb * Make pg_ctl report status correctly on Windows * Suppress confusing error when using pg_receivexlog with older servers * Multiple documentation corrections and additions * Fix erroneous hash calculations in gin_extract_jsonb_path() - For the full release notse, see: http://www.postgresql.org/docs/9.3/static/release-9-3-11.html (Important) SUSE bug 966435 SUSE bug 966436 CVE-2007-4772 CVE-2016-0766 CVE-2016-0773 openSUSE 13.2 The openSUSE 13.2 kernel was updated to receive security and bugfixes. It also fixes a regression that caused the Chromium sandbox to no longer work (bsc#965356). Following security bugs were fixed: - CVE-2016-2069: A flaw was discovered in a way the Linux deals with paging structures. When Linux invalidates a paging structure that is not in use locally, it could, in principle, race against another CPU that is switching to a process that uses the paging structure in question, causing a local denial service (machine crash). (bnc#963767). - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500). The following non-security bugs were fixed: - Bluetooth: ath3k: workaround the compatibility issue with xHCI controller (bnc#907378). - kABI fix for addition of user_namespace.flags field (bnc#965308, bnc#965356). - userns: Add a knob to disable setgroups on a per user namespace basis (bnc#965308, bnc#965356). - userns: Allow setting gid_maps without privilege when setgroups is disabled (bnc#965308, bnc#965356). - userns: Rename id_map_mutex to userns_state_mutex (bnc#965308, bnc#965356). (Important) SUSE bug 907378 SUSE bug 961500 SUSE bug 963767 SUSE bug 965308 SUSE bug 965356 CVE-2016-0723 CVE-2016-2069 openSUSE 13.2 This update for gummi fixes the following issues: - CVE-2015-7758: predictable filenames in /tmp based on basename - use final upstream patch (boo#949682) (Moderate) SUSE bug 949682 CVE-2015-7758 openSUSE 13.2 This update for libgcrypt fixes the following issues: - CVE-2015-7511: side-channel attack on ECDH with Weierstrass curves (boo#965902) (Moderate) SUSE bug 965902 CVE-2015-7511 openSUSE 13.2 This update for LibreOffice and some library dependencies (cmis-client, libetonyek, libmwaw, libodfgen, libpagemaker, libreoffice-share-linker, mdds, libwps) fixes the following issues: Changes in libreoffice: - Provide l10n-pt from pt-PT - boo#945047 - LO-L3: LO is duplicating master pages, extended fix - boo#951579 - LO-L3: [LibreOffice] Calc 5.0 fails to open ods files * deleted RPATH prevented loading of bundled 3rd party RDF handler libs - Version update to 5.0.4.2: * Final of the 5.0.4 series - boo#945047 - LO-L3: LO is duplicating master pages - Version update to 5.0.4.1: * rc1 of 5.0.4 with various regression fixes - boo#954345 - LO-L3: Insert-->Image-->Insert as Link hangs writer - Version update to 5.0.3.2: * Final tag of 5.0.3 release - Fix boo#939996 - LO-L3: Some bits from DOCX file are not imported - Fix boo#889755 - LO-L3: PPTX: chart axis number format incorrect - boo#679938 - LO-L3: saving to doc file the chapter name in the header does not change with chapters - Version update to 5.0.3RC1 as it should fix i586 test failure - Update text2number extension to 1.5.0 - obsolete libreoffice-mono - pentaho-flow-reporting require is conditional on system_libs - Update icon theme dependencies * https://lists.debian.org/debian-openoffice/2015/09/msg00343.html - Version bump to 5.0.2 final fate#318856 fate#319071 boo#943075 boo#945692: * Small tweaks compared to rc1 - For sake of completion this release also contains security fixes for boo#910806 CVE-2014-8147, boo#907636 CVE-2014-9093, boo#934423 CVE-2015-4551, boo#910805 CVE-2014-8146, boo#940838 CVE-2015-5214, boo#936190 CVE-2015-5213, boo#936188 CVE-2015-5212, boo#934423 CVE-2015-45513, boo#934423 CVE-2015-4551, boo#910805 CVE-2014-8146, boo#940838 CVE-2015-5214, boo#936190 CVE-2015-5213, boo#936188 CVE-2015-5212, boo#934423 CVE-2015-45513, boo#934423 CVE-2015-4551, boo#910805 CVE-2014-8146, boo#940838 CVE-2015-5214, boo#936190 CVE-2015-5213, boo#936188 CVE-2015-5212, boo#934423 CVE-2015-4551 - Use gcc48 to build on sle11sp4 - Make debuginfo's smaller on IBS. - Fix chrpath call after the libs got -lo suffixing - Add patch to fix qt4 features detection: * kde4filepicker.patch - Split out gtk3 UI to separate subpkg that requires gnome subpkg * This is to allow people to test gtk3 while it not being default - Version update to 5.0.2 rc1: * Various small tweaks and integration of our SLE11 patchsets - Update constraints to 30 GB on disk - Version bump to 5.0.1 rc2: * breeze icons extension * Credits update * Various small fixes - Version bump to 5.0.1 rc1: * Various small fixes * Has some commits around screen rendering -> could fix kde bugs - Kill branding-openSUSE, stick to TDF branding. - Version bump to 5.0 rc5: * Bunch of final touchups here and there - Remove some upstreamed patches: * old-cairo.patch - Add explicit requires over libmysqlclient_r18, should cover boo#829430 - Add patch to build with old cairo (sle11). - Version bump to 5.0 rc3: * Various more fixes closing on the 5.0 release - Update to 5.0 rc2: * Few small fixes and updates in internal libraries - Version bump to 5.0 rc1, remove obsolete patches: * 0001-Fix-could-not-convert-.-const-char-to-const-rtl-OUSt.patch * 0001-writerperfect-fix-gcc-4.7-build.patch - More chrpat love for sle11 - Add python-importlib to build/requirements on py2 distros - Provide/obsolete crystal icons so they are purged and not left over - Fix breeze icons handling, drop crystal icons. - Version bump to 5.0.0.beta3: * Drop merged patch 0001-Make-cpp-poppler-version.h-header-optional.patch * Update some internal tarballs so we keep building - based on these bumps update the buildrequires too - Generate python cache files wrt boo#929793 - Update %post scriptlets to work on sle11 again - Split out the share -> lib linker to hopefully allow sle11 build - One more fix for help handling boo#915996 - Version bump to 4.4.3 release: * Various small fixes all around - Disable verbose build to pass check on maximal size of log - We need pre/post for libreoffice in langpkgs - Use old java for detection and old commons-lang/codec to pass brp check on java from sle11 * 0001-Make-HAVE_JAVA6-be-always-false.patch - Revert last changeset, it is caused by something else this time: * 0001-Set-source-and-target-params-for-java.patch - Set source/target for javac when building to work on SLE11: * 0001-Set-source-and-target-params-for-java.patch - Try to deal with rpath on bundled libs - Fix python3_sitelib not being around for py2 - Add internal make for too old system - One more stab on poppler switch: * 0001-Make-cpp-poppler-version.h-header-optional.patch - Update the old-poppler patch to work correctly: * 0001-Make-cpp-poppler-version.h-header-optional.patch - Sort out more external tarballs for the no-system-libs approach - Add basic external tarballs needed for without-system-libraries - Add patch to check for poppler more nicely to work on older distros: * 0001-Make-cpp-poppler-version.h-header-optional.patch - Try to pass configure without system libs - Allow switch between py2 and py3 - Move external dependencies in conditional thus allow build on SLE11 - Add conditional for noarch subpackages - Add switch in configure to detect more of internal/external stuff - Add conditional for appdatastore thing and redo it to impact the spec less - Add systemlibs switch to be used in attempt to build sle11 build - Silence more scarry messages by boo#900186 * Fixes autocorr symlinking * Cleans UNO cache in more pretty way - Clean up the uno cache removal to not display scarry message boo#900186 - Remove patch to look for help in /usr/share, we symlink it back to lib, so there is no actual need to search for it directly, migth fix boo#915996: * officecfg-help-in-usr-share.diff - --disable-collada * reportedly it does not work in LibreOffice 4.4 - added version numbers to some BuildRequires lines - Require flow engine too on base - Fix build on SLE12 and 13.1 by adding conditional for appdata install - Fixup the installed appdata.xml files: they reference a .desktop file that are not installed by libreoffice (boo#926375). - Version bump to 4.4.2: * 2nd bugfix update for the 4.4 series - BuildRequires: libodfgen-devel >= 0.1 - added version numbers to some BuildRequires lines - build does not require python3-lxml - build requires librevenge-devel >= 0.0.1 - vlc media backend is broken, don't use it. Only gstreamer should be used. - Install the .appdata.xml files shipped by upstream: allow LO to be shown in AppStream based software centers. - Move pretrans to pre - Version bump to 4.4.1 first bugfix release of the series - Reduce bit the compilation preparations as we prepped most of the things by _constraints and it is no longer needed - %pre is not enough the script needs to be rewritten in lua - Move removal of obsolete dirs from %pretrans to %pre boo#916181 - Version bump to 4.4.0 final: * First in the 4.4 series * First release to have the new UI elements without old hardcoded sizes * Various improvements all around. - Version bump to 4.4.0rc2: * Various bugfixes, just bumping to see if we still build fine. - That verbose switch for configure was really really bad idea - generic images.zip for galaxy icons seem gone so remove - Do not supplement kde3 stuff, it is way beyond obsolete - Remove vlc conditional - korea.xcd is no more so remove - Really use mergelib - Disable telepathy, it really is experimental like hell - Version bump to 4.4.0rc1: * New 4.4 branch release with additional features - Enable collada: * New bundled collada2gltf tarball: 4b87018f7fff1d054939d19920b751a0-collada2gltf-master-cb1d97788a.tar.bz2 - Remove errorous self-obsolete in lang pkgs. - Version bump to 4.3.3.2: * Various bugfixes from maintenance branch to copy openSUSE. * Also contains fix for boo#900214 and boo#900218 CVE-2014-3693 - fix regression in bullets (boo#897903). - Add masterpage_style_parent.odp as new file for regression test for bullets. Changes in cmis-client: - Update to version 0.5.0 + Completely removed the dependency on InMemory server for unit tests + Minimized the number of HTTP requests sent by SessionFactory::createSession + Added Session::getBaseTypes() - Bump soname to 0_5-5 - Bump incname to 0.5 Changes in libetonyek: - Version bump to 0.1.3: * Various small fixes * More imported now imported * Now use mdds to help with some hashing - Version bump to 0.1.2: * Initial support for pages and numbers * Ditch libetonyek-0.1.1-constants.patch as we do not require us to build for older boost Changes in libmwaw: - Version bump to 0.3.6: - Added a minimal parser for ApplePict v1.v2, ie. no clipping, does not take in account the copy mode: srcCopy, srcOr, ... - Extended the --with-docs configure option to allow to build doc only for the API classes: --with-docs=no|api|full . - Added a parser for MacDraft v4-v5 documents. - RagTime v5-v6 parser: try to retrieve the main layouts and the picture/shape/textbox, ie. now, it generates result but it is still very imcomplete... - MWAW{Graphic,Presentation,Text}Listener: corrected a problem in openGroup which may create to incorrect document. - Created an MWAWEmbeddedObject class to store a picture with various representations. - MWAW*Listener: renamed insertPicture to insertShape, added a function to insert a texbox in a MWAWGraphicShape (which only insert a basic textbox). - Fixed many crashes and hangs when importing broken files, found with the help of american-fuzzy-lop. - And several other minor fixes and improvements. - Version bump to 0.3.5 * Various small fixes on 0.3 series, nothing big woth mention Changes in libodfgen: - Version bump to 0.1.4: - drawing interface: do no forget to call startDocument/endDocument when writing in the manifest - metadata: added handler for 'template' metadata, unknown metadata are written in a meta:user-defined elements, - defineSheetNumberingStyle: can now define styles for the whole document (and not only for the actual sheet) - update doxygen configuration file + add a make astyle command - Allow writing meta:creation-date metadata element for drawings and presentations too. - Improve handling of headings. Most importantly, write valid ODF. - Write meta:generator metadata element. - Add initial support for embedded fonts. It is currently limited to Flat ODF output. - Upgrade to version 0.1.2 * Use text:h element for headings. Any paragraph with text:outline-level property is recognized as a heading. * Handle layers. * Improve handling of styles. Particularly, do not emit duplicate styles. * Slightly improve documentation. * Handle master pages. * Do not expect that integer properties are always in inches. * Fix misspelled style:paragraph-properties element in presentation notes. * Only export public symbols on Linux. * Fix bogus XML-escaping of metadata values. * And many other improvements and fixes. Changes in libpagemaker: - Initial package based on upstream libpagemaker 0.0.2 Changes in libreoffice-share-linker: - Initial commit, split out from main libreoffice package to workaround issues on SLE11 build Changes in mdds: - Update to version 0.12.1: * Various small fixes on 0.12 series * Just move define up and comment why we redefine docdir * more types are possible in segment_tree data structures (previously only pointers were possible) * added sorted_string_map * multi_type_vector bugfixes Changes in libwps: - Update to version 0.4.1: + QuattroPro: correct a mistake when reading negative cell's position. + Fix some Windows build problems. + Fix more than 10 hangs when reading damaged files, found with the help of american-fuzzy-lop. + Performance: improve the sheet's output generation. + add support for unknown encoding files (ie. DOS file) + add potential support for converting Lotus, ... documents, + accept to convert all Lotus Wk1 files and Symphony Wk1 files, + add support for Lotus Wk3 and Wk4 documents, + add support for Quattro Pro Wq1 and Wq2 documents, + only in debug mode, add pre-support for Lotus Wk5..., must allow to retrieve the main sheets content's with no formatting, + add potential support for asking the document's password ( but do nothing ) + correct some compiler warnings when compiling in debug mode. + Fix parsing of floating-point numbers in specific cases. + Fix several minor issues reported by Coverity and Clang. + Check arguments of public functions. Passing NULL no longer causes a crash. + Use symbol visibility on Linux. The library only exports the public functions now. + Import @TERM and @CTERM functions (fdo#86241). + Handle LICS character encoding in spreadsheets (fdo#87222). + Fix a crash when reading a broken file, found with the help of american-fuzzy-lop. (Moderate) SUSE bug 679938 SUSE bug 829430 SUSE bug 889755 SUSE bug 897903 SUSE bug 900186 SUSE bug 900214 SUSE bug 900218 SUSE bug 907636 SUSE bug 910805 SUSE bug 910806 SUSE bug 915996 SUSE bug 916181 SUSE bug 926375 SUSE bug 929793 SUSE bug 934423 SUSE bug 936188 SUSE bug 936190 SUSE bug 939996 SUSE bug 940838 SUSE bug 943075 SUSE bug 945047 SUSE bug 945692 SUSE bug 951579 SUSE bug 954345 CVE-2014-3693 CVE-2014-8146 CVE-2014-8147 CVE-2014-9093 CVE-2015-4551 CVE-2015-5212 CVE-2015-5213 CVE-2015-5214 openSUSE 13.2 This update for dhcp fixes the following issues: - CVE-2015-8605: A remote attacker could have used badly formed packets with an invalid IPv4 UDP length field to cause a DHCP server, client, or relay program to terminate abnormally (boo#961305) The following bugs were fixed: - boo#936923: Improper lease duration checking - boo#880984: Integer overflows in the date and time handling code - boo#956159: fixed service files to start dhcpd after slapd - boo#960506: Improve exit reason and logging when /sbin/dhclient-script is unable to pre-init requested interface - boo#947780: DHCP server could abort with "Unable to set up timer: out of range" on very long or infinite timer intervals / lease lifetimes - boo#912098: dhclient could pretend to run while silently declining leases - boo#919959: server: Do not log success report before send reported success - boo#928390: dhclient dit not expose next-server DHCPv4 option to script - boo#926159: DHCP preferrend and valid lifetime would be logged incorrectly - boo#910686: Prevent a dependency conflict of dhcp-devel with bind-devel package (Moderate) SUSE bug 880984 SUSE bug 910686 SUSE bug 912098 SUSE bug 919959 SUSE bug 926159 SUSE bug 928390 SUSE bug 936923 SUSE bug 947780 SUSE bug 956159 SUSE bug 960506 SUSE bug 961305 CVE-2015-8605 openSUSE 13.2 This update to bouncycastle 1.54 fixes the following issues: - CVE-2015-7575: add validation that signature algorithm received in DigitallySigned structures is actually one of those offered (boo#967521) (Moderate) SUSE bug 967521 CVE-2015-7575 openSUSE 13.2 This update for nodejs fixes the following issues: - CVE-2016-2216: Response splitting vulnerability using Unicode characters (boo#966076) - CVE-2016-2086: Request smuggling vulnerability (boo#966077) Node.js was updated to the 4.3.1 LTS version, containing all upstream bug fixes and improvements. (Moderate) SUSE bug 966076 SUSE bug 966077 CVE-2016-2086 CVE-2016-2216 openSUSE 13.2 This update for openssl fixes the following issues: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to: * Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable "OPENSSL_ALLOW_SSL2" or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. Please also note that we built the 13.2 openSUSE openssl already with "no-ssl2". * Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable "OPENSSL_ALLOW_EXPORT". - CVE-2016-0702 aka the "CacheBleed" attack. (bsc#968050) Various changes in the modular exponentation code were added that make sure that it is not possible to recover RSA secret keys by analyzing cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. Note that this was only exploitable if the malicious code was running on the same hyper threaded Intel Sandy Bridge processor as the victim thread performing decryptions. - CVE-2016-0705 (bnc#968047): A double free() bug in the DSA ASN1 parser code was fixed that could be abused to facilitate a denial-of-service attack. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0798 (bnc#968265) The SRP user database lookup method SRP_VBASE_get_by_user() had a memory leak that attackers could abuse to facility DoS attacks. To mitigate the issue, the seed handling in SRP_VBASE_get_by_user() was disabled even if the user has configured a seed. Applications are advised to - We're unaffected by CVE-2016-0799 (boo#968374) because we use glibc's printf implementation instead of the built in one Bugs fixed: - avoid running OPENSSL_config twice. This avoids breaking engine loading. (boo#952871) (Important) SUSE bug 952871 SUSE bug 968046 SUSE bug 968047 SUSE bug 968048 SUSE bug 968050 SUSE bug 968265 SUSE bug 968374 CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0799 CVE-2016-0800 openSUSE 13.2 This update for libopenssl0_9_8 fixes the following issues: - CVE-2016-0800 aka the "DROWN" attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to: * Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable "OPENSSL_ALLOW_SSL2" or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. * Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable "OPENSSL_ALLOW_EXPORT". - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - The package was updated to 0.9.8zh: * fixes many security vulnerabilities (not seperately listed): CVE-2015-3195, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288, CVE-2014-3571, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2014-8275, CVE-2014-3570, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566, CVE-2014-3510, CVE-2014-3507, CVE-2014-3506, CVE-2014-3505, CVE-2014-3508, CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470, CVE-2014-0076, CVE-2013-0169, CVE-2013-0166 - avoid running OPENSSL_config twice. This avoids breaking engine loading. (boo#952871, boo#967787) - fix CVE-2015-3197 (boo#963415) * SSLv2 doesn't block disabled ciphers (Important) SUSE bug 952871 SUSE bug 963415 SUSE bug 967787 SUSE bug 968046 SUSE bug 968048 SUSE bug 968374 CVE-2013-0166 CVE-2013-0169 CVE-2014-0076 CVE-2014-0195 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3510 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3195 CVE-2015-3197 CVE-2016-0797 CVE-2016-0799 CVE-2016-0800 openSUSE 13.2 This update for libssh2_org fixes the following issues: - fix CVE-2016-0787 (boo#967026) * Weakness in diffie-hellman secret key generation * add CVE-2016-0787.patch (Moderate) SUSE bug 967026 CVE-2016-0787 openSUSE 13.2 This update for eog fixes the following issues: - Update to version 3.14.5 (CVE-2013-7447 boo#966682): + bgo#762028, >=eog-3.16 is affected by CVE-2013-7447. + Updated translations. (Moderate) SUSE bug 966682 CVE-2013-7447 openSUSE 13.2 Pigz, a multi-threaded implementation of gzip, was updated to fix one vulnerability. The following vulnerability was fixed: * A crafted file could have caused an unwanted directory traversal on extract (CVE-2015-1191) (Moderate) SUSE bug 913627 CVE-2015-1191 openSUSE 13.2 Wireshark was updated to 1.12.10, fixing a number issues in protocol dissectors that could have allowed a remote attacker to crash Wireshark or cause excessive CPU usage through specially crafted packages inserted into the network or a capture file, specifically: - CVE-2016-2523: DNP dissector infinite loop (wnpa-sec-2016-03) - CVE-2016-2530: RSL dissector crash (wnpa-sec-2016-10) - CVE-2016-2531: RSL dissector crash (wnpa-sec-2016-10) - CVE-2016-2532: LLRP dissector crash (wnpa-sec-2016-11) - GSM A-bis OML dissector crash (wnpa-sec-2016-14) - ASN.1 BER dissector crash (wnpa-sec-2016-15) - ASN.1 BER dissector crash (wnpa-sec-2016-18) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.10.html The following non-security bugs were fixed: - boo#961170: Recommend wireshark-ui instead of requiring it to support text-only used (Moderate) SUSE bug 961170 SUSE bug 968565 CVE-2016-2523 CVE-2016-2530 CVE-2016-2531 CVE-2016-2532 openSUSE 13.2 This update to phpMyAdmin 4.4.15.4 fixes the following security issues: - CVE-2016-2560: Multiple XSS vulnerabilities (PMASA-2016-11 boo#968938) - CVE-2016-2561: Multiple XSS vulnerabilities (PMASA-2016-12 boo#968941) (Moderate) SUSE bug 968938 SUSE bug 968941 CVE-2016-2560 CVE-2016-2561 openSUSE 13.2 libotr and libotr2 were updated to fix one security issue: - CVE-2016-2851: Integer overflow vulnerability allowed remote attackers to execute arbitrary code on 64 bit platforms (boo#969785) (Important) SUSE bug 969785 CVE-2016-2851 openSUSE 13.2 This update for php5 fixes the following issues: * CVE-2016-2554: A stack overflow vulnerability when decompressing tar phar archives was fixed. (Moderate) SUSE bug 968284 CVE-2016-2554 openSUSE 13.2 This update for OpenVPN fixes the following vulnerabilities: * boo#959714: heap overflow on read accessing getaddrinfo result * boo#934237: multiple low severity issues (Moderate) SUSE bug 934237 SUSE bug 959714 openSUSE 13.2 NonFree This update to Adobe Flash Player 11.2.202.577 fixes a number of vulnerabilities that could have allowed remote attackers to execute arbitrary code through crafted content. (boo#970547) * APSB16-08, CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010 (Important) SUSE bug 970547 CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 CVE-2016-1005 CVE-2016-1010 openSUSE 13.2 This update to exim 4.86.2 fixes the following issues: * CVE-2016-1531: local privilege escalation for set-uid root exim when using 'perl_startup' (boo#968844) Important: Exim now cleans the complete execution environment by default. This affects Exim and subprocesses such as transports calling other programs. The following new options are supported to adjust this behaviour: * keep_environment * add_environment A warning will be printed upon startup if none of these are configured. Also includes upstream changes, improvements and bug fixes: * Support for using the system standard CA bundle. * New expansion items $config_file, $config_dir, containing the file and directory name of the main configuration file. Also $exim_version. * New "malware=" support for Avast. * New "spam=" variant option for Rspamd. * Assorted options on malware= and spam= scanners. * A commandline option to write a comment into the logfile. * A logging option for slow DNS lookups. * New ${env {<variable>}} expansion. * A non-SMTP authenticator using information from TLS client certificates. * Main option "tls_eccurve" for selecting an Elliptic Curve for TLS. * Main option "dns_trust_aa" for trusting your local nameserver at the same level as DNSSEC. (Important) SUSE bug 968844 CVE-2016-1531 openSUSE 13.2 This update for python-rsa fixes the following security issues: * CVE-2016-1494: Possible signature forgery via Bleichenbacher attack (bsc#960680) The following bugs fixes are included: * FATE#319904, boo#954690: Support VPN feature in google-cloud-sdk * boo#935595: missing coreutils requirement (Moderate) SUSE bug 935595 SUSE bug 954690 SUSE bug 960680 CVE-2016-1494 openSUSE 13.2 Chromium was updated to 49.0.2623.75 to fix the following security issues: (boo#969333) - CVE-2016-1630: Same-origin bypass in Blink - CVE-2016-1631: Same-origin bypass in Pepper Plugin - CVE-2016-1632: Bad cast in Extensions - CVE-2016-1633: Use-after-free in Blink - CVE-2016-1634: Use-after-free in Blink - CVE-2016-1635: Use-after-free in Blink - CVE-2016-1636: SRI Validation Bypass - CVE-2015-8126: Out-of-bounds access in libpng - CVE-2016-1637: Information Leak in Skia - CVE-2016-1638: WebAPI Bypass - CVE-2016-1639: Use-after-free in WebRTC - CVE-2016-1640: Origin confusion in Extensions UI - CVE-2016-1641: Use-after-free in Favicon - CVE-2016-1642: Various fixes from internal audits, fuzzing and other initiatives - Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.26) (Important) SUSE bug 969333 CVE-2015-8126 CVE-2016-1630 CVE-2016-1631 CVE-2016-1632 CVE-2016-1633 CVE-2016-1634 CVE-2016-1635 CVE-2016-1636 CVE-2016-1637 CVE-2016-1638 CVE-2016-1639 CVE-2016-1640 CVE-2016-1641 CVE-2016-1642 openSUSE 13.2 This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues: MozillaFirefox was updated to Firefox 45.0 (boo#969894) * requires NSPR 4.12 / NSS 3.21.1 * Instant browser tab sharing through Hello * Synced Tabs button in button bar * Tabs synced via Firefox Accounts from other devices are now shown in dropdown area of Awesome Bar when searching * Introduce a new preference (network.dns.blockDotOnion) to allow blocking .onion at the DNS level * Tab Groups (Panorama) feature removed * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and potential privilege escalation through CSP reports * MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports fail to strip location information for embedded iframe pages * MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video memory DOS with Intel drivers * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright when deleting an array during MP4 processing * MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be overridden * MFSA 2016-22/CVE-2016-1959 (bmo#1234949) Service Worker Manager out-of-bounds read in Service Worker Manager * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in HTML5 string parser * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in SetBody * MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using multiple WebRTC data channels * MFSA 2016-26/CVE-2016-1963 (bmo#1238440) Memory corruption when modifying a file being read by FileReader * MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML transformations * MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though history navigation and Location protocol property * MFSA 2016-29/CVE-2016-1967 (bmo#1246956) Same-origin policy violation using perfomance.getEntries and history navigation with session restore * MFSA 2016-30/CVE-2016-1968 (bmo#1246742) Buffer overflow in Brotli decompression * MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with malicious NPAPI plugin * MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/ CVE-2016-1976/CVE-2016-1972 WebRTC and LibVPX vulnerabilities found through code inspection * MFSA 2016-33/CVE-2016-1973 (bmo#1219339) Use-after-free in GetStaticInstance in WebRTC * MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML parser following a failed allocation * MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1) * MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS (fixed by requiring 3.21.1) * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library mozilla-nspr was updated to version 4.12 * added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. * fixed a memory allocation bug related to the PR_*printf functions * exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 * added support for FreeBSD aarch64 * several minor correctness and compatibility fixes mozilla-nss was updated to NSS 3.21.1 (bmo#969894) * required for Firefox 45.0 * MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1) * MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS (fixed by requiring 3.21.1) (Important) SUSE bug 969894 CVE-2016-1950 CVE-2016-1952 CVE-2016-1953 CVE-2016-1954 CVE-2016-1955 CVE-2016-1956 CVE-2016-1957 CVE-2016-1958 CVE-2016-1959 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1963 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1967 CVE-2016-1968 CVE-2016-1970 CVE-2016-1971 CVE-2016-1972 CVE-2016-1973 CVE-2016-1974 CVE-2016-1975 CVE-2016-1976 CVE-2016-1977 CVE-2016-1979 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 openSUSE 13.2 This update for python-Pillow fixes the following issues: - backport security fixes from 3.1.1 (Pillow-overflows.patch): * Fixed an integer overflow in Resample.c causing writes in the Python heap. * Fixed a buffer overflow in PcdDecode.c causing a segfault when opening PhotoCD files. CVE-2016-TBD * Fixed a buffer overflow in FliDecode.c causing a segfault when opening FLI files. CVE-2016-0775 (fixes boo#965582) * Fixed a buffer overflow in TiffDecode.c causing an arbitrary amount of memory to be overwritten when opening a specially crafted invalid TIFF file. CVE-2016-0740 (fixes boo#965579) (Moderate) SUSE bug 965579 SUSE bug 965582 CVE-2016-0740 CVE-2016-0775 openSUSE 13.2 This update for graphite2 fixes the following issues: - CVE-2016-1521: The directrun function in directmachine.cpp in Libgraphite did not validate a certain skip operation, which allowed remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font. - CVE-2016-1522: Code.cpp in Libgraphite did not consider recursive load calls during a size check, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font. - CVE-2016-1523: The SillMap::readFace function in FeatureMap.cpp in Libgraphite mishandled a return value, which allowed remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font. - CVE-2016-1526: The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite incorrectly validated a size value, which allowed remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font. (Important) SUSE bug 965803 SUSE bug 965806 SUSE bug 965807 SUSE bug 965810 CVE-2016-1521 CVE-2016-1522 CVE-2016-1523 CVE-2016-1526 openSUSE 13.2 This update for xen fixes the following security issues: - CVE-2015-8568 CVE-2015-8567: xen: qemu: net: vmxnet3: host memory leakage (boo#959387) - CVE-2015-8550: xen: paravirtualized drivers incautious about shared memory contents (XSA-155, boo#957988) - CVE-2015-8558: xen: qemu: usb: infinite loop in ehci_advance_state results in DoS (boo#959006) - CVE-2015-7549: xen: qemu pci: null pointer dereference issue (boo#958918) - CVE-2015-8504: xen: qemu: ui: vnc: avoid floating point exception (boo#958493) - CVE-2015-8554: xen: qemu-dm buffer overrun in MSI-X handling (XSA-164, boo#958007) - CVE-2015-8555: xen: information leak in legacy x86 FPU/XMM initialization (XSA-165, boo#958009) - boo#958523: xen: ioreq handling possibly susceptible to multiple read issue (XSA-166) - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156, boo#954018) - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list (boo#956832) - boo#956592: xen: virtual PMU is unsupported (XSA-163) - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159, boo#956408) - CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error (XSA-160, boo#956409) - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162, boo#956411) (Important) SUSE bug 954018 SUSE bug 956408 SUSE bug 956409 SUSE bug 956411 SUSE bug 956592 SUSE bug 956832 SUSE bug 957988 SUSE bug 958007 SUSE bug 958009 SUSE bug 958493 SUSE bug 958523 SUSE bug 958918 SUSE bug 959006 SUSE bug 959387 CVE-2015-5307 CVE-2015-7504 CVE-2015-7549 CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 CVE-2015-8345 CVE-2015-8504 CVE-2015-8550 CVE-2015-8554 CVE-2015-8555 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 openSUSE 13.2 This update for git fixes a buffer overflow issue that had the potential to be abused for remote execution of arbitrary code (CVE-2016-2315, CVE-2016-2324, bsc#971328). (Important) SUSE bug 971328 CVE-2016-2315 CVE-2016-2324 openSUSE 13.2 This update for cgit fixes a buffer overflow issue that had the potential to be abused for remote execution of arbitrary code (CVE-2016-2315, CVE-2016-2324, bsc#971328). (Important) SUSE bug 971328 CVE-2016-2315 CVE-2016-2324 openSUSE 13.2 This update for samba fixes the following issues: Version update to 4.1.23. + Getting and setting Windows ACLs on symlinks can change permissions on link target; CVE-2015-7560; (bso#11648); (boo#968222). + Fix Out-of-bounds read in internal DNS server; CVE-2016-0771; (bso#11128); (bso#11686); (boo#968223). Also fixed: - Ensure samlogon fallback requests are rerouted after kerberos failure; (bnc#953382); (bnc#953972). (Important) SUSE bug 953382 SUSE bug 953972 SUSE bug 968222 SUSE bug 968223 CVE-2015-7560 CVE-2016-0771 openSUSE 13.2 This update contains Chromium 49.0.2623.87 to fix the following issues: - CVE-2016-1643: Type confusion in Blink (boo#970514) - CVE-2016-1644: Use-after-free in Blink (boo#970509) - CVE-2016-1645: Out-of-bounds write in PDFium (boo#970511) (Important) SUSE bug 970509 SUSE bug 970511 SUSE bug 970514 CVE-2016-1643 CVE-2016-1644 CVE-2016-1645 openSUSE 13.2 This update for bind fixes the following issues: Fix two assertion failures that can lead to a remote denial of service attack: * CVE-2016-1285: An error when parsing signature records for DNAME can lead to named exiting due to an assertion failure. (bsc#970072) * CVE-2016-1286: An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c. (bsc#970073) (Important) SUSE bug 970072 SUSE bug 970073 CVE-2016-1285 CVE-2016-1286 openSUSE 13.2 This update for rubygem-actionpack-3_2 fixes the following issues: - CVE-2016-2097: rubygem-actionview: Possible Information Leak Vulnerability in Action View. (boo#968850) - CVE-2016-2098: rubygem-actionpack: Possible remote code execution vulnerability in Action Pack (boo#968849) (Important) SUSE bug 968849 SUSE bug 968850 CVE-2016-2097 CVE-2016-2098 openSUSE 13.2 This update for libebml, libmatroska fixes the following security issues: Vulnerabilities fixed in libebml: * Cisco TALOS-CAN-0036: Invalid memory access when reading from a UTF-8 string resulted in a heap information leak (bsc#961031). * Cisco TALOS-CAN-0037: Deeply nested elements with infinite size use-after-free and multiple free (bsc#961031). * Invalid mempry access resulted in heap information leak Vulnerabilities fixed in libmatroska: * invalid memory access when reading specially crafted data lead to a heap information leak. (Moderate) SUSE bug 961031 openSUSE 13.2 This update for bsh2 fixes the following issues: - Version update to 2.0b6 boo#967593 CVE-2016-2510 * Upstream developement moved to github * No obvious changelog apart from the above (Important) SUSE bug 967593 CVE-2016-2510 openSUSE 13.2 This update for quagga fixes the following security issue: - CVE-2016-2342: Quagga was extended the prefixlen check to ensure it is within the bound of the NLRI packet data and the on-stack prefix structure and the maximum size for the address family (bsc#970952). (Moderate) SUSE bug 970952 CVE-2016-2342 openSUSE 13.2 This update for perl fixes the following issues: - CVE-2016-2381: Fixed environment duplicated variable handling bug [boo#967082] - fix memory leak in 'use utf8' handling [boo#928292] - CVE-2015-8607: Fixed taint propagation in canonpath [boo#961528] (Moderate) SUSE bug 928292 SUSE bug 961528 SUSE bug 967082 CVE-2015-8607 CVE-2016-2381 openSUSE 13.2 dropbear was updated to 2016.72 to fix the following issues: Changes in dropbear: - updated to upstream version 2016.72 * Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions, found by github.com/tintinweb. Thanks for Damien Miller for a patch. - used as bug fix release for boo#970633 - CVE-2016-3116 - updated to upstream version 2015.71 * Fix "bad buf_incrpos" when data is transferred, broke in 2015.69 * Fix crash on exit when -p address:port is used, broke in 2015.68 * Fix building with only ENABLE_CLI_REMOTETCPFWD given, patch from Konstantin Tokarev * Fix bad configure script test which didn't work with dash shell, patch from Juergen Daubert, broke in 2015.70 * Fix server race condition that could cause sessions to hang on exit, https://github.com/robotframework/SSHLibrary/issues/128 - updated to upstream version 2015.70 * Fix server password authentication on Linux, broke in 2015.69 * Fix crash when forwarded TCP connections fail to connect (bug introduced in 2015.68) * Avoid hang on session close when multiple sessions are started, affects Qt Creator Patch from Andrzej Szombierski * Reduce per-channel memory consumption in common case, increase default channel limit from 100 to 1000 which should improve SOCKS forwarding for modern webpages * Handle multiple command line arguments in a single flag, thanks to Guilhem Moulin * Manpage improvements from Guilhem Moulin * Build fixes for Android from Mike Frysinger * Don't display the MOTD when an explicit command is run from Guilhem Moulin * Check curve25519 shared secret isn't zero - updated to upstream version 2015.68 * Reduce local data copying for improved efficiency. Measured 30% increase in throughput for connections to localhost * Forwarded TCP ports connect asynchronously and try all available addresses (IPv4, IPv6, round robin DNS) * Fix all compile warnings, many patches from Ga?l Portay Note that configure with -Werror may not be successful on some platforms (OS X) and some configuration options may still result in unused variable warnings. * Use TCP Fast Open on Linux if available. Saves a round trip at connection to hosts that have previously been connected. Needs a recent Linux kernel and possibly "sysctl -w net.ipv4.tcp_fastopen=3" Client side is disabled by default pending further compatibility testing with networks and systems. * Increase maximum command length to 9000 bytes * Free memory before exiting, patch from Thorsten Horstmann. Useful for Dropbear ports to embedded systems and for checking memory leaks with valgrind. Only partially implemented for dbclient. This is disabled by default, enable with DROPBEAR_CLEANUP in sysoptions.h * DROPBEAR_DEFAULT_CLI_AUTHKEY setting now always prepends home directory unless there is a leading slash (~ isn't treated specially) * Fix small ECC memory leaks * Tighten validation of Diffie-Hellman parameters, from Florent Daigniere of Matta Consulting. Odds of bad values are around 2**-512 -- improbable. * Twofish-ctr cipher is supported though disabled by default * Fix pre-authentication timeout when waiting for client SSH-2.0 banner, thanks to CL Ouyang * Fix null pointer crash with restrictions in authorized_keys without a command, patch from Guilhem Moulin * Ensure authentication timeout is handled while reading the initial banner, thanks to CL Ouyang for finding it. * Fix null pointer crash when handling bad ECC keys. Found by afl-fuzz - fixed checksum URL - updated to upstream version 2015.67 * Call fsync() after generating private keys to ensure they aren't lost if a reboot occurs. Thanks to Peter Korsgaard * Disable non-delayed zlib compression by default on the server. Can be enabled if required for old clients with DROPBEAR_SERVER_DELAY_ZLIB * Default client key path ~/.ssh/id_dropbear * Prefer stronger algorithms by default, from Fedor Brunner. AES256 over 3DES Diffie-hellman group14 over group1 * Add option to disable CBC ciphers. * Disable twofish in default options.h * Enable sha2 HMAC algorithms by default, the code was already required for ECC key exchange. sha1 is the first preference still for performance. * Fix installing dropbear.8 in a separate build directory, from Like Ma * Allow configure to succeed if libtomcrypt/libtommath are missing, from Elan Ruusam?e * Don't crash if ssh-agent provides an unknown type of key. From Catalin Patulea * Minor bug fixes, a few issues found by Coverity scan - replaced deprecated gpg-offline check by obs-service-source_validator - updated to upstream version 2014.66 * Use the same keepalive handling behaviour as OpenSSH. This will work better with some SSH implementations that have different behaviour with unknown message types. * Don't reply with SSH_MSG_UNIMPLEMENTED when we receive a reply to our own keepalive message * Set $SSH_CLIENT to keep bash happy, patch from Ryan Cleere * Fix wtmp which broke since 2013.62, patch from Whoopie (Moderate) SUSE bug 970633 CVE-2016-3116 openSUSE 13.2 This update for openssh fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client's private key through the roaming feature (bsc#961642) - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflow in the OpenSSH client through the roaming feature (bsc#961645) This update disables the undocumented feature supported by the OpenSSH client and a commercial SSH server. (Critical) SUSE bug 961642 SUSE bug 961645 CVE-2016-0777 CVE-2016-0778 openSUSE 13.2 This update for libssh fixes the following issues: - CVE-2016-0739: Fix Weakness in diffie-hellman secret key generation. (bsc#965875) This fix was imported from the SUSE:SLE-12:Update update project. (Moderate) SUSE bug 965875 CVE-2016-0739 openSUSE 13.2 MozillaThunderbird was updated to 38.7.0 to fix the following issues: * Update to Thunderbird 38.7.0 (boo#969894) * MFSA 2015-81/CVE-2015-4477 (bmo#1179484) Use-after-free in MediaStream playback * MFSA 2015-136/CVE-2015-7207 (bmo#1185256) Same-origin policy violation using performance.getEntries and history navigation * MFSA 2016-16/CVE-2016-1952 Miscellaneous memory safety hazards * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and potential privilege escalation through CSP reports * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright when deleting an array during MP4 processing * MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be overridden * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in HTML5 string parser * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in SetBody * MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using multiple WebRTC data channels * MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML transformations * MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though history navigation and Location protocol property * MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with malicious NPAPI plugin * MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML parser following a failed allocation * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library (Important) SUSE bug 969894 CVE-2015-4477 CVE-2015-7207 CVE-2016-1952 CVE-2016-1954 CVE-2016-1957 CVE-2016-1958 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 openSUSE 13.2 This update to pidgin-otr 4.0.2 fixes the following issue: - CVE-2015-8833: use-after-free issue during SMP (boo#970498) It also contains new and updated translations. (Moderate) SUSE bug 970498 CVE-2015-8833 openSUSE 13.2 This update for gdk-pixbuf fixes the following issues: - CVE-2015-7552: Fixed various overflows in image handling (boo#958963). - CVE-2015-7673: Fixed an overflow and DoS with a TGA file (boo#948790). - CVE-2015-7674: Fixed overflow when scaling a gif (boo#948791). (Moderate) SUSE bug 948790 SUSE bug 948791 SUSE bug 958963 CVE-2015-7552 CVE-2015-7673 CVE-2015-7674 openSUSE 13.2 This update for webkitgtk fixes the following issues: - webkitgtk was updated to version 2.4.10 (boo#971460): + Fix rendering of form controls and scrollbars with GTK+ >= 3.19. + Fix crashes on PPC64. + Fix the build on powerpc 32 bits. + Add ARM64 build support. + Security fixes: CVE-2015-1120, CVE-2015-1076, CVE-2015-1071, CVE-2015-1081, CVE-2015-1122, CVE-2015-1155, CVE-2014-1748, CVE-2015-3752, CVE-2015-5809, CVE-2015-5928, CVE-2015-3749, CVE-2015-3659, CVE-2015-3748, CVE-2015-3743, CVE-2015-3731, CVE-2015-3745, CVE-2015-5822, CVE-2015-3658, CVE-2015-3741, CVE-2015-3727, CVE-2015-5801, CVE-2015-5788, CVE-2015-3747, CVE-2015-5794, CVE-2015-1127, CVE-2015-1153, CVE-2015-1083. + Updated translations. (Moderate) SUSE bug 971460 CVE-2014-1748 CVE-2015-1071 CVE-2015-1076 CVE-2015-1081 CVE-2015-1083 CVE-2015-1120 CVE-2015-1122 CVE-2015-1127 CVE-2015-1153 CVE-2015-1155 CVE-2015-3658 CVE-2015-3659 CVE-2015-3727 CVE-2015-3731 CVE-2015-3741 CVE-2015-3743 CVE-2015-3745 CVE-2015-3747 CVE-2015-3748 CVE-2015-3749 CVE-2015-3752 CVE-2015-5788 CVE-2015-5794 CVE-2015-5801 CVE-2015-5809 CVE-2015-5822 CVE-2015-5928 openSUSE 13.2 Chromium was updated to 49.0.2623.110 to fix the following security issues: - CVE-2016-1646: Out-of-bounds read in V8 - CVE-2016-1647: Use-after-free in Navigation - CVE-2016-1648: Use-after-free in Extensions - CVE-2016-1649: Buffer overflow in libANGLE - CVE-2016-1650: Various fixes from internal audits, fuzzing and other initiatives - CVE-2016-3679: Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.33) (Important) SUSE bug 972834 CVE-2016-1646 CVE-2016-1647 CVE-2016-1648 CVE-2016-1649 CVE-2016-1650 CVE-2016-3679 openSUSE 13.2 This update for krb5 fixes the following security issue: - CVE-2016-3119: An authenticated attacker with permission to modify a principal entry could have caused kadmind to dereference a null pointer by supplying an empty DB argument to the modify_principal command, if kadmind is configured to use the LDAP KDB module. (bsc#971942) (Moderate) openSUSE 13.2 This update for xerces-c fixes the following security issues: - CVE-2016-0729: Fix for mishandling certain kinds of malformed input documents, resulting in buffer overlows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. (boo#966822) - CVE-2015-0252: Fix for mishandling certain kinds of malformed input documents, resulting in a segmentation fault during a parse operation (boo#920810) (Moderate) SUSE bug 920810 SUSE bug 966822 CVE-2015-0252 CVE-2016-0729 openSUSE 13.2 This update for java-1_7_0-openjdk fixes the following issues: java-1_7_0-openjdk was updated to 2.6.5 - OpenJDK 7u99 (boo#972468) * Security fixes - S8152335, CVE-2016-0636: Improve MethodHandle consistency * Import of OpenJDK 7 u99 build 0 - S6425769, PR2858: Allow specifying an address to bind JMX remote connector - S6961123: setWMClass fails to null-terminate WM_CLASS string - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently for IPv6 addresses * Backports - S8028727, PR2814: [parfait] warnings from b116 for jdk.src.share.native.sun.security.ec: JNI pending exceptions - S8048512, PR2814: Uninitialised memory in jdk/src/share/native/sun/security/ec/ECC_JNI.cpp - S8071705. PR2819, RH1182694: Java application menu misbehaves when running multiple screen stacked vertically - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell * Bug fixes - PR2803: Make system CUPS optional - PR2886: Location of 'stap' executable is hard-coded - PR2893: test/tapset/jstaptest.pl should be executable - PR2894: Add missing test directory in make check. * CACAO - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest && result && x.any && y.any' failed * AArch64 port - PR2852: Add support for large code cache - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only. - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in interpreter - S8131483, PR2852: aarch64: illegal stlxr instructions - S8133352, PR2852: aarch64: generates constrained unpredictable instructions - S8133842, PR2852: aarch64: C2 generates illegal instructions with int shifts >=32 - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking implementation - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0 - S8138575, PR2852: Improve generated code for profile counters - S8138641, PR2852: Disable C2 peephole by default for aarch64 - S8138966, PR2852: Intermittent SEGV running ParallelGC - S8143067, PR2852: aarch64: guarantee failure in javac - S8143285, PR2852: aarch64: Missing load acquire when checking if ConstantPoolCacheEntry is resolved - S8143584, PR2852: Load constant pool tag and class status with load acquire - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java fails with --enable-unlimited-crypto - S8144582, PR2852: AArch64 does not generate correct branch profile data - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base - S8147805, PR2852: aarch64: C1 segmentation fault due to inline Unsafe.getAndSetObject - S8148240, PR2852: aarch64: random infrequent null pointer exceptions in javac * PPC & AIX port - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in os_aix.cpp after 8028280 - S8139258, PR2851: PPC64LE: argument passing problem when passing 15 floats in native call - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill register R12 Update to 2.6.5 - OpenJDK 7u99 (boo#972468) * Security fixes - S8152335, CVE-2016-0636: Improve MethodHandle consistency * Import of OpenJDK 7 u99 build 0 - S6425769, PR2858: Allow specifying an address to bind JMX remote connector - S6961123: setWMClass fails to null-terminate WM_CLASS string - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently for IPv6 addresses * Backports - S8028727, PR2814: [parfait] warnings from b116 for jdk.src.share.native.sun.security.ec: JNI pending exceptions - S8048512, PR2814: Uninitialised memory in jdk/src/share/native/sun/security/ec/ECC_JNI.cpp - S8071705. PR2819, RH1182694: Java application menu misbehaves when running multiple screen stacked vertically - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell * Bug fixes - PR2803: Make system CUPS optional - PR2886: Location of 'stap' executable is hard-coded - PR2893: test/tapset/jstaptest.pl should be executable - PR2894: Add missing test directory in make check. * CACAO - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest && result && x.any && y.any' failed * AArch64 port - PR2852: Add support for large code cache - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only. - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in interpreter - S8131483, PR2852: aarch64: illegal stlxr instructions - S8133352, PR2852: aarch64: generates constrained unpredictable instructions - S8133842, PR2852: aarch64: C2 generates illegal instructions with int shifts >=32 - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking implementation - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0 - S8138575, PR2852: Improve generated code for profile counters - S8138641, PR2852: Disable C2 peephole by default for aarch64 - S8138966, PR2852: Intermittent SEGV running ParallelGC - S8143067, PR2852: aarch64: guarantee failure in javac - S8143285, PR2852: aarch64: Missing load acquire when checking if ConstantPoolCacheEntry is resolved - S8143584, PR2852: Load constant pool tag and class status with load acquire - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java fails with --enable-unlimited-crypto - S8144582, PR2852: AArch64 does not generate correct branch profile data - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base - S8147805, PR2852: aarch64: C1 segmentation fault due to inline Unsafe.getAndSetObject - S8148240, PR2852: aarch64: random infrequent null pointer exceptions in javac * PPC & AIX port - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in os_aix.cpp after 8028280 - S8139258, PR2851: PPC64LE: argument passing problem when passing 15 floats in native call - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill register R12 (Important) SUSE bug 972468 CVE-2016-0636 openSUSE 13.2 This update of java-1_8_0-openjdk to jdk8u77-b03 fixes the following issues: * CVE-2016-0636: Improve MethodHandle consistency fixes crash / code execution problems. (Important) SUSE bug 972468 CVE-2016-0636 openSUSE 13.2 NonFree flash-player was updated to fix one security issue. This security issue was fixed: - CVE-2016-1019: Adobe Flash Player earlier allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016 Aliased: (bsc#974209). (Important) SUSE bug 974209 CVE-2016-1019 openSUSE 13.2 xen was updated to version 4.4.4 to fix 33 security issues. These security issues were fixed: - CVE-2016-2392: NULL pointer dereference in remote NDIS control message handling (bsc#967012). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2016-2270: Xen allowed local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings (boo#965315). - CVE-2016-2538: Integer overflow in remote NDIS control message handling (bsc#967969). - CVE-2015-7512: Buffer overflow in the pcnet_receive function in hw/net/pcnet.c, when a guest NIC has a larger MTU, allowed remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet (boo#962360). - CVE-2014-3689: The vmware-vga driver (hw/display/vmware_vga.c) allowed local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling (boo#962611). - CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989). - CVE-2016-1568: AHCI use-after-free vulnerability in aio port commands (bsc#961332). - CVE-2016-1981: e1000 infinite loop in start_xmit and e1000_receive_iov routines (bsc#963782). - CVE-2016-2198: EHCI NULL pointer dereference in ehci_caps_write (bsc#964413). - CVE-2015-6815: e1000: infinite loop issue (bsc#944697). - CVE-2014-0222: Integer overflow in the qcow_open function in block/qcow.c allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (boo#964925). - CVE-2015-6855: hw/ide/core.c did not properly restrict the commands accepted by an ATAPI device, which allowed guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash (boo#965156). - CVE-2016-2271: VMX in using an Intel or Cyrix CPU, allowed local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP (boo#965317). - CVE-2013-4534: Buffer overflow in hw/intc/openpic.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements (boo#964452). - CVE-2013-4537: The ssi_sd_transfer function in hw/sd/ssi-sd.c allowed remote attackers to execute arbitrary code via a crafted arglen value in a savevm image (boo#962642). - CVE-2015-1779: The VNC websocket frame decoder allowed remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section (boo#962632). - CVE-2013-4530: Buffer overflow in hw/ssi/pl022.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image (boo#964950). - CVE-2013-4533: Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image (boo#964644). - CVE-2013-4539: Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c allowed remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image (boo#962758). - CVE-2013-4538: Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image (boo#962335). - CVE-2015-8345: eepro100: infinite loop in processing command block list (bsc#956829). - CVE-2015-8613: scsi: stack based buffer overflow in megasas_ctrl_get_info (bsc#961358). - CVE-2015-8619: Stack based OOB write in hmp_sendkey routine (bsc#960334). - CVE-2016-1571: The paging_invlpg function in include/asm-x86/paging.h, when using shadow mode paging or nested virtualization is enabled, allowed local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check (boo#960862). - CVE-2016-1570: The PV superpage functionality in arch/x86/mm.c allowed local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates (boo#960861). - CVE-2014-9718: The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality had multiple interpretations of a function's return value, which allowed guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions (boo#964431). - CVE-2016-1714: nvram: OOB r/w access in processing firmware configurations (bsc#961691). - CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions (bsc#960725). - CVE-2015-8744: vmxnet3: incorrect l2 header validation leads to a crash via assert(2) call (bsc#960835). - CVE-2015-8745: Reading IMR registers could have lead to a crash via assert(2) call (bsc#960707). - CVE-2014-7815: The set_pixel_format function in ui/vnc.c allowed remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value (boo#962627). - CVE-2013-4529: Buffer overflow in hw/pci/pcie_aer.c allowed remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image (boo#964929). (Important) SUSE bug 944463 SUSE bug 944697 SUSE bug 945989 SUSE bug 956829 SUSE bug 960334 SUSE bug 960707 SUSE bug 960725 SUSE bug 960835 SUSE bug 960861 SUSE bug 960862 SUSE bug 961332 SUSE bug 961358 SUSE bug 961691 SUSE bug 962335 SUSE bug 962360 SUSE bug 962611 SUSE bug 962627 SUSE bug 962632 SUSE bug 962642 SUSE bug 962758 SUSE bug 963782 SUSE bug 964413 SUSE bug 964431 SUSE bug 964452 SUSE bug 964644 SUSE bug 964925 SUSE bug 964929 SUSE bug 964950 SUSE bug 965156 SUSE bug 965315 SUSE bug 965317 SUSE bug 967012 SUSE bug 967969 CVE-2013-4529 CVE-2013-4530 CVE-2013-4533 CVE-2013-4534 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2014-0222 CVE-2014-3689 CVE-2014-7815 CVE-2014-9718 CVE-2015-1779 CVE-2015-5239 CVE-2015-5278 CVE-2015-6815 CVE-2015-6855 CVE-2015-7512 CVE-2015-8345 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-1568 CVE-2016-1570 CVE-2016-1571 CVE-2016-1714 CVE-2016-1981 CVE-2016-2198 CVE-2016-2270 CVE-2016-2271 CVE-2016-2392 CVE-2016-2538 openSUSE 13.2 cairo was updated to fix one security issue. This security issue was fixed: - CVE-2016-3190: Out of bounds read in fill_xrgb32_lerp_opaque_spans (bsc#971964). (Moderate) SUSE bug 971964 CVE-2016-3190 openSUSE 13.2 mercurial was updated to fix three security issues. These security issues were fixed: - CVE-2016-3069: Arbitrary code execution when converting Git repos (bsc#973176). - CVE-2016-3068: Arbitrary code execution with Git subrepos (bsc#973177). - CVE-2016-3630: Remote code execution in binary delta decoding (bsc#973175). (Important) SUSE bug 973175 SUSE bug 973176 SUSE bug 973177 CVE-2016-3068 CVE-2016-3069 CVE-2016-3630 openSUSE 13.2 This update for lhasa to 0.3.1 fixes the following issues: These security issues were fixed: * CVE-2016-2347: Integer underflow vulnerability in the code for doing LZH level 3 header decodes (boo#973790)[ These non-security issues were fixed: * PMarc -pm1- archives that contain truncated compressed data (the decompressed length is longer than what can be read from the compressed data) now decompress as intended. Certain archives in the wild make the assumption that this can be done. * LArc -lz5- archives that make use of the initial history buffer now decompress correctly. * The tests no longer use predictable temporary paths. (Moderate) SUSE bug 973790 CVE-2016-2347 openSUSE 13.2 quagga was updated to fix one security issue. This security issue was fixed: - boo#770619: /etc/quagga and its contents were world-readable despite containing passwords. (Moderate) SUSE bug 770619 openSUSE 13.2 This update contains nodejs 4.2.4 and fixes the following issues: - CVE-2015-6764: unspecified out-of-bounds access vulnerability (boo#956902) - CVE-2015-8027: unspecified denial of service vulnerability (boo#956901) The following non-security bugs were fixed: - boo#948045: Nodejs 4.0 rpm does not install addon-rpm.gypi - boo#961254: common.gypi should install at /usr/share/node and npm requires nodejs-devel Also contains all upstream bug fixes and improvements in the 4.2.2, 4.2.3 and 4.2.4 releases. (Moderate) SUSE bug 948045 SUSE bug 956901 SUSE bug 956902 SUSE bug 961254 CVE-2015-6764 CVE-2015-8027 openSUSE 13.2 samba was updated to version 4.2.4 to fix 14 security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036). - CVE-2016-2118: "Badlock" DCERPC impersonation of authenticated account were possible (bsc#971965). - CVE-2015-3223: Malicious request can cause Samba LDAP server to hang, spinning using CPU (boo#958581). - CVE-2015-5330: Remote read memory exploit in LDB (boo#958586). - CVE-2015-5252: Insufficient symlink verification (file access outside the share)(boo#958582). - CVE-2015-5296: No man in the middle protection when forcing smb encryption on the client side (boo#958584). - CVE-2015-5299: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2) (boo#958583). - CVE-2015-8467: Fix Microsoft MS15-096 to prevent machine accounts from being changed into user accounts (boo#958585). - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target (boo#968222). These non-security issues were fixed: - Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call; (boo#974629). - Align fsrvp feature sources with upstream version. - Obsolete libsmbsharemodes0 from samba-libs and libsmbsharemodes-devel from samba-core-devel; (boo#973832). - s3:utils/smbget: Fix recursive download; (bso#6482). - s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support; (bso#10489). - docs: Add example for domain logins to smbspool man page; (bso#11643). - s3-client: Add a KRB5 wrapper for smbspool; (bso#11690). - loadparm: Fix memory leak issue; (bso#11708). - lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). - ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). - s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). - param: Fix str_list_v3 to accept ";" again; (bso#11732). - Real memeory leak(buildup) issue in loadparm; (bso#11740). - Obsolete libsmbclient from libsmbclient0 and libpdb-devel from libsamba-passdb-devel while not providing it; (boo#972197). - Upgrade on-disk FSRVP server state to new version; (boo#924519). - Only obsolete but do not provide gplv2/3 package names; (boo#968973). - Enable clustering (CTDB) support; (boo#966271). - s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703); (boo#964023). - vfs_fruit: Fix renaming directories with open files; (bso#11065). - Fix MacOS finder error 36 when copying folder to Samba; (bso#11347). - s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400). - Fix copying files with vfs_fruit when using vfs_streams_xattr without stream prefix and type suffix; (bso#11466). - s3:libsmb: Correctly initialize the list head when keeping a list of primary followed by DFS connections; (bso#11624). - Reduce the memory footprint of empty string options; (bso#11625). - lib/async_req: Do not install async_connect_send_test; (bso#11639). - docs: Fix typos in man vfs_gpfs; (bso#11641). - smbd: make "hide dot files" option work with "store dos attributes = yes"; (bso#11645). - smbcacls: Fix uninitialized variable; (bso#11682). - s3:smbd: Ignore initial allocation size for directory creation; (bso#11684). - Changing log level of two entries to from 1 to 3; (bso#9912). - vfs_gpfs: Re-enable share modes; (bso#11243). - wafsamba: Also build libraries with RELRO protection; (bso#11346). - ctdb: Strip trailing spaces from nodes file; (bso#11365). - s3-smbd: Fix old DOS client doing wildcard delete - gives a attribute type of zero; (bso#11452). - nss_wins: Do not run into use after free issues when we access memory allocated on the globals and the global being reinitialized; (bso#11563). - async_req: Fix non-blocking connect(); (bso#11564). - auth: gensec: Fix a memory leak; (bso#11565). - lib: util: Make non-critical message a warning; (bso#11566). - Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (boo#949022). - smbd: Send SMB2 oplock breaks unencrypted; (bso#11570). - ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577). - manpage: Correct small typo error; (bso#11584). - s3: smbd: If EA's are turned off on a share don't allow an SMB2 create containing them; (bso#11589). - Backport some valgrind fixes from upstream master; (bso#11597). - s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615). - docs: Fix some typos in the idmap config section of man 5 smb.conf; (bso#11619). - Remove redundant configure options while adding with-relro. - s3: smbd: Fix our access-based enumeration on "hide unreadable" to match Windows; (bso#10252). - smbd: Fix file name buflen and padding in notify repsonse; (bso#10634). - kerberos: Make sure we only use prompter type when available; (bso#11038). - s3:ctdbd_conn: Make sure we destroy tevent_fd before closing the socket; (bso#11316). - dcerpc.idl: accept invalid dcerpc_bind_nak pdus; (bso#11327). - Fix a deadlock in tdb; (bso#11381). - s3: smbd: Fix mkdir race condition; (bso#11486). - pam_winbind: Fix a segfault if initialization fails; (bso#11502). - s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509). - s3: smbd: Fix opening/creating :stream files on the root share directory; (bso#11522). - net: Fix a crash with 'net ads keytab create'; (bso#11528). - s3: smbd: Fix a crash in unix_convert() and a NULL pointer bug introduced by previous 'raw' stream fix (bso#11522); (bso#11535). - vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543). - vfs_commit: Set the fd on open before calling SMB_VFS_FSTAT; (bso#11547). - Fix bug in smbstatus where the lease info is not printed; (bso#11549). - s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550). - Relocate the tmpfiles.d directory to the client package; (boo#947552). - Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf instead; (boo#942716). - Package /var/lib/samba/private/sock with 0700 permissions; (boo#946051). - auth/credentials: If credentials have principal set, they are not anonymous anymore; (bso#11265). - Fix stream names with colon with "fruit:encoding = native"; (bso#11278). - s4:rpc_server/netlogon: Fix for NetApp; (bso#11291). - lib: Fix rundown of open_socket_out(); (bso#11316). - s3:lib: Fix some corner cases of open_socket_out_cleanup(); (bso#11316). - vfs:fruit: Implement copyfile style copy_chunk; (bso#11317). - ctdb-daemon: Return correct sequence number for CONTROL_GET_DB_SEQNUM; (bso#11398). - ctdb-scripts: Support monitoring of interestingly named VLANs on bonds; (bso#11399). - ctdb-daemon: Improve error handling for running event scripts; (bso#11431). - ctdb-daemon: Check if updates are in flight when releasing all IPs; (bso#11432). - ctdb-build: Fix building of PCP PMDA module; (bso#11435). - Backport dcesrv_netr_DsRGetDCNameEx2 fixes; (bso#11454). - vfs_fruit: Handling of empty resource fork; (bso#11467). - Avoid quoting problems in user's DNs; (bso#11488). - s3-auth: Fix "map to guest = Bad uid"; (bso#9862). - s4:lib/tls: Fix build with gnutls 3.4; (bso#8780). - s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924). - winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991). - Logon via MS Remote Desktop hangs; (bso#11061). - s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068). - tevent: Add a note to tevent_add_fd(); (bso#11141). - s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170). - s3-unix_msg: Remove socket file after closing socket fd; (bso#11217). - smbd: Fix a use-after-free; (bso#11218); (boo#919309). - s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces; (bso#11245). - s3:smb2: Add padding to last command in compound requests; (bso#11277). - Add IPv6 support to ADS client side LDAP connects; (bso#11281). - Add IPv6 support for determining FQDN during ADS join; (bso#11282). - s3: IPv6 enabled DNS connections for ADS client; (bso#11283). - Fix invalid write in ctdb_lock_context_destructor; (bso#11293). - Excessive cli_resolve_path() usage can slow down transmission; (bso#11295). - vfs_fruit: Add option "veto_appledouble"; (bso#11305). - tstream: Make socketpair nonblocking; (bso#11312). - idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313). - Group creation: Add msSFU30Name only when --nis-domain was given; (bso#11315). - tevent_fd needs to be destroyed before closing the fd; (bso#11316). - Build fails on Solaris 11 with "‘PTHREAD_MUTEX_ROBUST’ undeclared"; (bso#11319). - smbd/trans2: Add a useful diagnostic for files with bad encoding; (bso#11323). - Change sharesec output back to previous format; (bso#11324). - Robust mutex support broken in 1.3.5; (bso#11326). - Kerberos auth info3 should contain resource group ids available from pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC; (bso#11328); (boo#912457). - s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329). - tevent: Fix CID 1035381 Unchecked return value; (bso#11330). - tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331). - s3: smbd: Use separate flag to track become_root()/unbecome_root() state; (bso#11339). - s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342). - pidl: Make the compilation of PIDL producing the same results if the content hasn't change; (bso#11356). - winbindd: Disconnect child process if request is cancelled at main process; (bso#11358). - vfs_fruit: Check offset and length for AFP_AfpInfo read requests; (bso#11363). - docs: Overhaul the description of "smb encrypt" to include SMB3 encryption; (bso#11366). - s3:auth_domain: Fix talloc problem in connect_to_domain_password_server(); (bso#11367). - ncacn_http: Fix GNUism; (bso#11371). - Backport changes to use resource group sids obtained from pac logon_info; (bso#11328); (boo#912457). - Order winbind.service Before and Want nss-user-lookup target. - s3:smbXsrv: refactor duplicate code into smbXsrv_session_clear_and_logoff(); (bso#11182). - gencache: don't fail gencache_stabilize if there were records to delete; (bso#11260). - s3: libsmbclient: After getting attribute server, ensure main srv pointer is still valid; (bso#11186). - s4: rpc: Refactor dcesrv_alter() function into setup and send steps; (bso#11236). - s3: smbd: Incorrect file size returned in the response of "FILE_SUPERSEDE Create"; (bso#11240). - Mangled names do not work with acl_xattr; (bso#11249). - nmbd rewrites browse.dat when not required; (bso#11254). - vfs_fruit: add option "nfs_aces" that controls the NFS ACEs stuff; (bso#11213). - s3:smbd: Add missing tevent_req_nterror; (bso#11224). - vfs: kernel_flock and named streams; (bso#11243). - vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244). - s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses are used; (bso#11284). - ctdb: check for talloc_asprintf() failure; (bso#11201). - spoolss: purge the printer name cache on name change; (bso#11210); (boo#901813). - CTDB statd-callout does not scale; (bso#11204). - vfs_fruit: also map characters below 0x20; (bso#11221). - ctdb: Coverity fix for CID 1291643; (bso#11201). - Multiplexed RPC connections are not handled by DCERPC server; (bso#11225). - Fix terminate connection behavior for asynchronous endpoint with PUSH notification flavors; (bso#11226). - ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007). - ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553; (bso#11201). - SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the directory is deleted; (bso#11257). - s3:winbindd: make sure we remove pending io requests before closing client - 'sharesec' output no longer matches input format; (bso#11237). - waf: Fix systemd detection; (bso#11200). - CTDB: Fix portability issues; (bso#11202). - CTDB: Fix some IPv6-related issues; (bso#11203). - CTDB statd-callout does not scale; (bso#11204). - 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you enter invalid values; (bso#11234). - libads: record service ticket endtime for sealed ldap connections; - lib/util: Include DEBUG macro in internal header files before samba_util.h; (bso#11033). - Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791). - s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields; (bso#10016). - build:wafadmin: Fix use of spaces instead of tabs; (bso#10476). - waf: Fix the build on openbsd; (bso#10476). - s3: client: "client use spnego principal = yes" code checks wrong name; - spoolss: Retrieve published printer GUID if not in registry; (bso#11018). - vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125). - backupkey: Explicitly link to gnutls and gcrypt; (bso#11135). - replace: Remove superfluous check for gcrypt header; (bso#11135). - Backport subunit changes; (bso#11137). - libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with implementation; (bso#11140). - s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143). - talloc: Version 2.1.2; (bso#11144). - Update libwbclient version to 0.12; (bso#11149). - brlock: Use 0 instead of empty initializer list; (bso#11153). - s4:auth/gensec_gssapi: Let gensec_gssapi_update() return - backupkey: Use ndr_pull_struct_blob_all(); (bso#11174). - Fix lots of winbindd zombie processes on Solaris platform; (bso#11175). - Prevent samba package updates from disabling samba kerberos printing. - Add sparse file support for samba; (fate#318424). - Simplify libxslt build requirement and README.SUSE install. - Remove no longer required cleanup steps while populating the build root. - smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115). - pam_winbind: fix warn_pwd_expire implementation; (bso#9056). - nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). - Make 'profiles' work again; (bso#9629). - s3:smb2_server: protect against integer wrap with "smb2 max credits = 65535"; (bso#9702). - Make validate_ldb of String(Generalized-Time) accept millisecond format ".000Z"; (bso#9810). - Use -R linker flag on Solaris, not -rpath; (bso#10112). - vfs: Add glusterfs manpage; (bso#10240). - Make 'smbclient' use cached creds; (bso#10279). - pdb: Fix build issues with shared modules; (bso#10355). - s4-dns: Add support for BIND 9.10; (bso#10620). - idmap: Return the correct id type to *id_to_sid methods; (bso#10720). - printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD; (bso#10808). - Don't build vfs_snapper on FreeBSD; (bso#10834). - nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). - idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). - s3: smb2cli: query info return length check was reversed; (bso#10848). - s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849). - lib: uid_wrapper: Fix setgroups and syscall detection on a system without native uid_wrapper library; (bso#10851). - winbind3: Fix pwent variable substitution; (bso#10852). - Improve samba-regedit; (bso#10859). - registry: Don't leave dangling transactions; (bso#10860). - Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861). - build: Do not install 'texpect' binary anymore; (bso#10862). - Fix testparm to show hidden share defaults; (bso#10864). - libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02; (bso#10866). - Integrate CTDB into top-level Samba build; (bso#10892). - samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895). - s3-nmbd: Fix netbios name truncation; (bso#10896). - spoolss: Fix handling of bad EnumJobs levels; (bso#10898). - Fix smbclient loops doing a directory listing against Mac OS X 10 server with a non-wildcard path; (bso#10904). - Fix print job enumeration; (bso#10905); (boo#898031). - samba-tool: Create NIS enabled users and unixHomeDirectory attribute; (bso#10909). - Add support for SMB2 leases; (bso#10911). - btrfs: Don't leak opened directory handle; (bso#10918). - s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). - s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). - pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). - s3-keytab: fix keytab array NULL termination; (bso#10933). - s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940). - Cleanup add_string_to_array and usage; (bso#10942). - dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942). - Fix RootDSE search with extended dn control; (bso#10949). - Fix 'samba-tool dns serverinfo <server>' for IPv6; (bso#10952). - libcli/smb: only force signing of smb2 session setups when binding a new session; (bso#10958). - s3-smbclient: Return success if we listed the shares; (bso#10960). - s3-smbstatus: Fix exit code of profile output; (bso#10961). - socket_wrapper: Add missing prototype check for eventfd; (bso#10965). - libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). - vfs_streams_xattr: Check stream type; (bso#10971). - s3: smbd: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). - vfs_fruit: Add support for AAPL; (bso#10983). - Fix spoolss IDL response marshalling when returning error without clearing info; (bso#10984). - dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279). - Fix IPv6 support in CTDB; (bso#10996). - ctdb-daemon: Use correct tdb flags when enabling robust mutex support; (bso#11000). - vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005). - s3-util: Fix authentication with long hostnames; (bso#11008). - ctdb-build: Fix build without xsltproc; (bso#11014). - packaging: Include CTDB man pages in the tarball; (bso#11014). - pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords; (bso#11016). - Make Sharepoint search show user documents; (bso#11022). - nss_wrapper: check for nss.h; (bso#11026). - Enable mutexes in gencache_notrans.tdb; (bso#11032). - tdb_wrap: Make mutexes easier to use; (bso#11032). - lib/util: Avoid collision which alread defined consumer DEBUG macro; (bso#11033). - winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034). - s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037). - vfs_fruit: Fix base_fsp name conversion; (bso#11039). - vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040). - Fix authentication using Kerberos (not AD); (bso#11044). - net: Fix sam addgroupmem; (bso#11051). - vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055); (boo#913238). - cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058). - utils: Fix 'net time' segfault; (bso#11058). - libsmb: Provide authinfo domain for encrypted session referrals; (bso#11059). - s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066). - vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069). - vfs/glusterfs: Change xattr key to match gluster key; (bso#11069). - vfs_glusterfs: Implement AIO support; (bso#11069). - s3-vfs: Fix developer build of vfs_ceph module; (bso#11070). - s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer; (bso#11077); CVE-2015-0240; (boo#917376). - vfs: Add a brief vfs_ceph manpage; (bso#11088). - s3: smbclient: Allinfo leaves the file handle open; (bso#11094). - Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain; (bso#11097). - debug: Set close-on-exec for the main log file FD; (bso#11100). - s3: smbd: leases - losen paranoia check. Stat opens can grant leases; (bso#11102). - s3: smbd: SMB2 close. If a file has delete on close, store the return info before deleting; (bso#11104). - doc:man:vfs_glusterfs: improve the configuration section; (bso#11117). - snprintf: Try to support %j; (bso#11119). - ctdb-io: Do not use sys_write to write to client sockets; (bso#11124). - doc-xml: Add 'sharesec' reference to 'access based share enum'; (bso#11127). - Fix usage of freed memory on server exit; (bso#11218); (boo#919309). - Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0. - Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and libhttp to the libs package; (boo#913547). - Rebase File Server Remote VSS Protocol (FSRVP) server against 4.2.0rc1; (fate#313346). (Important) SUSE bug 898031 SUSE bug 901813 SUSE bug 912457 SUSE bug 913238 SUSE bug 913547 SUSE bug 914279 SUSE bug 917376 SUSE bug 919309 SUSE bug 924519 SUSE bug 936862 SUSE bug 942716 SUSE bug 946051 SUSE bug 947552 SUSE bug 949022 SUSE bug 958581 SUSE bug 958582 SUSE bug 958583 SUSE bug 958584 SUSE bug 958585 SUSE bug 958586 SUSE bug 964023 SUSE bug 966271 SUSE bug 968222 SUSE bug 968973 SUSE bug 971965 SUSE bug 972197 SUSE bug 973031 SUSE bug 973032 SUSE bug 973033 SUSE bug 973034 SUSE bug 973036 SUSE bug 973832 SUSE bug 974629 CVE-2014-8143 CVE-2015-0240 CVE-2015-3223 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 CVE-2015-5370 CVE-2015-7560 CVE-2015-8467 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2115 CVE-2016-2118 openSUSE 13.2 optipng was updated to fix one security issue. This security issue was fixed: - CVE-2016-2191: Invalid write while processing bitmap images (bsc#973992). - CVE-2016-3981: Heap buffer overflow pngxrbmp.c bmp_read_rows - CVE-2016-3982: Heap buffer overflow pngxrbmp.c bmp_rle4_fread (Moderate) SUSE bug 973992 CVE-2016-2191 CVE-2016-3981 CVE-2016-3982 openSUSE 13.2 tiff was updated to fix one security issue. This security issue was fixed: - CVE-2016-3186: Buffer overflow in gif2tiff (bsc#973340). (Moderate) SUSE bug 973340 CVE-2016-3186 openSUSE 13.2 This update for systemd fixes several issues. These security issues were fixed: - CVE-2014-9770, CVE-2015-8842: Don't allow read access to journal files to users (boo#972612) These non-security issues were fixed: - Import commit 523777609a04fe9e590420e89f94ef07e3719baa: e5e362a udev: exclude MD from block device ownership event locking 8839413 udev: really exclude device-mapper from block device ownership event locking 66782e6 udev: exclude device-mapper from block device ownership event locking (boo#972727) 1386f57 tmpfiles: explicitly set mode for /run/log faadb74 tmpfiles: don't allow read access to journal files to users not in systemd-journal 9b1ef37 tmpfiles: don't apply sgid and executable bit to journal files, only the directories they are contained in 011c39f tmpfiles: add ability to mask access mode by pre-existing access mode on files/directories 07e2d60 tmpfiles: get rid of "m" lines d504e28 tmpfiles: various modernizations f97250d systemctl: no need to pass --all if inactive is explicitly requested in list-units (boo#967122) 2686573 fstab-generator: fix automount option and don't start associated mount unit at boot (boo#970423) 5c1637d login: support more than just power-gpio-key (fate#318444) (boo#970860) 2c95ecd logind: add standard gpio power button support (fate#318444) (boo#970860) af3eb93 Revert "log-target-null-instead-kmsg" 555dad4 shorten hostname before checking for trailing dot (boo#965897) 522194c Revert "log: honour the kernel's quiet cmdline argument" (boo#963230) cc94e47 transaction: downgrade warnings about wanted unit which are not found (boo#960158) eb3cfb3 Revert "vhangup-on-all-consoles" 0c28752 remove WorkingDirectory parameter from emergency, rescue and console-shell.service (boo#959886) 1d6d840 Fix wrong substitution variable name in systemd-udev-root-symlink.service.in (boo#964355) - Don't ship boot.udev and systemd-journald.init anymore. It was used during the systemd transition when both sysvinit and systemd could be used on the same system (Important) SUSE bug 959886 SUSE bug 960158 SUSE bug 963230 SUSE bug 964355 SUSE bug 965897 SUSE bug 967122 SUSE bug 970423 SUSE bug 970860 SUSE bug 972612 SUSE bug 972727 CVE-2014-9770 CVE-2015-8842 openSUSE 13.2 giflib was updated to fix one security issue. This security issue was fixed: - CVE-2016-3977: Heap buffer overflow in gif2rgb (bsc#974847). (Moderate) SUSE bug 974847 CVE-2016-3977 openSUSE 13.2 Chromium was updated to 50.0.2661.75 to fix the following vulnerabilities: - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding - CVE-2016-1652: Universal XSS in extension bindings - CVE-2016-1653: Out-of-bounds write in V8 - CVE-2016-1654: Uninitialized memory read in media - CVE-2016-1655: Use-after-free related to extensions - CVE-2016-1656: Android downloaded file path restriction bypass - CVE-2016-1657: Address bar spoofing - CVE-2016-1658: Potential leak of sensitive information to malicious extensions - CVE-2016-1659: Various fixes from internal audits, fuzzing and other initiatives (Important) SUSE bug 975572 CVE-2016-1651 CVE-2016-1652 CVE-2016-1653 CVE-2016-1654 CVE-2016-1655 CVE-2016-1656 CVE-2016-1657 CVE-2016-1658 CVE-2016-1659 openSUSE 13.2 This update for php5 fixes the following security issues: - bsc#974305: buffer overflow in libmagic - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM (bnc#973792). - CVE-2015-8835: SoapClient s__call method suffered from type confusion issue (bnc#973351). - CVE-2016-3141: A use-after-free / double-free in the WDDX deserialization could lead to crashes or potential code execution. [bsc#969821] - CVE-2016-3142: An Out-of-bounds read in phar_parse_zipfile() could lead to crashes. [bsc#971912] - CVE-2014-9767: A directory traversal when extracting zip files was fixed that could lead to overwritten files. [bsc#971612] - CVE-2016-3185: A type confusion vulnerability in make_http_soap_request() could lead to crashes or potentially code execution. [bsc#971611] (Important) SUSE bug 969821 SUSE bug 971611 SUSE bug 971612 SUSE bug 971912 SUSE bug 973351 SUSE bug 973792 SUSE bug 974305 CVE-2014-9767 CVE-2015-8835 CVE-2015-8838 CVE-2016-3141 CVE-2016-3142 CVE-2016-3185 openSUSE 13.2 Chromium was updated to 50.0.2661.94 to fix a number of vulnerabilities (boo#977830): - CVE-2016-1660: Out-of-bounds write in Blink - CVE-2016-1661: Memory corruption in cross-process frames - CVE-2016-1662: Use-after-free in extensions - CVE-2016-1663: Use-after-free in Blink’s V8 bindings - CVE-2016-1664: Address bar spoofing - CVE-2016-1665: Information leak in V8 - CVE-2016-1666: Various fixes from internal audits, fuzzing and other initiatives (Important) SUSE bug 977830 CVE-2016-1660 CVE-2016-1661 CVE-2016-1662 CVE-2016-1663 CVE-2016-1664 CVE-2016-1665 CVE-2016-1666 openSUSE 13.2 This update to Mozilla Firefox 46.0 fixes several security issues and bugs (boo#977333). The following vulnerabilities were fixed: - CVE-2016-2804: Miscellaneous memory safety hazards - MFSA 2016-39 (boo#977373) - CVE-2016-2806: Miscellaneous memory safety hazards - MFSA 2016-39 (boo#977375) - CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39 (boo#977376) - CVE-2016-2808: Write to invalid HashMap entry through JavaScript.watch() - MFSA 2016-47 (boo#977386) - CVE-2016-2811: Use-after-free in Service Worker - MFSA 2016-42 (boo#977379) - CVE-2016-2812: Buffer overflow in Service Worker - MFSA 2016-42 (boo#977379) - CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets - MFSA 2016-44 (boo#977381) - CVE-2016-2816: CSP not applied to pages sent with multipart/x-mixed-replace - MFSA 2016-45 (boo#977382) - CVE-2016-2817: Elevation of privilege with chrome.tabs.update API in web extensions - MFSA 2016-46 (boo#977384) - CVE-2016-2820: Firefox Health Reports could accept events from untrusted domains - MFSA 2016-48 (boo#977388) The following miscellaneous changes are included: - Improved security of the JavaScript Just In Time (JIT) Compiler - WebRTC fixes to improve performance and stability - Added support for document.elementsFromPoint - Added HKDF support for Web Crypto API The following changes from Mozilla Firefox 45.0.2 are included: - Fix an issue impacting the cookie header when third-party cookies are blocked - Fix a web compatibility regression impacting the srcset attribute of the image tag - Fix a crash impacting the video playback with Media Source Extension - Fix a regression impacting some specific uploads - Fix a regression with the copy and paste with some old versions of some Gecko applications like Thunderbird The following changes from Mozilla Firefox 45.0.2 are included: - Fix a regression causing search engine settings to be lost in some context - Bring back non-standard jar: URIs to fix a regression in IBM iNotes - XSLTProcessor.importStylesheet was failing when import was used - Fix an issue which could cause the list of search provider to be empty - Fix a regression when using the location bar (bmo#1254503) - Fix some loading issues when Accept third-party cookies: was set to Never - Disabled Graphite font shaping library The minimum requirements increased to NSPR 4.12 and NSS 3.22.3. Mozilla NSS was updated to 3.22.3 as a dependency for Mozilla Firefox 46.0, with the following changes: - Increase compatibility of TLS extended master secret, don't send an empty TLS extension last in the handshake (bmo#1243641) - RSA-PSS signatures are now supported - Pseudorandom functions based on hashes other than SHA-1 are now supported - Enforce an External Policy on NSS from a config file (Important) SUSE bug 977333 SUSE bug 977373 SUSE bug 977375 SUSE bug 977376 SUSE bug 977379 SUSE bug 977381 SUSE bug 977382 SUSE bug 977384 SUSE bug 977386 SUSE bug 977388 CVE-2016-2804 CVE-2016-2806 CVE-2016-2807 CVE-2016-2808 CVE-2016-2811 CVE-2016-2812 CVE-2016-2814 CVE-2016-2816 CVE-2016-2817 CVE-2016-2820 openSUSE 13.2 jq was updated to fix one security issue. This security issue was fixed: - CVE-2015-8863: Heap buffer overflow in tokenadd() function (boo#976992). (Moderate) SUSE bug 976992 CVE-2015-8863 openSUSE 13.2 This update for java-1_7_0-openjdk to version 2.6.6 fixes five security issues. These security issues were fixed: - CVE-2016-0686: Ensure thread consistency (bsc#976340). - CVE-2016-0687: Better byte behavior (bsc#976340). - CVE-2016-0695: Make DSA more fair (bsc#976340). - CVE-2016-3425: Better buffering of XML strings (bsc#976340). - CVE-2016-3427: Improve JMX connections (bsc#976340). (Important) SUSE bug 976340 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3427 openSUSE 13.2 This update for java-1_8_0-openjdk fixes the following security issues - April 2016 Oracle CPU (bsc#976340): - CVE-2016-0686: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization. - CVE-2016-0687: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component - CVE-2016-0695: Unspecified vulnerability allowed remote attackers to affect confidentiality via vectors related to the Security Component - CVE-2016-3425: Unspecified vulnerability allowed remote attackers to affect availability via vectors related to JAXP - CVE-2016-3426: Unspecified vulnerability allowed remote attackers to affect confidentiality via vectors related to JCE - CVE-2016-3427: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX (Important) SUSE bug 976340 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427 openSUSE 13.2 This update to wireshark 1.12.11 fixes a number issues in protocol dissectors that could have allowed a remote attacker to crash Wireshark or cause excessive CPU usage through specially crafted packages inserted into the network or a capture file. - The PKTC dissector could crash (wnpa-sec-2016-22) - The PKTC dissector could crash (wnpa-sec-2016-23) - The IAX2 dissector could go into an infinite loop (wnpa-sec-2016-24) - Wireshark and TShark could exhaust the stack (wnpa-sec-2016-25) - The GSM CBCH dissector could crash (wnpa-sec-2016-26) - The NCP dissector could crash (wnpa-sec-2016-28) - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.11.html (Low) SUSE bug 976944 openSUSE 13.2 xerces-j2 was updated to fix one security issue. This security issue was fixed: - bsc#814241: Fixed possible DoS through very long attribute names (Moderate) SUSE bug 814241 openSUSE 13.2 This update for openssl fixes the following issues: - CVE-2016-2108: Memory corruption in the ASN.1 encoder (boo#977617) - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (boo#977616) - CVE-2016-2105: EVP_EncodeUpdate overflow (boo#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (boo#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (boo#976942) - boo#976943: Buffer overrun in ASN1_parse - boo#977621: Preserve digests for SNI - boo#958501: Fix openssl enc -non-fips-allow option in FIPS mode (Important) SUSE bug 958501 SUSE bug 976942 SUSE bug 976943 SUSE bug 977614 SUSE bug 977615 SUSE bug 977616 SUSE bug 977617 SUSE bug 977621 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 openSUSE 13.2 This update for libopenssl0_9_8 fixes the following issues: - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - CVE-2016-0702: Side channel attack on modular exponentiation "CacheBleed" (bsc#968050) - bsc#976943: Buffer overrun in ASN1_parse (Important) SUSE bug 968050 SUSE bug 976942 SUSE bug 976943 SUSE bug 977614 SUSE bug 977615 SUSE bug 977617 CVE-2016-0702 CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 openSUSE 13.2 This update for ImageMagick fixes the following issues: The update disables various insecure coders [boo#978061] These fix issues tracked in CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, CVE-2016-3718 (Important) SUSE bug 978061 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 openSUSE 13.2 This update for subversion fixes the following issues: - CVE-2016-2167: mod_authz_svn: DoS in MOVE/COPY authorization check (bsc#976849) - CVE-2016-2168: svnserve/sasl may authenticate users using the wrong realm (bsc#976850) The following non-security bugs were fixed: - mod_authz_svn: fix authz with mod_auth_kerb/mod_auth_ntlm (boo#977424) (Moderate) SUSE bug 976849 SUSE bug 976850 SUSE bug 977424 CVE-2016-2167 CVE-2016-2168 openSUSE 13.2 This update for php5 fixes the following issues: - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mb_strcut() (bsc#977003) - CVE-2016-3074: Signedness vulnerability in bundled libgd may have resulted in a heap overflow when processing compressed gd2 data. (boo#976775) - CVE-2015-8867: The PHP function openssl_random_pseudo_bytes() did not return cryptographically secure random bytes (bsc#977005) - CVE-2016-4070: The libxml_disable_entity_loader() setting was shared between threads, which could have resulted in XML external entity injection and entity expansion issues (bsc#976997) - CVE-2015-8866: A remote attacker could have caused denial of service due to incorrect handling of large strings in php_raw_url_encode() (bsc#976996) - CVE-2016-4071: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string formatting in php_snmp_error() (bsc#977000) (Important) SUSE bug 976775 SUSE bug 976996 SUSE bug 976997 SUSE bug 977000 SUSE bug 977003 SUSE bug 977005 CVE-2015-8866 CVE-2015-8867 CVE-2016-3074 CVE-2016-4070 CVE-2016-4071 CVE-2016-4073 openSUSE 13.2 Chromium was updated to 50.0.2661.102 to fix four vulnerabilities (boo#979859): - CVE-2016-1667: Same origin bypass in DOM - CVE-2016-1668: Same origin bypass in Blink V8 bindings - CVE-2016-1669: Buffer overflow in V8 - CVE-2016-1670: Race condition in loader (Important) SUSE bug 979859 CVE-2016-1667 CVE-2016-1668 CVE-2016-1669 CVE-2016-1670 openSUSE 13.2 NonFree This security update for flash-player to 11.2.202.621 fixes the following issues (boo#979422): A critical vulnerability (CVE-2016-4117) exists in Adobe Flash Player 21.0.0.226 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. (APSA16-02) https://helpx.adobe.com/security/products/flash-player/apsa16-02.html Some CVEs were not listed in the last submission: * APSA16-01, APSB16-10, CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033 (Important) SUSE bug 979422 CVE-2016-1006 CVE-2016-1011 CVE-2016-1012 CVE-2016-1013 CVE-2016-1014 CVE-2016-1015 CVE-2016-1016 CVE-2016-1017 CVE-2016-1018 CVE-2016-1019 CVE-2016-1020 CVE-2016-1021 CVE-2016-1022 CVE-2016-1023 CVE-2016-1024 CVE-2016-1025 CVE-2016-1026 CVE-2016-1027 CVE-2016-1028 CVE-2016-1029 CVE-2016-1030 CVE-2016-1031 CVE-2016-1032 CVE-2016-1033 CVE-2016-4117 openSUSE 13.2 This varnish update to version 3.0.7 fixes the following issues: Security issues fixed: - CVE-2015-8852: Vulnerable to HTTP Smuggling issues: Double Content Length and bad EOL. (boo#976097) Bugs fixed: - Stop recognizing a single CR (\r) as a HTTP line separator. - Improved error detection on master-child process communication, leading to faster recovery (child restart) if communication loses sync. - Fix a corner-case where Content-Length was wrong for HTTP 1.0 clients, when using gzip and streaming. - More robust handling of hop-by-hop headers. - Avoid memory leak when adding bans. (Moderate) SUSE bug 976097 CVE-2015-8852 openSUSE 13.2 This update for quassel fixes the following issues: - CVE-2016-4414: Denial of service vulnerability by unauthenticated clients (boo#978002) (Moderate) SUSE bug 978002 CVE-2016-4414 openSUSE 13.2 This update for atheme fixes the following issues: - CVE-2016-4478: Under certain circumstances, a remote attacker could cause denial of service due to a buffer overflow in the XMLRPC response encoding code (boo#978170) - CVE-2014-9773: Remote attacker could change Atheme's behavior by registering/dropping certain accounts/nicks (boo#978170) The version update to 7.2.6 also contains a number of upstream fixes. (Moderate) SUSE bug 978170 CVE-2014-9773 CVE-2016-4478 openSUSE 13.2 This update for quagga fixes the following security issues: - CVE-2016-4049: Remote crash vulerability with specially crafted packages due to a buffer overflow error in bgp_dump_routes_func (boo#977012) (Moderate) SUSE bug 977012 CVE-2016-4049 openSUSE 13.2 This update for poppler fixes the following issues: Security issues fixed: - CVE-2015-8868: Corrupted PDF file can corrupt heap, causing DoS (boo#976844) (Moderate) SUSE bug 976844 CVE-2015-8868 openSUSE 13.2 This update to MozillaFirefox 43.0.3 fixes the following issues: * CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature, in combination wit NSS 3.20.2 [boo#959888] Further fixes: * workaround Youtube user agent detection issue (bmo#1233970) * fix file download regression for multi user systems (Moderate) SUSE bug 959888 CVE-2015-7575 openSUSE 13.2 This update for polarssl fixes the following issues: * CVE-2015-7575: Disables by default MD5 handshake signatures in TLS 1.2 to prevent the SLOTH attack on TLS 1.2 server authentication (boo#961284) * boo#961290: potential double free during certificate generation (Moderate) SUSE bug 961284 SUSE bug 961290 CVE-2015-7575 openSUSE 13.2 This imlib2 update to version 1.4.9 fixes the following issues: Security issues fixed: - CVE-2011-5326: divide by 0 when drawing an ellipse of height 1 (boo#974202) - CVE-2014-9762: segmentation fault on images without colormap (boo#963796) - CVE-2014-9764: segmentation fault when opening specifically crafted input (boo#963797) - CVE-2014-9763: division-by-zero crashes when opening images (boo#963800) - CVE-2014-9771: exploitable integer overflow in _imlib_SaveImage (boo#974854) - CVE-2016-3994: imlib2/evas Potential DOS in giflib loader (boo#973759) - CVE-2016-3993: off by 1 Potential DOS (boo#973761) - CVE-2016-4024: integer overflow resulting in insufficient heap allocation (boo#975703) (Moderate) SUSE bug 963796 SUSE bug 963797 SUSE bug 963800 SUSE bug 973759 SUSE bug 973761 SUSE bug 974202 SUSE bug 974854 SUSE bug 975703 CVE-2011-5326 CVE-2014-9762 CVE-2014-9763 CVE-2014-9764 CVE-2014-9771 CVE-2016-3993 CVE-2016-3994 CVE-2016-4024 openSUSE 13.2 This update for cacti fixes the following issues: Security issues fixed: - CVE-2016-3172: SQL injection in tree.php (boo#971357) - CVE-2016-3659: SQL injection in lib/functions.php (boo#974013) (Moderate) SUSE bug 971357 SUSE bug 974013 CVE-2016-3172 CVE-2016-3659 openSUSE 13.2 This update for GraphicsMagick fixes the following issues: Security issues fixed: - Multiple security issues in GraphicsMagick/ImageMagick [boo#978061] (CVE-2016-3714, CVE-2016-3718, CVE-2016-3715, CVE-2016-3717) (Important) SUSE bug 978061 CVE-2016-3714 CVE-2016-3715 CVE-2016-3717 CVE-2016-3718 openSUSE 13.2 This proftpd update to version 1.3.5b fixes the following issues: Security issues fixed: - CVE-2016-3125: Fixed selection of DH groups from TLSDHParamFile. (boo#970890) Bugs fixed: - update to 1.3.5b: http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5b * SSH RSA hostkeys smaller than 2048 bits now work properly. * MLSD response lines are now properly CRLF terminated. (Moderate) SUSE bug 970890 CVE-2016-3125 openSUSE 13.2 This libressl update to version 2.2.7 fixes the following issues: Security issues fixed: - Fix multiple vulnerabilities in libcrypto relating to ASN.1 and encoding. [boo#978492, boo#977584] - CVE-2015-3194: Certificate verify crash with missing PSS parameter (boo#957815) - CVE-2015-3195: X509_ATTRIBUTE memory leak (boo#957812) - CVE-2015-5333: Memory Leak (boo#950707) - CVE-2015-5334: Buffer Overflow (boo#950708) (Moderate) SUSE bug 950707 SUSE bug 950708 SUSE bug 957812 SUSE bug 957815 SUSE bug 977584 SUSE bug 978492 CVE-2015-3194 CVE-2015-3195 CVE-2015-5333 CVE-2015-5334 openSUSE 13.2 This update for ocaml fixes the following issues: Security issue fixed: - CVE-2015-8869: prevent buffer overflow and information leak (boo#977990) (Moderate) SUSE bug 977990 CVE-2015-8869 openSUSE 13.2 This mysql-community-server version update to 5.6.30 fixes the following issues: Security issues fixed: - fixed CVEs (boo#962779, boo#959724): CVE-2016-0705, CVE-2016-0639, CVE-2015-3194, CVE-2016-0640, CVE-2016-2047, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0665, CVE-2016-0666, CVE-2016-0641, CVE-2016-0642, CVE-2016-0655, CVE-2016-0661, CVE-2016-0668, CVE-2016-0643 - changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-30.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-29.html Bugs fixed: - don't delete the log data when migration fails - add 'log-error' and 'secure-file-priv' configuration options (added via configuration-tweaks.tar.bz2) [boo#963810] * add '/etc/my.cnf.d/error_log.conf' that specifies 'log-error = /var/log/mysql/mysqld.log'. If no path is set, the error log is written to '/var/lib/mysql/$HOSTNAME.err', which is not picked up by logrotate. * add '/etc/my.cnf.d/secure_file_priv.conf' which specifies that 'LOAD DATA', 'SELECT ... INTO' and 'LOAD FILE()' will only work with files in the directory specified by 'secure-file-priv' option (='/var/lib/mysql-files'). (Important) SUSE bug 959724 SUSE bug 962779 SUSE bug 963810 CVE-2015-3194 CVE-2016-0639 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0655 CVE-2016-0661 CVE-2016-0665 CVE-2016-0666 CVE-2016-0668 CVE-2016-0705 CVE-2016-2047 openSUSE 13.2 This librsvg update to version 2.40.15 fixes the following issues: Security issues fixed: - CVE-2016-4348: DoS parsing SVGs with circular definitions _rsvg_css_normalize_font_size() function (boo#977986) Bugs fixed: - Actually scale the image if required, regression fix from upstream git (bgo#760262). - Fixed bgo#759084: Don't crash when filters don't actually exist. - Updated our autogen.sh to use modern autotools. - Fixed bgo#761728: Memory leak in the PrimitiveComponentTransfer filter. - Added basic support for the "baseline-shift" attribute in text objects (bgo#340047). - Fixed some duplicate logic when rendering paths (bgo#749415). - Rewrote the markers engine (bgo#685906, bgo#760180). - Refactoring of the test harness to use Glib's gtest infrastructure, instead of using home-grown machinery. Tests can simply be put as SVG files in the tests/subdirectories; it is not necessary to list them explicitly in some text file. - Gzipped SVGs now work if read from streams. - References to objects/filters/URIs/etc. are now handled lazily. Also, there is a general-purpose cycle detector so malformed SVGs don't cause infinite loops. - Removed parsing of Adobe blend modes; they were not implemented, anyway. - Add project files for building on Visual Studio (bgo#753555). - Added an "--export-id" option to rsvg-convert(1). This lets you select a single object to export, for example, to pick out a group from a multi-part drawing. Note that this is mostly useful for PNG output right now; for SVG output we don't preserve many attributes which could be useful in the extracted version. Doing this properly requires an internal "output to SVG" backend instead of just telling Cairo to render to SVG. (Moderate) SUSE bug 977986 CVE-2016-4348 openSUSE 13.2 This update for mercurial fixes the following issues: Security issue fixed: - CVE-2016-3105: Fixed arbitrary code execution whenusing the convert extension on Git repo. (boo#978391) (Moderate) SUSE bug 978391 CVE-2016-3105 openSUSE 13.2 This update to perl-Module-Signature 0.79 fixes the following security issues: * More protection of @INC from relative paths. (CVE-2015-3409) * Fix GPG signature parsing logic. (CVE-2015-3406) * MANIFEST.SKIP is no longer consulted unless --skip is given. (CVE-2015-3407) * Properly use open() modes to avoid injection attacks. (CVE-2015-3408) (Moderate) SUSE bug 928382 CVE-2015-3406 CVE-2015-3407 CVE-2015-3408 CVE-2015-3409 openSUSE 13.2 This update of php5 fixes the following issues: Security issues fixed: - CVE-2016-4342: Heap corruption in tar/zip/phar parser (bsc#977991) - CVE-2016-4343: Uninitialized pointer in phar_make_dirstream() (bsc#977992) - CVE-2016-4346: heap overflow in ext/standard/string.c (bsc#977994) - CVE-2016-4537, CVE-2016-4538: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition (bsc#978827) - CVE-2016-4539: Malformed input causes segmentation fault in xml_parse_into_struct() function (bsc#978828) - CVE-2016-4540, CVE-2016-4541: Out-of-bounds memory read in zif_grapheme_stripos when given negative offset (bsc#978829) - CVE-2016-4542, CVE-2016-4543, CVE-2016-4544: Out-of-bounds heap memory read in exif_read_data() caused by malformed input (bsc#978830) (Moderate) SUSE bug 977991 SUSE bug 977992 SUSE bug 977994 SUSE bug 978827 SUSE bug 978828 SUSE bug 978829 SUSE bug 978830 CVE-2016-4342 CVE-2016-4343 CVE-2016-4346 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 openSUSE 13.2 This update for libksba fixes the following issues: Security issue fixed: - boo#979261: OOB read access bugs remote DoS - CVE-2016-4574: off-by-one OOB read access (incomplete fix for CVE-2016-4356) (Moderate) SUSE bug 979261 CVE-2016-4574 openSUSE 13.2 This libreoffice update to version 5.0.6.3 fixes the following issues: Security issues fixed: - CVE-2016-0794: multiple lwp issues (boo#967014) - CVE-2016-0795: multiple lwp issues (boo#967015) Bugs fixed: - Version update to 5.0.6.3: * 5.0.6 release, various bugfixes on the 5.0 series, this is last release of the series - Version update to 5.0.5.2: * 91 bugs fixed (Moderate) SUSE bug 967014 SUSE bug 967015 CVE-2016-0794 CVE-2016-0795 openSUSE 13.2 This update for docker fixes the following issues: Security issues fixed: - CVE-2016-3697: Potential privilege escalation via confusion of usernames and UIDs (boo#976777) Bugs fixed: - devicemapper: fix zero-sized field access - remove docker-netns-aarch64.patch: This patch was adding We'll fix that later if we want to release for those archs. - Exclude init scripts other than systemd from the test-package make it explicit. - Add test subpackage and fix line numbers in patches (Moderate) SUSE bug 976777 CVE-2016-3697 openSUSE 13.2 This update for ntp fixes the following issues: - Update to 4.2.8p7 (boo#977446): * CVE-2016-1547, boo#977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. * CVE-2016-1548, boo#977461: Interleave-pivot * CVE-2016-1549, boo#977451: Sybil vulnerability: ephemeral association attack. * CVE-2016-1550, boo#977464: Improve NTP security against buffer comparison timing attacks. * CVE-2016-1551, boo#977450: Refclock impersonation vulnerability * CVE-2016-2516, boo#977452: Duplicate IPs on unconfig directives will cause an assertion botch in ntpd. * CVE-2016-2517, boo#977455: remote configuration trustedkey/ requestkey/controlkey values are not properly validated. * CVE-2016-2518, boo#977457: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC. * CVE-2016-2519, boo#977458: ctl_getitem() return value not always checked. * integrate ntp-fork.patch * Improve the fixes for: CVE-2015-7704, CVE-2015-7705, CVE-2015-7974 - Restrict the parser in the startup script to the first occurrance of "keys" and "controlkey" in ntp.conf (boo#957226). - Enable compile-time support for MS-SNTP (--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added the authreg directive. (fate#320758). - Fix ntp-sntp-dst.patch (boo#975496). - Call /usr/sbin/sntp with full path to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. (boo#962318) - Speedup ntpq (boo#782060, ntp-speedup-ntpq.patch). - Sync service files with openSUSE Factory. - Fix the TZ offset output of sntp during DST (boo#951559). - Add ntp-fork.patch and build with threads disabled to allow name resolution even when running chrooted. - Update to 4.2.8p6: * CVE-2015-8158, boo#962966: Potential Infinite Loop in ntpq. * CVE-2015-8138, boo#963002: origin: Zero Origin Timestamp Bypass. * CVE-2015-7979, boo#962784: Off-path Denial of Service (DoS) attack on authenticated broadcast mode. * CVE-2015-7978, boo#963000: Stack exhaustion in recursive traversal of restriction list. * CVE-2015-7977, boo#962970: reslist NULL pointer dereference. * CVE-2015-7976, boo#962802: ntpq saveconfig command allows dangerous characters in filenames. * CVE-2015-7975, boo#962988: nextvar() missing length check. * CVE-2015-7974, boo#962960: Skeleton Key: Missing key check allows impersonation between authenticated peers. * CVE-2015-7973, boo#962995: Deja Vu: Replay attack on authenticated broadcast mode. * CVE-2015-8140: ntpq vulnerable to replay attacks. * CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin. * CVE-2015-5300, boo#951629: Small-step/Big-step. - Add /var/db/ntp-kod (boo#916617). - Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems (boo#956773). - add ntp.bug2965.diff (boo#954982) * fixes regression in 4.2.8p4 update - Update to 4.2.8p4 to fix several security issues (boo#951608): * CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK * CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values * CVE-2015-7854: Password Length Memory Corruption Vulnerability * CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow * CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability * CVE-2015-7851 saveconfig Directory Traversal Vulnerability * CVE-2015-7850 remote config logfile-keyfile * CVE-2015-7849 trusted key use-after-free * CVE-2015-7848 mode 7 loop counter underrun * CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC * CVE-2015-7703 configuration directives "pidfile" and "driftfile" should only be allowed locally * CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should validate the origin timestamp field * CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey data packet length checks * obsoletes ntp-memlock.patch. - Add a controlkey line to /etc/ntp.conf if one does not already exist to allow runtime configuuration via ntpq. - Temporarily disable memlock to avoid problems due to high memory usage during name resolution (boo#946386, ntp-memlock.patch). - Use SHA1 instead of MD5 for symmetric keys (boo#905885). - Improve runtime configuration: * Read keytype from ntp.conf * Don't write ntp keys to syslog. - Fix legacy action scripts to pass on command line arguments. - Remove ntp.1.gz, it wasn't installed anymore. - Remove ntp-4.2.7-rh-manpages.tar.gz and only keep ntptime.8.gz. The rest is partially irrelevant, partially redundant and potentially outdated (boo#942587). - Remove "kod" from the restrict line in ntp.conf (boo#944300). - Use ntpq instead of deprecated ntpdc in start-ntpd (boo#936327). - Add a controlkey to ntp.conf to make the above work. - Don't let "keysdir" lines in ntp.conf trigger the "keys" parser. - Disable mode 7 (ntpdc) again, now that we don't use it anymore. - Add "addserver" as a new legacy action. - Fix the comment regarding addserver in ntp.conf (boo#910063). - Update to version 4.2.8p3 which incorporates all security fixes and most other patches we have so far (fate#319040). More information on: http://archive.ntp.org/ntp4/ChangeLog-stable - Disable chroot by default (boo#926510). - Enable ntpdc for backwards compatibility (boo#920238). - Security fix: ntp-keygen may generate non-random symmetric keys (Moderate) SUSE bug 782060 SUSE bug 905885 SUSE bug 910063 SUSE bug 916617 SUSE bug 920238 SUSE bug 926510 SUSE bug 936327 SUSE bug 942587 SUSE bug 944300 SUSE bug 946386 SUSE bug 951559 SUSE bug 951608 SUSE bug 951629 SUSE bug 954982 SUSE bug 956773 SUSE bug 957226 SUSE bug 962318 SUSE bug 962784 SUSE bug 962802 SUSE bug 962960 SUSE bug 962966 SUSE bug 962970 SUSE bug 962988 SUSE bug 962995 SUSE bug 963000 SUSE bug 963002 SUSE bug 975496 SUSE bug 977446 SUSE bug 977450 SUSE bug 977451 SUSE bug 977452 SUSE bug 977455 SUSE bug 977457 SUSE bug 977458 SUSE bug 977459 SUSE bug 977461 SUSE bug 977464 CVE-2015-5300 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-7871 CVE-2015-7973 CVE-2015-7974 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8139 CVE-2015-8140 CVE-2015-8158 CVE-2016-1547 CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-1551 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519 openSUSE 13.2 phpMyAdmin was updated to fix one security issue. The following vulnerability was fixed: - CVE-2016-5099: Self XSS vulneratbility - A specially crafted attack could allow for special HTML characters to be passed as URL encoded values and displayed back as special characters in the page (boo#982128, PMASA-2016-16) (Low) SUSE bug 982128 CVE-2016-5099 openSUSE 13.2 This update for samba fixes the following issues including some regressions from the BADLOCK security update: - libads: record session expiry for spnego sasl binds; (bso#11852); (boo#979268). - fix NT_STATUS_ACCESS_DENIED when accessing windows public share; (bso#11841). - Only validate MIC if "map to guest" is not being used; (bso#11847). - NetAPP SMB servers don't negotiate NTLMSSP_SIGN; (bso#11850); (boo#977669). - Fix non-working anonymous smb connections; (bso#11858). - handle broken mechListMIC response from Windows 2000; (bso#11870). - wbinfo -u or net ads search doesn't work anymore; (bso#11872). - fix regressions regarding the NTLMSSP hardening of CVE-2016-2110; (bso#11849). - Allow Domain member resolve trusted domains' users; (bso#11830). (Moderate) SUSE bug 977669 SUSE bug 979268 CVE-2016-2110 openSUSE 13.2 This update for expat fixes the following security issues: - CVE-2015-1283: Fixed multiple integer overflows that could lead to buffer overflows [boo#980391] - CVE-2016-0718: Fixed Expat XML parser that mishandles certain kinds of malformed input documents [boo#979441]. (Important) SUSE bug 979441 SUSE bug 980391 CVE-2015-1283 CVE-2016-0718 openSUSE 13.2 This update for libxslt fixes the following issues: - CVE-2015-7995: A type confusion in preprocessing attributes was fixed [boo#952474]. (Moderate) SUSE bug 952474 CVE-2015-7995 openSUSE 13.2 libxml2 was updated to fix security issues and a regression from the last version update. Security issues fixed: - CVE-2016-3627: Fixed stack exhaustion while parsing certain XML files in recovery mode (bnc#972335). - CVE-2016-3705: Improved protection against the Billion Laughs Attack (bnc#975947). Regression fixed: - Fixed XML push parser that fails with bogus UTF-8 encoding error when multi-byte character in large CDATA section is split across buffer [bnc#962796] (Moderate) SUSE bug 962796 SUSE bug 972335 SUSE bug 975947 CVE-2016-3627 CVE-2016-3705 openSUSE 13.2 This update for redis fixes the following security issue: - CVE-2015-8080: Fixed an integer overflow resulting in stack-based overflow. (bsc#954199) (Moderate) SUSE bug 954199 CVE-2015-8080 openSUSE 13.2 This update to putty 0.67 fixes the following vulnerability: - CVE-2016-2563: old-style scp downloads may allow remote code execution (boo#981407) (Moderate) SUSE bug 981407 CVE-2016-2563 openSUSE 13.2 This update for libarchive fixes the following issue: - Fix a heap-based buffer overflow (CVE-2016-1541, bsc#979005) (Moderate) SUSE bug 979005 CVE-2016-1541 openSUSE 13.2 This update for dosfstools fixes the following issues: - fixed buffer overflows based on insufficient size of variable for storing FAT size (CVE-2016-4804, boo#980377) * dosfstools-3.0.26-read-fat-overflow.patch - fixed memory corruption when setting FAT12 entries (CVE-2015-8872, boo#980364) * dosfstools-3.0.26-off-by-2.patch - Fix attempt to rename root dir in fsck due to uninitialized fields [boo#912607] - Drop gpg-offline build-time requirement; this is now handled by the local source validator (Moderate) SUSE bug 912607 SUSE bug 980364 SUSE bug 980377 CVE-2015-8872 CVE-2016-4804 openSUSE 13.2 Virtualbox was updated to 5.0.20 to fix the following issues: Version bump to 5.0.20 (released 2016-04-28 by Oracle) This is a maintenance release. The following items were fixed and/or added: * NAT Network: File VBoxNetNAT no longer requires suid * Storage: fixed a regression causing write requests from the BIOS to cause a Guru Meditation with the LsiLogic SCSI controller (5.0.18 regression; bug #15317) * Storage: several emulation fixes in the BusLogic SCSI controller emulation * NAT Network: support TCP in DNS proxy (same problem as in bug #14736 for NAT) * NAT: rework handling of port-forwarding rules (bug #13570) * NAT: rewrite host resolver to handle more query types and make it asynchronous so that a stalled lookup doesn't block all NAT traffic * Snapshots: don't crash when restoring a snapshot which has more network adapters than the current state (ie when the snapshot uses ICH9 and the current state uses PIIX3) * Guest Control: various bugfixes for the copyfrom and copyto commands / API (bug #14336) * VBoxManage: list processor features on list hostinfo (bug #15334) * Linux hosts: fix for Linux 4.5 if CONFIG_NET_CLS_ACT is enabled (bug #15327) * Windows Additions: fixed performance issues with PowerPoint 2010 and the WDDM graphics drivers if Aero is disabled Bugfixes: - Apply proper fix for boo#964765 that causes guest VMs using NAT Network attachments to fail to get network access. The basic problem is that file /usr/lib/virtualbox/VBoxNetNAT needs to have suid privilege, and the spec file was failing to set the appropriate permissions. - Implement VirtualBox version 5.0.18 in openSUSE 13.2. Previous to this point, oS 13.2 had been using 4.3.X, which was the VB series when 13.2 was released. This policy has been changed so that a fix for CVE-2016-0678 can be included in 13.2. Bug report b.o.o #97366 discusses this vulnerability. This submission also fixes the bug in VB 5.0.18 that prevents proper operation for guest VMs configured to use LsiLogic adapter for disks. See ticket: https://www.virtualbox.org/ticket/15317 for a description of the problem, and changeset: https://www.virtualbox.org/changeset/60565/vbox for the fix, which is implemented in file "changeset_60565.diff". Version bump to 5.0.18 (released 2016-04-18 by Oracle) This is a maintenance release. The following items were fixed and/or added: * GUI: position off-screen windows to be fully visible again on relaunch in consistence with default-behavior (bug #15226) * GUI: fixed the View menu / Full-screen Mode behavior on Mac OS X El Capitan * GUI: fixed a test which allowed to encrypt a hard disk with an empty password * GUI: fixed a crash under certain conditions during VM shutdown * GUI: fixed the size of the VM list scrollbar in the VM selector when entering a group * PC speaker passthrough: fixes (Linux hosts only; bug #627) * Drag and drop: several fixes * SATA: fixed hotplug flag handling when EFI is used * Storage: fixed handling of encrypted disk images with SCSI controllers (bug #14812) * Storage: fixed possible crash with Solaris 7 if the BusLogic SCSI controller is used * USB: properly purge non-ASCII characters from USB strings (bugs #8801, #15222) * NAT Network: fixed 100% CPU load in VBoxNetNAT on Mac OS X under certain circumstances (bug #15223) * ACPI: fixed ACPI tables to make the display color management settings available again for older Windows versions (4.3.22 regression) * Guest Control: fixed VBoxManage copyfrom command (bug #14336) * Snapshots: fixed several problems when removing older snapshots (bug #15206) * VBoxManage: fixed --verbose output of the guestcontrol command * Windows hosts: hardening fixes required for recent Windows 10 insider builds (bugs #15245, #15296) * Windows hosts: fixed support of jumbo frames in with bridged networking (5.0.16 regression; bug #15209) * Windows hosts: don't prevent receiving multicast traffic if host-only adapters are installed (bug #8698) * Linux hosts: added support for the new naming scheme of NVME disks when creating raw disks * Solaris hosts / guests: properly sign the kernel modules (bug #12608) * Linux hosts / guests: Linux 4.5 fixes (bug #15251) * Linux hosts / guests: Linux 4.6 fixes (bug #15298) * Linux Additions: added a kernel graphics driver to support graphics when X.Org does not have root rights (bug #14732) * Linux/Solaris Additions: fixed several issues causing Linux/Solatis guests using software rendering when 3D acceleration is available * Windows Additions: fixed a hang with PowerPoint 2010 and the WDDM drivers if Aero is disabled (Moderate) SUSE bug 908383 SUSE bug 939299 SUSE bug 953018 SUSE bug 964765 CVE-2016-0678 openSUSE 13.2 This update for p7zip fixes the following issues: - add p7zip-9.20.1-CVE-2016-2335.patch to fix 7zip UDF CInArchive::ReadFileItem code execution vulnerability [boo#979823], [CVE-2016-2335] (Moderate) SUSE bug 979823 CVE-2016-2335 openSUSE 13.2 Chromium was updated to 51.0.2704.79 to fix the following vulnerabilities: - CVE-2016-1696: Cross-origin bypass in Extension bindings - CVE-2016-1697: Cross-origin bypass in Blink - CVE-2016-1698: Information leak in Extension bindings - CVE-2016-1699: Parameter sanitization failure in DevTools - CVE-2016-1700: Use-after-free in Extensions - CVE-2016-1701: Use-after-free in Autofill - CVE-2016-1702: Out-of-bounds read in Skia - CVE-2016-1703: Various fixes from internal audits, fuzzing and other initiatives Also includes vulnerabilities fixed in 51.0.2704.63 (boo#981886): - CVE-2016-1672: Cross-origin bypass in extension bindings - CVE-2016-1673: Cross-origin bypass in Blink - CVE-2016-1674: Cross-origin bypass in extensions - CVE-2016-1675: Cross-origin bypass in Blink - CVE-2016-1676: Cross-origin bypass in extension bindings - CVE-2016-1677: Type confusion in V8 - CVE-2016-1678: Heap overflow in V8 - CVE-2016-1679: Heap use-after-free in V8 bindings - CVE-2016-1680: Heap use-after-free in Skia - CVE-2016-1681: Heap overflow in PDFium - CVE-2016-1682: CSP bypass for ServiceWorker - CVE-2016-1683: Out-of-bounds access in libxslt - CVE-2016-1684: Integer overflow in libxslt - CVE-2016-1685: Out-of-bounds read in PDFium - CVE-2016-1686: Out-of-bounds read in PDFium - CVE-2016-1687: Information leak in extensions - CVE-2016-1688: Out-of-bounds read in V8 - CVE-2016-1689: Heap buffer overflow in media - CVE-2016-1690: Heap use-after-free in Autofill - CVE-2016-1691: Heap buffer-overflow in Skia - CVE-2016-1692: Limited cross-origin bypass in ServiceWorker - CVE-2016-1693: HTTP Download of Software Removal Tool - CVE-2016-1694: HPKP pins removed on cache clearance - CVE-2016-1695: Various fixes from internal audits, fuzzing and other initiatives (Important) SUSE bug 981886 SUSE bug 982719 CVE-2016-1672 CVE-2016-1673 CVE-2016-1674 CVE-2016-1675 CVE-2016-1676 CVE-2016-1677 CVE-2016-1678 CVE-2016-1679 CVE-2016-1680 CVE-2016-1681 CVE-2016-1682 CVE-2016-1683 CVE-2016-1684 CVE-2016-1685 CVE-2016-1686 CVE-2016-1687 CVE-2016-1688 CVE-2016-1689 CVE-2016-1690 CVE-2016-1691 CVE-2016-1692 CVE-2016-1693 CVE-2016-1694 CVE-2016-1695 CVE-2016-1696 CVE-2016-1697 CVE-2016-1698 CVE-2016-1699 CVE-2016-1700 CVE-2016-1701 CVE-2016-1702 CVE-2016-1703 openSUSE 13.2 This update for gd fixes the following issues: - security update: * CVE-2016-5116 [boo#982176] + gd-CVE-2016-5116.patch (Moderate) SUSE bug 982176 CVE-2016-5116 openSUSE 13.2 This update to cgit 0.12 fixes the following issues: - CVE-2016-1899: Reflected Cross Site Scripting and Header Injection in Mimetype Query String - CVE-2016-1900: Stored Cross Site Scripting and Header Injection in Filename Parameter - CVE-2016-1901: Integer Overflow resulting in Buffer Overflow The bundled git version was updated to 2.7.0. (Moderate) SUSE bug 961916 CVE-2016-1899 CVE-2016-1900 CVE-2016-1901 openSUSE 13.2 This update for GraphicsMagick fixes the following issues: - security update: * CVE-2016-5118 [boo#982178] + GraphicsMagick-CVE-2016-5118.patch (Important) SUSE bug 982178 CVE-2016-5118 openSUSE 13.2 This update for libimobiledevice, libusbmuxd fixes the following issues: - Add libimobiledevice-CVE-2016-5104.patch: Make sure sockets only listen locally (CVE-2016-5104, boo#982014). (Moderate) SUSE bug 982014 CVE-2016-5104 openSUSE 13.2 This update for glibc fixes the following issues: - glob-altdirfunc.patch: Do not copy d_name field of struct dirent (CVE-2016-1234, boo#969727, BZ #19779) - nss-dns-memleak-2.patch: fix memory leak in _nss_dns_gethostbyname4_r (boo#973010) - nss-dns-getnetbyname.patch: fix stack overflow in _nss_dns_getnetbyname_r (CVE-2016-3075, boo#973164, BZ #19879) - getaddrinfo-hostent-conv-stack-overflow.patch: getaddrinfo stack overflow in hostent conversion (CVE-2016-3706, boo#980483, BZ #20010) - clntudp-call-alloca.patch: do not use alloca in clntudp_call (CVE-2016-4429, boo#980854, BZ #20112) (Moderate) SUSE bug 969727 SUSE bug 973010 SUSE bug 973164 SUSE bug 980483 SUSE bug 980854 CVE-2016-1234 CVE-2016-3075 CVE-2016-3706 CVE-2016-4429 openSUSE 13.2 This update for ImageMagick fixes the following issues: - security update: * CVE-2016-5118 [boo#982178] + ImageMagick-CVE-2016-5118.patch (Important) SUSE bug 982178 CVE-2016-5118 openSUSE 13.2 This update for php5 fixes the following issues: - CVE-2013-7456: imagescale out-of-bounds read (bnc#982009). - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don't create strings with lengths outside int range (bnc#982011). - CVE-2016-5095: Don't create strings with lengths outside int range (bnc#982012). - CVE-2016-5096: int/size_t confusion in fread (bsc#982013). - CVE-2016-5114: fpm_log.c memory leak and buffer overflow (bnc#982162). - CVE-2015-8877: The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd), as used in PHP, used inconsistent allocate and free approaches, which allowed remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function (bsc#981061). - CVE-2015-8876: Zend/zend_exceptions.c in PHP did not validate certain Exception objects, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data (bsc#981049). - CVE-2015-8879: The odbc_bindcols function in ext/odbc/php_odbc.c in PHP mishandled driver behavior for SQL_WVARCHAR columns, which allowed remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table Aliased: (bsc#981050). - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP allowed remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation (bsc#980366). - CVE-2015-8874: Stack consumption vulnerability in GD in PHP allowed remote attackers to cause a denial of service via a crafted imagefilltoborder call (bsc#980375). - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c in PHP allowed remote attackers to cause a denial of service (segmentation fault) via recursive method calls (bsc#980373). - CVE-2016-3074: Integer signedness error in GD Graphics Library (aka libgd or libgd2) allowed remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow (bsc#976775). (Important) SUSE bug 976775 SUSE bug 980366 SUSE bug 980373 SUSE bug 980375 SUSE bug 981049 SUSE bug 981050 SUSE bug 981061 SUSE bug 982009 SUSE bug 982010 SUSE bug 982011 SUSE bug 982012 SUSE bug 982013 SUSE bug 982162 CVE-2013-7456 CVE-2015-4116 CVE-2015-8873 CVE-2015-8874 CVE-2015-8876 CVE-2015-8877 CVE-2015-8879 CVE-2016-3074 CVE-2016-5093 CVE-2016-5094 CVE-2016-5095 CVE-2016-5096 CVE-2016-5114 openSUSE 13.2 This update to Mozilla Firefox 47 fixes the following issues (boo#983549): Security fixes: - CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards (boo#983638 MFSA 2016-49) - CVE-2016-2819: Buffer overflow parsing HTML5 fragments (boo#983655 MFSA 2016-50) - CVE-2016-2821: Use-after-free deleting tables from a contenteditable document (boo#983653 MFSA 2016-51) - CVE-2016-2822: Addressbar spoofing though the SELECT element (boo#983652 MFSA 2016-52) - CVE-2016-2824: Out-of-bounds write with WebGL shader (boo#983651 MFSA 2016-53) - CVE-2016-2825: Partial same-origin-policy through setting location.host through data URI (boo#983649 MFSA 2016-54) - CVE-2016-2828: Use-after-free when textures are used in WebGL operations after recycle pool destruction (boo#983646 MFSA 2016-56) - CVE-2016-2829: Incorrect icon displayed on permissions notifications (boo#983644 MFSA 2016-57) - CVE-2016-2831: Entering fullscreen and persistent pointerlock without user permission (boo#983643 MFSA 2016-58) - CVE-2016-2832: Information disclosure of disabled plugins through CSS pseudo-classes (boo#983632 MFSA 2016-59) - CVE-2016-2833: Java applets bypass CSP protections (boo#983640 MFSA 2016-60) Mozilla NSS was updated to 3.23 to address the following vulnerabilities: - CVE-2016-2834: Memory safety bugs (boo#983639 MFSA-2016-61) The following non-security changes are included: - Enable VP9 video codec for users with fast machines - Embedded YouTube videos now play with HTML5 video if Flash is not installed - View and search open tabs from your smartphone or another computer in a sidebar - Allow no-cache on back/forward navigations for https resources The following packaging changes are included: - boo#981695: cleanup configure options, notably removing GStreamer support which is gone from FF - boo#980384: enable build with PIE and full relro on x86_64 The following new functionality is provided: - ChaCha20/Poly1305 cipher and TLS cipher suites now supported - The list of TLS extensions sent in the TLS handshake has been reordered to increase compatibility of the Extended Master Secret with with servers (Important) SUSE bug 980384 SUSE bug 981695 SUSE bug 983549 SUSE bug 983632 SUSE bug 983638 SUSE bug 983639 SUSE bug 983640 SUSE bug 983643 SUSE bug 983644 SUSE bug 983646 SUSE bug 983649 SUSE bug 983651 SUSE bug 983652 SUSE bug 983653 SUSE bug 983655 CVE-2016-2815 CVE-2016-2818 CVE-2016-2819 CVE-2016-2821 CVE-2016-2822 CVE-2016-2824 CVE-2016-2825 CVE-2016-2828 CVE-2016-2829 CVE-2016-2831 CVE-2016-2832 CVE-2016-2833 CVE-2016-2834 openSUSE 13.2 This update for bind fixes the following issues: - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations (bsc#962189) (Important) SUSE bug 962189 CVE-2015-8704 openSUSE 13.2 This update for nodejs to version 4.4.5 fixes the several issues. These security issues introduced by the bundled openssl were fixed by going to version 1.0.2h: - CVE-2016-2107: The AES-NI implementation in OpenSSL did not consider memory allocation during a certain padding check, which allowed remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session (bsc#977616). - CVE-2016-2105: Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL allowed remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data (bsc#977614). - CVE-2016-0705: Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL allowed remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key (bsc#968047). - CVE-2016-0797: Multiple integer overflows in OpenSSL allowed remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c (bsc#968048). - CVE-2016-0702: The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL did not properly consider cache-bank access times during modular exponentiation, which made it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack (bsc#968050). These non-security issues were fixed: - Fix faulty "if" condition (string cannot equal a boolean). - buffer: Buffer no longer errors if you call lastIndexOf with a search term longer than the buffer. - contextify: Context objects are now properly garbage collected, this solves a problem some individuals were experiencing with extreme memory growth. - Update npm to 2.15.5. - http: Invalid status codes can no longer be sent. Limited to 3 digit numbers between 100 - 999. - deps: Fix --gdbjit for embedders. Backported from v8 upstream. - querystring: Restore throw when attempting to stringify bad surrogate pair. - https: Under certain conditions SSL sockets may have been causing a memory leak when keepalive is enabled. This is no longer the case. - lib: The way that we were internally passing arguments was causing a potential leak. By copying the arguments into an array we can avoid this. - repl: Previously if you were using the repl in strict mode the column number would be wrong in a stack trace. This is no longer an issue. - deps: An update to v8 that introduces a new flag --perf_basic_prof_only_functions. - http: A new feature in http(s) agent that catches errors on keep alived connections. - src: Better support for big-endian systems. - tls: A new feature that allows you to pass common SSL options to tls.createSecurePair. - build: Support python path that includes spaces. - https: A potential fix for #3692 (HTTP/HTTPS client requests throwing EPROTO). - installer: More readable profiling information from isolate tick logs. - process: Add support for symbols in event emitters (symbols didn't exist when it was written). - querystring: querystring.parse() is now 13-22% faster! - streams: Performance improvements for moving small buffers that shows a 5% throughput gain. IoT projects have been seen to be as much as 10% faster with this change! (Important) SUSE bug 968047 SUSE bug 968048 SUSE bug 968050 SUSE bug 977614 SUSE bug 977616 CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-2105 CVE-2016-2107 openSUSE 13.2 This update for libtasn1 fixes the following issues: - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser (bsc#961491) - CVE-2015-3622: Fixed invalid read in octet string decoding (bsc#929414) - CVE-2016-4008: Fixed infinite loop while parsing DER certificates (bsc#982779) (Moderate) SUSE bug 929414 SUSE bug 961491 SUSE bug 982779 CVE-2015-3622 CVE-2016-4008 openSUSE 13.2 This update for giflib fixes the following issues: - CVE-2015-7555: Heap overflow in giffix (bsc#960319) - bsc#949160: Fix a memory leak (Moderate) SUSE bug 949160 SUSE bug 960319 CVE-2015-7555 openSUSE 13.2 ntp was updated to fix five security issues. These security issues were fixed: - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). These non-security issues were fixed: - bsc#979302: Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice. - bsc#979981: ntp-wait does not accept fractional seconds, so use 1 instead of 0.2 in ntp-wait.service. - bsc#981422: Don't ignore SIGCHILD because it breaks wait(). - Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by "rcntp addserver". (Important) SUSE bug 979302 SUSE bug 979981 SUSE bug 981422 SUSE bug 982056 SUSE bug 982064 SUSE bug 982065 SUSE bug 982066 SUSE bug 982067 SUSE bug 982068 CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 openSUSE 13.2 This update brings libxml2 to version 2.9.4. These security issues were fixed: - CVE-2016-3627: The xmlStringGetNodeList function in tree.c, when used in recovery mode, allowed context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document (bsc#972335). - CVE-2016-1833: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840 (bsc#981108). - CVE-2016-1835: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document (bsc#981109). - CVE-2016-1837: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840 (bsc#981111). - CVE-2016-1836: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840 (bsc#981110). - CVE-2016-1839: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, and CVE-2016-1840 (bsc#981114). - CVE-2016-1838: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1839, and CVE-2016-1840 (bsc#981112). - CVE-2016-1840: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, and CVE-2016-1839 (bsc#981115). - CVE-2016-4483: out-of-bounds read parsing an XML using recover mode (bnc#978395). - CVE-2016-1834: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840 (bsc#981041). - CVE-2016-3705: The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 did not properly keep track of the recursion depth, which allowed context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references (bsc#975947). - CVE-2016-1762: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document (bsc#981040). This non-security issue was fixed: - bnc#983288: Fix attribute decoding during XML schema validation (Important) SUSE bug 972335 SUSE bug 975947 SUSE bug 978395 SUSE bug 981040 SUSE bug 981041 SUSE bug 981108 SUSE bug 981109 SUSE bug 981110 SUSE bug 981111 SUSE bug 981112 SUSE bug 981114 SUSE bug 981115 SUSE bug 983288 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-3627 CVE-2016-3705 CVE-2016-4483 openSUSE 13.2 This update for wireshark fixes an number of security issues. Issues in protocol dissectors could have allowed a remote attacker to crash Wireshark or cause excessive CPU usage through specially crafted packages inserted into the network or a capture file. - CVE-2016-5350: The SPOOLS dissector could go into an infinite loop - CVE-2016-5351: The IEEE 802.11 dissector could crash - CVE-2016-5353: The UMTS FP dissector could crash - CVE-2016-5354: Some USB dissectors could crash - CVE-2016-5355: The Toshiba file parser could crash - CVE-2016-5356: The CoSine file parser could crash - CVE-2016-5357: The NetScreen file parser could crash - CVE-2016-5358: The Ethernet dissector could crash (Moderate) SUSE bug 983671 CVE-2016-5350 CVE-2016-5351 CVE-2016-5353 CVE-2016-5354 CVE-2016-5355 CVE-2016-5356 CVE-2016-5357 CVE-2016-5358 openSUSE 13.2 NonFree Adobe flash-player was updated to 11.2.202.626 to fix the following security issues: Security update to 11.2.202.626 (boo#984695): * APSB16-18, CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4135, CVE-2016-4136, CVE-2016-4137, CVE-2016-4138, CVE-2016-4139, CVE-2016-4140, CVE-2016-4141, CVE-2016-4142, CVE-2016-4143, CVE-2016-4144, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148, CVE-2016-4149, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171 Please see https://helpx.adobe.com/security/products/flash-player/apsb16-18.html for more information. (Critical) SUSE bug 984695 CVE-2016-4122 CVE-2016-4123 CVE-2016-4124 CVE-2016-4125 CVE-2016-4127 CVE-2016-4128 CVE-2016-4129 CVE-2016-4130 CVE-2016-4131 CVE-2016-4132 CVE-2016-4133 CVE-2016-4134 CVE-2016-4135 CVE-2016-4136 CVE-2016-4137 CVE-2016-4138 CVE-2016-4139 CVE-2016-4140 CVE-2016-4141 CVE-2016-4142 CVE-2016-4143 CVE-2016-4144 CVE-2016-4145 CVE-2016-4146 CVE-2016-4147 CVE-2016-4148 CVE-2016-4149 CVE-2016-4150 CVE-2016-4151 CVE-2016-4152 CVE-2016-4153 CVE-2016-4154 CVE-2016-4155 CVE-2016-4156 CVE-2016-4166 CVE-2016-4171 openSUSE 13.2 Chromium was updated to 51.0.2704.103 to fix three vulnerabilities: - CVE-2016-1704: Various fixes from internal audits, fuzzing and other initiatives (shared identifier) (boo#985397) (Important) SUSE bug 985397 CVE-2016-1704 openSUSE 13.2 This update for libtorrent-rasterbar fixes the following issues: - CVE-2016-5301: Crash on invalid input in http_parser could have allowed a remote attacker to perform a denial of service attack (boo#983228). In addition, the package was updated to 1.0.9 / 1.16.19, fixing various upstream bugs. (Moderate) SUSE bug 983228 CVE-2016-5301 openSUSE 13.2 ctdb was updated to fix one security issue. This security issue was fixed: - bsc#969522: ctdb opening sockets with htons(IPPROTO_RAW) (Moderate) SUSE bug 969522 openSUSE 13.2 This update for vlc to version 2.1.6 fixes the following issues: These CVE were fixed: - CVE-2016-5108: Reject invalid QuickTime IMA files (boo#984382). - CVE-2016-3941: Heap overflow in processing wav files (boo#973354). These security issues without were fixed: - Fix heap overflow in decomp stream filter. - Fix buffer overflow in updater. - Fix potential buffer overflow in schroedinger encoder. - Fix null-pointer dereference in DMO decoder. - Fix buffer overflow in parsing of string boxes in mp4 demuxer. - Fix SRTP integer overflow. - Fix potential crash in zip access. - Fix read overflow in Ogg demuxer. (Important) SUSE bug 973354 SUSE bug 984382 CVE-2016-3941 CVE-2016-5108 openSUSE 13.2 obs-service-source_validator was updated to fix one security issue. This security issue was fixed: - CVE-2016-4007: Several maintained source services are vulnerable to code/paramter injection (bsc#967265). This non-security issue was fixed: - bsc#967610: Several occurrences of uninitialized value. (Important) SUSE bug 967265 SUSE bug 967610 CVE-2016-4007 openSUSE 13.2 mariadb was updated to version 10.0.25 to fix 25 security issues. These security issues were fixed: - CVE-2016-0505: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Options (bsc#980904). - CVE-2016-0546: Unspecified vulnerability allowed local users to affect confidentiality, integrity, and availability via unknown vectors related to Client (bsc#980904). - CVE-2016-0596: Unspecified vulnerability allowed remote authenticated users to affect availability via vectors related to DML (bsc#980904). - CVE-2016-0597: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Optimizer (bsc#980904). - CVE-2016-0598: Unspecified vulnerability allowed remote authenticated users to affect availability via vectors related to DML (bsc#980904). - CVE-2016-0600: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to InnoDB (bsc#980904). - CVE-2016-0606: Unspecified vulnerability allowed remote authenticated users to affect integrity via unknown vectors related to encryption (bsc#980904). - CVE-2016-0608: Unspecified vulnerability allowed remote authenticated users to affect availability via vectors related to UDF (bsc#980904). - CVE-2016-0609: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to privileges (bsc#980904). - CVE-2016-0616: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Optimizer (bsc#980904). - CVE-2016-0640: Unspecified vulnerability allowed local users to affect integrity and availability via vectors related to DML (bsc#980904). - CVE-2016-0641: Unspecified vulnerability allowed local users to affect confidentiality and availability via vectors related to MyISAM (bsc#980904). - CVE-2016-0642: Unspecified vulnerability allowed local users to affect integrity and availability via vectors related to Federated (bsc#980904). - CVE-2016-0643: Unspecified vulnerability allowed local users to affect confidentiality via vectors related to DML (bsc#980904). - CVE-2016-0644: Unspecified vulnerability allowed local users to affect availability via vectors related to DDL (bsc#980904). - CVE-2016-0646: Unspecified vulnerability allowed local users to affect availability via vectors related to DML (bsc#980904). - CVE-2016-0647: Unspecified vulnerability allowed local users to affect availability via vectors related to FTS (bsc#980904). - CVE-2016-0648: Unspecified vulnerability allowed local users to affect availability via vectors related to PS (bsc#980904). - CVE-2016-0649: Unspecified vulnerability allowed local users to affect availability via vectors related to PS (bsc#980904). - CVE-2016-0650: Unspecified vulnerability allowed local users to affect availability via vectors related to Replication (bsc#980904). - CVE-2016-0651: Unspecified vulnerability allowed local users to affect availability via vectors related to Optimizer (bsc#980904). - CVE-2016-0655: Unspecified vulnerability allowed local users to affect availability via vectors related to InnoDB (bsc#980904). - CVE-2016-0666: Unspecified vulnerability allowed local users to affect availability via vectors related to Security: Privileges (bsc#980904). - CVE-2016-0668: Unspecified vulnerability allowed local users to affect availability via vectors related to InnoDB (bsc#980904). - CVE-2016-2047: The ssl_verify_server_cert function in sql-common/client.c did not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allowed man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com (bsc#963806). These non-security issues were fixed: - bsc#970295: Fix the leftovers of "logrotate.d/mysql" string in the logrotate error message. Occurrences of this string were changed to "logrotate.d/mariadb" - bsc#963810: Add 'log-error' and 'secure-file-priv' configuration options * add '/etc/my.cnf.d/error_log.conf' that specifies 'log-error = /var/log/mysql/mysqld.log'. If no path is set, the error log is written to '/var/lib/mysql/$HOSTNAME.err', which is not picked up by logrotate. * add '/etc/my.cnf.d/secure_file_priv.conf' which specifies that 'LOAD DATA', 'SELECT ... INTO' and 'LOAD FILE()' will only work with files in the directory specified by 'secure-file-priv' option (='/var/lib/mysql-files'). - Temporarily disable OQGraph. It seems to need the boost library with the version not earlier than 1.40 and not later than 1.55 (MDEV-9479) - boo#979524: Don't remove HandlerSocket plugin - boo#970287: Add "BuildRequires: jemalloc-devel" in order to allow enabling of the TokuDB plugin - run 'usermod -g mysql mysql' only if mysql user is not in mysql group. Run 'usermod -s /bin/false/ mysql' only if mysql user doesn't have '/bin/false' shell set. - Re-enable profiling support (Important) SUSE bug 963806 SUSE bug 963810 SUSE bug 970287 SUSE bug 970295 SUSE bug 979524 SUSE bug 980904 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0655 CVE-2016-0666 CVE-2016-0668 CVE-2016-2047 openSUSE 13.2 This update for libvirt fixes the following issues: - CVE-2015-5313: directory directory traversal privilege escalation vulnerability. (boo#953110) (Moderate) SUSE bug 953110 CVE-2015-5313 openSUSE 13.2 libarchive was updated to fix one security issue. This security issue was fixed: - CVE-2016-4809: Memory allocation error with gigantic symbolic links in cpio archives (bsc#984990). (Low) SUSE bug 984990 CVE-2016-4809 openSUSE 13.2 This update for jasper fixes the following issues: - CVE-2016-1867: Out-of-bounds Read could cause a crash (boo#961886) (Low) SUSE bug 961886 CVE-2016-1867 openSUSE 13.2 This update to tiff 4.0.6 fixes the following issues: - CVE-2015-7554: Out-of-bounds write in the thumbnail and tiffcmp tools allowed attacker to cause a denial of service or have unspecified further impact (bsc#960341) - bsc#942690: potential out-of-bound write in NeXTDecode() (#2508) (Moderate) SUSE bug 942690 SUSE bug 960341 CVE-2015-7554 openSUSE 13.2 rsync was updated to fix one security issue. This security issue was fixed: - CVE-2014-9512: rsync allowed remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path (boo#915410). (Moderate) SUSE bug 915410 CVE-2014-9512 openSUSE 13.2 phpMyAdmin was updated to version 4.4.15.7 to fix eight security issues. These security issues were fixed: - CVE-2016-5701: BBCode injection vulnerability (boo#986154) - CVE-2016-5703: SQL injection attack (boo#986154) - CVE-2016-5705: Multiple XSS vulnerabilities (boo#986154) - CVE-2016-5706: DOS attack (boo#986154) - CVE-2016-5730: Multiple full path disclosure vulnerabilities (boo#986154) - CVE-2016-5731: XSS through FPD (boo#986154) - CVE-2016-5733: Multiple XSS vulnerabilities (boo#986154) - CVE-2016-5739: Referrer leak in transformations (boo#986154) This non-security issues was fixed: - Fix issue Setup script doesn't use input type 'password' in all relevant locations (Moderate) SUSE bug 986154 CVE-2016-5701 CVE-2016-5703 CVE-2016-5705 CVE-2016-5706 CVE-2016-5730 CVE-2016-5731 CVE-2016-5733 CVE-2016-5739 openSUSE 13.2 This update to roundcubemail 1.0.8 fixes the following issues: - CVE-2015-8770: Path traversal vulnerability allowed code execution to remote authenticated users if they were also upload files to the same server through some other method (boo#962067) This update also contains all upstream fixes in 1.0.8. The package was updated to use generic PHP requirements for use with other prefixes than "php5-" (Important) SUSE bug 962067 CVE-2015-8770 openSUSE 13.2 kinit was updated to fix one security issue. This security issue was fixed: - CVE-2016-3100: World readable Xauthority file exposed cookie credentials (boo#983926). (Moderate) SUSE bug 983926 CVE-2016-3100 openSUSE 13.2 gimp was updated to version 2.8.16 to fix one security issue. This security issue was fixed: - CVE-2016-4994: Use-after-free vulnerabilities in the channel and layer properties parsing process (bsc#986021). This non-security issues were fixed: - Core: * Seek much less when writing XCF * Don't seek past the end of the file when writing XCF * Fix velocity parameter on .GIH brushes * Fix brokenness while transforming certain sets of linked layers - GUI: * Always show image tabs in single window mode * Fix switching of dock tabs by DND hovering * Don't make the scroll area for tags too small * Fixed a crash in the save dialog * Fix issue where ruler updates made things very slow on Windows -Plug-ins: * Fix several issues in the BMP plug-in * Make Gfig work with the new brush size behavior again * Fix font export in the PDF plug-in * Support layer groups in OpenRaster files * Fix loading of PSD files with layer groups (Moderate) SUSE bug 986021 CVE-2016-4994 openSUSE 13.2 spice was updated to fix two security issues. These security issues were fixed: - CVE-2016-2150: SPICE allowed local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261 (boo#982385). - CVE-2016-0749: The smartcard interaction in SPICE allowed remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow (boo#982385). (Moderate) SUSE bug 982385 SUSE bug 982386 CVE-2016-0749 CVE-2016-2150 openSUSE 13.2 GraphicsMagick was updated to fix 37 security issues. These security issues were fixed: - CVE-2014-9810: SEGV in dpx file handler (bsc#983803). - CVE-2014-9811: Crash in xwd file handler (bsc#984032). - CVE-2014-9813: Crash on corrupted viff file (bsc#984035). - CVE-2014-9814: NULL pointer dereference in wpg file handling (bsc#984193). - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372). - CVE-2014-9816: Out of bound access in viff image (bsc#984398). - CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400). - CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181). - CVE-2014-9819: Heap overflow in palm files (bsc#984142). - CVE-2014-9830: Handling of corrupted sun file (bsc#984135). - CVE-2014-9831: Handling of corrupted wpg file (bsc#984375). - CVE-2014-9837: Additional PNM sanity checks (bsc#984166). - CVE-2014-9834: Heap overflow in pict file (bsc#984436). - CVE-2014-9853: Memory leak in rle file handling (bsc#984408). - CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259). - CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234). - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (bsc#985442). - CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523). - CVE-2015-8896: Double free / integer truncation issue in coders/pict.c:2000 (bsc#983533). - CVE-2014-9807: Double free in pdb coder. (bsc#983794). - CVE-2014-9828: corrupted (too many colors) psd file (bsc#984028). - CVE-2014-9805: SEGV due to a corrupted pnm file. (bsc#983752). - CVE-2014-9808: SEGV due to corrupted dpc images. (bsc#983796). - CVE-2014-9820: Heap overflow in xpm files (bsc#984150). - CVE-2014-9839: Theoretical out of bound access in magick/colormap-private.h (bsc#984379). - CVE-2014-9809: SEGV due to corrupted xwd images. (bsc#983799). - CVE-2016-5240: SVG converting issue resulting in DoS (endless loop) (bsc#983309). - CVE-2014-9840: Out of bound access in palm file (bsc#984433). - CVE-2014-9847: Incorrect handling of "previous" image in the JNG decoder (bsc#984144). - CVE-2016-5241: Arithmetic exception (div by 0) in SVG conversion (bsc#983455). - CVE-2014-9845: Crash due to corrupted dib file (bsc#984394). - CVE-2014-9844: Out of bound issue in rle file (bsc#984373). - CVE-2014-9835: Heap overflow in wpf file (bsc#984145). - CVE-2014-9829: Out of bound access in sun file (bsc#984409). - CVE-2014-9846: Added checks to prevent overflow in rle file (bsc#983521). - CVE-2016-2317: Multiple vulnerabilities when parsing and processing SVG files (bsc#965853). - CVE-2016-2318: Multiple vulnerabilities when parsing and processing SVG files (bsc#965853). (Important) SUSE bug 965853 SUSE bug 983234 SUSE bug 983259 SUSE bug 983309 SUSE bug 983455 SUSE bug 983521 SUSE bug 983523 SUSE bug 983533 SUSE bug 983752 SUSE bug 983794 SUSE bug 983796 SUSE bug 983799 SUSE bug 983803 SUSE bug 984028 SUSE bug 984032 SUSE bug 984035 SUSE bug 984135 SUSE bug 984142 SUSE bug 984144 SUSE bug 984145 SUSE bug 984150 SUSE bug 984166 SUSE bug 984181 SUSE bug 984193 SUSE bug 984372 SUSE bug 984373 SUSE bug 984375 SUSE bug 984379 SUSE bug 984394 SUSE bug 984398 SUSE bug 984400 SUSE bug 984408 SUSE bug 984409 SUSE bug 984433 SUSE bug 984436 SUSE bug 985442 CVE-2014-9805 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9820 CVE-2014-9828 CVE-2014-9829 CVE-2014-9830 CVE-2014-9831 CVE-2014-9834 CVE-2014-9835 CVE-2014-9837 CVE-2014-9839 CVE-2014-9840 CVE-2014-9844 CVE-2014-9845 CVE-2014-9846 CVE-2014-9847 CVE-2014-9853 CVE-2015-8894 CVE-2015-8896 CVE-2015-8901 CVE-2015-8903 CVE-2016-2317 CVE-2016-2318 CVE-2016-5240 CVE-2016-5241 CVE-2016-5688 openSUSE 13.2 This update for libircclient adjusts the cipher suites from ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH to to EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH (boo#857151) (Moderate) SUSE bug 857151 openSUSE 13.2 cronic was updated to fix one security issue. This security issue was fixed: - CVE-2016-3992: Predictable temporary files (bsc#974845). (Moderate) SUSE bug 974845 CVE-2016-3992 openSUSE 13.2 xerces-c was updated to fix one security issue. This security issue was fixed: - CVE-2016-2099: Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++. It did not properly handle exceptions raised in the XMLReader class, which allowed context-dependent attackers to have unspecified impact via an invalid character in an XML document (bsc#979208). (Moderate) SUSE bug 979208 CVE-2016-2099 openSUSE 13.2 ImageMagick was updated to fix 66 security issues. These security issues were fixed: - CVE-2014-9810: SEGV in dpx file handler (bsc#983803). - CVE-2014-9811: Crash in xwd file handler (bsc#984032). - CVE-2014-9812: NULL pointer dereference in ps file handling (bsc#984137). - CVE-2014-9813: Crash on corrupted viff file (bsc#984035). - CVE-2014-9814: NULL pointer dereference in wpg file handling (bsc#984193). - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372). - CVE-2014-9816: Out of bound access in viff image (bsc#984398). - CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400). - CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181). - CVE-2014-9819: Heap overflow in palm files (bsc#984142). - CVE-2014-9830: Handling of corrupted sun file (bsc#984135). - CVE-2014-9831: Handling of corrupted wpg file (bsc#984375). - CVE-2014-9850: Incorrect thread limit logic (bsc#984149). - CVE-2014-9851: Crash when parsing resource block (bsc#984160). - CVE-2014-9852: Incorrect usage of object after it has been destroyed (bsc#984191). - CVE-2014-9853: Memory leak in rle file handling (bsc#984408). - CVE-2015-8902: PDB file DoS (CPU consumption) (bsc#983253). - CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259). - CVE-2015-8900: HDR file DoS (endless loop) (bsc#983232). - CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234). - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (bsc#985442). - CVE-2014-9834: Heap overflow in pict file (bsc#984436). - CVE-2014-9806: Leaked file descriptor due to corrupted file (bsc#983774). - CVE-2016-5687: Out of bounds read in DDS coder (bsc#985448). - CVE-2014-9838: Out of memory crash in magick/cache.c (bsc#984370). - CVE-2014-9854: Filling memory during identification of TIFF image (bsc#984184). - CVE-2015-8898: Prevent null pointer access in magick/constitute.c (bsc#983746). - CVE-2014-9833: Heap overflow in psd file (bsc#984406). - CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523). - CVE-2015-8895: Integer and Buffer overflow in coders/icon.c (bsc#983527). - CVE-2015-8896: Double free / integer truncation issue in coders/pict.c:2000 (bsc#983533). - CVE-2015-8897: Out of bounds error in SpliceImage (bsc#983739). - CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451). - CVE-2016-5691: Checks for pixel.red/green/blue in dcm coder (bsc#985456). - CVE-2014-9836: Crash in xpm file handling (bsc#984023). - CVE-2014-9808: SEGV due to corrupted dpc images (bsc#983796). - CVE-2014-9821: Avoid heap overflow in pnm files (bsc#984014). - CVE-2014-9820: Heap overflow in xpm files (bsc#984150). - CVE-2014-9823: Heap overflow in palm file (bsc#984401). - CVE-2014-9822: Heap overflow in quantum file (bsc#984187). - CVE-2014-9825: Heap overflow in corrupted psd file (bsc#984427). - CVE-2014-9824: Heap overflow in psd file (bsc#984185). - CVE-2014-9809: SEGV due to corrupted xwd images (bsc#983799). - CVE-2014-9826: Incorrect error handling in sun files (bsc#984186). - CVE-2014-9843: Incorrect boundary checks in DecodePSDPixels (bsc#984179). - CVE-2014-9842: Memory leak in psd handling (bsc#984374). - CVE-2014-9841: Throwing of exceptions in psd handling (bsc#984172). - CVE-2014-9840: Out of bound access in palm file (bsc#984433). - CVE-2014-9847: Incorrect handling of "previous" image in the JNG decoder (bsc#984144). - CVE-2014-9846: Added checks to prevent overflow in rle file (bsc#983521). - CVE-2014-9845: Crash due to corrupted dib file (bsc#984394). - CVE-2014-9844: Out of bound issue in rle file (bsc#984373). - CVE-2014-9849: Crash in png coder (bsc#984018). - CVE-2014-9848: Memory leak in quantum management (bsc#984404). - CVE-2014-9807: Double free in pdb coder (bsc#983794). - CVE-2014-9829: Out of bound access in sun file (bsc#984409). - CVE-2014-9832: Heap overflow in pcx file (bsc#984183). - CVE-2014-9805: SEGV due to a corrupted pnm file (bsc#983752). - CVE-2016-4564: The DrawImage function in MagickCore/draw.c in ImageMagick made an incorrect function call in attempting to locate the next token, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983308). - CVE-2016-4563: The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick mishandled the relationship between the BezierQuantum value and certain strokes data, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983305). - CVE-2016-4562: The DrawDashPolygon function in MagickCore/draw.c in ImageMagick mishandled calculations of certain vertices integer data, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983292). - CVE-2014-9839: Theoretical out of bound access in magick/colormap-private.h (bsc#984379). - CVE-2016-5689: NULL ptr dereference in dcm coder (bsc#985460). - CVE-2014-9837: Additional PNM sanity checks (bsc#984166). - CVE-2014-9835: Heap overflow in wpf file (bsc#984145). - CVE-2014-9828: Corrupted (too many colors) psd file (bsc#984028). - CVE-2016-5841: Out-of-bounds read in MagickCore/property.c:1396 could lead to memory leak/ Integer overflow read to RCE (bnc#986609). - CVE-2016-5842: Out-of-bounds read in MagickCore/property.c:1396 could lead to memory leak/ Integer overflow read to RCE (bnc#986608). (Important) SUSE bug 983232 SUSE bug 983234 SUSE bug 983253 SUSE bug 983259 SUSE bug 983292 SUSE bug 983305 SUSE bug 983308 SUSE bug 983521 SUSE bug 983523 SUSE bug 983527 SUSE bug 983533 SUSE bug 983739 SUSE bug 983746 SUSE bug 983752 SUSE bug 983774 SUSE bug 983794 SUSE bug 983796 SUSE bug 983799 SUSE bug 983803 SUSE bug 984014 SUSE bug 984018 SUSE bug 984023 SUSE bug 984028 SUSE bug 984032 SUSE bug 984035 SUSE bug 984135 SUSE bug 984137 SUSE bug 984142 SUSE bug 984144 SUSE bug 984145 SUSE bug 984149 SUSE bug 984150 SUSE bug 984160 SUSE bug 984166 SUSE bug 984172 SUSE bug 984179 SUSE bug 984181 SUSE bug 984183 SUSE bug 984184 SUSE bug 984185 SUSE bug 984186 SUSE bug 984187 SUSE bug 984191 SUSE bug 984193 SUSE bug 984370 SUSE bug 984372 SUSE bug 984373 SUSE bug 984374 SUSE bug 984375 SUSE bug 984379 SUSE bug 984394 SUSE bug 984398 SUSE bug 984400 SUSE bug 984401 SUSE bug 984404 SUSE bug 984406 SUSE bug 984408 SUSE bug 984409 SUSE bug 984427 SUSE bug 984433 SUSE bug 984436 SUSE bug 985442 SUSE bug 985448 SUSE bug 985451 SUSE bug 985456 SUSE bug 985460 SUSE bug 986608 SUSE bug 986609 CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9820 CVE-2014-9821 CVE-2014-9822 CVE-2014-9823 CVE-2014-9824 CVE-2014-9825 CVE-2014-9826 CVE-2014-9828 CVE-2014-9829 CVE-2014-9830 CVE-2014-9831 CVE-2014-9832 CVE-2014-9833 CVE-2014-9834 CVE-2014-9835 CVE-2014-9836 CVE-2014-9837 CVE-2014-9838 CVE-2014-9839 CVE-2014-9840 CVE-2014-9841 CVE-2014-9842 CVE-2014-9843 CVE-2014-9844 CVE-2014-9845 CVE-2014-9846 CVE-2014-9847 CVE-2014-9848 CVE-2014-9849 CVE-2014-9850 CVE-2014-9851 CVE-2014-9852 CVE-2014-9853 CVE-2014-9854 CVE-2015-8894 CVE-2015-8895 CVE-2015-8896 CVE-2015-8897 CVE-2015-8898 CVE-2015-8900 CVE-2015-8901 CVE-2015-8902 CVE-2015-8903 CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 openSUSE 13.2 php5 was updated to fix nine security issues. These security issues were fixed: - CVE-2016-5773: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize (bsc#986247). - CVE-2016-5772: Double Free Courruption in wddx_deserialize (bsc#986244). - CVE-2016-5771: Use After Free Vulnerability in PHP's GC algorithm and unserialize (bsc#986391). - CVE-2016-5770: int/size_t confusion in SplFileObject::fread (bsc#986392). - CVE-2016-5768: Double free in _php_mb_regex_ereg_replace_exec - (bsc#986246). - CVE-2016-5769: mcrypt: Heap Overflow due to integer overflows (bsc#986388). - CVE-2015-8935: XSS in header() with Internet Explorer (bsc#986004). - CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (bsc#986393). - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow (bsc#986386). (Important) SUSE bug 986004 SUSE bug 986244 SUSE bug 986246 SUSE bug 986247 SUSE bug 986386 SUSE bug 986388 SUSE bug 986391 SUSE bug 986392 SUSE bug 986393 CVE-2015-8935 CVE-2016-5766 CVE-2016-5767 CVE-2016-5768 CVE-2016-5769 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 openSUSE 13.2 This update contains Mozilla Thunderbird 45.2. (boo#983549) It fixes security issues mostly affecting the e-mail program when used in a browser context, such as viewing a web page or HTMl formatted e-mail. The following vulnerabilities were fixed: - CVE-2016-2818, CVE-2016-2815: Memory safety bugs (boo#983549, MFSA2016-49) Contains the following security fixes from the 45.1 release: (boo#977333) - CVE-2016-2806, CVE-2016-2807: Miscellaneous memory safety hazards (boo#977375, boo#977376, MFSA 2016-39) Contains the following security fixes from the 45.0 release: (boo#969894) - CVE-2016-1952, CVE-2016-1953: Miscellaneous memory safety hazards (MFSA 2016-16) - CVE-2016-1954: Local file overwriting and potential privilege escalation through CSP reports (MFSA 2016-17) - CVE-2016-1955: CSP reports fail to strip location information for embedded iframe pages (MFSA 2016-18) - CVE-2016-1956: Linux video memory DOS with Intel drivers (MFSA 2016-19) - CVE-2016-1957: Memory leak in libstagefright when deleting an array during MP4 processing (MFSA 2016-20) - CVE-2016-1960: Use-after-free in HTML5 string parser (MFSA 2016-23) - CVE-2016-1961: Use-after-free in SetBody (MFSA 2016-24) - CVE-2016-1964: Use-after-free during XML transformations (MFSA 2016-27) - CVE-2016-1974: Out-of-bounds read in HTML parser following a failed allocation (MFSA 2016-34) The graphite font shaping library was disabled, addressing the following font vulnerabilities: - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 The following tracked packaging changes are included: - fix build issues with gcc/binutils combination used in Leap 42.2 (boo#984637) - gcc6 fixes (boo#986162) - running on 48bit va aarch64 (boo#984126) (Important) SUSE bug 969894 SUSE bug 977333 SUSE bug 977375 SUSE bug 977376 SUSE bug 983549 SUSE bug 984126 SUSE bug 984637 SUSE bug 986162 CVE-2016-1952 CVE-2016-1953 CVE-2016-1954 CVE-2016-1955 CVE-2016-1956 CVE-2016-1957 CVE-2016-1960 CVE-2016-1961 CVE-2016-1964 CVE-2016-1974 CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 CVE-2016-2806 CVE-2016-2807 CVE-2016-2815 CVE-2016-2818 openSUSE 13.2 NonFree Adobe Flash Player was updated to 11.2.202.632 to fix many security issues tracked under the upstream advisory APSB16-25, allowing remote attackers to execute arbitrary code when delivering specially crafted Flash content. The following vulnerabilities were fixed: - CVE-2016-4172: memory corruption vulnerability that could lead to code execution - CVE-2016-4173: use-after-free vulnerability that could lead to code execution - CVE-2016-4174: use-after-free vulnerability that could lead to code execution - CVE-2016-4175: memory corruption vulnerability that could lead to code execution - CVE-2016-4176: stack corruption vulnerability that could lead to code execution - CVE-2016-4177: stack corruption vulnerability that could lead to code execution - CVE-2016-4178: security bypass vulnerability that could lead to information disclosure - CVE-2016-4179: memory corruption vulnerability that could lead to code execution - CVE-2016-4180: memory corruption vulnerability that could lead to code execution - CVE-2016-4181: memory corruption vulnerability that could lead to code execution - CVE-2016-4182: memory corruption vulnerability that could lead to code execution - CVE-2016-4183: memory corruption vulnerability that could lead to code execution - CVE-2016-4184: memory corruption vulnerability that could lead to code execution - CVE-2016-4185: memory corruption vulnerability that could lead to code execution - CVE-2016-4186: memory corruption vulnerability that could lead to code execution - CVE-2016-4187: memory corruption vulnerability that could lead to code execution - CVE-2016-4188: memory corruption vulnerability that could lead to code execution - CVE-2016-4189: memory corruption vulnerability that could lead to code execution - CVE-2016-4190: memory corruption vulnerability that could lead to code execution - CVE-2016-4217: memory corruption vulnerability that could lead to code execution - CVE-2016-4218: memory corruption vulnerability that could lead to code execution - CVE-2016-4219: memory corruption vulnerability that could lead to code execution - CVE-2016-4220: memory corruption vulnerability that could lead to code execution - CVE-2016-4221: memory corruption vulnerability that could lead to code execution - CVE-2016-4222: use-after-free vulnerability that could lead to code execution - CVE-2016-4223: type confusion vulnerability that could lead to code execution - CVE-2016-4224: type confusion vulnerability that could lead to code execution - CVE-2016-4225: type confusion vulnerability that could lead to code execution - CVE-2016-4226: use-after-free vulnerability that could lead to code execution - CVE-2016-4227: use-after-free vulnerability that could lead to code execution - CVE-2016-4228: use-after-free vulnerability that could lead to code execution - CVE-2016-4229: use-after-free vulnerability that could lead to code execution - CVE-2016-4230: use-after-free vulnerability that could lead to code execution - CVE-2016-4231: use-after-free vulnerability that could lead to code execution - CVE-2016-4232: memory leak vulnerability - CVE-2016-4233: memory corruption vulnerability that could lead to code execution - CVE-2016-4234: memory corruption vulnerability that could lead to code execution - CVE-2016-4235: memory corruption vulnerability that could lead to code execution - CVE-2016-4236: memory corruption vulnerability that could lead to code execution - CVE-2016-4237: memory corruption vulnerability that could lead to code execution - CVE-2016-4238: memory corruption vulnerability that could lead to code execution - CVE-2016-4239: memory corruption vulnerability that could lead to code execution - CVE-2016-4240: memory corruption vulnerability that could lead to code execution - CVE-2016-4241: memory corruption vulnerability that could lead to code execution - CVE-2016-4242: memory corruption vulnerability that could lead to code execution - CVE-2016-4243: memory corruption vulnerability that could lead to code execution - CVE-2016-4244: memory corruption vulnerability that could lead to code execution - CVE-2016-4245: memory corruption vulnerability that could lead to code execution - CVE-2016-4246: memory corruption vulnerability that could lead to code execution - CVE-2016-4247: race condition vulnerability that could lead to information disclosure - CVE-2016-4248: use-after-free vulnerability that could lead to code execution - CVE-2016-4249: heap buffer overflow vulnerability that could lead to code execution (Important) SUSE bug 988579 CVE-2016-4172 CVE-2016-4173 CVE-2016-4174 CVE-2016-4175 CVE-2016-4176 CVE-2016-4177 CVE-2016-4178 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4222 CVE-2016-4223 CVE-2016-4224 CVE-2016-4225 CVE-2016-4226 CVE-2016-4227 CVE-2016-4228 CVE-2016-4229 CVE-2016-4230 CVE-2016-4231 CVE-2016-4232 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235 CVE-2016-4236 CVE-2016-4237 CVE-2016-4238 CVE-2016-4239 CVE-2016-4240 CVE-2016-4241 CVE-2016-4242 CVE-2016-4243 CVE-2016-4244 CVE-2016-4245 CVE-2016-4246 CVE-2016-4247 CVE-2016-4248 CVE-2016-4249 openSUSE 13.2 This update for libvirt fixes the following issues: - CVE-2016-5008: empty VNC password disables authentication (boo#987527) (Moderate) SUSE bug 854343 SUSE bug 968483 SUSE bug 987527 CVE-2016-5008 openSUSE 13.2 This update for xerces-c fixes the following issues: * CVE-2016-4463 Apache Xerces-C XML Parser Crashes on Malformed DT (boo#985860) * CVE-2016-2099 Exception handling mistake causing use after free (boo#979208) (Moderate) SUSE bug 979208 SUSE bug 985860 CVE-2016-0729 CVE-2016-2099 CVE-2016-4463 openSUSE 13.2 This update for apache2 fixes the following issues: * It used to be possible to set an arbitrary $HTTP_PROXY environment variable for request handlers -- like CGI scripts -- by including a specially crafted HTTP header in the request (CVE-2016-5387). As a result, these server components would potentially direct all their outgoing HTTP traffic through a malicious proxy server. This patch fixes the issue: the updated Apache server ignores such HTTP headers and never sets $HTTP_PROXY for sub-processes (unless a value has been explicitly configured by the administrator in the configuration file). (bsc#988488) This update was imported from the SUSE:SLE-12-SP1:Update update project. (Moderate) SUSE bug 988488 CVE-2016-5387 openSUSE 13.2 This update for samba fixes the following issues: - Prevent client-side SMB2 signing downgrade; CVE-2016-2119; (bso#11860); (boo#986869). - Honor smb.conf socket options in winbind; (boo#975131). - Don't use htons() with IP_PROTO_RAW; (bso#11705); (boo#969522). (Moderate) SUSE bug 969522 SUSE bug 975131 SUSE bug 986869 CVE-2016-2119 openSUSE 13.2 This update for nodejs fixes the following issue: - CVE-2016-1669: * fix buffer overflow in v8 (boo#987919) (Moderate) SUSE bug 987919 CVE-2016-1669 openSUSE 13.2 gnugk was updated fix security issues and bugs. The following issues were fixed: - CVE-2012-3534: denial of service via lots of connections (boo#777486) The new version 4.2 of gnuk also fixes a number of bugs and contains other improvements and fixes. The new library h323plus was added to the distribution as a dependency. (Moderate) SUSE bug 777486 CVE-2012-3534 openSUSE 13.2 Chromium was updated to 52.0.2743.82 to fix the following security issues (boo#989901): - CVE-2016-1706: Sandbox escape in PPAPI - CVE-2016-1707: URL spoofing on iOS - CVE-2016-1708: Use-after-free in Extensions - CVE-2016-1709: Heap-buffer-overflow in sfntly - CVE-2016-1710: Same-origin bypass in Blink - CVE-2016-1711: Same-origin bypass in Blink - CVE-2016-5127: Use-after-free in Blink - CVE-2016-5128: Same-origin bypass in V8 - CVE-2016-5129: Memory corruption in V8 - CVE-2016-5130: URL spoofing - CVE-2016-5131: Use-after-free in libxml - CVE-2016-5132: Limited same-origin bypass in Service Workers - CVE-2016-5133: Origin confusion in proxy authentication - CVE-2016-5134: URL leakage via PAC script - CVE-2016-5135: Content-Security-Policy bypass - CVE-2016-5136: Use after free in extensions - CVE-2016-5137: History sniffing with HSTS and CSP - CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives (Important) SUSE bug 989901 CVE-2016-1705 CVE-2016-1706 CVE-2016-1707 CVE-2016-1708 CVE-2016-1709 CVE-2016-1710 CVE-2016-1711 CVE-2016-5127 CVE-2016-5128 CVE-2016-5129 CVE-2016-5130 CVE-2016-5131 CVE-2016-5132 CVE-2016-5133 CVE-2016-5134 CVE-2016-5135 CVE-2016-5136 CVE-2016-5137 openSUSE 13.2 This update for karchive fixes the following issues: - CVE-2016-6232: A remote attacker could have been able to overwrite arbitrary files when tricking the user into downloading KDE extras such as wallpapers or Plasma Applets (boo#989698) (Important) SUSE bug 989698 CVE-2016-6232 openSUSE 13.2 Python was updated to fix three security issues. The following vulnerabilities were fixed: - CVE-2016-0772: TLS stripping attack on smtplib (bsc#984751) - CVE-2016-5636: zipimporter heap overflow (bsc#985177) - CVE-2016-5699: httplib header injection (bsc#985348) This update also includes all upstream bug fixes and improvements in Python 2.7.12. It also includes the following packaging changes: - reintroduce support for CA directory path The following tracked packaging issues were fixed: - broken overflow checks (bsc#964182) (Moderate) SUSE bug 964182 SUSE bug 984751 SUSE bug 985177 SUSE bug 985348 CVE-2016-0772 CVE-2016-5636 CVE-2016-5699 openSUSE 13.2 This update for go fixes the following issues: - CVE-2015-5739: "Content Length" treated as valid header - CVE-2015-5740: Double content-length headers does not return 400 error - CVE-2015-5741: Additional hardening, not sending Content-Length w/Transfer-Encoding, Closing connections Go was updated to 1.4.3 with the following additional changes: - build: remove -Werror from cmd/dist - runtime: panic when accessing an empty struct value appended to an uninitialized slice - runtime: garbage collector found invalid heap pointer iterating over map (Moderate) SUSE bug 989630 CVE-2015-5739 CVE-2015-5740 CVE-2015-5741 openSUSE 13.2 This update for tiff fixes the following issues: Security issues fixed: - CVE-2016-5314: Fixed an out-of-bounds write in PixarLogDecode() function (boo#984831) - CVE-2016-5316: Fixed an out-of-bounds read in PixarLogCleanup() function in tif_pixarlog.c (boo#984837) - CVE-2016-5317: Fixed an out-of-bounds write in PixarLogDecode() function in libtiff.so (boo#984842) - CVE-2016-5320: Fixed an out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c (boo#984808) - CVE-2016-5875: Fixed a heap-based buffer overflow when using the PixarLog compressionformat (boo#987351) Bugs fixed: - boo#964225: Fixed writes for invalid images (upstream bug #2522) (Moderate) SUSE bug 964225 SUSE bug 984808 SUSE bug 984831 SUSE bug 984837 SUSE bug 984842 SUSE bug 987351 CVE-2016-5314 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5875 openSUSE 13.2 This update for dropbear fixes four security issues (bnc#990363): - A format string injection vulnerability allowed remotes attacker to run arbitrary code as root if specific usernames including "%" symbols could be created on the target system. If a dbclient user can control usernames or host arguments, or untrusted input is processed, potentially arbitrary code could have been executed as the dbclient user. - When importing malicious OpenSSH key files via dropbearconvert, arbitrary code could have been executed as the local dropbearconvert user - If particular -m or -c arguments were provided, as used in scripts, dbclient could have executed arbitrary code - dbclient or dropbear server could have exposed process memory to the running user if compiled with DEBUG_TRACE and running with -v Dropbear was updated to the upstream 2016.74 release, including fixes for the following upstream issues: - Port forwarding failure when connecting to domains that have both IPv4 and IPv6 addresses - 100% CPU use while waiting for rekey to complete - Fix crash when fallback initshells() is used scp failing when the local user doesn't exist The following upstream improvements are included: - Support syslog in dbclient, option -o usesyslog=yes - Kill a proxycommand when dbclient exits - Option to exit when a TCP forward fails - Allow specifying commands eg "dropbearmulti dbclient ..." instead of symlinks (Critical) SUSE bug 990363 openSUSE 13.2 This update fixes the following security issues: - CVE-2015-6908: The ber_get_next function allowed remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. (bsc#945582) - CVE-2015-4000: Fix weak Diffie-Hellman size vulnerability. (bsc#937766) It also fixes the following non-security bugs: - bsc#955210: Unresponsive LDAP host lookups in IPv6 environment - bsc#904028: Add missing dependency binutils used by %pre. (Important) SUSE bug 904028 SUSE bug 937766 SUSE bug 945582 SUSE bug 955210 CVE-2015-4000 CVE-2015-6908 openSUSE 13.2 This libidn update to version 1.33 fixes the following issues: Security issues fixed: - CVE-2015-8948, CVE-2016-6262: Fixed an out-of-bounds-read when reading one zero byte as input (bsc#990189). - CVE-2016-6263: Fixed stringprep_utf8_nfkc_normalize to reject invalid UTF-8 (bsc#boo#990191). Included bugfixes: - Fixed crash in idna_to_unicode_8z8z and idna_to_unicode_8zlz (introduced in 1.31). - API and ABI is backwards compatible with the previous version. - Update gpg keyring (Moderate) SUSE bug 990189 SUSE bug 990191 CVE-2015-8948 CVE-2016-6262 CVE-2016-6263 openSUSE 13.2 This update for mupdf fixes the following issues: Security issues fixed: - CVE-2016-6265: Fixed a use-after-free issue (boo#990195). (Moderate) SUSE bug 990195 CVE-2016-6265 openSUSE 13.2 This update for ecryptfs-utils fixes the following issues: - CVE-2016-1572: A local user could have escalated privileges by mounting over special filesystems (bsc#962052) (Moderate) SUSE bug 962052 CVE-2016-1572 openSUSE 13.2 This update for sqlite3 fixes the following issues: - CVE-2016-6153: Tempdir Selection Vulnerability could have led to data leakage under very specific, non-default circumstances (boo#987394) (Low) SUSE bug 987394 CVE-2016-6153 openSUSE 13.2 This update for polarssl fixes the following issues: - CVE-2015-8036: A heap-based buffer overflow could have allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a long session ticket name to the session ticket extension (boo#989694) (Moderate) SUSE bug 989694 CVE-2015-8036 openSUSE 13.2 Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and deliver various improvements. The following major changes are included: - Process separation (e10s) is enabled for some users - Add-ons that have not been verified and signed by Mozilla will not load - WebRTC enhancements - The media parser has been redeveloped using the Rust programming language - better Canvas performance with speedy Skia support - Now requires NSS 3.24 The following security issues were fixed: (boo#991809) - CVE-2016-2835/CVE-2016-2836: Miscellaneous memory safety hazards - CVE-2016-2830: Favicon network connection can persist when page is closed - CVE-2016-2838: Buffer overflow rendering SVG with bidirectional content - CVE-2016-2839: Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 - CVE-2016-5251: Location bar spoofing via data URLs with malformed/invalid mediatypes - CVE-2016-5252: Stack underflow during 2D graphics rendering - CVE-2016-0718: Out-of-bounds read during XML parsing in Expat library - CVE-2016-5254: Use-after-free when using alt key and toplevel menus - CVE-2016-5255: Crash in incremental garbage collection in JavaScript - CVE-2016-5258: Use-after-free in DTLS during WebRTC session shutdown - CVE-2016-5259: Use-after-free in service workers with nested sync events - CVE-2016-5260: Form input type change from password to text can store plain text password in session restore file - CVE-2016-5261: Integer overflow in WebSockets during data buffering - CVE-2016-5262: Scripts on marquee tag can execute in sandboxed iframes - CVE-2016-2837: Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback - CVE-2016-5263: Type confusion in display transformation - CVE-2016-5264: Use-after-free when applying SVG effects - CVE-2016-5265: Same-origin policy violation using local HTML file and saved shortcut file - CVE-2016-5266: Information disclosure and local file manipulation through drag and drop - CVE-2016-5268: Spoofing attack through text injection into internal error pages - CVE-2016-5250: Information disclosure through Resource Timing API during page navigation The following non-security changes are included: - The AppData description and screenshots were updated. - Fix Firefox crash on startup on i586 (boo#986541) - The Selenium WebDriver may have caused Firefox to crash at startup - fix build issues with gcc/binutils combination used in Leap 42.2 (boo#984637) - Fix running on 48bit va aarch64 (boo#984126) - fix XUL dialog button order under KDE session (boo#984403) Mozilla NSS was updated to 3.24 as a dependency. Changes in mozilla-nss: - NSS softoken updated with latest NIST guidance - NSS softoken updated to allow NSS to run in FIPS Level 1 (no password) - Various added and deprecated functions - Remove most code related to SSL v2, including the ability to actively send a SSLv2-compatible client hello. - Protect against the Cachebleed attack. - Disable support for DTLS compression. - Improve support for TLS 1.3. This includes support for DTLS 1.3. (experimental) (Important) SUSE bug 984126 SUSE bug 984403 SUSE bug 984637 SUSE bug 986541 SUSE bug 991809 CVE-2016-0718 CVE-2016-2830 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5250 CVE-2016-5251 CVE-2016-5252 CVE-2016-5254 CVE-2016-5255 CVE-2016-5258 CVE-2016-5259 CVE-2016-5260 CVE-2016-5261 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-5266 CVE-2016-5268 openSUSE 13.2 This update for java-1_8_0-openjdk fixes the following issues: - Upgrade to version jdk8u101 (icedtea 3.1.0) - New in release 3.1.0 (2016-07-25): * Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (boo#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (boo#989734) - S8146514: Enforce GCM limits - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (boo#989730) - S8149070: Enforce update ordering - S8149962, CVE-2016-3508: Better delineation of XML processing (boo#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (boo#989733) - S8153312: Constrain AppCDS behavior - S8154475, CVE-2016-3587: Clean up lookup visibility (boo#989721) - S8155981, CVE-2016-3606: Bolster bytecode verification (boo#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (boo#989723) - S8158571, CVE-2016-3610: Additional method handle validation (boo#989725) - CVE-2016-3552 (boo#989726) - CVE-2016-3511 (boo#989727) - CVE-2016-3503 (boo#989728) - CVE-2016-3498 (boo#989729) * New features - S8145547, PR1061: [AWT/Swing] Conditional support for GTK 3 on Linux - PR2821: Support building OpenJDK with --disable-headful - PR2931, G478960: Provide Infinality Support via fontconfig - PR3079: Provide option to build Shenandoah on x86_64 * Import of OpenJDK 8 u92 build 14 - S6869327: Add new C2 flag to keep safepoints in counted loops. - S8022865: [TESTBUG] Compressed Oops testing needs to be revised - S8029630: Thread id should be displayed as a hex number in error report - S8029726: On OS X some dtrace probe names are mismatched with Solaris - S8029727: On OS X dtrace probes Call<type>MethodA/Call<type>MethodV are not fired. - S8029728: On OS X dtrace probes SetStaticBooleanField are not fired - S8038184: XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String - S8038349: Signing XML with DSA throws Exception when key is larger than 1024 bits - S8041501: ImageIO reader is not capable of reading JPEGs without JFIF header - S8041900: [macosx] Java forces the use of discrete GPU - S8044363: Remove special build options for unpack200 executable - S8046471: Use OPENJDK_TARGET_CPU_ARCH instead of legacy value for hotspot ARCH - S8046611: Build errors with gcc on sparc/fastdebug - S8047763: Recognize sparc64 as a sparc platform - S8048232: Fix for 8046471 breaks PPC64 build - S8052396: Catch exceptions resulting from missing font cmap - S8058563: InstanceKlass::_dependencies list isn't cleared from empty nmethodBucket entries - S8061624: [TESTBUG] Some tests cannot be ran under compact profiles and therefore shall be excluded - S8062901: Iterators is spelled incorrectly in the Javadoc for Spliterator - S8064330: Remove SHA224 from the default support list if SunMSCAPI enabled - S8065579: WB method to start G1 concurrent mark cycle should be introduced - S8065986: Compiler fails to NullPointerException when calling super with Object<>() - S8066974: Compiler doesn't infer method's generic type information in lambda body - S8067800: Clarify java.time.chrono.Chronology.isLeapYear for out of range years - S8068033: JNI exception pending in jdk/src/share/bin/java.c - S8068042: Check jdk/src/share/native/sun/misc/URLClassPath.c for JNI pending - S8068162: jvmtiRedefineClasses.cpp: guarantee(false) failed: OLD and/or OBSOLETE method(s) found - S8068254: Method reference uses wrong qualifying type - S8074696: Remote debugging session hangs for several minutes when calling findBootType - S8074935: jdk8 keytool doesn't validate pem files for RFC 1421 correctness, as jdk7 did - S8078423: [TESTBUG] javax/print/PrintSEUmlauts/PrintSEUmlauts.java relies on system locale - S8080492: [Parfait] Uninitialised variable in jdk/src/java/desktop/windows/native/libawt/ - S8080650: Enable stubs to use frame pointers correctly - S8122944: perfdata used is seen as too high on sparc zone with jdk1.9 and causes a test failure - S8129348: Debugger hangs in trace mode with TRACE_SENDS - S8129847: Compiling methods generated by Nashorn triggers high memory usage in C2 - S8130506: javac AssertionError when invoking MethodHandle.invoke with lambda parameter - S8130910: hsperfdata file is created in wrong directory and not cleaned up if /tmp/hsperfdata_<username> has wrong permissions - S8131129: Attempt to define a duplicate BMH$Species class - S8131665: Bad exception message in HandshakeHash.getFinishedHash - S8131782: C1 Class.cast optimization breaks when Class is loaded from static final - S8132503: [macosx] Chinese full stop symbol cannot be entered with Pinyin IM on OS X - S8133207: ParallelProbes.java test fails after changes for JDK-8080115 - S8133924: NPE may be thrown when xsltc select a non-existing node after JDK-8062518 - S8134007: Improve string folding - S8134759: jdb: Incorrect stepping inside finally block - S8134963: [Newtest] New stress test for changing the coarseness level of G1 remembered set - S8136442: Don't tie Certificate signature algorithms to ciphersuites - S8137106: EUDC (End User Defined Characters) are not displayed on Windows with Java 8u60+ - S8138745: Implement ExitOnOutOfMemory and CrashOnOutOfMemory in HotSpot - S8138764: In some cases the usage of TreeLock can be replaced by other synchronization - S8139373: [TEST_BUG] java/net/MulticastSocket/MultiDead.java failed with timeout - S8139424: SIGSEGV, Problematic frame: # V [libjvm.so+0xd0c0cc] void InstanceKlass::oop_oop_iterate_oop_maps_specialized<true,oopDesc*,MarkAndPushClosure> - S8139436: sun.security.mscapi.KeyStore might load incomplete data - S8139751: Javac crash with -XDallowStringFolding=false - S8139863: [TESTBUG] Need to port tests for JDK-8134903 to 8u-dev - S8139985: JNI exception pending in jdk/src/jdk/hprof/agent/share/native/libhprof - S8140031: SA: Searching for a value in Threads does not work - S8140249: JVM Crashing During startUp If Flight Recording is enabled - S8140344: add support for 3 digit update release numbers - S8140587: Atomic*FieldUpdaters should use Class.isInstance instead of direct class check - S8141260: isReachable crash in windows xp - S8143297: Nashorn compilation time reported in nanoseconds - S8143397: It looks like InetAddress.isReachable(timeout) works incorrectly - S8143855: Bad printf formatting in frame_zero.cpp - S8143896: java.lang.Long is implicitly converted to double - S8143963: improve ClassLoader::trace_class_path to accept an additional outputStream* arg - S8144020: Remove long as an internal numeric type - S8144131: ArrayData.getInt implementations do not convert to int32 - S8144483: One long Safepoint pause directly after each GC log rotation - S8144487: PhaseIdealLoop::build_and_optimize() must restore major_progress flag if skip_loop_opts is true - S8144885: agent/src/os/linux/libproc.h needs to support Linux/SPARC builds - S8144935: C2: safepoint is pruned from a non-counted loop - S8144937: [TEST_BUG] testlibrary_tests should be excluded for compact1 and compact2 execution - S8145017: Add support for 3 digit hotspot minor version numbers - S8145099: Better error message when SA can't attach to a process - S8145442: Add the facility to verify remembered sets for G1 - S8145466: javac: No line numbers in compilation error - S8145539: (coll) AbstractMap.keySet and .values should not be volatile - S8145550: Megamorphic invoke should use CompiledFunction variants without any LinkLogic - S8145669: apply2call optimized callsite fails after becoming megamorphic - S8145722: NullPointerException in javadoc - S8145754: PhaseIdealLoop::is_scaled_iv_plus_offset() does not match AddI - S8146147: Java linker indexed property getter does not work for computed nashorn string - S8146566: OpenJDK build can't handle commas in LDFLAGS - S8146725: Issues with SignatureAndHashAlgorithm.getSupportedAlgorithms - S8146979: Backport of 8046471 breaks ppc64 build in jdk8u because 8072383 was badly backported before - S8147087: Race when reusing PerRegionTable bitmaps may result in dropped remembered set entries - S8147630: Wrong test result pushed to 8u-dev - S8147845: Varargs Array functions still leaking longs - S8147857: RMIConnector logs attribute names incorrectly - S8148353: [linux-sparc] Crash in libawt.so on Linux SPARC - S8150791: 8u76 L10n resource file translation update * Import of OpenJDK 8 u101 build 13 - S6483657: MSCAPI provider does not create unique alias names - S6675699: need comprehensive fix for unconstrained ConvI2L with narrowed type - S8037557: test SessionCacheSizeTests.java timeout - S8038837: Add support to jarsigner for specifying timestamp hash algorithm - S8081778: Use Intel x64 CPU instructions for RSA acceleration - S8130150: Implement BigInteger.montgomeryMultiply intrinsic - S8130735: javax.swing.TimerQueue: timer fires late when another timer starts - S8143913: MSCAPI keystore should accept Certificate[] in setEntry() - S8144313: Test SessionTimeOutTests can be timeout - S8146240: Three nashorn files contain "GNU General Public License" header - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed out - S8146669: Test SessionTimeOutTests fails intermittently - S8146993: Several javax/management/remote/mandatory regression tests fail after JDK-8138811 - S8147994: [macosx] JScrollPane jitters up/down during trackpad scrolling on MacOS/Aqua - S8151522: Disable 8130150 and 8081778 intrinsics by default - S8151876: (tz) Support tzdata2016d - S8152098: Fix 8151522 caused test compiler/intrinsics/squaretolen/TestSquareToLen.java to fail - S8157077: 8u101 L10n resource file updates * Backports - S6260348, PR3066: GTK+ L&F JTextComponent not respecting desktop caret blink rate - S6778087, PR1061: getLocationOnScreen() always returns (0, 0) for mouse wheel events - S6961123, PR2972: setWMClass fails to null-terminate WM_CLASS string - S8008657, PR3077: JSpinner setComponentOrientation doesn't affect on text orientation - S8014212, PR2866: Robot captures black screen - S8029339, PR1061: Custom MultiResolution image support on HiDPI displays - S8031145, PR3077: Re-examine closed i18n tests to see it they can be moved to the jdk repository. - S8034856, PR3095: gcc warnings compiling src/solaris/native/sun/security/pkcs11 - S8034857, PR3095: gcc warnings compiling src/solaris/native/sun/management - S8035054, PR3095: JarFacade.c should not include ctype.h - S8035287, PR3095: gcc warnings compiling various libraries files - S8038631, PR3077: Create wrapper for awt.Robot with additional functionality - S8039279, PR3077: Move awt tests to openjdk repository - S8041561, PR3077: Inconsistent opacity behaviour between JCheckBox and JRadioButton - S8041592, PR3077: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk - S8041915, PR3077: Move 8 awt tests to OpenJDK regression tests tree - S8043126, PR3077: move awt automated functional tests from AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository - S8043131, PR3077: Move ShapedAndTranslucentWindows and GC functional AWT tests to regression tree - S8044157, PR3077: [TEST_BUG] Improve recently submitted AWT_Mixing tests - S8044172, PR3077: [TEST_BUG] Move regtests for 4523758 and AltPlusNumberKeyCombinationsTest to jdk - S8044429, PR3077: move awt automated tests for AWT_Modality to OpenJDK repository - S8044762, PR2960: com/sun/jdi/OptionTest.java test time out - S8044765, PR3077: Move functional tests AWT_SystemTray/Automated to openjdk repository - S8047180, PR3077: Move functional tests AWT_Headless/Automated to OpenJDK repository - S8047367, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 2 - S8048246, PR3077: Move AWT_DnD/Clipboard/Automated functional tests to OpenJDK - S8049226, PR2960: com/sun/jdi/OptionTest.java test times out again - S8049617, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 3 - S8049694, PR3077: Migrate functional AWT_DesktopProperties/Automated tests to OpenJDK - S8050885, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 4 - S8051440, PR3077: move tests about maximizing undecorated to OpenJDK - S8052012, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 5 - S8052408, PR3077: Move AWT_BAT functional tests to OpenJDK (3 of 3) - S8053657, PR3077: [TEST_BUG] move some 5 tests related to undecorated Frame/JFrame to JDK - S8054143, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 6 - S8054358, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 7 - S8054359, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 8 - S8055360, PR3077: Move the rest part of AWT ShapedAndTranslucent tests to OpenJDK - S8055664, PR3077: move 14 tests about setLocationRelativeTo to jdk - S8055836, PR3077: move awt tests from AWT_Modality to OpenJDK repository - part 9 - S8056911, PR3077: Remove internal API usage from ExtendedRobot class - S8057694, PR3077: move awt tests from AWT_Modality to OpenJDK repository - part 10 - S8058959, PR1061: closed/java/awt/event/ComponentEvent/MovedResizedTwiceTest/MovedResizedTwiceTest.java failed automatically - S8062606, PR3077: Fix a typo in java.awt.Robot class - S8063102, PR3077: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 1 - S8063104, PR3077: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 2 - S8063106, PR3077: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 1 - S8063107, PR3077: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 2 - S8064573, PR3077: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.java is asocial pressing VK_LEFT and not releasing - S8064575, PR3077: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys and never releases - S8064809, PR3077: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java contains a lot of keyPress and not a single keyRelease - S8067441, PR3077: Some tests fails with error: cannot find symbol getSystemMnemonicKeyCodes() - S8068228, PR3077: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameTest fails with GTKLookAndFeel - S8069361, PR1061: SunGraphics2D.getDefaultTransform() does not include scale factor - S8073320, PR1061: Windows HiDPI Graphics support - S8074807, PR3077: Fix some tests unnecessary using internal API - S8076315, PR3077: move 4 manual functional swing tests to regression suite - S8078504, PR3094: Zero lacks declaration of VM_Version::initialize() - S8129822, PR3077: Define "headful" jtreg keyword - S8132123, PR1061: MultiResolutionCachedImage unnecessarily creates base image to get its size - S8133539, PR1061: [TEST_BUG] Split java/awt/image/MultiResolutionImageTest.java in two to allow restricted access - S8137571, PR1061: Linux HiDPI Graphics support - S8142406, PR1061: [TEST] MultiResolution image: need test to cover the case when @2x image is corrupted - S8145188, PR2945: No LocalVariableTable generated for the entire JDK - S8150258, PR1061: [TEST] HiDPI: create a test for multiresolution menu items icons - S8150724, PR1061: [TEST] HiDPI: create a test for multiresolution icons - S8150844, PR1061: [hidpi] [macosx] -Dsun.java2d.uiScale should be taken into account for OS X - S8151841, PR2882: Build needs additional flags to compile with GCC 6 [plus parts of 8149647 & 8032045] - S8155613, PR1061: [PIT] crash in AWT_Desktop/Automated/Exceptions/BasicTest - S8156020, PR1061: 8145547 breaks AIX and and uses RTLD_NOLOAD incorrectly - S8156128, PR1061: Tests for [AWT/Swing] Conditional support for GTK 3 on Linux - S8158260, PR2991, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions - S8159244, PR3074: Partially initialized string object created by C2's string concat optimization may escape - S8159690, PR3077: [TESTBUG] Mark headful tests with @key headful. - S8160294, PR2882, PR3095: Some client libraries cannot be built with GCC 6 * Bug fixes - PR1958: GTKLookAndFeel does not honor gtk-alternative-button-order - PR2822: Feed LIBS & CFLAGS into configure rather than make to avoid re-discovery by OpenJDK configure - PR2932: Support ccache in a non-automagic manner - PR2933: Support ccache 3.2 and later - PR2964: Set system defaults based on OS - PR2974, RH1337583: PKCS#10 certificate requests now use CRLF line endings rather than system line endings - PR3078: Remove duplicated line dating back to 6788347 and 6894807 - PR3083, RH1346460: Regression in SSL debug output without an ECC provider - PR3089: Remove old memory limits patch - PR3090, RH1204159: SystemTap is heavily confused by multiple JDKs - PR3095: Fix warnings in URLClassPath.c - PR3096: Remove dead --disable-optimizations option - PR3105: Use version from hotspot.map to create tarball filename - PR3106: Handle both correctly-spelt property "enableCustomValueHandler" introduced by S8079718 and typo version - PR3108: Shenandoah patches not included in release tarball - PR3110: Update hotspot.map documentation in INSTALL - Fix script linking /usr/share/javazi/tzdb.dat for platform where it applies (boo#987895) - Fix aarch64 running with 48 bits va space (boo#984684) (Moderate) SUSE bug 984684 SUSE bug 987895 SUSE bug 989721 SUSE bug 989722 SUSE bug 989723 SUSE bug 989725 SUSE bug 989726 SUSE bug 989727 SUSE bug 989728 SUSE bug 989729 SUSE bug 989730 SUSE bug 989731 SUSE bug 989732 SUSE bug 989733 SUSE bug 989734 CVE-2016-3458 CVE-2016-3485 CVE-2016-3498 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3511 CVE-2016-3550 CVE-2016-3552 CVE-2016-3587 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610 openSUSE 13.2 This update for redis fixes the following issues: - CVE-2013-7458: unsafe permissions of command line history (boo#991250) (Moderate) SUSE bug 991250 CVE-2013-7458 openSUSE 13.2 This update for bsdiff fixes the following issues: - CVE-2014-9862: Improper checking of input allows arbitrary write on heap (boo#990660) (Moderate) SUSE bug 990660 CVE-2014-9862 openSUSE 13.2 Wireshark was updated to 1.12.13 to fix a number of minor security issues and bugs. This release fixes a number issues in protocol dissectors that could have allowed a remote attacker to crash Wireshark or cause excessive CPU usage through specially crafted packages inserted into the network or a capture file. - CVE-2016-6504: NDS dissector crash (boo#991012) - CVE-2016-6505: PacketBB crash (boo#991013) - CVE-2016-6506: WSP infinite loop (boo#991015) - CVE-2016-6507: MMSE infinite loop (boo#991016) - CVE-2016-6508: RLC long loop (boo#991017) - CVE-2016-6509: LDSS dissector crash (boo#991018) - CVE-2016-6510: RLC dissector crash (boo#991019) - CVE-2016-6511: OpenFlow long loop (boo#991020) This update also includes further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.13.html (Low) SUSE bug 991012 SUSE bug 991013 SUSE bug 991015 SUSE bug 991016 SUSE bug 991017 SUSE bug 991018 SUSE bug 991019 SUSE bug 991020 CVE-2016-6504 CVE-2016-6505 CVE-2016-6506 CVE-2016-6507 CVE-2016-6508 CVE-2016-6509 CVE-2016-6510 CVE-2016-6511 openSUSE 13.2 Chromium was updated to 52.0.2743.116 to fix the following security issues: (boo#992305) - CVE-2016-5141: Address bar spoofing (boo#992314) - CVE-2016-5142: Use-after-free in Blink (boo#992313) - CVE-2016-5139: Heap overflow in pdfium (boo#992311) - CVE-2016-5140: Heap overflow in pdfium (boo#992310) - CVE-2016-5145: Same origin bypass for images in Blink (boo#992320) - CVE-2016-5143: Parameter sanitization failure in DevTools (boo#992319) - CVE-2016-5144: Parameter sanitization failure in DevTools (boo#992315) - CVE-2016-5146: Various fixes from internal audits, fuzzing and other initiatives (boo#992309) (Important) SUSE bug 992305 SUSE bug 992309 SUSE bug 992310 SUSE bug 992311 SUSE bug 992313 SUSE bug 992314 SUSE bug 992315 SUSE bug 992319 SUSE bug 992320 CVE-2016-5139 CVE-2016-5140 CVE-2016-5141 CVE-2016-5142 CVE-2016-5143 CVE-2016-5144 CVE-2016-5145 CVE-2016-5146 openSUSE 13.2 This update for wget fixes the following issue: - CVE-2016-4971: HTTP to a FTP redirection file name confusion vulnerability (boo#984060). (Moderate) SUSE bug 984060 CVE-2016-4971 openSUSE 13.2 This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.7 - OpenJDK 7u111 * Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729) * Import of OpenJDK 7 u111 build 0 - S6953295: Move few sun.security.{util, x509, pkcs} classes used by keytool/jarsigner to another package - S7060849: Eliminate pack200 build warnings - S7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror - S7069870: Parts of the JDK erroneously rely on generic array initializers with diamond - S7102686: Restructure timestamp code so that jars and modules can more easily share the same code - S7105780: Add SSLSocket client/SSLEngine server to templates directory - S7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done - S7152582: PKCS11 tests should use the NSS libraries available in the OS - S7192202: Make sure keytool prints both unknown and unparseable extensions - S7194449: String resources for Key Tool and Policy Tool should be in their respective packages - S7196855: autotest.sh fails on ubuntu because libsoftokn.so not found - S7200682: TEST_BUG: keytool/autotest.sh still has problems with libsoftokn.so - S8002306: (se) Selector.open fails if invoked with thread interrupt status set [win] - S8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID) as defined in RFC3161 - S8019341: Update CookieHttpsClientTest to use the newer framework. - S8022228: Intermittent test failures in sun/security/ssl/javax/net/ssl/NewAPIs - S8022439: Fix lint warnings in sun.security.ec - S8022594: Potential deadlock in <clinit> of sun.nio.ch.Util/IOUtil - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails intermittently - S8036612: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/mscapi/security.cpp - S8037557: test SessionCacheSizeTests.java timeout - S8038837: Add support to jarsigner for specifying timestamp hash algorithm - S8079410: Hotspot version to share the same update and build version from JDK - S8130735: javax.swing.TimerQueue: timer fires late when another timer starts - S8139436: sun.security.mscapi.KeyStore might load incomplete data - S8144313: Test SessionTimeOutTests can be timeout - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed out - S8146669: Test SessionTimeOutTests fails intermittently - S8146993: Several javax/management/remote/mandatory regression tests fail after JDK-8138811 - S8147857: [TEST] RMIConnector logs attribute names incorrectly - S8151841, PR3098: Build needs additional flags to compile with GCC 6 - S8151876: (tz) Support tzdata2016d - S8157077: 8u101 L10n resource file updates - S8161262: Fix jdk build with gcc 4.1.2: -fno-strict-overflow not known. * Import of OpenJDK 7 u111 build 1 - S7081817: test/sun/security/provider/certpath/X509CertPath/IllegalCertificates.java failing - S8140344: add support for 3 digit update release numbers - S8145017: Add support for 3 digit hotspot minor version numbers - S8162344: The API changes made by CR 7064075 need to be reverted * Backports - S2178143, PR2958: JVM crashes if the number of bound CPUs changed during runtime - S4900206, PR3101: Include worst-case rounding tests for Math library functions - S6260348, PR3067: GTK+ L&F JTextComponent not respecting desktop caret blink rate - S6934604, PR3075: enable parts of EliminateAutoBox by default - S7043064, PR3020: sun/java2d/cmm/ tests failed against RI b141 & b138-nightly - S7051394, PR3020: NullPointerException when running regression tests LoadProfileTest by using openjdk-7-b144 - S7086015, PR3013: fix test/tools/javac/parser/netbeans/JavacParserTest.java - S7119487, PR3013: JavacParserTest.java test fails on Windows platforms - S7124245, PR3020: [lcms] ColorConvertOp to color space CS_GRAY apparently converts orange to 244,244,0 - S7159445, PR3013: (javac) emits inaccurate diagnostics for enhanced for-loops - S7175845, PR1437, RH1207129: 'jar uf' changes file permissions unexpectedly - S8005402, PR3020: Need to provide benchmarks for color management - S8005530, PR3020: [lcms] Improve performance of ColorConverOp for default destinations - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel is not transferred from source to destination. - S8013430, PR3020: REGRESSION: closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadProfileTest.java fails with java.io.StreamCorruptedException: invalid type code: EE since 8b87 - S8014286, PR3075: failed java/lang/Math/DivModTests.java after 6934604 changes - S8014959, PR3075: assert(Compile::current()->live_nodes() < (uint)MaxNodeLimit) failed: Live Node limit exceeded limit - S8019247, PR3075: SIGSEGV in compiled method c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object - S8024511, PR3020: Crash during color profile destruction - S8025429, PR3020: [parfait] warnings from b107 for sun.java2d.cmm: JNI exception pending - S8026702, PR3020: Fix for 8025429 breaks jdk build on windows - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for Java_awt test suit - S8047066, PR3020: Test test/sun/awt/image/bug8038000.java fails with ClassCastException - S8069181, PR3012, RH1015612: java.lang.AssertionError when compiling JDK 1.4 code in JDK 8 - S8158260, PR2992, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (bsc#988651) - S8159244, PR3075: Partially initialized string object created by C2's string concat optimization may escape * Bug fixes - PR2799, RH1195203: Files are missing from resources.jar - PR2900: Don't use WithSeed versions of NSS functions as they don't fully process the seed - PR3091: SystemTap is heavily confused by multiple JDKs - PR3102: Extend 8022594 to AixPollPort - PR3103: Handle case in clean-fonts where linux.fontconfig.Gentoo.properties.old has not been created - PR3111: Provide option to disable SystemTap tests - PR3114: Don't assume system mime.types supports text/x-java-source - PR3115: Add check for elliptic curve cryptography implementation - PR3116: Add tests for Java debug info and source files - PR3118: Path to agpl-3.0.txt not updated - PR3119: Makefile handles cacerts as a symlink, but the configure check doesn't * AArch64 port - S8148328, PR3100: aarch64: redundant lsr instructions in stub code. - S8148783, PR3100: aarch64: SEGV running SpecJBB2013 - S8148948, PR3100: aarch64: generate_copy_longs calls align() incorrectly - S8150045, PR3100: arraycopy causes segfaults in SATB during garbage collection - S8154537, PR3100: AArch64: some integer rotate instructions are never emitted - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess loads in wrong mode - S8157906, PR3100: aarch64: some more integer rotate instructions are never emitted (Important) SUSE bug 988651 SUSE bug 989722 SUSE bug 989723 SUSE bug 989725 SUSE bug 989727 SUSE bug 989728 SUSE bug 989729 SUSE bug 989730 SUSE bug 989731 SUSE bug 989732 SUSE bug 989733 SUSE bug 989734 CVE-2016-3458 CVE-2016-3485 CVE-2016-3498 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3511 CVE-2016-3550 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610 openSUSE 13.2 This update addresses a security issue affecting code statically linked with go: - CVE-2016-5386: A remote attacker could set the HTTP_PROXY environment variable via Proxy header (bsc#988487) (Low) SUSE bug 988487 CVE-2016-5386 openSUSE 13.2 This update for ImageMagick fixes the following issues: - security update: * CVE-2016-6520: buffer overflow [bsc#991872] * CVE-2016-5010: Out-of-bounds read in CopyMagickMemory [bsc#991444] * CVE-2016-6491: Out-of-bounds read when processing crafted tiff files [bsc#991445] (Moderate) SUSE bug 991444 SUSE bug 991445 SUSE bug 991872 CVE-2016-5010 CVE-2016-6491 CVE-2016-6520 openSUSE 13.2 This update for php5 fixes the following issues: - security update: * CVE-2016-6128: Invalid color index not properly handled [bsc#987580] * CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032] * CVE-2016-6292: Null pointer dereference in exif_process_user_comment [bsc#991422] * CVE-2016-6295: Use after free in SNMP with GC and unserialize() [bsc#991424] * CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426] * CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE [bsc#991427] * CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex [bsc#991428] * CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization [bsc#991429] * CVE-2016-5399: Improper error handling in bzread() [bsc#991430] * CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c [bsc#991437] * CVE-2016-6207: Integer overflow error within _gdContributionsAlloc() [bsc#991434] * CVE-2016-6288: Buffer over-read in php_url_parse_ex [bsc#991433] (Moderate) SUSE bug 987580 SUSE bug 988032 SUSE bug 991422 SUSE bug 991424 SUSE bug 991426 SUSE bug 991427 SUSE bug 991428 SUSE bug 991429 SUSE bug 991430 SUSE bug 991433 SUSE bug 991434 SUSE bug 991437 CVE-2016-5399 CVE-2016-6128 CVE-2016-6161 CVE-2016-6207 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297 openSUSE 13.2 This update for harfbuzz fixes the following security issues: - CVE-2016-2052: harfbuzz: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6 (boo#963436) - CVE-2015-8947: harfbuzz: hb-ot-layout-gpos-table.hh buffer over-read (boo#989564) (Moderate) SUSE bug 963436 SUSE bug 989564 CVE-2015-8947 CVE-2016-2052 openSUSE 13.2 Chromium was updated to 48.0.2564.82 to fix security issues and bugs. The following vulnerabilities were fixed: - CVE-2016-1612: Bad cast in V8 (boo#963184) - CVE-2016-1613: Use-after-free in PDFium (boo#963185) - CVE-2016-1614: Information leak in Blink (boo#963186) - CVE-2016-1615: Origin confusion in Omnibox (boo#963187) - CVE-2016-1616: URL Spoofing (boo#963188) - CVE-2016-1617: History sniffing with HSTS and CSP (boo#963189) - CVE-2016-1618: Weak random number generator in Blink (boo#963190) - CVE-2016-1619: Out-of-bounds read in PDFium (boo#963191) - CVE-2016-1620 chromium-browser: various fixes (boo#963192) This update also enables SSE2 support on x86_64, VA-API hardware acceleration and fixes a crash when trying to enable the Chromecast extension. (Important) SUSE bug 963184 SUSE bug 963185 SUSE bug 963186 SUSE bug 963187 SUSE bug 963188 SUSE bug 963189 SUSE bug 963190 SUSE bug 963191 SUSE bug 963192 CVE-2016-1612 CVE-2016-1613 CVE-2016-1614 CVE-2016-1615 CVE-2016-1616 CVE-2016-1617 CVE-2016-1618 CVE-2016-1619 CVE-2016-1620 openSUSE 13.2 This update for roundcubemail fixes the following vulnerabilities: - CVE-2015-8864: XSS issue in SVG images handling (boo#976988) - CVE-2015-2181: issue in DBMail driver of password plugin Roundcubemail was also updated to 1.0.9, fixing the following bugs: - Fix a regression where some contact data was missing in export and PHP warnings were logged - Enable use of TLSv1.1 and TLSv1.2 for IMAP - Fix bug where Archive/Junk buttons were not active after page jump with select=all mode - Fix bug in long recipients list parsing for cases where recipient name contained @-char - Fix additional_message_headers plugin compatibility with Mail_Mime >= 1.9 - Hide DSN option in Preferences when smtp_server is not used (Moderate) SUSE bug 976988 CVE-2015-2181 CVE-2015-8864 openSUSE 13.2 This update for python3 fixes the following issues: - apply fix for CVE-2016-1000110 - CGIHandler: sets environmental variable based on user supplied Proxy request header (fixes boo#989523, CVE-2016-1000110) - update to 3.4.5 check: https://docs.python.org/3.4/whatsnew/changelog.html (fixes boo#984751, CVE-2016-0772) (fixes boo#985177, CVE-2016-5636) (fixes boo#985348, CVE-2016-5699) - Bump DH parameters to 2048 bit to fix logjam security issue. boo#935856 - apply fix for CVE-2016-1000110 - CGIHandler: sets environmental variable based on user supplied Proxy request header: (fixes boo#989523, CVE-2016-1000110) (Moderate) SUSE bug 935856 SUSE bug 951166 SUSE bug 983582 SUSE bug 984751 SUSE bug 985177 SUSE bug 985348 SUSE bug 989523 CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 openSUSE 13.2 This update for icoutils to version 0.31.1 fixes the following issues: - CVE-2017-5208: An integer overflow allows maliciously crafted files to cause DoS or code execution (boo#1018756). - CVE-2017-5331: Incorrect out of bounds checks in check_offset allow for DoS or code execution (boo#1018756). - CVE-2017-5332: Missing out of bounds checks in extract_group_icon_cursor_resource allow for DoS or code execution (boo#1018756). - CVE-2017-5333: Incorrect out of bounds checks in check_offset allow for DoS or code execution (boo#1018756). (Important) SUSE bug 1018756 CVE-2017-5208 CVE-2017-5331 CVE-2017-5332 CVE-2017-5333 openSUSE 13.2 pcsc-lite was updated to fix one security issue. This security issue was fixed: - CVE-2016-10109: This use-after-free and double-free issue allowed local attacker to cause a Denial of Service and possible privilege escalation (bsc#1017902). (Moderate) SUSE bug 1017902 CVE-2016-10109 openSUSE 13.2 This update for openjpeg2 fixes the following issues: * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543] * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975] * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash [bsc#999817] * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414] * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] * CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] * CVE-2016-9114: NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740] * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741] * CVE-2016-9116: NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742] * CVE-2016-9117: NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743] * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744] (Important) SUSE bug 1002414 SUSE bug 1007739 SUSE bug 1007740 SUSE bug 1007741 SUSE bug 1007742 SUSE bug 1007743 SUSE bug 1007744 SUSE bug 1007747 SUSE bug 1014543 SUSE bug 1014975 SUSE bug 999817 CVE-2016-7445 CVE-2016-8332 CVE-2016-9112 CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 CVE-2016-9572 CVE-2016-9573 CVE-2016-9580 CVE-2016-9581 openSUSE 13.2 This update for bind fixes the following issues: - Fix a potential assertion failure that could have been triggered by a malformed response to an ANY query, thereby facilitating a denial-of-service attack. [CVE-2016-9131, bsc#1018700, bsc#1018699] - Fix a potential assertion failure that could have been triggered by responding to a query with inconsistent DNSSEC information, thereby facilitating a denial-of-service attack. [CVE-2016-9147, bsc#1018701, bsc#1018699] - Fix potential assertion failure that could have been triggered by DNS responses that contain unusually-formed DS resource records, facilitating a denial-of-service attack. [CVE-2016-9444, bsc#1018702, bsc#1018699] (Important) SUSE bug 1018699 SUSE bug 1018700 SUSE bug 1018701 SUSE bug 1018702 CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 openSUSE 13.2 This update for libgit2 fixes the following issues: - CVE-2016-8568: Fixed and out-of-bounds read in git_oid_nfmt (bsc#1003810). - CVE-2016-8569: DoS using a null pointer dereference in git_commit_message (bsc#1003810). (Moderate) SUSE bug 1003810 CVE-2016-8568 CVE-2016-8569 openSUSE 13.2 This update for pdns fixes the following issues: - CVE-2016-2120: Crafted zone record could have caused a denial of service (bsc#1018329). - CVE-2016-7068: Crafted queries could have caused abnormal CPU usage (bsc#1018326). - CVE-2016-7072: Denial of service via the web server (bsc#1018327). - CVE-2016-7073: Fixed insufficient validation of TSIG signatures (bsc#1018328). - CVE-2016-7074: Fixed insufficient validation of TSIG signatures ((bsc#1018328). (Moderate) SUSE bug 1018326 SUSE bug 1018327 SUSE bug 1018328 SUSE bug 1018329 CVE-2016-2120 CVE-2016-7068 CVE-2016-7072 CVE-2016-7073 CVE-2016-7074 openSUSE 13.2 This update for kopete fixes the following issues: - fix encrypting OTR messages after closing and re-opening kopete (boo#1016982, kde#362535) (Low) SUSE bug 1016982 openSUSE 13.2 This updates xen to version 4.4.4_06 to fix the following issues: - An unprivileged user in a guest could gain guest could escalate privilege to that of the guest kernel, if it had could invoke the instruction emulator. Only 64-bit x86 HVM guest were affected. Linux guest have not been vulnerable. (boo#1016340, CVE-2016-10013) - An unprivileged user in a 64 bit x86 guest could gain information from the host, crash the host or gain privilege of the host (boo#1009107, CVE-2016-9383) - An unprivileged guest process could (unintentionally or maliciously) obtain or ocorrupt sensitive information of other programs in the same guest. Only x86 HVM guests have been affected. The attacker needs to be able to trigger the Xen instruction emulator. (boo#1000106, CVE-2016-7777) - A guest on x86 systems could read small parts of hypervisor stack data (boo#1012651, CVE-2016-9932) - A malicious guest kernel could hang or crash the host system (boo#1014298, CVE-2016-10024) - A malicious guest administrator could escalate their privilege to that of the host. Only affects x86 HVM guests using qemu older version 1.6.0 or using the qemu-xen-traditional. (boo#1011652, CVE-2016-9637) - An unprivileged guest user could escalate privilege to that of the guest administrator on x86 HVM guests, especially on Intel CPUs (boo#1009100, CVE-2016-9386) - An unprivileged guest user could escalate privilege to that of the guest administrator (on AMD CPUs) or crash the system (on Intel CPUs) on 32-bit x86 HVM guests. Only guest operating systems that allowed a new task to start in VM86 mode were affected. (boo#1009103, CVE-2016-9382) - A malicious guest administrator could crash the host on x86 PV guests only (boo#1009104, CVE-2016-9385) - A malicious guest administrator could get privilege of the host emulator process on x86 HVM guests. (boo#1009109, CVE-2016-9381) - A vulnerability in pygrub allowed a malicious guest administrator to obtain the contents of sensitive host files, or even delete those files (boo#1009111, CVE-2016-9379, CVE-2016-9380) - A privileged guest user could cause an infinite loop in the RTL8139 ethernet emulation to consume CPU cycles on the host, causing a DoS situation (boo#1007157, CVE-2016-8910) - A privileged guest user could cause an infinite loop in the intel-hda sound emulation to consume CPU cycles on the host, causing a DoS situation (boo#1007160, CVE-2016-8909) - A privileged guest user could cause a crash of the emulator process on the host by exploiting a divide by zero vulnerability of the JAZZ RC4030 chipset emulation (boo#1005004 CVE-2016-8667) - A privileged guest user could cause a crash of the emulator process on the host by exploiting a divide by zero issue of the 16550A UART emulation (boo#1005005, CVE-2016-8669) - A privileged guest user could cause an infinite loop in the USB xHCI emulation, causing a DoS situation on the host (boo#1004016, CVE-2016-8576) - A privileged guest user could cause an infinite loop in the ColdFire Fash Ethernet Controller emulation, causing a DoS situation on the host (boo#1003030, CVE-2016-7908) - A privileged guest user could cause an infinite loop in the AMD PC-Net II emulation, causing a DoS situation on the host (boo#1003032, CVE-2016-7909) - Cause a reload of clvm in the block-dmmd script to avoid a blocking lvchange call (boo#1002496) - Also unplug SCSI disks in qemu-xen-traditional for upstream unplug protocol. Before a single SCSI storage devices added to HVM guests could appear multiple times in the guest. (boo#953518) - Fix a kernel panic / black screen when trying to boot a XEN kernel on some UEFI firmwares (boo#1000195) (Important) SUSE bug 1000106 SUSE bug 1000195 SUSE bug 1002496 SUSE bug 1003030 SUSE bug 1003032 SUSE bug 1004016 SUSE bug 1005004 SUSE bug 1005005 SUSE bug 1007157 SUSE bug 1007160 SUSE bug 1009100 SUSE bug 1009103 SUSE bug 1009104 SUSE bug 1009107 SUSE bug 1009109 SUSE bug 1009111 SUSE bug 1011652 SUSE bug 1012651 SUSE bug 1014298 SUSE bug 1016340 SUSE bug 953518 CVE-2016-10013 CVE-2016-10024 CVE-2016-7777 CVE-2016-7908 CVE-2016-7909 CVE-2016-8576 CVE-2016-8667 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9385 CVE-2016-9386 CVE-2016-9637 CVE-2016-9932 openSUSE 13.2 irssi was updated to fix four vulnerabilities that could result in denial of service (remote crash) when connecting to malicious servers or receiving specially crafted data. (boo#1018357) - CVE-2017-5193: NULL pointer dereference in the nickcmp function - CVE-2017-5194: out of bounds read in certain incomplete control codes - CVE-2017-5195: out of bounds read in certain incomplete character sequences - CVE-2017-5196: Correct an error when receiving invalid nick message (Moderate) SUSE bug 1018357 CVE-2017-5193 CVE-2017-5194 CVE-2017-5195 CVE-2017-5196 openSUSE 13.2 NonFree This update to Adobe Flash 24.0.0.194 fixes the following vulnerabilities advised under APSB17-02: - security bypass vulnerability that could lead to information disclosure (CVE-2017-2938) - use-after-free vulnerabilities that could lead to code execution (CVE-2017-2932, CVE-2017-2936, CVE-2017-2937) - heap buffer overflow vulnerabilities that could lead to code execution (CVE-2017-2927, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935) - memory corruption vulnerabilities that could lead to code execution (CVE-2017-2925, CVE-2017-2926, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931) (Important) SUSE bug 1019129 CVE-2017-2925 CVE-2017-2926 CVE-2017-2927 CVE-2017-2928 CVE-2017-2930 CVE-2017-2931 CVE-2017-2932 CVE-2017-2933 CVE-2017-2934 CVE-2017-2935 CVE-2017-2936 CVE-2017-2937 CVE-2017-2938 openSUSE 13.2 This update for encfs fixes the following issues: - A new option --require-macs was added to address CVE-2014-3462 (boo#878257) This will now trigger a warning if MAC headers were disabled via configuration. In addition, encfs was updated to 1.8.1 including all upstream improvements and fixes. (Moderate) SUSE bug 878257 CVE-2014-3462 openSUSE 13.2 This update for gstreamer-plugins-good fixes the following issues: - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104) - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663) (Important) SUSE bug 1012102 SUSE bug 1012103 SUSE bug 1012104 SUSE bug 1013653 SUSE bug 1013655 SUSE bug 1013663 CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9810 openSUSE 13.2 This update for gstreamer-plugins-bad fixes the following issues: - CVE-2016-9809: Off by one read in gst_h264_parse_set_caps() (bsc#1013659). - CVE-2016-9812: Out of bounds read in gst_mpegts_section_new (bsc#1013678). - CVE-2016-9813: mpegts parser: null pointer deref in _parse_pat (bsc#1013680). (Moderate) SUSE bug 1013659 SUSE bug 1013678 SUSE bug 1013680 CVE-2016-9809 CVE-2016-9812 CVE-2016-9813 openSUSE 13.2 This update for gstreamer-0_10-plugins-bad fixes the following issue: - CVE-2016-9809: Off by one read in gst_h264_parse_set_caps() (bsc#1013659) (Moderate) SUSE bug 1013659 CVE-2016-9809 openSUSE 13.2 This update for python-pycrypto fixes the following issues: - A heap buffer overflow in the AES module was fixed that could have lead to remote code execution, if the mode of operation can be specified from the outside (CVE-2013-7459, boo#1017420). (Important) SUSE bug 1017420 CVE-2013-7459 openSUSE 13.2 This update for gstreamer-plugins-base fixes the following issue: - CVE-2016-9811: out of bounds memory read in windows_icon_typefind (bsc#1013669) (Moderate) SUSE bug 1013669 CVE-2016-9811 openSUSE 13.2 This update for gstreamer-0_10-plugins-good fixes the following issues: - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104) - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663) (Important) SUSE bug 1012102 SUSE bug 1012103 SUSE bug 1012104 SUSE bug 1013653 SUSE bug 1013655 SUSE bug 1013663 CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9810 openSUSE 13.2 This update for gstreamer-0_10-plugins-base fixes the following issue: - CVE-2016-9811: out of bounds memory read in windows_icon_typefind (bsc#1013669) ---------- (Moderate) SUSE bug 1013669 CVE-2016-9811