Marcus Updateinfo to OVAL Converter 5.5 2018-05-02T04:13:58 openSUSE Leap 42.2 This update to wireshark 2.2.2 fixes the following issues: - CVE-2016-9372: Profinet I/O long loop (boo#1010807) - CVE-2016-9374: AllJoyn crash (boo#1010752) - CVE-2016-9376: OpenFlow crash (boo#1010735) - CVE-2016-9373: DCERPC crash (boo#1010754) - CVE-2016-9375: DTN infinite loop (boo#1010740) This update also contains urther bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html Moderate SUSE bug 1010735 SUSE bug 1010740 SUSE bug 1010752 SUSE bug 1010754 SUSE bug 1010807 SUSE bug 1010911 CVE-2016-9372 CVE-2016-9373 CVE-2016-9374 CVE-2016-9375 CVE-2016-9376 openSUSE Leap 42.2 These are all security issues found in the FastCGI Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-2766 openSUSE Leap 42.2 These are all security issues found in the GraphicsMagick-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-1882 CVE-2009-3736 CVE-2012-3438 CVE-2016-2317 CVE-2016-3714 CVE-2016-3715 CVE-2016-3717 CVE-2016-3718 CVE-2016-5118 openSUSE Leap 42.2 These are all security issues found in the ImageMagick Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-0247 CVE-2012-0248 CVE-2012-1185 CVE-2012-1186 CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9820 CVE-2014-9821 CVE-2014-9822 CVE-2014-9823 CVE-2014-9824 CVE-2014-9825 CVE-2014-9826 CVE-2014-9828 CVE-2014-9829 CVE-2014-9830 CVE-2014-9831 CVE-2014-9832 CVE-2014-9833 CVE-2014-9834 CVE-2014-9835 CVE-2014-9836 CVE-2014-9837 CVE-2014-9838 CVE-2014-9839 CVE-2014-9840 CVE-2014-9841 CVE-2014-9842 CVE-2014-9843 CVE-2014-9844 CVE-2014-9845 CVE-2014-9846 CVE-2014-9847 CVE-2014-9848 CVE-2014-9849 CVE-2014-9850 CVE-2014-9851 CVE-2014-9852 CVE-2014-9853 CVE-2014-9854 CVE-2014-9907 CVE-2015-8894 CVE-2015-8895 CVE-2015-8896 CVE-2015-8897 CVE-2015-8898 CVE-2015-8900 CVE-2015-8901 CVE-2015-8902 CVE-2015-8903 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5010 CVE-2016-5118 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 CVE-2016-6491 CVE-2016-6520 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 CVE-2016-7522 CVE-2016-7523 CVE-2016-7524 CVE-2016-7525 CVE-2016-7526 CVE-2016-7527 CVE-2016-7528 CVE-2016-7529 CVE-2016-7530 CVE-2016-7531 CVE-2016-7532 CVE-2016-7533 CVE-2016-7534 CVE-2016-7535 CVE-2016-7537 CVE-2016-7538 CVE-2016-7539 CVE-2016-7540 CVE-2016-7799 CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8677 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 openSUSE Leap 42.2 These are all security issues found in the LibVNCServer-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 openSUSE Leap 42.2 These are all security issues found in the MozillaFirefox Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2008-5913 CVE-2009-0040 CVE-2009-0652 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 CVE-2009-0777 CVE-2009-1044 CVE-2009-1169 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1310 CVE-2009-1311 CVE-2009-1312 CVE-2009-1313 CVE-2009-1563 CVE-2009-2470 CVE-2009-2654 CVE-2009-3069 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3073 CVE-2009-3074 CVE-2009-3075 CVE-2009-3077 CVE-2009-3078 CVE-2009-3079 CVE-2009-3274 CVE-2009-3370 CVE-2009-3371 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3377 CVE-2009-3378 CVE-2009-3379 CVE-2009-3380 CVE-2009-3381 CVE-2009-3383 CVE-2009-3388 CVE-2009-3389 CVE-2009-3555 CVE-2009-3979 CVE-2009-3980 CVE-2009-3982 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2010-0164 CVE-2010-0165 CVE-2010-0166 CVE-2010-0167 CVE-2010-0168 CVE-2010-0169 CVE-2010-0170 CVE-2010-0171 CVE-2010-0172 CVE-2010-0173 CVE-2010-0174 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0181 CVE-2010-0182 CVE-2010-0654 CVE-2010-1028 CVE-2010-1121 CVE-2010-1125 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-1205 CVE-2010-1206 CVE-2010-1207 CVE-2010-1208 CVE-2010-1209 CVE-2010-1210 CVE-2010-1211 CVE-2010-1212 CVE-2010-1213 CVE-2010-1214 CVE-2010-1215 CVE-2010-2751 CVE-2010-2752 CVE-2010-2753 CVE-2010-2754 CVE-2010-2755 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 CVE-2010-3170 CVE-2010-3173 CVE-2010-3174 CVE-2010-3175 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 CVE-2011-0068 CVE-2011-0069 CVE-2011-0070 CVE-2011-0079 CVE-2011-0080 CVE-2011-0081 CVE-2011-0084 CVE-2011-1187 CVE-2011-1202 CVE-2011-2366 CVE-2011-2367 CVE-2011-2368 CVE-2011-2369 CVE-2011-2370 CVE-2011-2371 CVE-2011-2372 CVE-2011-2373 CVE-2011-2374 CVE-2011-2375 CVE-2011-2377 CVE-2011-2985 CVE-2011-2986 CVE-2011-2988 CVE-2011-2989 CVE-2011-2990 CVE-2011-2991 CVE-2011-2992 CVE-2011-2993 CVE-2011-2995 CVE-2011-2996 CVE-2011-2997 CVE-2011-3000 CVE-2011-3001 CVE-2011-3002 CVE-2011-3003 CVE-2011-3004 CVE-2011-3005 CVE-2011-3026 CVE-2011-3062 CVE-2011-3079 CVE-2011-3101 CVE-2011-3232 CVE-2011-3648 CVE-2011-3650 CVE-2011-3651 CVE-2011-3652 CVE-2011-3654 CVE-2011-3655 CVE-2011-3658 CVE-2011-3659 CVE-2011-3660 CVE-2011-3661 CVE-2011-3663 CVE-2012-0441 CVE-2012-0442 CVE-2012-0443 CVE-2012-0444 CVE-2012-0445 CVE-2012-0446 CVE-2012-0447 CVE-2012-0449 CVE-2012-0451 CVE-2012-0452 CVE-2012-0455 CVE-2012-0456 CVE-2012-0457 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0463 CVE-2012-0464 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0475 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 CVE-2012-0759 CVE-2012-1937 CVE-2012-1938 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 CVE-2012-1948 CVE-2012-1949 CVE-2012-1950 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1956 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1960 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1965 CVE-2012-1966 CVE-2012-1967 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-2808 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3965 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3971 CVE-2012-3972 CVE-2012-3973 CVE-2012-3975 CVE-2012-3976 CVE-2012-3978 CVE-2012-3980 CVE-2012-3982 CVE-2012-3983 CVE-2012-3984 CVE-2012-3985 CVE-2012-3986 CVE-2012-3988 CVE-2012-3989 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 CVE-2012-4191 CVE-2012-4192 CVE-2012-4193 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 CVE-2012-4201 CVE-2012-4202 CVE-2012-4203 CVE-2012-4204 CVE-2012-4205 CVE-2012-4207 CVE-2012-4208 CVE-2012-4209 CVE-2012-4210 CVE-2012-4212 CVE-2012-4213 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-4217 CVE-2012-4218 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5836 CVE-2012-5837 CVE-2012-5838 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 CVE-2012-5843 CVE-2013-0743 CVE-2013-0744 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0749 CVE-2013-0750 CVE-2013-0751 CVE-2013-0752 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0757 CVE-2013-0758 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0764 CVE-2013-0765 CVE-2013-0766 CVE-2013-0767 CVE-2013-0768 CVE-2013-0769 CVE-2013-0770 CVE-2013-0771 CVE-2013-0772 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0777 CVE-2013-0778 CVE-2013-0779 CVE-2013-0780 CVE-2013-0781 CVE-2013-0782 CVE-2013-0783 CVE-2013-0787 CVE-2013-0788 CVE-2013-0789 CVE-2013-0792 CVE-2013-0793 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 CVE-2013-0801 CVE-2013-1669 CVE-2013-1670 CVE-2013-1671 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 CVE-2013-1682 CVE-2013-1683 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1688 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1695 CVE-2013-1696 CVE-2013-1697 CVE-2013-1698 CVE-2013-1699 CVE-2013-1701 CVE-2013-1702 CVE-2013-1704 CVE-2013-1705 CVE-2013-1708 CVE-2013-1709 CVE-2013-1710 CVE-2013-1711 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 CVE-2013-1718 CVE-2013-1719 CVE-2013-1720 CVE-2013-1721 CVE-2013-1722 CVE-2013-1723 CVE-2013-1724 CVE-2013-1725 CVE-2013-1728 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 CVE-2013-1738 CVE-2013-5590 CVE-2013-5591 CVE-2013-5592 CVE-2013-5593 CVE-2013-5595 CVE-2013-5596 CVE-2013-5597 CVE-2013-5598 CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 CVE-2013-5602 CVE-2013-5603 CVE-2013-5604 CVE-2013-5609 CVE-2013-5610 CVE-2013-5611 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-5619 CVE-2013-6629 CVE-2013-6630 CVE-2013-6671 CVE-2013-6672 CVE-2013-6673 CVE-2014-1477 CVE-2014-1478 CVE-2014-1479 CVE-2014-1480 CVE-2014-1481 CVE-2014-1482 CVE-2014-1483 CVE-2014-1484 CVE-2014-1485 CVE-2014-1486 CVE-2014-1487 CVE-2014-1488 CVE-2014-1489 CVE-2014-1490 CVE-2014-1491 CVE-2014-1492 CVE-2014-1493 CVE-2014-1494 CVE-2014-1497 CVE-2014-1498 CVE-2014-1499 CVE-2014-1500 CVE-2014-1502 CVE-2014-1504 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 CVE-2014-1518 CVE-2014-1519 CVE-2014-1522 CVE-2014-1523 CVE-2014-1524 CVE-2014-1525 CVE-2014-1526 CVE-2014-1528 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 CVE-2014-1533 CVE-2014-1534 CVE-2014-1536 CVE-2014-1537 CVE-2014-1538 CVE-2014-1539 CVE-2014-1540 CVE-2014-1541 CVE-2014-1542 CVE-2014-1543 CVE-2014-1544 CVE-2014-1545 CVE-2014-1547 CVE-2014-1548 CVE-2014-1549 CVE-2014-1550 CVE-2014-1552 CVE-2014-1553 CVE-2014-1554 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 CVE-2014-1558 CVE-2014-1559 CVE-2014-1560 CVE-2014-1561 CVE-2014-1562 CVE-2014-1563 CVE-2014-1564 CVE-2014-1565 CVE-2014-1567 CVE-2014-1574 CVE-2014-1575 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1580 CVE-2014-1581 CVE-2014-1582 CVE-2014-1583 CVE-2014-1584 CVE-2014-1585 CVE-2014-1586 CVE-2014-1587 CVE-2014-1588 CVE-2014-1589 CVE-2014-1590 CVE-2014-1591 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-8634 CVE-2014-8635 CVE-2014-8636 CVE-2014-8637 CVE-2014-8638 CVE-2014-8639 CVE-2014-8640 CVE-2014-8641 CVE-2014-8642 CVE-2014-8643 CVE-2015-0798 CVE-2015-0799 CVE-2015-0800 CVE-2015-0801 CVE-2015-0802 CVE-2015-0803 CVE-2015-0804 CVE-2015-0805 CVE-2015-0806 CVE-2015-0807 CVE-2015-0808 CVE-2015-0810 CVE-2015-0811 CVE-2015-0812 CVE-2015-0813 CVE-2015-0814 CVE-2015-0815 CVE-2015-0816 CVE-2015-0817 CVE-2015-0818 CVE-2015-0819 CVE-2015-0820 CVE-2015-0821 CVE-2015-0822 CVE-2015-0823 CVE-2015-0824 CVE-2015-0825 CVE-2015-0826 CVE-2015-0827 CVE-2015-0828 CVE-2015-0829 CVE-2015-0830 CVE-2015-0831 CVE-2015-0832 CVE-2015-0833 CVE-2015-0834 CVE-2015-0835 CVE-2015-0836 CVE-2015-2706 CVE-2015-2708 CVE-2015-2709 CVE-2015-2710 CVE-2015-2711 CVE-2015-2712 CVE-2015-2713 CVE-2015-2715 CVE-2015-2716 CVE-2015-2717 CVE-2015-2718 CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2727 CVE-2015-2728 CVE-2015-2729 CVE-2015-2730 CVE-2015-2731 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2741 CVE-2015-2742 CVE-2015-2743 CVE-2015-4000 CVE-2015-4473 CVE-2015-4474 CVE-2015-4475 CVE-2015-4476 CVE-2015-4477 CVE-2015-4478 CVE-2015-4479 CVE-2015-4480 CVE-2015-4481 CVE-2015-4482 CVE-2015-4483 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4490 CVE-2015-4491 CVE-2015-4492 CVE-2015-4493 CVE-2015-4495 CVE-2015-4497 CVE-2015-4498 CVE-2015-4500 CVE-2015-4501 CVE-2015-4502 CVE-2015-4503 CVE-2015-4504 CVE-2015-4505 CVE-2015-4506 CVE-2015-4507 CVE-2015-4508 CVE-2015-4509 CVE-2015-4510 CVE-2015-4511 CVE-2015-4512 CVE-2015-4513 CVE-2015-4514 CVE-2015-4515 CVE-2015-4516 CVE-2015-4517 CVE-2015-4518 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7178 CVE-2015-7179 CVE-2015-7180 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7184 CVE-2015-7185 CVE-2015-7186 CVE-2015-7187 CVE-2015-7188 CVE-2015-7189 CVE-2015-7190 CVE-2015-7191 CVE-2015-7192 CVE-2015-7193 CVE-2015-7194 CVE-2015-7195 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 CVE-2015-7201 CVE-2015-7202 CVE-2015-7203 CVE-2015-7204 CVE-2015-7205 CVE-2015-7207 CVE-2015-7208 CVE-2015-7210 CVE-2015-7211 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7215 CVE-2015-7216 CVE-2015-7217 CVE-2015-7218 CVE-2015-7219 CVE-2015-7220 CVE-2015-7221 CVE-2015-7222 CVE-2015-7223 CVE-2015-7575 CVE-2016-0718 CVE-2016-1930 CVE-2016-1931 CVE-2016-1933 CVE-2016-1935 CVE-2016-1937 CVE-2016-1938 CVE-2016-1939 CVE-2016-1942 CVE-2016-1943 CVE-2016-1944 CVE-2016-1945 CVE-2016-1946 CVE-2016-1947 CVE-2016-1949 CVE-2016-1950 CVE-2016-1952 CVE-2016-1953 CVE-2016-1954 CVE-2016-1955 CVE-2016-1956 CVE-2016-1957 CVE-2016-1958 CVE-2016-1959 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1963 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1967 CVE-2016-1968 CVE-2016-1970 CVE-2016-1971 CVE-2016-1972 CVE-2016-1973 CVE-2016-1974 CVE-2016-1975 CVE-2016-1976 CVE-2016-1977 CVE-2016-1979 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 CVE-2016-2804 CVE-2016-2806 CVE-2016-2807 CVE-2016-2808 CVE-2016-2809 CVE-2016-2810 CVE-2016-2811 CVE-2016-2812 CVE-2016-2813 CVE-2016-2814 CVE-2016-2815 CVE-2016-2816 CVE-2016-2817 CVE-2016-2818 CVE-2016-2819 CVE-2016-2820 CVE-2016-2821 CVE-2016-2822 CVE-2016-2824 CVE-2016-2825 CVE-2016-2827 CVE-2016-2828 CVE-2016-2829 CVE-2016-2830 CVE-2016-2831 CVE-2016-2832 CVE-2016-2833 CVE-2016-2834 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5250 CVE-2016-5251 CVE-2016-5252 CVE-2016-5253 CVE-2016-5254 CVE-2016-5255 CVE-2016-5256 CVE-2016-5257 CVE-2016-5258 CVE-2016-5259 CVE-2016-5260 CVE-2016-5261 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-5266 CVE-2016-5267 CVE-2016-5268 CVE-2016-5270 CVE-2016-5271 CVE-2016-5272 CVE-2016-5273 CVE-2016-5274 CVE-2016-5275 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5279 CVE-2016-5280 CVE-2016-5281 CVE-2016-5282 CVE-2016-5283 CVE-2016-5284 CVE-2016-5287 CVE-2016-5288 CVE-2016-6354 openSUSE Leap 42.2 These are all security issues found in the MozillaThunderbird Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-0040 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0776 CVE-2009-1571 CVE-2009-3555 CVE-2010-0159 CVE-2010-0173 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0182 CVE-2010-0654 CVE-2010-1121 CVE-2010-1196 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-1205 CVE-2010-1211 CVE-2010-1212 CVE-2010-1213 CVE-2010-1585 CVE-2010-2752 CVE-2010-2753 CVE-2010-2754 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 CVE-2010-3170 CVE-2010-3173 CVE-2010-3174 CVE-2010-3175 CVE-2010-3176 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 CVE-2010-3768 CVE-2010-3769 CVE-2010-3776 CVE-2010-3777 CVE-2010-3778 CVE-2011-0053 CVE-2011-0061 CVE-2011-0062 CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 CVE-2011-0083 CVE-2011-0084 CVE-2011-0085 CVE-2011-1187 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2371 CVE-2011-2372 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 CVE-2011-2377 CVE-2011-2985 CVE-2011-2986 CVE-2011-2987 CVE-2011-2988 CVE-2011-2989 CVE-2011-2991 CVE-2011-2992 CVE-2011-3000 CVE-2011-3001 CVE-2011-3005 CVE-2011-3026 CVE-2011-3062 CVE-2011-3079 CVE-2011-3101 CVE-2011-3232 CVE-2011-3648 CVE-2011-3650 CVE-2011-3651 CVE-2011-3652 CVE-2011-3654 CVE-2011-3655 CVE-2011-3658 CVE-2011-3659 CVE-2011-3660 CVE-2011-3661 CVE-2011-3663 CVE-2012-0441 CVE-2012-0442 CVE-2012-0443 CVE-2012-0444 CVE-2012-0445 CVE-2012-0446 CVE-2012-0447 CVE-2012-0449 CVE-2012-0451 CVE-2012-0452 CVE-2012-0455 CVE-2012-0456 CVE-2012-0457 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0463 CVE-2012-0464 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0475 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 CVE-2012-0759 CVE-2012-1937 CVE-2012-1938 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 CVE-2012-1948 CVE-2012-1949 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1956 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1960 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1967 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3971 CVE-2012-3972 CVE-2012-3975 CVE-2012-3978 CVE-2012-3980 CVE-2012-3982 CVE-2012-3983 CVE-2012-3984 CVE-2012-3985 CVE-2012-3986 CVE-2012-3988 CVE-2012-3989 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 CVE-2012-4191 CVE-2012-4192 CVE-2012-4193 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 CVE-2012-4201 CVE-2012-4202 CVE-2012-4204 CVE-2012-4205 CVE-2012-4207 CVE-2012-4208 CVE-2012-4209 CVE-2012-4212 CVE-2012-4213 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-4217 CVE-2012-4218 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5836 CVE-2012-5837 CVE-2012-5838 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 CVE-2012-5843 CVE-2013-0743 CVE-2013-0744 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0749 CVE-2013-0750 CVE-2013-0752 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0757 CVE-2013-0758 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0764 CVE-2013-0766 CVE-2013-0767 CVE-2013-0768 CVE-2013-0769 CVE-2013-0770 CVE-2013-0771 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 CVE-2013-0787 CVE-2013-0788 CVE-2013-0789 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 CVE-2013-0801 CVE-2013-1669 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697 CVE-2013-1701 CVE-2013-1709 CVE-2013-1710 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 CVE-2013-1718 CVE-2013-1719 CVE-2013-1720 CVE-2013-1722 CVE-2013-1723 CVE-2013-1724 CVE-2013-1725 CVE-2013-1728 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 CVE-2013-1738 CVE-2013-5590 CVE-2013-5591 CVE-2013-5592 CVE-2013-5593 CVE-2013-5595 CVE-2013-5596 CVE-2013-5597 CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 CVE-2013-5602 CVE-2013-5603 CVE-2013-5604 CVE-2013-5609 CVE-2013-5610 CVE-2013-5613 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-6629 CVE-2013-6630 CVE-2013-6671 CVE-2013-6673 CVE-2014-1477 CVE-2014-1478 CVE-2014-1479 CVE-2014-1481 CVE-2014-1482 CVE-2014-1486 CVE-2014-1487 CVE-2014-1490 CVE-2014-1491 CVE-2014-1493 CVE-2014-1494 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 CVE-2014-1533 CVE-2014-1534 CVE-2014-1536 CVE-2014-1537 CVE-2014-1538 CVE-2014-1541 CVE-2014-1544 CVE-2014-1545 CVE-2014-1547 CVE-2014-1548 CVE-2014-1553 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 CVE-2014-1562 CVE-2014-1563 CVE-2014-1564 CVE-2014-1565 CVE-2014-1567 CVE-2014-1574 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1585 CVE-2014-1586 CVE-2014-1587 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-8634 CVE-2014-8635 CVE-2014-8638 CVE-2014-8639 CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0815 CVE-2015-0816 CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0833 CVE-2015-0836 CVE-2015-2708 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716 CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2727 CVE-2015-2728 CVE-2015-2729 CVE-2015-2730 CVE-2015-2731 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2741 CVE-2015-2743 CVE-2015-4000 CVE-2015-4473 CVE-2015-4475 CVE-2015-4477 CVE-2015-4478 CVE-2015-4479 CVE-2015-4480 CVE-2015-4481 CVE-2015-4482 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 CVE-2015-4492 CVE-2015-4493 CVE-2015-4500 CVE-2015-4505 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4513 CVE-2015-4514 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7178 CVE-2015-7179 CVE-2015-7180 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7188 CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 CVE-2015-7201 CVE-2015-7205 CVE-2015-7207 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222 CVE-2015-7575 CVE-2016-1930 CVE-2016-1935 CVE-2016-1950 CVE-2016-1952 CVE-2016-1953 CVE-2016-1954 CVE-2016-1955 CVE-2016-1956 CVE-2016-1957 CVE-2016-1958 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-1979 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 CVE-2016-2806 CVE-2016-2807 CVE-2016-2815 CVE-2016-2818 CVE-2016-2830 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-6354 openSUSE Leap 42.2 These are all security issues found in the NetworkManager Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-2924 CVE-2016-0764 openSUSE Leap 42.2 These are all security issues found in the a2ps Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2004-1377 CVE-2014-0466 openSUSE Leap 42.2 These are all security issues found in the aaa_base Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-0461 openSUSE Leap 42.2 These are all security issues found in the accountsservice Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-2737 openSUSE Leap 42.2 These are all security issues found in the alsa Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-0035 openSUSE Leap 42.2 These are all security issues found in the android-tools Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-1909 openSUSE Leap 42.2 These are all security issues found in the ant Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-1571 openSUSE Leap 42.2 These are all security issues found in the apache-commons-beanutils Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-3540 openSUSE Leap 42.2 These are all security issues found in the apache-commons-daemon Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-2729 openSUSE Leap 42.2 These are all security issues found in the apache-commons-httpclient Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-5783 openSUSE Leap 42.2 These are all security issues found in the apache2 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-0023 CVE-2009-1191 CVE-2009-1195 CVE-2009-1890 CVE-2009-1891 CVE-2009-1955 CVE-2009-1956 CVE-2009-2412 CVE-2009-2699 CVE-2009-3094 CVE-2009-3095 CVE-2009-3555 CVE-2009-3560 CVE-2009-3720 CVE-2010-0408 CVE-2010-0425 CVE-2010-0434 CVE-2010-1452 CVE-2010-1623 CVE-2010-2068 CVE-2011-1176 CVE-2011-3192 CVE-2011-3368 CVE-2011-3607 CVE-2011-4317 CVE-2012-0021 CVE-2012-0031 CVE-2012-0053 CVE-2012-2687 CVE-2012-3499 CVE-2012-3502 CVE-2013-1896 CVE-2013-2249 CVE-2013-5704 CVE-2013-6438 CVE-2014-0098 CVE-2014-0117 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-3523 CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228 CVE-2015-0253 CVE-2015-4000 CVE-2016-1546 CVE-2016-4979 CVE-2016-5387 openSUSE Leap 42.2 These are all security issues found in the apache2-mod_perl Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-1667 openSUSE Leap 42.2 These are all security issues found in the apache2-mod_php5 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2006-7243 CVE-2010-2225 CVE-2010-2950 CVE-2010-3436 CVE-2010-3709 CVE-2010-3710 CVE-2010-4150 CVE-2010-4645 CVE-2011-0420 CVE-2011-0421 CVE-2011-0708 CVE-2011-1092 CVE-2011-1153 CVE-2011-1466 CVE-2011-2202 CVE-2011-3379 CVE-2011-4153 CVE-2011-4566 CVE-2011-4718 CVE-2011-4885 CVE-2012-0830 CVE-2012-1823 CVE-2012-2311 CVE-2012-2335 CVE-2012-2336 CVE-2012-2688 CVE-2012-3365 CVE-2013-1635 CVE-2013-1643 CVE-2013-1824 CVE-2013-4113 CVE-2013-4248 CVE-2013-6420 CVE-2013-6712 CVE-2013-7327 CVE-2013-7345 CVE-2013-7456 CVE-2014-0185 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2270 CVE-2014-2497 CVE-2014-3587 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-5120 CVE-2014-5459 CVE-2014-8142 CVE-2014-9427 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2014-9767 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 CVE-2015-2305 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4026 CVE-2015-4116 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4643 CVE-2015-4644 CVE-2015-5589 CVE-2015-5590 CVE-2015-6831 CVE-2015-6832 CVE-2015-6833 CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 CVE-2015-7803 CVE-2015-8835 CVE-2015-8838 CVE-2015-8866 CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 CVE-2015-8876 CVE-2015-8877 CVE-2015-8879 CVE-2015-8935 CVE-2016-1903 CVE-2016-2554 CVE-2016-3141 CVE-2016-3142 CVE-2016-3185 CVE-2016-3587 CVE-2016-4070 CVE-2016-4071 CVE-2016-4073 CVE-2016-4342 CVE-2016-4346 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 CVE-2016-5094 CVE-2016-5095 CVE-2016-5096 CVE-2016-5385 CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 CVE-2016-5768 CVE-2016-5769 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-6128 CVE-2016-6161 CVE-2016-6207 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297 CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 CVE-2016-7134 CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 openSUSE Leap 42.2 These are all security issues found in the argyllcms Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-1616 openSUSE Leap 42.2 These are all security issues found in the aria2 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-3617 openSUSE Leap 42.2 These are all security issues found in the at Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2016-6354 openSUSE Leap 42.2 These are all security issues found in the audiofile-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-7747 openSUSE Leap 42.2 These are all security issues found in the augeas Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-0786 CVE-2014-8119 openSUSE Leap 42.2 These are all security issues found in the autofs Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-8169 openSUSE Leap 42.2 These are all security issues found in the automake Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-4029 openSUSE Leap 42.2 These are all security issues found in the avahi Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-0758 CVE-2010-2244 CVE-2011-1002 openSUSE Leap 42.2 These are all security issues found in the bash Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-2524 CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 openSUSE Leap 42.2 These are all security issues found in the bind Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-0696 CVE-2009-4022 CVE-2010-3613 CVE-2010-3614 CVE-2010-3615 CVE-2011-0414 CVE-2011-1907 CVE-2011-1910 CVE-2011-2464 CVE-2011-4313 CVE-2012-1667 CVE-2012-3817 CVE-2012-3868 CVE-2012-4244 CVE-2012-5166 CVE-2012-5688 CVE-2012-5689 CVE-2013-2266 CVE-2013-4854 CVE-2014-0591 CVE-2014-8500 CVE-2015-1349 CVE-2015-4620 CVE-2015-5477 CVE-2015-5722 CVE-2015-8000 CVE-2015-8704 CVE-2016-1285 CVE-2016-1286 CVE-2016-2776 CVE-2016-8864 openSUSE Leap 42.2 These are all security issues found in the binutils Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738 openSUSE Leap 42.2 These are all security issues found in the bogofilter-common Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-2494 CVE-2012-5468 openSUSE Leap 42.2 These are all security issues found in the bsdtar Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-0211 CVE-2015-2304 CVE-2015-8918 CVE-2015-8919 CVE-2015-8920 CVE-2015-8921 CVE-2015-8922 CVE-2015-8923 CVE-2015-8924 CVE-2015-8925 CVE-2015-8926 CVE-2015-8928 CVE-2015-8929 CVE-2015-8930 CVE-2015-8931 CVE-2015-8932 CVE-2015-8933 CVE-2015-8934 CVE-2016-1541 CVE-2016-4300 CVE-2016-4301 CVE-2016-4302 CVE-2016-4809 openSUSE Leap 42.2 These are all security issues found in the busybox Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-9645 openSUSE Leap 42.2 These are all security issues found in the bzip2 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-0405 openSUSE Leap 42.2 These are all security issues found in the cifs-utils Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2012-1586 openSUSE Leap 42.2 These are all security issues found in the clamav Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-0405 CVE-2011-2721 CVE-2011-3627 CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 CVE-2013-6497 CVE-2014-9050 CVE-2014-9328 CVE-2015-1461 CVE-2015-1462 CVE-2015-1463 CVE-2015-2170 CVE-2015-2221 CVE-2015-2222 CVE-2015-2305 CVE-2015-2668 openSUSE Leap 42.2 These are all security issues found in the claws-mail Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-4507 CVE-2014-3566 CVE-2015-8614 CVE-2015-8708 openSUSE Leap 42.2 These are all security issues found in the colord Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-4349 openSUSE Leap 42.2 These are all security issues found in the coreutils Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-0221 CVE-2013-0222 CVE-2013-0223 CVE-2015-4041 CVE-2015-4042 openSUSE Leap 42.2 These are all security issues found in the cpio Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-0624 CVE-2014-9112 openSUSE Leap 42.2 These are all security issues found in the cpp48 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-5044 CVE-2015-5276 openSUSE Leap 42.2 These are all security issues found in the cracklib Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2016-6318 openSUSE Leap 42.2 These are all security issues found in the cron Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2006-2607 CVE-2010-0424 openSUSE Leap 42.2 These are all security issues found in the ctags Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-7204 openSUSE Leap 42.2 These are all security issues found in the cups Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-0163 CVE-2009-2820 CVE-2009-3553 CVE-2010-0393 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2941 CVE-2012-5519 CVE-2012-6094 CVE-2014-2856 CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 CVE-2014-9679 CVE-2015-1158 CVE-2015-1159 openSUSE Leap 42.2 These are all security issues found in the cups-filters Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-6473 CVE-2013-6474 CVE-2013-6475 CVE-2013-6476 CVE-2014-2707 CVE-2014-4336 CVE-2014-4337 CVE-2014-4338 CVE-2015-2265 CVE-2015-3258 CVE-2015-3279 CVE-2015-8327 CVE-2015-8560 openSUSE Leap 42.2 These are all security issues found in the cups-pk-helper Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-4510 openSUSE Leap 42.2 These are all security issues found in the curl Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-0037 CVE-2009-2417 CVE-2013-0249 CVE-2013-1944 CVE-2013-2174 CVE-2013-4545 CVE-2014-0015 CVE-2014-0138 CVE-2014-0139 CVE-2014-3613 CVE-2014-3620 CVE-2014-3707 CVE-2014-8150 CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148 CVE-2015-3153 CVE-2016-0755 CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 CVE-2016-7141 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 openSUSE Leap 42.2 These are all security issues found in the cvs Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-0804 openSUSE Leap 42.2 These are all security issues found in the cyradm Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-3235 CVE-2011-3372 CVE-2015-8077 CVE-2015-8078 openSUSE Leap 42.2 These are all security issues found in the cyrus-sasl Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-0688 openSUSE Leap 42.2 These are all security issues found in the dbus-1 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-4352 CVE-2012-3524 CVE-2013-2168 CVE-2014-3477 CVE-2014-3532 CVE-2014-3533 CVE-2014-3635 CVE-2014-3636 CVE-2014-3637 CVE-2014-3638 CVE-2014-3639 CVE-2014-7824 CVE-2014-8148 CVE-2015-0245 openSUSE Leap 42.2 These are all security issues found in the dbus-1-glib Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-1172 CVE-2013-0292 openSUSE Leap 42.2 These are all security issues found in the dhcp Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-1892 CVE-2010-2156 CVE-2010-3611 CVE-2010-3616 CVE-2011-0413 CVE-2011-0997 CVE-2011-2748 CVE-2011-2749 CVE-2011-4539 CVE-2011-4868 CVE-2012-3570 CVE-2012-3571 CVE-2012-3954 CVE-2012-3955 CVE-2013-2266 CVE-2015-8605 openSUSE Leap 42.2 These are all security issues found in the dia Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2008-5984 openSUSE Leap 42.2 These are all security issues found in the dnsmasq Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-3294 openSUSE Leap 42.2 These are all security issues found in the dosfstools Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-8872 CVE-2016-4804 openSUSE Leap 42.2 These are all security issues found in the dracut Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-4453 openSUSE Leap 42.2 These are all security issues found in the e2fsprogs Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-0247 CVE-2015-1572 openSUSE Leap 42.2 These are all security issues found in the elfutils Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-0172 CVE-2014-9447 openSUSE Leap 42.2 These are all security issues found in the emacs Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-0035 CVE-2014-3421 CVE-2014-3422 CVE-2014-3423 CVE-2014-3424 openSUSE Leap 42.2 These are all security issues found in the empathy Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-3635 openSUSE Leap 42.2 These are all security issues found in the eog Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-7447 CVE-2016-6855 openSUSE Leap 42.2 These are all security issues found in the evince Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643 openSUSE Leap 42.2 These are all security issues found in the exif Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-2845 openSUSE Leap 42.2 These are all security issues found in the exiv2 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-9449 openSUSE Leap 42.2 These are all security issues found in the expat Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-2625 CVE-2009-3560 CVE-2009-3720 CVE-2012-0876 CVE-2012-1147 CVE-2012-1148 CVE-2015-1283 CVE-2016-0718 openSUSE Leap 42.2 These are all security issues found in the fetchmail Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-2666 CVE-2010-1167 CVE-2011-1947 CVE-2011-3389 CVE-2012-3482 openSUSE Leap 42.2 These are all security issues found in the file Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-1571 CVE-2014-3710 CVE-2014-8116 CVE-2014-8117 openSUSE Leap 42.2 These are all security issues found in the flac Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-8962 CVE-2014-9028 openSUSE Leap 42.2 These are all security issues found in the fontconfig Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2016-5384 openSUSE Leap 42.2 These are all security issues found in the freerdp Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-0250 CVE-2014-0791 openSUSE Leap 42.2 These are all security issues found in the freetype2-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-0946 CVE-2010-2497 CVE-2010-2805 CVE-2010-3053 CVE-2010-3054 CVE-2010-3311 CVE-2010-3814 CVE-2010-3855 CVE-2011-0226 CVE-2011-3256 CVE-2011-3439 CVE-2012-1126 CVE-2012-1127 CVE-2012-1128 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 CVE-2014-2240 CVE-2014-2241 CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9659 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9666 CVE-2014-9667 CVE-2014-9668 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 openSUSE Leap 42.2 These are all security issues found in the ft2demos Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-0946 CVE-2010-2497 CVE-2010-2805 CVE-2010-3053 CVE-2010-3054 CVE-2010-3311 CVE-2010-3814 CVE-2011-0226 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 CVE-2014-2240 CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9659 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9666 CVE-2014-9667 CVE-2014-9668 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 openSUSE Leap 42.2 These are all security issues found in the fuse Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-3297 CVE-2011-0541 CVE-2015-3202 openSUSE Leap 42.2 These are all security issues found in the gcab Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-0552 openSUSE Leap 42.2 These are all security issues found in the gd Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-2497 CVE-2014-9709 CVE-2016-5116 CVE-2016-6128 CVE-2016-6132 CVE-2016-6161 CVE-2016-6207 CVE-2016-6214 CVE-2016-6905 CVE-2016-6911 CVE-2016-7568 CVE-2016-8670 openSUSE Leap 42.2 These are all security issues found in the gdk-pixbuf-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-2485 CVE-2015-4491 CVE-2015-7552 CVE-2015-7673 CVE-2015-7674 CVE-2016-6352 openSUSE Leap 42.2 These are all security issues found in the gdk-pixbuf-loader-rsvg Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-3146 CVE-2013-1881 openSUSE Leap 42.2 These are all security issues found in the gdm Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-1709 openSUSE Leap 42.2 These are all security issues found in the ghostscript Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-5653 CVE-2015-3228 CVE-2016-7978 CVE-2016-7979 CVE-2016-8602 openSUSE Leap 42.2 These are all security issues found in the giflib-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-7555 CVE-2016-3977 openSUSE Leap 42.2 These are all security issues found in the gimp Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 CVE-2011-2896 CVE-2012-3236 CVE-2012-5576 CVE-2016-4994 openSUSE Leap 42.2 These are all security issues found in the git Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-2186 CVE-2014-9390 CVE-2016-2315 CVE-2016-2324 openSUSE Leap 42.2 These are all security issues found in the glib2-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2008-4316 CVE-2012-3524 openSUSE Leap 42.2 These are all security issues found in the glibc Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-5029 CVE-2012-3406 CVE-2012-4412 CVE-2013-0242 CVE-2013-1914 CVE-2013-2207 CVE-2013-4237 CVE-2013-4332 CVE-2013-4458 CVE-2013-7423 CVE-2014-0475 CVE-2014-4043 CVE-2014-5119 CVE-2014-6040 CVE-2014-7817 CVE-2014-8121 CVE-2014-9402 CVE-2014-9761 CVE-2015-1472 CVE-2015-1473 CVE-2015-1781 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 CVE-2016-1234 CVE-2016-3075 CVE-2016-3706 CVE-2016-4429 openSUSE Leap 42.2 These are all security issues found in the gnome-games Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-4003 openSUSE Leap 42.2 These are all security issues found in the gnome-keyring Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-3466 openSUSE Leap 42.2 These are all security issues found in the gnome-online-accounts Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-0240 CVE-2013-1799 openSUSE Leap 42.2 These are all security issues found in the gnome-photos Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-7447 openSUSE Leap 42.2 These are all security issues found in the gnome-settings-daemon Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-7300 openSUSE Leap 42.2 These are all security issues found in the gnome-shell Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-4000 openSUSE Leap 42.2 These are all security issues found in the gnutls Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2008-4989 CVE-2011-4128 CVE-2012-0390 CVE-2012-1569 CVE-2012-1573 CVE-2014-0092 CVE-2014-1959 CVE-2014-3466 CVE-2014-8564 CVE-2015-0294 CVE-2015-3622 CVE-2015-6251 openSUSE Leap 42.2 These are all security issues found in the gpg2 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-2547 CVE-2013-4351 CVE-2013-4402 CVE-2014-4617 CVE-2015-1606 CVE-2015-1607 openSUSE Leap 42.2 These are all security issues found in the gpgme Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-3564 openSUSE Leap 42.2 These are all security issues found in the graphite2-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2016-1521 CVE-2016-1523 CVE-2016-1526 openSUSE Leap 42.2 These are all security issues found in the groff Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-5044 CVE-2009-5080 CVE-2009-5081 openSUSE Leap 42.2 These are all security issues found in the grub2 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-8370 openSUSE Leap 42.2 These are all security issues found in the gstreamer-0_10-plugins-bad Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-0797 openSUSE Leap 42.2 These are all security issues found in the gv Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-3386 openSUSE Leap 42.2 These are all security issues found in the gvim Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-0316 openSUSE Leap 42.2 These are all security issues found in the gzip Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-2624 CVE-2010-0001 openSUSE Leap 42.2 These are all security issues found in the hardlink Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-3630 CVE-2011-3631 CVE-2011-3632 openSUSE Leap 42.2 These are all security issues found in the hplip Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2004-0801 CVE-2010-4267 CVE-2011-2697 CVE-2011-2722 CVE-2013-4325 CVE-2013-6402 CVE-2013-6427 CVE-2015-0839 openSUSE Leap 42.2 These are all security issues found in the htmldoc Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-3050 openSUSE Leap 42.2 These are all security issues found in the hyper-v Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-2669 CVE-2012-5532 openSUSE Leap 42.2 These are all security issues found in the ibus-chewing Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-4509 openSUSE Leap 42.2 These are all security issues found in the icedtea-web-javadoc Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-2513 CVE-2011-2514 CVE-2011-3377 CVE-2012-3422 CVE-2012-3423 CVE-2012-4540 CVE-2013-1926 CVE-2013-1927 CVE-2013-4349 CVE-2015-5234 CVE-2015-5235 openSUSE Leap 42.2 These are all security issues found in the id3lib Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2007-4460 openSUSE Leap 42.2 These are all security issues found in the ipsec-tools Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-4047 openSUSE Leap 42.2 These are all security issues found in the iputils Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-2529 openSUSE Leap 42.2 These are all security issues found in the irssi Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-1959 CVE-2010-1154 CVE-2010-1155 CVE-2016-7044 CVE-2016-7045 CVE-2016-7553 openSUSE Leap 42.2 These are all security issues found in the jakarta-commons-fileupload Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-2186 CVE-2014-0050 openSUSE Leap 42.2 These are all security issues found in the java-1_8_0-openjdk Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-2590 CVE-2015-2597 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2627 CVE-2015-2628 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2659 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4734 CVE-2015-4736 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4868 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4901 CVE-2015-4902 CVE-2015-4903 CVE-2015-4906 CVE-2015-4908 CVE-2015-4911 CVE-2015-4916 CVE-2015-7575 CVE-2015-8126 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0475 CVE-2016-0483 CVE-2016-0494 CVE-2016-0636 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427 CVE-2016-3458 CVE-2016-3485 CVE-2016-3498 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3511 CVE-2016-3550 CVE-2016-3552 CVE-2016-3587 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610 openSUSE Leap 42.2 These are all security issues found in the jhead Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2008-4575 CVE-2008-4641 openSUSE Leap 42.2 These are all security issues found in the kbd Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-0460 openSUSE Leap 42.2 These are all security issues found in the kcoreaddons Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2016-7966 openSUSE Leap 42.2 These are all security issues found in the kdebase4-workspace-libs Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-0436 openSUSE Leap 42.2 These are all security issues found in the kdelibs4 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-3494 openSUSE Leap 42.2 These are all security issues found in the kdenetwork4-filesharing Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-1000 openSUSE Leap 42.2 These are all security issues found in the kdump Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2016-5759 openSUSE Leap 42.2 These are all security issues found in the kernel-default Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-3939 CVE-2009-4026 CVE-2009-4027 CVE-2009-4131 CVE-2009-4138 CVE-2009-4536 CVE-2009-4538 CVE-2010-1146 CVE-2010-1436 CVE-2010-1641 CVE-2010-2066 CVE-2010-2942 CVE-2010-2954 CVE-2010-2955 CVE-2010-3081 CVE-2010-3296 CVE-2010-3297 CVE-2010-3298 CVE-2010-3301 CVE-2010-3310 CVE-2011-0712 CVE-2011-1020 CVE-2011-1577 CVE-2011-2203 CVE-2012-0056 CVE-2013-0160 CVE-2013-0231 CVE-2013-0913 CVE-2013-2850 CVE-2013-4312 CVE-2014-0038 CVE-2014-00691 CVE-2014-0196 CVE-2015-7833 CVE-2015-7884 CVE-2015-7885 CVE-2015-8709 CVE-2015-8812 CVE-2016-0617 CVE-2016-0723 CVE-2016-0728 CVE-2016-0758 CVE-2016-1237 CVE-2016-1583 CVE-2016-2143 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-2383 CVE-2016-2384 CVE-2016-2847 CVE-2016-3134 CVE-2016-3135 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3672 CVE-2016-3689 CVE-2016-3713 CVE-2016-3951 CVE-2016-4470 CVE-2016-4482 CVE-2016-4486 CVE-2016-4557 CVE-2016-4558 CVE-2016-4569 CVE-2016-4578 CVE-2016-4794 CVE-2016-4805 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998 CVE-2016-5195 CVE-2016-5244 CVE-2016-5412 CVE-2016-5696 CVE-2016-5828 CVE-2016-5829 CVE-2016-6197 CVE-2016-6480 CVE-2016-6828 CVE-2016-7039 CVE-2016-7097 CVE-2016-7425 CVE-2016-8658 openSUSE Leap 42.2 These are all security issues found in the kinit Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2016-3100 openSUSE Leap 42.2 These are all security issues found in the kio-extras5 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-8600 openSUSE Leap 42.2 These are all security issues found in the klogd Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-3634 openSUSE Leap 42.2 These are all security issues found in the konversation Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-8483 openSUSE Leap 42.2 These are all security issues found in the krb5 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2002-2443 CVE-2009-0844 CVE-2009-0845 CVE-2009-0846 CVE-2009-0847 CVE-2009-3295 CVE-2009-4212 CVE-2010-0283 CVE-2010-0628 CVE-2010-1320 CVE-2010-1321 CVE-2010-1322 CVE-2010-1323 CVE-2010-1324 CVE-2010-4020 CVE-2010-4021 CVE-2010-4022 CVE-2011-0281 CVE-2011-0282 CVE-2011-0284 CVE-2011-0285 CVE-2011-1527 CVE-2011-1528 CVE-2011-1529 CVE-2011-1530 CVE-2012-1012 CVE-2012-1013 CVE-2012-1016 CVE-2013-1415 CVE-2013-1417 CVE-2013-1418 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 CVE-2014-5351 CVE-2014-5352 CVE-2014-5353 CVE-2014-5354 CVE-2014-5355 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 CVE-2015-2694 CVE-2015-2695 CVE-2015-2696 CVE-2015-2697 CVE-2015-2698 CVE-2015-8629 CVE-2015-8630 CVE-2015-8631 CVE-2016-3119 CVE-2016-3120 openSUSE Leap 42.2 These are all security issues found in the kscreenlocker Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2016-2312 openSUSE Leap 42.2 These are all security issues found in the lftp Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-0139 openSUSE Leap 42.2 These are all security issues found in the libFS6 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-1996 openSUSE Leap 42.2 These are all security issues found in the libHX28 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-2947 openSUSE Leap 42.2 These are all security issues found in the libIlmImf-Imf_2_1-21 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-1720 CVE-2009-1721 openSUSE Leap 42.2 These are all security issues found in the libImlib2-1 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-0991 openSUSE Leap 42.2 These are all security issues found in the libQt5Concurrent-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 openSUSE Leap 42.2 These are all security issues found in the libQt5WebKit5 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-8079 openSUSE Leap 42.2 These are all security issues found in the libX11-6 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-1981 CVE-2013-1997 CVE-2013-2004 CVE-2016-7942 openSUSE Leap 42.2 These are all security issues found in the libXRes1 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-1988 openSUSE Leap 42.2 These are all security issues found in the libXcursor-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-2003 openSUSE Leap 42.2 These are all security issues found in the libXext-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-1982 openSUSE Leap 42.2 These are all security issues found in the libXfixes-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-1983 CVE-2016-7944 openSUSE Leap 42.2 These are all security issues found in the libXfont-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-2895 CVE-2013-6462 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 CVE-2015-1802 CVE-2015-1803 CVE-2015-1804 openSUSE Leap 42.2 These are all security issues found in the libXi-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-1984 CVE-2013-1995 CVE-2013-1998 CVE-2016-7945 CVE-2016-7946 openSUSE Leap 42.2 These are all security issues found in the libXinerama-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-1985 openSUSE Leap 42.2 These are all security issues found in the libXp-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-2062 openSUSE Leap 42.2 These are all security issues found in the libXrandr-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-1986 openSUSE Leap 42.2 These are all security issues found in the libXrender-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-1987 CVE-2016-7949 CVE-2016-7950 openSUSE Leap 42.2 These are all security issues found in the libXt-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-2002 CVE-2013-2005 openSUSE Leap 42.2 These are all security issues found in the libXtst-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-2063 CVE-2016-7951 CVE-2016-7952 openSUSE Leap 42.2 These are all security issues found in the libXv-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-1989 CVE-2013-2066 CVE-2016-5407 openSUSE Leap 42.2 These are all security issues found in the libXvMC-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-1990 CVE-2013-1999 CVE-2016-7953 openSUSE Leap 42.2 These are all security issues found in the libXvnc1 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-0011 CVE-2014-8240 CVE-2015-0255 openSUSE Leap 42.2 These are all security issues found in the libXxf86dga-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-1991 CVE-2013-2000 openSUSE Leap 42.2 These are all security issues found in the libXxf86vm-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-2001 openSUSE Leap 42.2 These are all security issues found in the libapr-util1 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-0023 CVE-2009-2412 CVE-2009-3560 CVE-2009-3720 CVE-2010-1623 openSUSE Leap 42.2 These are all security issues found in the libapr1 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-2412 CVE-2011-0419 CVE-2011-1928 openSUSE Leap 42.2 These are all security issues found in the libass5 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2016-7969 CVE-2016-7972 openSUSE Leap 42.2 These are all security issues found in the libatomic1 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-5276 openSUSE Leap 42.2 These are all security issues found in the libavcodec57 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-8216 CVE-2015-8217 CVE-2015-8218 CVE-2015-8219 CVE-2015-8363 CVE-2015-8364 CVE-2015-8365 CVE-2015-8661 CVE-2015-8662 CVE-2015-8663 CVE-2016-1897 CVE-2016-1898 openSUSE Leap 42.2 These are all security issues found in the libblkid-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-0157 CVE-2014-9114 CVE-2015-5218 CVE-2016-2779 CVE-2016-5011 openSUSE Leap 42.2 These are all security issues found in the libdcerpc-binding0-32bit Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2010-0926 CVE-2010-1635 CVE-2010-1642 CVE-2010-2063 CVE-2010-3069 CVE-2011-0719 CVE-2011-2522 CVE-2011-2694 CVE-2012-0817 CVE-2012-0870 CVE-2012-1182 CVE-2012-2111 CVE-2012-6150 CVE-2013-0172 CVE-2013-0213 CVE-2013-0214 CVE-2013-0454 CVE-2013-1863 CVE-2013-4124 CVE-2013-4408 CVE-2013-4475 CVE-2013-4476 CVE-2013-4496 CVE-2013-6442 CVE-2014-0178 CVE-2014-0239 CVE-2014-0244 CVE-2014-3493 CVE-2014-3560 CVE-2014-8143 CVE-2015-0240 CVE-2015-3223 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 CVE-2015-5370 CVE-2015-7560 CVE-2015-8467 CVE-2015-8543 CVE-2016-0771 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2115 CVE-2016-2118 CVE-2016-2119 openSUSE Leap 42.2 These are all security issues found in the libdirectfb-1_7-1 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-2977 CVE-2014-2978 openSUSE Leap 42.2 These are all security issues found in the libdmx-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-1992 openSUSE Leap 42.2 These are all security issues found in the libecpg6 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2007-4772 CVE-2007-6600 CVE-2009-4034 CVE-2009-4136 CVE-2010-1169 CVE-2010-1170 CVE-2010-3433 CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 CVE-2012-2143 CVE-2012-2655 CVE-2012-3488 CVE-2012-3489 CVE-2013-0255 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 CVE-2015-5288 CVE-2015-5289 CVE-2016-0766 CVE-2016-0773 CVE-2016-5423 CVE-2016-5424 openSUSE Leap 42.2 These are all security issues found in the libevent-2_0-5 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-6272 openSUSE Leap 42.2 These are all security issues found in the libexif-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 openSUSE Leap 42.2 These are all security issues found in the libfbembed2_5 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-2492 openSUSE Leap 42.2 These are all security issues found in the libfreebl3 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-3170 CVE-2011-3389 CVE-2011-3640 CVE-2013-0743 CVE-2013-0791 CVE-2013-1620 CVE-2013-1739 CVE-2013-1740 CVE-2013-5605 CVE-2014-1490 CVE-2014-1491 CVE-2014-1492 CVE-2014-1568 CVE-2014-1569 CVE-2015-2721 CVE-2015-4000 CVE-2015-7181 CVE-2015-7182 CVE-2015-7575 CVE-2016-1950 CVE-2016-1979 CVE-2016-2834 openSUSE Leap 42.2 These are all security issues found in the libgadu-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-6487 CVE-2014-3775 openSUSE Leap 42.2 These are all security issues found in the libgc1 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-2673 openSUSE Leap 42.2 These are all security issues found in the libgcrypt-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-4242 CVE-2014-3591 CVE-2015-0837 CVE-2015-7511 CVE-2016-6313 openSUSE Leap 42.2 These are all security issues found in the libgnomesu Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-1946 openSUSE Leap 42.2 These are all security issues found in the libgssglue-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-2709 openSUSE Leap 42.2 These are all security issues found in the libgypsy0 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-0523 CVE-2011-0524 openSUSE Leap 42.2 These are all security issues found in the libhogweed2 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 openSUSE Leap 42.2 These are all security issues found in the libicu-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-9654 openSUSE Leap 42.2 These are all security issues found in the libid3tag0 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2008-2109 openSUSE Leap 42.2 These are all security issues found in the libidn-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-2059 CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 openSUSE Leap 42.2 These are all security issues found in the libimobiledevice-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-2142 CVE-2016-5104 openSUSE Leap 42.2 These are all security issues found in the libjasper-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-8137 CVE-2014-8138 CVE-2014-8157 CVE-2014-8158 CVE-2014-9029 openSUSE Leap 42.2 These are all security issues found in the libjavascriptcoregtk-1_0-0 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-5112 CVE-2012-5133 CVE-2014-1344 CVE-2014-1384 CVE-2014-1385 CVE-2014-1386 CVE-2014-1387 CVE-2014-1388 CVE-2014-1389 CVE-2014-1390 CVE-2014-1748 CVE-2015-1071 CVE-2015-1076 CVE-2015-1081 CVE-2015-1083 CVE-2015-1120 CVE-2015-1122 CVE-2015-1127 CVE-2015-1153 CVE-2015-1155 CVE-2015-2330 CVE-2015-3658 CVE-2015-3659 CVE-2015-3727 CVE-2015-3731 CVE-2015-3741 CVE-2015-3743 CVE-2015-3745 CVE-2015-3747 CVE-2015-3748 CVE-2015-3749 CVE-2015-3752 CVE-2015-5788 CVE-2015-5794 CVE-2015-5801 CVE-2015-5809 CVE-2015-5822 CVE-2015-5928 openSUSE Leap 42.2 These are all security issues found in the libjavascriptcoregtk-4_0-18 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2016-1856 CVE-2016-1857 CVE-2016-4590 CVE-2016-4591 CVE-2016-4622 CVE-2016-4624 openSUSE Leap 42.2 These are all security issues found in the libjbig2 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-6369 openSUSE Leap 42.2 These are all security issues found in the libjpeg-turbo Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-9092 openSUSE Leap 42.2 These are all security issues found in the libjson-c2 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-6370 CVE-2013-6371 openSUSE Leap 42.2 These are all security issues found in the libksba8 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-9087 CVE-2016-4574 CVE-2016-4579 openSUSE Leap 42.2 These are all security issues found in the liblcms-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-0793 CVE-2013-4276 openSUSE Leap 42.2 These are all security issues found in the libldap-2_4-2 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-6908 openSUSE Leap 42.2 These are all security issues found in the libldb1 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-3223 CVE-2015-5330 openSUSE Leap 42.2 These are all security issues found in the liblightdm-gobject-1-0 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-3153 CVE-2011-3349 CVE-2011-4105 CVE-2012-1111 openSUSE Leap 42.2 These are all security issues found in the libltdl7 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-3736 openSUSE Leap 42.2 These are all security issues found in the liblua5_2 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-5461 openSUSE Leap 42.2 These are all security issues found in the liblzo2-2 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-4607 openSUSE Leap 42.2 These are all security issues found in the libmbedtls9 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-8627 CVE-2014-8628 CVE-2015-1182 CVE-2015-5291 CVE-2015-7575 openSUSE Leap 42.2 These are all security issues found in the libmikmod3 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2007-6720 CVE-2009-0179 CVE-2009-3995 CVE-2009-3996 CVE-2010-2546 openSUSE Leap 42.2 These are all security issues found in the libminiupnpc10 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-3985 CVE-2015-6031 openSUSE Leap 42.2 These are all security issues found in the libmms-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-2892 openSUSE Leap 42.2 These are all security issues found in the libmodplug1 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-1761 CVE-2013-4233 CVE-2013-4234 openSUSE Leap 42.2 These are all security issues found in the libmpfr4 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-9474 openSUSE Leap 42.2 These are all security issues found in the libmspack0 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-2800 CVE-2010-2801 CVE-2014-9556 openSUSE Leap 42.2 These are all security issues found in the libmusicbrainz-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2006-4197 openSUSE Leap 42.2 These are all security issues found in the libmysqlclient-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2007-5970 CVE-2008-7247 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030 CVE-2010-5298 CVE-2012-5615 CVE-2013-1976 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-2494 CVE-2014-3470 CVE-2014-4207 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6474 CVE-2014-6478 CVE-2014-6484 CVE-2014-6489 CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496 CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564 CVE-2014-6568 CVE-2014-8964 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0391 CVE-2015-0411 CVE-2015-0432 CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2325 CVE-2015-2326 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-3152 CVE-2015-4792 CVE-2015-4802 CVE-2015-4807 CVE-2015-4815 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4913 CVE-2015-5969 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0655 CVE-2016-0666 CVE-2016-0668 CVE-2016-2047 CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 CVE-2016-6662 openSUSE Leap 42.2 These are all security issues found in the libndp0 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2016-3698 openSUSE Leap 42.2 These are all security issues found in the libneon27 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-2473 CVE-2009-2474 openSUSE Leap 42.2 These are all security issues found in the libnewt0_52 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-2905 openSUSE Leap 42.2 These are all security issues found in the libnghttp2-14 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2016-1544 openSUSE Leap 42.2 These are all security issues found in the libopenjpeg1 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-5030 CVE-2012-3358 CVE-2012-3535 CVE-2013-1447 CVE-2013-4289 CVE-2013-4290 CVE-2013-6045 CVE-2013-6052 CVE-2013-6053 CVE-2013-6054 CVE-2013-6887 CVE-2016-7445 openSUSE Leap 42.2 These are all security issues found in the libopenssl-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2006-7250 CVE-2008-5077 CVE-2009-0590 CVE-2009-0591 CVE-2009-0789 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2010-0740 CVE-2010-0742 CVE-2010-1633 CVE-2010-2939 CVE-2010-3864 CVE-2010-5298 CVE-2011-0014 CVE-2011-3207 CVE-2011-3210 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2012-0027 CVE-2012-0050 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2686 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 CVE-2014-0076 CVE-2014-0160 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-5139 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2015-3197 CVE-2015-3216 CVE-2015-4000 CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0799 CVE-2016-0800 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2109 CVE-2016-2176 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 CVE-2016-7052 openSUSE Leap 42.2 These are all security issues found in the libotr-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2016-2851 openSUSE Leap 42.2 These are all security issues found in the libpango-1_0-0 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-0020 CVE-2011-0064 openSUSE Leap 42.2 These are all security issues found in the libpcsclite1 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-0407 CVE-2010-4531 openSUSE Leap 42.2 These are all security issues found in the libpng12-0 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-1205 CVE-2011-2501 CVE-2011-3026 CVE-2011-3045 CVE-2011-3048 CVE-2012-3386 CVE-2013-7353 CVE-2013-7354 CVE-2015-7981 CVE-2015-8126 openSUSE Leap 42.2 These are all security issues found in the libpng16-16 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-1205 CVE-2011-2501 CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 CVE-2011-3328 CVE-2013-6954 CVE-2014-0333 CVE-2014-9495 CVE-2015-0973 CVE-2015-8126 openSUSE Leap 42.2 These are all security issues found in the libpolkit0 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-0750 CVE-2011-1485 CVE-2013-4288 CVE-2015-3218 CVE-2015-3255 CVE-2015-3256 CVE-2015-4625 openSUSE Leap 42.2 These are all security issues found in the libpoppler-cpp0 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 CVE-2009-3607 CVE-2009-3608 CVE-2013-1788 CVE-2013-1789 CVE-2013-1790 CVE-2013-4473 CVE-2013-4474 openSUSE Leap 42.2 These are all security issues found in the libproxy-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-4504 openSUSE Leap 42.2 These are all security issues found in the libpulse-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-3970 openSUSE Leap 42.2 These are all security issues found in the libpurple Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-2694 CVE-2009-2703 CVE-2009-3026 CVE-2009-3083 CVE-2009-3084 CVE-2009-3085 CVE-2009-3615 CVE-2010-0013 CVE-2010-0277 CVE-2010-0420 CVE-2010-0423 CVE-2010-1624 CVE-2010-2528 CVE-2010-3711 CVE-2011-1091 CVE-2011-3594 CVE-2012-2214 CVE-2012-3374 CVE-2012-6152 CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 CVE-2013-6477 CVE-2013-6478 CVE-2013-6479 CVE-2013-6481 CVE-2013-6482 CVE-2013-6483 CVE-2013-6484 CVE-2013-6485 CVE-2013-6486 CVE-2013-6487 CVE-2014-0020 CVE-2014-3694 CVE-2014-3695 CVE-2014-3696 CVE-2014-3697 CVE-2014-3698 openSUSE Leap 42.2 These are all security issues found in the libpython2_7-1_0 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-1521 CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-1753 CVE-2013-4238 CVE-2014-1912 CVE-2014-4650 CVE-2014-7185 CVE-2016-0772 CVE-2016-5636 CVE-2016-5699 openSUSE Leap 42.2 These are all security issues found in the libpython3_4m1_0 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-4238 CVE-2014-2667 CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 openSUSE Leap 42.2 These are all security issues found in the libqt4-32bit Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-0945 CVE-2011-3193 CVE-2011-3922 CVE-2012-4929 CVE-2012-6093 CVE-2013-0254 CVE-2013-4549 CVE-2014-0190 CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 openSUSE Leap 42.2 These are all security issues found in the libraptor2-0 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-0037 openSUSE Leap 42.2 These are all security issues found in the libraw-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-2126 CVE-2013-2127 CVE-2015-8367 openSUSE Leap 42.2 These are all security issues found in the libreoffice Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-2935 CVE-2010-2936 CVE-2014-0247 CVE-2014-3524 CVE-2014-3575 CVE-2014-3693 CVE-2014-8146 CVE-2014-8147 CVE-2014-9093 CVE-2015-4551 CVE-2015-45513 CVE-2015-5212 CVE-2015-5213 CVE-2015-5214 CVE-2016-0794 CVE-2016-0795 CVE-2016-4324 openSUSE Leap 42.2 These are all security issues found in the librsync2 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-8242 openSUSE Leap 42.2 These are all security issues found in the libruby2_1-2_1 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-8080 CVE-2014-8090 openSUSE Leap 42.2 These are all security issues found in the libserf-1-1 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-3504 openSUSE Leap 42.2 These are all security issues found in the libsmi Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-2891 openSUSE Leap 42.2 These are all security issues found in the libsndfile-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-0186 CVE-2011-2696 CVE-2014-9496 CVE-2014-9756 CVE-2015-7805 CVE-2015-8075 openSUSE Leap 42.2 These are all security issues found in the libsnmp30-32bit Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-2141 CVE-2014-2284 CVE-2014-2285 CVE-2014-3565 CVE-2015-5621 openSUSE Leap 42.2 These are all security issues found in the libsoup-2_4-1 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-2054 openSUSE Leap 42.2 These are all security issues found in the libspice-client-glib-2_0-8 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-4425 openSUSE Leap 42.2 These are all security issues found in the libspice-server1 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-4282 CVE-2015-3247 CVE-2015-5260 CVE-2015-5261 CVE-2016-0749 CVE-2016-2150 openSUSE Leap 42.2 These are all security issues found in the libsqlite3-0 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2016-6153 openSUSE Leap 42.2 These are all security issues found in the libsrtp1 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-2139 CVE-2015-6360 openSUSE Leap 42.2 These are all security issues found in the libssh-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-4559 CVE-2012-4560 CVE-2012-4561 CVE-2013-0176 CVE-2014-0017 CVE-2014-8132 CVE-2015-3146 CVE-2016-0739 openSUSE Leap 42.2 These are all security issues found in the libssh2-1 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-1782 CVE-2016-0787 openSUSE Leap 42.2 These are all security issues found in the libsss_idmap0 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-4341 CVE-2011-1758 CVE-2013-0219 CVE-2013-0220 CVE-2013-0287 openSUSE Leap 42.2 These are all security issues found in the libsvn_auth_gnome_keyring-1-0 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-2411 CVE-2010-3315 CVE-2010-4539 CVE-2010-4644 CVE-2011-0715 CVE-2011-1752 CVE-2011-1783 CVE-2011-1921 CVE-2013-1845 CVE-2013-1846 CVE-2013-1847 CVE-2013-1849 CVE-2013-1884 CVE-2013-1968 CVE-2013-2088 CVE-2013-2112 CVE-2013-4131 CVE-2013-4246 CVE-2013-4262 CVE-2013-4277 CVE-2013-4505 CVE-2013-4558 CVE-2014-0032 CVE-2014-3522 CVE-2014-3528 CVE-2014-3580 CVE-2014-8108 CVE-2015-0202 CVE-2015-0248 CVE-2015-0251 CVE-2015-3184 CVE-2015-3187 CVE-2015-5259 CVE-2015-5343 CVE-2016-2167 CVE-2016-2168 openSUSE Leap 42.2 These are all security issues found in the libsystemd0 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-1174 CVE-2013-4288 CVE-2016-7795 openSUSE Leap 42.2 These are all security issues found in the libtag-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-2396 openSUSE Leap 42.2 These are all security issues found in the libtasn1 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-3467 CVE-2014-3468 CVE-2014-3469 CVE-2015-2806 CVE-2015-3622 CVE-2016-4008 openSUSE Leap 42.2 These are all security issues found in the libtcnative-1-0 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-4000 openSUSE Leap 42.2 These are all security issues found in the libthai-data Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-4012 openSUSE Leap 42.2 These are all security issues found in the libthunarx-2-0 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-1588 openSUSE Leap 42.2 These are all security issues found in the libtidy-0_99-0 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-5522 CVE-2015-5523 openSUSE Leap 42.2 These are all security issues found in the libtiff-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-2285 CVE-2009-2347 CVE-2010-2065 CVE-2010-2067 CVE-2010-2233 CVE-2010-4665 CVE-2011-0192 CVE-2011-1167 CVE-2012-1173 CVE-2012-2113 CVE-2012-3401 CVE-2012-4564 CVE-2013-1960 CVE-2013-1961 CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9655 CVE-2015-1547 CVE-2015-7554 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2016-3186 CVE-2016-3622 CVE-2016-3623 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5875 openSUSE Leap 42.2 These are all security issues found in the libudisks2-0 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-0004 openSUSE Leap 42.2 These are all security issues found in the libupnp6 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-5958 CVE-2012-5959 CVE-2012-5960 CVE-2012-5961 CVE-2012-5962 CVE-2012-5963 CVE-2012-5964 CVE-2012-5965 openSUSE Leap 42.2 These are all security issues found in the libupsclient1 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-2944 openSUSE Leap 42.2 These are all security issues found in the libusbmuxd-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2016-5104 openSUSE Leap 42.2 These are all security issues found in the libvdpau1 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 openSUSE Leap 42.2 These are all security issues found in the libvirt Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-2242 CVE-2011-1146 CVE-2011-2511 CVE-2011-4600 CVE-2012-3445 CVE-2013-0170 CVE-2013-1962 CVE-2013-2218 CVE-2013-2230 CVE-2013-4153 CVE-2013-4154 CVE-2013-4239 CVE-2013-4296 CVE-2013-4297 CVE-2013-4311 CVE-2013-4399 CVE-2013-4400 CVE-2013-4401 CVE-2013-6436 CVE-2013-6457 CVE-2013-6458 CVE-2014-0028 CVE-2014-0179 CVE-2014-1447 CVE-2014-3633 CVE-2014-3657 CVE-2014-7823 CVE-2014-8136 CVE-2015-0236 CVE-2015-5247 CVE-2015-5313 openSUSE Leap 42.2 These are all security issues found in the libvorbis-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2008-1420 CVE-2009-3379 CVE-2012-0444 openSUSE Leap 42.2 These are all security issues found in the libvte9 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-2738 openSUSE Leap 42.2 These are all security issues found in the libwmf-0_2-7 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696 openSUSE Leap 42.2 These are all security issues found in the libxcb-composite0 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-2064 openSUSE Leap 42.2 These are all security issues found in the libxerces-c-3_1 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-1885 CVE-2015-0252 CVE-2016-0729 CVE-2016-2099 CVE-2016-4463 openSUSE Leap 42.2 These are all security issues found in the libxml2-2 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2010-4494 CVE-2011-1944 CVE-2012-5134 CVE-2013-0338 CVE-2013-1969 CVE-2014-0191 CVE-2014-3660 CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8035 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 CVE-2015-8710 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-3627 CVE-2016-3705 CVE-2016-4483 openSUSE Leap 42.2 These are all security issues found in the libyaml-0-2 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-6393 CVE-2014-2525 CVE-2014-9130 openSUSE Leap 42.2 These are all security issues found in the libzip-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-0421 CVE-2012-1162 CVE-2012-1163 CVE-2015-2331 openSUSE Leap 42.2 These are all security issues found in the links Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-4929 openSUSE Leap 42.2 These are all security issues found in the logrotate Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-1098 CVE-2011-1154 CVE-2011-1155 openSUSE Leap 42.2 These are all security issues found in the lynx Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2006-7234 CVE-2008-4690 CVE-2012-4929 openSUSE Leap 42.2 These are all security issues found in the mailman Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-0707 CVE-2015-2775 openSUSE Leap 42.2 These are all security issues found in the mailx Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2004-2771 CVE-2014-7844 openSUSE Leap 42.2 These are all security issues found in the mercurial Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-7545 CVE-2016-3068 CVE-2016-3069 CVE-2016-3105 CVE-2016-3630 openSUSE Leap 42.2 These are all security issues found in the monitoring-tools Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-6096 CVE-2013-7107 CVE-2013-7108 CVE-2014-2386 openSUSE Leap 42.2 These are all security issues found in the mosh Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-2385 openSUSE Leap 42.2 These are all security issues found in the mozilla-nspr Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-1545 CVE-2015-7183 openSUSE Leap 42.2 These are all security issues found in the mutt Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-0467 CVE-2014-9116 openSUSE Leap 42.2 These are all security issues found in the mysql-connector-java Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-2575 openSUSE Leap 42.2 These are all security issues found in the nagios Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-1523 CVE-2013-2214 openSUSE Leap 42.2 These are all security issues found in the nano Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-1160 CVE-2010-1161 openSUSE Leap 42.2 These are all security issues found in the nbd Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-0847 openSUSE Leap 42.2 These are all security issues found in the nspluginwrapper Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-2486 openSUSE Leap 42.2 These are all security issues found in the ntp Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-0159 CVE-2009-1252 CVE-2013-5211 CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 CVE-2014-9297 CVE-2014-9298 CVE-2015-1798 CVE-2015-1799 CVE-2015-3405 CVE-2015-5300 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-7871 CVE-2015-7973 CVE-2015-7974 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8139 CVE-2015-8140 CVE-2015-8158 CVE-2016-1547 CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-1551 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519 CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 openSUSE Leap 42.2 These are all security issues found in the obs-service-set_version Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-0593 openSUSE Leap 42.2 These are all security issues found in the ocaml Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-8869 openSUSE Leap 42.2 These are all security issues found in the openconnect Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-3291 CVE-2012-6128 CVE-2013-7098 openSUSE Leap 42.2 These are all security issues found in the openslp Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-3609 CVE-2016-4912 CVE-2016-6354 CVE-2016-7567 openSUSE Leap 42.2 These are all security issues found in the openssh Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-2653 CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 CVE-2015-8325 CVE-2016-0777 CVE-2016-0778 CVE-2016-1908 CVE-2016-3115 CVE-2016-6210 CVE-2016-6515 openSUSE Leap 42.2 These are all security issues found in the openvpn Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-8104 openSUSE Leap 42.2 These are all security issues found in the opie Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-2489 CVE-2011-2490 openSUSE Leap 42.2 These are all security issues found in the optipng Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2016-2191 openSUSE Leap 42.2 These are all security issues found in the osc Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-1095 CVE-2015-0778 openSUSE Leap 42.2 These are all security issues found in the p7zip Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-1038 CVE-2016-2335 openSUSE Leap 42.2 These are all security issues found in the pam Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-3430 CVE-2010-3431 CVE-2010-3853 CVE-2011-3148 CVE-2011-3149 CVE-2014-2583 CVE-2015-3238 openSUSE Leap 42.2 These are all security issues found in the pam-modules Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-3172 openSUSE Leap 42.2 These are all security issues found in the pam_krb5 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2008-3825 CVE-2009-1384 openSUSE Leap 42.2 These are all security issues found in the pam_ssh Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-1273 openSUSE Leap 42.2 These are all security issues found in the patch Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-4651 CVE-2015-1196 CVE-2015-1395 CVE-2015-1396 openSUSE Leap 42.2 These are all security issues found in the perl-32bit Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-2761 CVE-2010-4410 CVE-2010-4411 CVE-2010-4777 CVE-2015-8853 CVE-2016-1238 CVE-2016-2381 CVE-2016-6185 openSUSE Leap 42.2 These are all security issues found in the perl-Capture-Tiny Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-1875 openSUSE Leap 42.2 These are all security issues found in the perl-Config-IniFiles Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-2451 openSUSE Leap 42.2 These are all security issues found in the perl-HTML-Parser Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-3627 openSUSE Leap 42.2 These are all security issues found in the perl-LWP-Protocol-https Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-3230 openSUSE Leap 42.2 These are all security issues found in the perl-XML-LibXML Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-3451 openSUSE Leap 42.2 These are all security issues found in the perl-YAML-LibYAML Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-1152 CVE-2013-6393 CVE-2014-2525 CVE-2014-9130 openSUSE Leap 42.2 These are all security issues found in the pigz Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-1191 openSUSE Leap 42.2 These are all security issues found in the pitivi Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-0855 openSUSE Leap 42.2 These are all security issues found in the plasma5-desktop Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-8651 openSUSE Leap 42.2 These are all security issues found in the postgresql93-docs Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2007-4772 CVE-2007-6600 CVE-2009-4034 CVE-2009-4136 CVE-2010-1169 CVE-2010-1170 CVE-2010-3433 CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 CVE-2012-2143 CVE-2012-2655 CVE-2012-3488 CVE-2012-3489 CVE-2013-0255 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 CVE-2014-8161 CVE-2015-0241 CVE-2015-0242 CVE-2015-0243 CVE-2015-0244 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 CVE-2015-5288 CVE-2015-5289 CVE-2016-0766 CVE-2016-0773 openSUSE Leap 42.2 These are all security issues found in the ppp Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-3158 CVE-2015-3310 openSUSE Leap 42.2 These are all security issues found in the privoxy Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-1030 CVE-2015-1031 CVE-2015-1201 CVE-2015-1380 CVE-2015-1381 CVE-2015-1382 CVE-2016-1982 CVE-2016-1983 openSUSE Leap 42.2 These are all security issues found in the procmail Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-3618 openSUSE Leap 42.2 These are all security issues found in the pwgen Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-4440 CVE-2013-4442 openSUSE Leap 42.2 These are all security issues found in the python Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-4238 CVE-2016-0772 CVE-2016-5636 CVE-2016-5699 openSUSE Leap 42.2 These are all security issues found in the python-Pillow Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-3589 CVE-2014-3598 CVE-2016-0740 CVE-2016-0775 openSUSE Leap 42.2 These are all security issues found in the python-doc Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2016-0772 CVE-2016-5636 CVE-2016-5699 openSUSE Leap 42.2 These are all security issues found in the python-libxml2 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2012-5134 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-3627 CVE-2016-3705 CVE-2016-4483 openSUSE Leap 42.2 These are all security issues found in the python-pyOpenSSL Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-4314 openSUSE Leap 42.2 These are all security issues found in the python-pycrypto Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-2417 CVE-2013-1445 openSUSE Leap 42.2 These are all security issues found in the python-requests Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-1829 CVE-2014-1830 CVE-2015-2296 openSUSE Leap 42.2 These are all security issues found in the python3 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-4238 CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 openSUSE Leap 42.2 These are all security issues found in the python3-cupshelpers Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-4405 openSUSE Leap 42.2 These are all security issues found in the python3-doc Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 openSUSE Leap 42.2 These are all security issues found in the python3-pip Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-5123 CVE-2014-8991 CVE-2015-2296 openSUSE Leap 42.2 These are all security issues found in the python3-requests Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-1829 CVE-2014-1830 openSUSE Leap 42.2 These are all security issues found in the qemu Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2008-0928 CVE-2008-1945 CVE-2008-2382 CVE-2008-4539 CVE-2012-3515 CVE-2013-4148 CVE-2013-4149 CVE-2013-4150 CVE-2013-4151 CVE-2013-4526 CVE-2013-4527 CVE-2013-4529 CVE-2013-4530 CVE-2013-4531 CVE-2013-4533 CVE-2013-4534 CVE-2013-4535 CVE-2013-4536 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-4540 CVE-2013-4541 CVE-2013-4542 CVE-2013-4544 CVE-2013-6399 CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0150 CVE-2014-0182 CVE-2014-0222 CVE-2014-0223 CVE-2014-3461 CVE-2014-3640 CVE-2014-7840 CVE-2014-8106 CVE-2015-1779 CVE-2015-3209 CVE-2015-3456 CVE-2015-4037 CVE-2015-5154 CVE-2015-5225 CVE-2015-5278 CVE-2015-5279 CVE-2015-5745 CVE-2015-6815 CVE-2015-6855 CVE-2015-7295 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 CVE-2015-8504 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-3710 CVE-2016-3712 CVE-2016-4002 CVE-2016-4020 CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4952 CVE-2016-4964 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6351 CVE-2016-6490 CVE-2016-6833 CVE-2016-6836 CVE-2016-6888 CVE-2016-7116 CVE-2016-7155 CVE-2016-7156 CVE-2016-7157 openSUSE Leap 42.2 These are all security issues found in the qemu-linux-user Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2008-0928 CVE-2008-1945 CVE-2008-2382 CVE-2008-4539 CVE-2012-3515 CVE-2015-1779 CVE-2015-4037 CVE-2015-5278 CVE-2015-5279 CVE-2015-5745 CVE-2015-6815 CVE-2015-6855 CVE-2015-7295 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 CVE-2015-8504 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-3710 CVE-2016-3712 CVE-2016-4439 CVE-2016-4441 CVE-2016-4952 CVE-2016-4964 openSUSE Leap 42.2 These are all security issues found in the quagga Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-1674 CVE-2010-1675 CVE-2013-2236 CVE-2016-1245 CVE-2016-2342 CVE-2016-4049 openSUSE Leap 42.2 These are all security issues found in the radvd Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-3602 openSUSE Leap 42.2 These are all security issues found in the rpcbind Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-7236 openSUSE Leap 42.2 These are all security issues found in the rpm-32bit Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-6435 CVE-2014-8118 openSUSE Leap 42.2 These are all security issues found in the rsync Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-1097 CVE-2014-2855 CVE-2014-8242 CVE-2014-9512 openSUSE Leap 42.2 These are all security issues found in the rtkit Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-4326 openSUSE Leap 42.2 These are all security issues found in the ruby Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-4492 CVE-2010-0541 CVE-2011-1004 CVE-2011-1005 CVE-2011-4815 openSUSE Leap 42.2 These are all security issues found in the rxvt-unicode Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2008-1142 CVE-2014-3121 openSUSE Leap 42.2 These are all security issues found in the sblim-sfcb Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-5185 openSUSE Leap 42.2 These are all security issues found in the sddm Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-7271 CVE-2014-7272 CVE-2015-0856 openSUSE Leap 42.2 These are all security issues found in the shim Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-3675 CVE-2014-3676 CVE-2014-3677 openSUSE Leap 42.2 These are all security issues found in the squashfs Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-4024 CVE-2012-4025 openSUSE Leap 42.2 These are all security issues found in the squid Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-5643 CVE-2014-7141 CVE-2014-7142 CVE-2014-9749 CVE-2015-5400 CVE-2016-2390 CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-2572 CVE-2016-3947 CVE-2016-3948 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 openSUSE Leap 42.2 These are all security issues found in the squidGuard Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-3700 CVE-2009-3826 CVE-2015-8936 openSUSE Leap 42.2 These are all security issues found in the sudo Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-1163 CVE-2010-1646 CVE-2011-0010 CVE-2012-2337 CVE-2013-1775 CVE-2013-1776 CVE-2014-9680 openSUSE Leap 42.2 These are all security issues found in the sysconfig Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-4182 openSUSE Leap 42.2 These are all security issues found in the sysvinit-tools Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-2483 openSUSE Leap 42.2 These are all security issues found in the tar Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-0624 openSUSE Leap 42.2 These are all security issues found in the tcpdump Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-8767 CVE-2014-8768 CVE-2014-8769 CVE-2014-9140 CVE-2015-0261 CVE-2015-2153 CVE-2015-2154 CVE-2015-2155 openSUSE Leap 42.2 These are all security issues found in the telepathy-gabble Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-1000 CVE-2013-1431 openSUSE Leap 42.2 These are all security issues found in the telepathy-idle Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2007-6746 openSUSE Leap 42.2 These are all security issues found in the tftp Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-2199 openSUSE Leap 42.2 These are all security issues found in the tnftp Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-8517 openSUSE Leap 42.2 These are all security issues found in the tomcat Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-1976 CVE-2014-0050 CVE-2015-5174 CVE-2015-5345 CVE-2015-5346 CVE-2015-5351 CVE-2016-0706 CVE-2016-0714 CVE-2016-0763 CVE-2016-3092 openSUSE Leap 42.2 These are all security issues found in the transmission-common Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-4909 openSUSE Leap 42.2 These are all security issues found in the unixODBC Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-1145 openSUSE Leap 42.2 These are all security issues found in the unzip Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 CVE-2014-9636 openSUSE Leap 42.2 These are all security issues found in the update-alternatives Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-0840 openSUSE Leap 42.2 These are all security issues found in the viewvc Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-3356 CVE-2012-3357 openSUSE Leap 42.2 These are all security issues found in the vino Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-0904 CVE-2011-0905 CVE-2011-1164 openSUSE Leap 42.2 These are all security issues found in the virtualbox-guest-kmp-default Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-0224 CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0377 CVE-2015-0418 CVE-2015-0427 CVE-2015-3456 CVE-2015-4813 CVE-2015-4896 CVE-2016-0678 openSUSE Leap 42.2 These are all security issues found in the vorbis-tools Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2008-1686 CVE-2014-9638 CVE-2014-9639 CVE-2014-9640 CVE-2015-6749 openSUSE Leap 42.2 These are all security issues found in the vsftpd Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-1419 openSUSE Leap 42.2 These are all security issues found in the w3m Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-2074 CVE-2012-4929 openSUSE Leap 42.2 These are all security issues found in the wget Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-2252 CVE-2012-4929 CVE-2014-4877 CVE-2015-2059 CVE-2016-4971 openSUSE Leap 42.2 These are all security issues found in the wireshark Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2009-1210 CVE-2009-1267 CVE-2009-1268 CVE-2009-1269 CVE-2009-3241 CVE-2009-3242 CVE-2009-3243 CVE-2010-1455 CVE-2010-2993 CVE-2010-3445 CVE-2010-4300 CVE-2010-4301 CVE-2010-4538 CVE-2011-0024 CVE-2011-0538 CVE-2011-0713 CVE-2011-1138 CVE-2011-1139 CVE-2011-1140 CVE-2011-1143 CVE-2011-1590 CVE-2011-1591 CVE-2011-1592 CVE-2011-1957 CVE-2011-1958 CVE-2011-1959 CVE-2011-2174 CVE-2011-2175 CVE-2011-2597 CVE-2011-2698 CVE-2011-3266 CVE-2011-3360 CVE-2011-3483 CVE-2012-2392 CVE-2012-2393 CVE-2012-2394 CVE-2012-3548 CVE-2012-4048 CVE-2012-4049 CVE-2012-4285 CVE-2012-4286 CVE-2012-4287 CVE-2012-4288 CVE-2012-4289 CVE-2012-4290 CVE-2012-4291 CVE-2012-4292 CVE-2012-4293 CVE-2012-4294 CVE-2012-4295 CVE-2012-4296 CVE-2012-4297 CVE-2012-4298 CVE-2012-5237 CVE-2012-5238 CVE-2012-5239 CVE-2012-5240 CVE-2012-5592 CVE-2012-5593 CVE-2012-5594 CVE-2012-5595 CVE-2012-5596 CVE-2012-5597 CVE-2012-5598 CVE-2012-5599 CVE-2012-5600 CVE-2012-5601 CVE-2012-5602 CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580 CVE-2013-1581 CVE-2013-1582 CVE-2013-1583 CVE-2013-1584 CVE-2013-1585 CVE-2013-1586 CVE-2013-1587 CVE-2013-1588 CVE-2013-1589 CVE-2013-1590 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 CVE-2013-3555 CVE-2013-3556 CVE-2013-3557 CVE-2013-3558 CVE-2013-3559 CVE-2013-3560 CVE-2013-3561 CVE-2013-3562 CVE-2013-4083 CVE-2013-4920 CVE-2013-4921 CVE-2013-4922 CVE-2013-4923 CVE-2013-4924 CVE-2013-4925 CVE-2013-4926 CVE-2013-4927 CVE-2013-4928 CVE-2013-4929 CVE-2013-4930 CVE-2013-4931 CVE-2013-4932 CVE-2013-4933 CVE-2013-4934 CVE-2013-4935 CVE-2013-4936 CVE-2013-5717 CVE-2013-5718 CVE-2013-5719 CVE-2013-5720 CVE-2013-5721 CVE-2013-5722 CVE-2013-6336 CVE-2013-6337 CVE-2013-6338 CVE-2013-6339 CVE-2013-6340 CVE-2013-7112 CVE-2013-7113 CVE-2013-7114 CVE-2014-2281 CVE-2014-2282 CVE-2014-2283 CVE-2014-2299 CVE-2014-2907 CVE-2014-4020 CVE-2014-5161 CVE-2014-5162 CVE-2014-5163 CVE-2014-5164 CVE-2014-5165 CVE-2014-6423 CVE-2014-6424 CVE-2014-6425 CVE-2014-6426 CVE-2014-6427 CVE-2014-6428 CVE-2014-6429 CVE-2014-6430 CVE-2014-6431 CVE-2014-6432 CVE-2014-8710 CVE-2014-8711 CVE-2014-8712 CVE-2014-8713 CVE-2014-8714 CVE-2015-0559 CVE-2015-0560 CVE-2015-0561 CVE-2015-0562 CVE-2015-0563 CVE-2015-0564 CVE-2015-2187 CVE-2015-2188 CVE-2015-2189 CVE-2015-2190 CVE-2015-2191 CVE-2015-2192 CVE-2015-3808 CVE-2015-3809 CVE-2015-3810 CVE-2015-3811 CVE-2015-3812 CVE-2015-3813 CVE-2015-3814 CVE-2015-3815 CVE-2015-4651 CVE-2015-4652 CVE-2015-6241 CVE-2015-6242 CVE-2015-6243 CVE-2015-6244 CVE-2015-6245 CVE-2015-6246 CVE-2015-6247 CVE-2015-6248 CVE-2015-6249 CVE-2015-7830 CVE-2015-8711 CVE-2015-8718 CVE-2015-8720 CVE-2015-8721 CVE-2015-8722 CVE-2015-8723 CVE-2015-8724 CVE-2015-8725 CVE-2015-8726 CVE-2015-8727 CVE-2015-8728 CVE-2015-8729 CVE-2015-8730 CVE-2015-8731 CVE-2015-8732 CVE-2015-8733 CVE-2015-8734 CVE-2015-8735 CVE-2015-8736 CVE-2015-8737 CVE-2015-8738 CVE-2015-8739 CVE-2015-8740 CVE-2015-8741 CVE-2015-8742 CVE-2016-2522 CVE-2016-2523 CVE-2016-2524 CVE-2016-2525 CVE-2016-2526 CVE-2016-2527 CVE-2016-2528 CVE-2016-2529 CVE-2016-2530 CVE-2016-2531 CVE-2016-2532 CVE-2016-5350 CVE-2016-5351 CVE-2016-5352 CVE-2016-5353 CVE-2016-5354 CVE-2016-5355 CVE-2016-5356 CVE-2016-5357 CVE-2016-5358 CVE-2016-6505 CVE-2016-6508 CVE-2016-6509 CVE-2016-6510 CVE-2016-6511 CVE-2016-6512 CVE-2016-6513 CVE-2016-7175 CVE-2016-7176 CVE-2016-7177 CVE-2016-7178 CVE-2016-7179 CVE-2016-7180 openSUSE Leap 42.2 These are all security issues found in the wpa_supplicant Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-3686 CVE-2015-0210 CVE-2015-1863 CVE-2015-4141 CVE-2015-4142 CVE-2015-4143 CVE-2015-5130 CVE-2015-5310 CVE-2015-8041 openSUSE Leap 42.2 These are all security issues found in the xalan-j2 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-0107 openSUSE Leap 42.2 These are all security issues found in the xen Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-1898 CVE-2012-0029 CVE-2012-0217 CVE-2012-2625 CVE-2012-3432 CVE-2012-3433 CVE-2012-4411 CVE-2012-4535 CVE-2012-4536 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-4544 CVE-2012-5510 CVE-2012-5511 CVE-2012-5513 CVE-2012-5514 CVE-2012-5515 CVE-2012-5525 CVE-2012-5634 CVE-2012-6075 CVE-2013-0151 CVE-2013-0152 CVE-2013-0153 CVE-2013-1442 CVE-2013-1917 CVE-2013-1918 CVE-2013-1919 CVE-2013-1922 CVE-2013-1952 CVE-2013-2007 CVE-2013-3495 CVE-2013-4355 CVE-2013-4356 CVE-2013-4361 CVE-2013-4375 CVE-2013-4416 CVE-2013-4494 CVE-2013-4533 CVE-2013-4534 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-4540 CVE-2013-4551 CVE-2013-4553 CVE-2013-4554 CVE-2014-0222 CVE-2014-3124 CVE-2014-3640 CVE-2014-3672 CVE-2014-5146 CVE-2014-5149 CVE-2014-6268 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-7188 CVE-2014-7815 CVE-2015-1779 CVE-2015-3259 CVE-2015-3340 CVE-2015-3456 CVE-2015-4037 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106 CVE-2015-5154 CVE-2015-5239 CVE-2015-5278 CVE-2015-5307 CVE-2015-6815 CVE-2015-6855 CVE-2015-7311 CVE-2015-7504 CVE-2015-7512 CVE-2015-7549 CVE-2015-7835 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8104 CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 CVE-2015-8345 CVE-2015-8504 CVE-2015-8550 CVE-2015-8554 CVE-2015-8555 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8615 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-1568 CVE-2016-1570 CVE-2016-1571 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-2270 CVE-2016-2271 CVE-2016-2391 CVE-2016-2392 CVE-2016-2538 CVE-2016-2841 CVE-2016-4439 CVE-2016-4441 CVE-2016-5238 CVE-2016-5338 CVE-2016-6258 CVE-2016-6259 CVE-2016-6351 CVE-2016-7092 CVE-2016-7093 CVE-2016-7094 openSUSE Leap 42.2 These are all security issues found in the xf86-video-intel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2014-4910 openSUSE Leap 42.2 These are all security issues found in the xfsprogs Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-2150 openSUSE Leap 42.2 These are all security issues found in the xinetd Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2012-0862 CVE-2013-4342 openSUSE Leap 42.2 These are all security issues found in the xlockmore Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2013-4143 openSUSE Leap 42.2 These are all security issues found in the xorg-x11 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-0465 openSUSE Leap 42.2 These are all security issues found in the xorg-x11-devel Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-2895 openSUSE Leap 42.2 These are all security issues found in the xorg-x11-server Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2010-2240 CVE-2013-1940 CVE-2013-4396 CVE-2013-6424 CVE-2015-3164 openSUSE Leap 42.2 These are all security issues found in the xscreensaver Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2015-8025 openSUSE Leap 42.2 These are all security issues found in the yast2 Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-3177 openSUSE Leap 42.2 These are all security issues found in the yast2-core Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2011-2483 CVE-2011-3177 openSUSE Leap 42.2 These are all security issues found in the yast2-users Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2016-1601 openSUSE Leap 42.2 These are all security issues found in the zoo Package on the GA media of openSUSE Leap 42.2. Moderate CVE-2006-0855 CVE-2007-1669 openSUSE Leap 42.2 NonFree This update to Opera 41.0.2353.56 fixes the following issues: - Crash on refreshing of tooltip text when deleting a bookmarks bar bookmark in folder menu - Crash if host player closed right after opening detached video - Various minor UI issues - XSS in Personalized Newsreader - Chromium has been updated to the 54.0.2840.87 version Moderate openSUSE Leap 42.2 mysql-community-server was updated to 5.6.34 to fix the following issues: * Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html * fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-5584, CVE-2016-5617, CVE-2016-5616, CVE-2016-5626, CVE-2016-3492, CVE-2016-5629, CVE-2016-5507, CVE-2016-8283, CVE-2016-5609, CVE-2016-5612, CVE-2016-5627, CVE-2016-5630, CVE-2016-8284, CVE-2016-8288, CVE-2016-3477, CVE-2016-2105, CVE-2016-3486, CVE-2016-3501, CVE-2016-3521, CVE-2016-3615, CVE-2016-3614, CVE-2016-3459, CVE-2016-5439, CVE-2016-5440 * fixes SUSE Bugs: [boo#999666], [boo#998309], [boo#1005581], [boo#1005558], [boo#1005563], [boo#1005562], [boo#1005566], [boo#1005555], [boo#1005569], [boo#1005557], [boo#1005582], [boo#1005560], [boo#1005561], [boo#1005567], [boo#1005570], [boo#1005583], [boo#1005586], [boo#989913], [boo#977614], [boo#989914], [boo#989915], [boo#989919], [boo#989922], [boo#989921], [boo#989911], [boo#989925], [boo#989926] - append "--ignore-db-dir=lost+found" to the mysqld options in "mysql-systemd-helper" script if "lost+found" directory is found in $datadir [boo#986251] - remove syslog.target from *.service files [boo#983938] - add systemd to deps to build on leap and friends - replace '%{_libexecdir}/systemd/system' with %{_unitdir} macro - remove useless mysql@default.service [boo#971456] - replace all occurrences of the string "@sysconfdir@" with "/etc" in mysql-community-server-5.6.3-logrotate.patch as it wasn't expanded properly [boo#990890] - remove '%define _rundir' as 13.1 is out of support scope - run 'usermod -g mysql mysql' only if mysql user is not in mysql group. Run 'usermod -s /bin/false/ mysql' only if mysql user doesn't have '/bin/false' shell set. - re-enable mysql profiling Important SUSE bug 1005555 SUSE bug 1005557 SUSE bug 1005558 SUSE bug 1005560 SUSE bug 1005561 SUSE bug 1005562 SUSE bug 1005563 SUSE bug 1005566 SUSE bug 1005567 SUSE bug 1005569 SUSE bug 1005570 SUSE bug 1005581 SUSE bug 1005582 SUSE bug 1005583 SUSE bug 1005586 SUSE bug 971456 SUSE bug 977614 SUSE bug 983938 SUSE bug 986251 SUSE bug 989911 SUSE bug 989913 SUSE bug 989914 SUSE bug 989915 SUSE bug 989919 SUSE bug 989921 SUSE bug 989922 SUSE bug 989925 SUSE bug 989926 SUSE bug 990890 SUSE bug 998309 SUSE bug 999666 CVE-2016-2105 CVE-2016-3459 CVE-2016-3477 CVE-2016-3486 CVE-2016-3492 CVE-2016-3501 CVE-2016-3521 CVE-2016-3614 CVE-2016-3615 CVE-2016-5439 CVE-2016-5440 CVE-2016-5507 CVE-2016-5584 CVE-2016-5609 CVE-2016-5612 CVE-2016-5616 CVE-2016-5617 CVE-2016-5626 CVE-2016-5627 CVE-2016-5629 CVE-2016-5630 CVE-2016-6304 CVE-2016-6662 CVE-2016-7440 CVE-2016-8283 CVE-2016-8284 CVE-2016-8288 openSUSE Leap 42.2 This update to Chromium 54.0.2840.100 fixes the following vulnerabilities: - CVE-2016-5199: Heap corruption in FFmpeg (boo#1009892) - CVE-2016-5200: out of bounds memory access in v8 (boo#1009893) - CVE-2016-5201: info leak in extensions (boo#1009894) - CVE-2016-5202: various fixes from internal audits (boo#1009895) Important SUSE bug 1009892 SUSE bug 1009893 SUSE bug 1009894 SUSE bug 1009895 CVE-2016-5199 CVE-2016-5200 CVE-2016-5201 CVE-2016-5202 openSUSE Leap 42.2 This update for php5 fixes the following security issues: - CVE-2016-7568: A specially crafted image file could cause an application crash or potentially execute arbitrary code when the image is converted to webp (bsc#1001900) - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf (bsc#1004924) - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf() (bsc#1005274) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1001900 SUSE bug 1004924 SUSE bug 1005274 CVE-2016-6911 CVE-2016-7568 CVE-2016-8670 openSUSE Leap 42.2 This update for jasper to version 1.900.14 fixes several issues. These security issues were fixed: - CVE-2016-8887: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (bsc#1006836) - CVE-2016-8886: memory allocation failure in jas_malloc (jas_malloc.c) (bsc#1006599) - CVE-2016-8884,CVE-2016-8885: two null pointer dereferences in bmp_getdata (incomplete fix for CVE-2016-8690) (bsc#1007009) - CVE-2016-8883: assert in jpc_dec_tiledecode() (bsc#1006598) - CVE-2016-8882: segfault / null pointer access in jpc_pi_destroy (bsc#1006597) - CVE-2016-8881: Heap overflow in jpc_getuint16() (bsc#1006593) - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox() (bsc#1006591) - CVE-2016-8693 Double free vulnerability in mem_close (bsc#1005242) - CVE-2016-8691, CVE-2016-8692: Divide by zero in jpc_dec_process_siz (bsc#1005090) - CVE-2016-8690: Null pointer dereference in bmp_getdata triggered by crafted BMP image (bsc#1005084) - CVE-2016-2116: Memory leak in the jas_iccprof_createfrombuf function in JasPer allowed remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file (bsc#968373) - CVE-2016-2089: invalid read in the JasPer's jas_matrix_clip() function (bsc#963983) - CVE-2016-1867: Out-of-bounds Read in the JasPer's jpc_pi_nextcprl() function (bsc#961886) - CVE-2015-5221: Use-after-free (and double-free) in Jasper JPEG-200 (bsc#942553). - CVE-2015-5203: Double free corruption in JasPer JPEG-2000 implementation (bsc#941919) - CVE-2008-3522: Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer might have allowed context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (bsc#392410) - jasper: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (incomplete fix for CVE-2016-8887) (bsc#1006839) For additional change description please have a look at the changelog. This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1005084 SUSE bug 1005090 SUSE bug 1005242 SUSE bug 1006591 SUSE bug 1006593 SUSE bug 1006597 SUSE bug 1006598 SUSE bug 1006599 SUSE bug 1006836 SUSE bug 1006839 SUSE bug 1007009 SUSE bug 392410 SUSE bug 941919 SUSE bug 942553 SUSE bug 961886 SUSE bug 963983 SUSE bug 968373 CVE-2008-3522 CVE-2014-8158 CVE-2015-5203 CVE-2015-5221 CVE-2016-1577 CVE-2016-1867 CVE-2016-2089 CVE-2016-2116 CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8884 CVE-2016-8885 CVE-2016-8886 CVE-2016-8887 openSUSE Leap 42.2 This update for memcached fixes the following security issues: - CVE-2016-8704: Server append/prepend remote code execution (boo#1007871) - CVE-2016-8705: Server update remote code execution (boo#1007870) - CVE-2016-8706: Server ASL authentication remote code execution (boo#1007869) In addition, memcached was updated to 1.4.33 to include all upstream improvements and bugfixes. Moderate SUSE bug 1007869 SUSE bug 1007870 SUSE bug 1007871 CVE-2016-8704 CVE-2016-8705 CVE-2016-8706 openSUSE Leap 42.2 This update for otrs fixes the following security issues: - CVE-2016-9139: execution of JavaScript in OTRS context by opening malicious attachment (OSA-2016-02, bsc#1008017) In addition, OTRS was updated to 3.3.16, containing all upstream improvements and bug fixes. Moderate SUSE bug 1008017 CVE-2016-9139 openSUSE Leap 42.2 This update to Mozilla Firefox 50.0 fixes a number of security issues. The following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89): - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bmo#1292443) - CVE-2016-5292: URL parsing causes crash (bmo#1288482) - CVE-2016-5297: Incorrect argument length checking in Javascript (bmo#1303678) - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bmo#1303418) - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bmo#1299686) - CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore (bmo#1301777, bmo#1308922 (CVE-2016-9069)) - CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973) - CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges (bmo#1295324) - CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them (bmo#1298552) - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bmo#1292159) - CVE-2016-9070: Sidebar bookmark can have reference to chrome window (bmo#1281071) - CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl" (bmo#1289273) - CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s (bmo#1276976) - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in expat (bmo#1274777) - CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP (bmo#1285003) - CVE-2016-5289: Memory safety bugs fixed in Firefox 50 - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 The following vulnerabilities were fixed in Mozilla NSS 3.26.1: - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bmo#1293334) Mozilla Firefox now requires mozilla-nss 3.26.2. New features in Mozilla Firefox: - Updates to keyboard shortcuts Set a preference to have Ctrl+Tab cycle through tabs in recently used order View a page in Reader Mode by using Ctrl+Alt+R - Added option to Find in page that allows users to limit search to whole words only - Added download protection for a large number of executable file types on Windows, Mac and Linux - Fixed rendering of dashed and dotted borders with rounded corners (border-radius) - Added a built-in Emoji set for operating systems without native Emoji fonts - Blocked versions of libavcodec older than 54.35.1 - additional locale mozilla-nss was updated to 3.26.2, incorporating the following changes: - the selfserv test utility has been enhanced to support ALPN (HTTP/1.1) and 0-RTT - The following CA certificate was added: CN = ISRG Root X1 - NPN is disabled and ALPN is enabled by default - MD5 signature algorithms sent by the server in CertificateRequest messages are now properly ignored Important SUSE bug 1009026 SUSE bug 1010395 SUSE bug 1010399 SUSE bug 1010401 SUSE bug 1010402 SUSE bug 1010404 SUSE bug 1010405 SUSE bug 1010406 SUSE bug 1010408 SUSE bug 1010409 SUSE bug 1010410 SUSE bug 1010420 SUSE bug 1010421 SUSE bug 1010422 SUSE bug 1010423 SUSE bug 1010424 SUSE bug 1010425 SUSE bug 1010426 SUSE bug 1010427 CVE-2016-5289 CVE-2016-5290 CVE-2016-5291 CVE-2016-5292 CVE-2016-5296 CVE-2016-5297 CVE-2016-9063 CVE-2016-9064 CVE-2016-9066 CVE-2016-9067 CVE-2016-9068 CVE-2016-9069 CVE-2016-9070 CVE-2016-9071 CVE-2016-9073 CVE-2016-9074 CVE-2016-9075 CVE-2016-9076 CVE-2016-9077 openSUSE Leap 42.2 This update for monit fixes the following issues: - CVE-2016-7067: A malicious attacker could have used a cross-site request forgery vulnerability to trick an authenticated user to perform monit actions. Monit was updated to 5.20, containing all upstream improvements and bug fixes. The following tracked packaging bugs were fixed: - disable sslv3 according to RFC7568 (boo#974763) - fixed pid file directory (boo#971647) Moderate SUSE bug 1007455 SUSE bug 971647 SUSE bug 974763 CVE-2014-3566 CVE-2016-7067 openSUSE Leap 42.2 This update for dovecot22 fixes the following issues: - dovecot insecure SSL/TLS key and certificate file creation (CVE-2016-4983, bnc#984639) Moderate SUSE bug 984639 CVE-2016-4983 openSUSE Leap 42.2 This update for gnuchess fixes a security issue: - CVE-2015-8972: specially crafted user input may have caused gnuchess to crash (boo#1010143) Low SUSE bug 1010143 CVE-2015-8972 openSUSE Leap 42.2 This update to ffmpeg 3.2 fixes the following issues: - CVE-2016-5199: Heap corruption in FFmpeg (boo#1009892) FFmpeg was updated to version 3.2, incorporating the following upstream improvements: - SDL2 output device and ffplay support - SDL1 output device and SDL1 support removed - New: libopenmpt demuxer, fifo muxer, True Audio (TTA) muxer - New filters: weave, gblur, avgblur, sobel, prewitt, vaguedenoiser, yuvtestsrc, lut2, hysteresis, maskedclamp, crystalizer, acrusher, bitplanenoise, sidedata, asidedata - Non-Local Means (nlmeans) denoising filter - 16-bit support in curves filter and selectivecolor filter - Added threads option per filter instance - The "curves" filter does not automatically insert points at x=0 and x=1 anymore - Matroska muxer now writes CRC32 elements by default in all Level 1 elements - New "tee" protocol - VP8 in Ogg muxing - Floating point support in ALS decoder - Extended mov edit list support - Changed mapping of RTP MIME type G726 to codec g726le. Also contains a collection of upstream bug fixes. Moderate SUSE bug 1009892 CVE-2016-5199 openSUSE Leap 42.2 This update for virtualbox fixes the following issues: - Fixes CVE-2016-5501,CVE-2016-5538,CVE-2016-5605,CVE-2016-5608,CVE-2016-5610,CVE-2016-5611,CVE-2016-5613 (bsc#1005621) - Add patch to limit number of simultaneous make jobs. - Version bump to 5.1.8 (released 2016-10-18 by Oracle) This is a maintenance release. The following items were fixed and/or added: GUI: fixed keyboard shortcut handling regressions (Mac OS X hosts only; bugs #15937 and #15938) GUI: fixed keyboard handling regression for separate UI (Windows hosts only; bugs #15928) NAT: don't exceed the maximum number of "search" suffixes. Patch from bug #15948. NAT: fixed parsing of port-forwarding rules with a name which contains a slash (bug #16002) NAT Network: when the host has only loopback nameserver that cannot be mapped to the guests (e.g. dnsmasq running on 127.0.1.1), make DHCP supply NAT Network DNS proxy as nameserver. Bridged Network: prevent flooding syslog with packet allocation error messages (bug #15569) Audio: now using Audio Queues on Mac OS X hosts Audio: fixed recording with the PulseAudio backend (5.1 regression) Audio: various bugfixes Snapshots: fixed regression in 5.1.4 for deleting snapshots with several disks (bug #15831) Snapshots: crash fix and better error reporting when snapshot deletion failed Storage: some fixes for the NVMe emulation with Windows guests API: fixed initialization of SAS controllers (bug #15972) Build system: make it possible to build VBox on systems which default to Python 3 Windows Additions / VGA: if the guest's power management turns a virtual screen off, blank the corresponding VM window rather than hide the window Windows Additions: fixed a generic bug which could lead to freezing shared folders (bug #15662) Linux hosts / guests: fix for kernels with CONFIG_CPUMASK_OFFSTACK set (bug #16020) Linux Additions: don't require all virtual consoles be in text mode. This should fix cases when the guest is booted with a graphical boot screen (bug #15683) Linux Additions: added depmod overrides for the vboxguest and vboxsf kernel modules to fix conflicts with modules shipped by certain Linux distributions X11 Additions: disable 3D on the guest if the host does not provide enough capabilities (bug #15860) - Builds keep running out of memory when building the web server part of the package. To help the memory pressure, I have forced make to run with "-j2", rather than use the number of processors. Such a change will slow the build, but will result in a higher rate of success. - Increase memory allowed in build to 10000 MB. - Remove file "fix_removal_of_DEFINE_PCI_DEVICE_TABLE" - fixed upstream. - Version bump to 5.1.6 (released 2016-09-12 by Oracle) This is a maintenance release. The following items were fixed and/or added: GUI: fixed issue with opening '.vbox' files and it's aliases GUI: keyboard grabbing fixes (bugs #15771 and #15745) GUI: fix for passing through Ctrl + mouse-click (Mac OS X hosts only; bug #15714) GUI: fixed automatic deletion of extension pack files (bugs #11352 and #14742) USB: fixed showing unknown device instead of the manufacturer or product description under certain circumstances (5.1.0 regression; bug #15764) XHCI: another fix for a hanging guest under certain conditions as result of the fix for bug #15747, this time for Windows 7 guests Serial: fixed high CPU usage with certain USB to serial converters on Linux hosts (bug #7796) Storage: fixed attaching stream optimized VMDK images (bug #14764) Storage: reject image variants which are unsupported by the backend (bug #7227) Storage: fixed loading saved states created with VirtualBox 5.0.10 and older when using a SCSI controller (bug #15865) Storage: fixed broken NVMe emulation if the host I/O cache setting is enabled Storage: fixed using multiple NVMe controllers if ICH9 is used NVMe: fixed a crash during reset which could happen under certain circumstances Audio: fixed microphone input (5.1.2 regression; bugs #14386 and #15802) Audio: fixed crashes under certain conditions (5.1.0 regression; bug #15887 and others) Audio: fixed recording with the ALSA backend (5.1 regression) Audio: fixed stream access mode with OSS backend (5.1 regression, thanks to Jung-uk Kim) E1000: do also return masked bits when reading the ICR register, this fixes booting from iPXE (5.1.2 regression; bug #15846) BIOS: fixed 4bpp scanline calculation (bug #15787) API: relax the check for the version attribute in OVF/OVA appliances (bug #15856) Windows hosts: fixed crashes when terminating the VM selector or other VBox COM clients (bug #15726 and others) Linux Installer: fixed path to the documentation in .rpm packages (5.1.0 regression) Linux Installer: fixed the vboxdrv.sh script to prevent an SELinux complaint (bug #15816) Linux hosts: don't use 32-bit legacy capabilities Linux Additions: Linux 4.8 fix for the kernel display driver (bugs #15890 and #15896) Linux Additions: don't load the kernel modules provided by the Linux distribution but load the kernel modules from the official Guest Additions package instead (bug #15324) Linux Additions: fix dynamic resizing problems in recent Linux guests (bug #15875) User Manual: fixed error in the VBoxManage chapter for the getextradata enumerate example (bug #15862) - Add file "fix_removal_of_DEFINE_PCI_DEVICE_TABLE" to compile on kernel 4.8. Moderate SUSE bug 1005621 CVE-2016-5501 CVE-2016-5538 CVE-2016-5605 CVE-2016-5608 CVE-2016-5610 CVE-2016-5611 CVE-2016-5613 openSUSE Leap 42.2 This update for libtcnative-1-0 fixes the following issues: - Upgrade to libtcnative-1.1.34 (bugfix release) (bsc#1004455) See https://tomcat.apache.org/native-1.1-doc/miscellaneous/changelog.html * Unconditionally disable export Ciphers. * Improve ephemeral key handling for DH and ECDH. Parameter strength is by default derived from the certificate key strength. * APIs SSL.generateRSATempKey() and SSL.loadDSATempKey() are no longer supported. * Various bugfixes. This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1004455 openSUSE Leap 42.2 This update for pacemaker fixes the following issues: Security issues fixed: - CVE-2016-7797: Notify other clients of a new connection only if the handshake has completed (bsc#967388, bsc#1002767). - CVE-2016-7035: Fixed improper IPC guarding in pacemaker (bsc#1007433). Bug fixes: - bsc#1003565: crmd: Record pending operations in the CIB before they are performed - bsc#1000743: pengine: Do not fence a maintenance node if it shuts down cleanly - bsc#987348: ping: Avoid temporary files for fping check - bsc#986644: libcrmcommon: report errors consistently when waiting for data on connection - bsc#986644: remote: Correctly calculate the remaining timeouts when receiving messages This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1000743 SUSE bug 1002767 SUSE bug 1003565 SUSE bug 1007433 SUSE bug 967388 SUSE bug 986644 SUSE bug 987348 CVE-2016-7035 CVE-2016-7797 openSUSE Leap 42.2 OpenJDK Java was updated to jdk8u111 (icedtea 3.2.0) to fix the following issues: * Security fixes + S8146490: Direct indirect CRL checks + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (bsc#1005522) + S8156794: Extend data sharing + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (bsc#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (bsc#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (bsc#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (bsc#1005527) + S8160838, CVE-2016-5597: Better HTTP service (bsc#1005528) + PR3206, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (bsc#1005524) * New features + PR1370: Provide option to build without debugging + PR1375: Provide option to strip and link debugging info after build + PR1537: Handle alternative Kerberos credential cache locations + PR1978: Allow use of system PCSC + PR2445: Support system libsctp + PR3182: Support building without pre-compiled headers + PR3183: Support Fedora/RHEL system crypto policy + PR3221: Use pkgconfig to detect Kerberos CFLAGS and libraries * Import of OpenJDK 8 u102 build 14 + S4515292: ReferenceType.isStatic() returns true for arrays + S4858370: JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command + S6976636: JVM/TI test ex03t001 fails assertion + S7185591: jcmd-big-script.sh ERROR: could not find app's Java pid. + S8017462: G1: guarantee fails with UseDynamicNumberOfGCThreads + S8034168: ThreadMXBean/Locks.java failed, blocked on wrong object + S8036006: [TESTBUG] sun/tools/native2ascii/NativeErrors.java fails: Process exit code was 0, but error was expected. + S8041781: Need new regression tests for PBE keys + S8041787: Need new regressions tests for buffer handling for PBE algorithms + S8043836: Need new tests for AES cipher + S8044199: Tests for RSA keys and key specifications + S8044772: TempDirTest.java still times out with -Xcomp + S8046339: sun.rmi.transport.DGCAckHandler leaks memory + S8047031: Add SocketPermission tests for legacy socket types + S8048052: Permission tests for setFactory + S8048138: Tests for JAAS callbacks + S8048147: Privilege tests with JAAS Subject.doAs + S8048356: SecureRandom default provider tests + S8048357: PKCS basic tests + S8048360: Test signed jar files + S8048362: Tests for doPrivileged with accomplice + S8048596: Tests for AEAD ciphers + S8048599: Tests for key wrap and unwrap operations + S8048603: Additional tests for MAC algorithms + S8048604: Tests for strong crypto ciphers + S8048607: Test key generation of DES and DESEDE + S8048610: Implement regression test for bug fix of 4686632 in JCE + S8048617: Tests for PKCS12 read operations + S8048618: Tests for PKCS12 write operations. + S8048619: Implement tests for converting PKCS12 keystores + S8048624: Tests for SealedObject + S8048819: Implement reliability test for DH algorithm + S8048820: Implement tests for SecretKeyFactory + S8048830: Implement tests for new functionality provided in JEP 166 + S8049237: Need new tests for X509V3 certificates + S8049321: Support SHA256WithDSA in JSSE + S8049429: Tests for java client server communications with various TLS/SSL combinations. + S8049432: New tests for TLS property jdk.tls.client.protocols + S8049814: Additional SASL client-server tests + S8050281: New permission tests for JEP 140 + S8050370: Need new regressions tests for messageDigest with DigestIOStream + S8050371: More MessageDigest tests + S8050374: More Signature tests + S8050427: LoginContext tests to cover JDK-4703361 + S8050460: JAAS login/logout tests with LoginContext + S8050461: Tests for syntax checking of JAAS configuration file + S8054278: Refactor jps utility tests + S8055530: assert(_exits.control()->is_top() || !_gvn.type(ret_phi)->empty()) failed: return value must be well defined + S8055844: [TESTBUG] test/runtime/NMT/VirtualAllocCommitUncommitRecommit.java fails on Solaris Sparc due to incorrect page size being used + S8059677: Thread.getName() instantiates Strings + S8061464: A typo in CipherTestUtils test + S8062536: [TESTBUG] Conflicting GC combinations in jdk tests + S8065076: java/net/SocketPermission/SocketPermissionTest.java fails intermittently + S8065078: NetworkInterface.getNetworkInterfaces() triggers intermittent test failures + S8066871: java.lang.VerifyError: Bad local variable type - local final String + S8068427: Hashtable deserialization reconstitutes table with wrong capacity + S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java needs to be updated for JDK-8061210 + S8069253: javax/net/ssl/TLS/TestJSSE.java failed on Mac + S8071125: Improve exception messages in URLPermission + S8072081: Supplementary characters are rejected in comments + S8072463: Remove requirement that AKID and SKID have to match when building certificate chain + S8072725: Provide more granular levels for GC verification + S8073400: Some Monospaced logical fonts have a different width + S8073872: Schemagen fails with StackOverflowError if element references containing class + S8074931: Additional tests for CertPath API + S8075286: Additional tests for signature algorithm OIDs and transformation string + S8076486: [TESTBUG] javax/security/auth/Subject/doAs/NestedActions.java fails if extra VM options are given + S8076545: Text size is twice bigger under Windows L&F on Win 8.1 with HiDPI display + S8076995: gc/ergonomics/TestDynamicNumberOfGCThreads.java failed with java.lang.RuntimeException: 'new_active_workers' missing from stdout/stderr + S8079138: Additional negative tests for XML signature processing + S8081512: Remove sun.invoke.anon classes, or move / co-locate them with tests + S8081771: ProcessTool.createJavaProcessBuilder() needs new addTestVmAndJavaOptions argument + S8129419: heapDumper.cpp: assert(length_in_bytes > 0) failed: nothing to copy + S8130150: Implement BigInteger.montgomeryMultiply intrinsic + S8130242: DataFlavorComparator transitivity exception + S8130304: Inference: NodeNotFoundException thrown with deep generic method call chain + S8130425: libjvm crash due to stack overflow in executables with 32k tbss/tdata + S8133023: ParallelGCThreads is not calculated correctly + S8134111: Unmarshaller unmarshalls XML element which doesn't have the expected namespace + S8135259: InetAddress.getAllByName only reports "unknown error" instead of actual cause + S8136506: Include sun.arch.data.model as a property that can be queried by jtreg + S8137068: Tests added in JDK-8048604 fail to compile + S8139040: Fix initializations before ShouldNotReachHere() etc. and enable -Wuninitialized on linux. + S8139581: AWT components are not drawn after removal and addition to a container + S8141243: Unexpected timezone returned after parsing a date + S8141420: Compiler runtime entries don't hold Klass* from being GCed + S8141445: Use of Solaris/SPARC M7 libadimalloc.so can generate unknown signal in hs_err file + S8141551: C2 can not handle returns with inccompatible interface arrays + S8143377: Test PKCS8Test.java fails + S8143647: Javac compiles method reference that allows results in an IllegalAccessError + S8144144: ORB destroy() leaks filedescriptors after unsuccessful connection + S8144593: Suppress not recognized property/feature warning messages from SAXParser + S8144957: Remove PICL warning message + S8145039: JAXB marshaller fails with ClassCastException on classes generated by xjc + S8145228: Java Access Bridge, getAccessibleStatesStringFromContext doesn't wrap the call to getAccessibleRole + S8145388: URLConnection.guessContentTypeFromStream returns image/jpg for some JPEG images + S8145974: XMLStreamWriter produces invalid XML for surrogate pairs on OutputStreamWriter + S8146035: Windows - With LCD antialiasing, some glyphs are not rendered correctly + S8146192: Add test for JDK-8049321 + S8146274: Thread spinning on WeakHashMap.getEntry() with concurrent use of nashorn + S8147468: Allow users to bound the size of buffers cached in the per-thread buffer caches + S8147645: get_ctrl_no_update() code is wrong + S8147807: crash in libkcms.so on linux-sparc + S8148379: jdk.nashorn.api.scripting spec. adjustments, clarifications + S8148627: RestrictTestMaxCachedBufferSize.java to 64-bit platforms + S8148820: Missing @since Javadoc tag in Logger.log(Level, Supplier) + S8148926: Call site profiling fails on braces-wrapped anonymous function + S8149017: Delayed provider selection broken in RSA client key exchange + S8149029: Secure validation of XML based digital signature always enabled when checking wrapping attacks + S8149330: Capacity of StringBuilder should not get close to Integer.MAX_VALUE unless necessary + S8149334: JSON.parse(JSON.stringify([])).push(10) creates an array containing two elements + S8149368: [hidpi] JLabel font is twice bigger than JTextArea font on Windows 7,HiDPI, Windows L&F + S8149411: PKCS12KeyStore cannot extract AES Secret Keys + S8149417: Use final restricted flag + S8149450: LdapCtx.processReturnCode() throwing Null Pointer Exception + S8149453: [hidpi] JFileChooser does not scale properly on Windows with HiDPI display and Windows L&F + S8149543: range check CastII nodes should not be split through Phi + S8149743: JVM crash after debugger hotswap with lambdas + S8149744: fix testng.jar delivery in Nashorn build.xml + S8149915: enabling validate-annotations feature for xsd schema with annotation causes NPE + S8150002: Check for the validity of oop before printing it in verify_remembered_set + S8150470: JCK: api/xsl/conf/copy/copy19 test failure + S8150518: G1 GC crashes at G1CollectedHeap::do_collection_pause_at_safepoint(double) + S8150533: Test java/util/logging/LogManagerAppContextDeadlock.java times out intermittently. + S8150704: XALAN: ERROR: 'No more DTM IDs are available' when transforming with lots of temporary result trees + S8150780: Repeated offer and remove on ConcurrentLinkedQueue lead to an OutOfMemoryError + S8151064: com/sun/jdi/RedefineAddPrivateMethod.sh fails intermittently + S8151197: [TEST_BUG] Need to backport fix for test/javax/net/ssl/TLS/TestJSSE.java + S8151352: jdk/test/sample fails with "effective library path is outside the test suite" + S8151431: DateFormatSymbols triggers this.clone() in the constructor + S8151535: TESTBUG: java/lang/invoke/AccessControlTest.java should be modified to run with JTREG 4.1 b13 + S8151731: Add new jtreg keywords to jdk 8 + S8151998: VS2010 ThemeReader.cpp(758) : error C3861: 'round': identifier not found + S8152927: Incorrect GPL header in StubFactoryDynamicBase.java reported + S8153252: SA: Hotspot build on Windows fails if make/closed folder does not exist + S8153531: Improve exception messaging for RSAClientKeyExchange + S8153641: assert(thread_state == _thread_in_native) failed: Assumed thread_in_native while heap dump + S8153673: [BACKOUT] JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command + S8154304: NullpointerException at LdapReferralException.getReferralContext + S8154722: Test gc/ergonomics/TestDynamicNumberOfGCThreads.java fails + S8157078: 8u102 L10n resource file updates + S8157838: Personalized Windows Font Size is not taken into account in Java8u102 * Import of OpenJDK 8 u111 build 14 + S6882559: new JEditorPane("text/plain","") fails for null context class loader + S8049171: Additional tests for jarsigner's warnings + S8063086: Math.pow yields different results upon repeated calls + S8140530: Creating a VolatileImage with size 0,0 results in no longer working g2d.drawString + S8142926: OutputAnalyzer's shouldXXX() calls return this + S8147077: IllegalArgumentException thrown by api/java_awt/Component/FlipBufferStrategy/indexTGF_General + S8148127: IllegalArgumentException thrown by JCK test api/java_awt/Component/FlipBufferStrategy/indexTGF_General in opengl pipeline + S8150611: Security problem on sun.misc.resources.Messages* + S8153399: Constrain AppCDS behavior (back port) + S8157653: [Parfait] Uninitialised variable in awt_Font.cpp + S8158734: JEditorPane.createEditorKitForContentType throws NPE after 6882559 + S8158994: Service Menu services + S8159684: (tz) Support tzdata2016f + S8160904: Typo in code from 8079718 fix : enableCustomValueHanlde + S8160934: isnan() is not available on older MSVC compilers + S8161141: correct bugId for JDK-8158994 fix push + S8162411: Service Menu services 2 + S8162419: closed/com/oracle/jfr/runtime/TestVMInfoEvent.sh failing after JDK-8155968 + S8162511: 8u111 L10n resource file updates + S8162792: Remove constraint DSA keySize < 1024 from jdk.jar.disabledAlgorithms in jdk8 + S8164452: 8u111 L10n resource file update - msgdrop 20 + S8165816: jarsigner -verify shows jar unsigned if it was signed with a weak algorithm + S8166381: Back out changes to the java.security file to not disable MD5 * Backports + S8078628, PR3208: Zero build fails with pre-compiled headers disabled + S8141491, PR3159, G592292: Unaligned memory access in Bits.c + S8157306, PR3121: Random infrequent null pointer exceptions in javac (enabled on AArch64 only) + S8162384, PR3122: Performance regression: bimorphic inlining may be bypassed by type speculation * Bug fixes + PR3123: Some object files built without -fPIC on x86 only + PR3126: pax-mark-vm script calls "exit -1" which is invalid in dash + PR3127, G590348: Only apply PaX markings by default on running PaX kernels + PR3199: Invalid nashorn URL + PR3201: Update infinality configure test + PR3218: PR3159 leads to build failure on clean tree * AArch64 port + S8131779, PR3220: AARCH64: add Montgomery multiply intrinsic + S8167200, PR3220: AArch64: Broken stack pointer adjustment in interpreter + S8167421, PR3220: AArch64: in one core system, fatal error: Illegal threadstate encountered + S8167595, PR3220: AArch64: SEGV in stub code cipherBlockChaining_decryptAESCrypt + S8168888, PR3220: Port 8160591: Improve internal array handling to AArch64. * Shenandoah + PR3224: Shenandoah broken when building without pre-compiled headers - Build against system kerberos - Build against system pcsc and sctp - S8158260, PR2991, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (bsc#988651) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1005522 SUSE bug 1005523 SUSE bug 1005524 SUSE bug 1005525 SUSE bug 1005526 SUSE bug 1005527 SUSE bug 1005528 SUSE bug 988651 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 openSUSE Leap 42.2 This update for sudo fixes the following issues: - fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality: * noexec bypass via system() and popen() [CVE-2016-7032, bsc#1007766] * noexec bypass via wordexp() [CVE-2016-7076, bsc#1007501] Sudo was updated to the package from SUSE:SLE-12-SP2:Update, incorporating the following new feature: - allow dynamic groups with sudo [fate#318850] The following bug fixes are included: - parse /proc/stat for boottime correctly [boo#899252] - enable SASL authentication [boo#979531] Moderate SUSE bug 1007501 SUSE bug 1007766 SUSE bug 899252 SUSE bug 979531 CVE-2014-9680 CVE-2016-7032 CVE-2016-7076 openSUSE Leap 42.2 This update for vim fixes the following security issues: - Fixed CVE-2016-1248 an arbitrary command execution vulnerability (bsc#1010685) This update for vim fixes the following issues: - Fix build with Python 3.5. (bsc#988903) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1010685 SUSE bug 988903 CVE-2016-1248 openSUSE Leap 42.2 MozillaFirefox is updated to version 50.0.2 which fixes the following issues: * Firefox crashed with 3rd party Chinese IME when using IME text (fixed in version 50.0.1) * Redirection from an HTTP connection to a data: URL could inherit wrong origin after an HTTP redirect (fixed in version 50.0.1, bmo#1317641, MFSA 2016-91, boo#1012807, CVE-2016-9078) * Maliciously crafted SVG animations could cause remote code execution (fixed in version 50.0.2, bmo#1321066, MFSA 2016-92, boo##1012964, CVE-2016-9079) Important SUSE bug 1012807 SUSE bug 1012964 CVE-2016-9078 CVE-2016-9079 openSUSE Leap 42.2 This update contains Mozilla Thunderbird 45.5.1 and fixes one vulnerability. In Mozilla Thunderbird, this vulnerability may be exploited when used in a browser-like context. - CVE-2016-9079: SVG Animation Remote Code Execution (MFSA 2016-92, bsc#1012964, bmo#1321066) Important SUSE bug 1012964 CVE-2016-9079 openSUSE Leap 42.2 This update for containerd, docker, runc fixes the following issues: Security issues fixed: - CVE-2016-8867: Fix ambient capability usage in containers (bsc#1007249). Bugfixes: - boo#1006368: Fixed broken docker/containerd installation when installed by SuSE Studio in an appliance. - boo#1004490: Update docker to 1.12.2 - boo#977394: Fix go version to 1.5. - boo#999582: Change the internal mountpoint name to not use ":" as that character can be considered a special character by other tools. - Update docker to 1.12.3 * https://github.com/docker/docker/releases/tag/v1.12.3 This update changes the runc versioning scheme to prevent version downgrades (boo#1009961). Moderate SUSE bug 1004490 SUSE bug 1006368 SUSE bug 1007249 SUSE bug 1009961 SUSE bug 977394 SUSE bug 999582 CVE-2016-8867 openSUSE Leap 42.2 This update for tar fixes the following issues: - Fix the POINTYFEATHER vulnerability - GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line [bsc#1007188] [CVE-2016-6321] - Fix Amanda integration issue (bsc#913058) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1007188 SUSE bug 913058 CVE-2016-6321 openSUSE Leap 42.2 This update for nodejs4 fixes the following issues: Security issues fixed: - CVE-2016-5180: c-ares: Fix for single-byte buffer overwrite (bsc#1007728). Bug fixes: - bsc#1009011: npm4 should provide versioned nodejs-npm and npm allowing nodejs-packaging to continue to function properly in Leap 42.2 This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1007728 SUSE bug 1009011 CVE-2016-5180 openSUSE Leap 42.2 This update for libarchive fixes several issues. These security issues were fixed: - CVE-2016-8687: Buffer overflow when printing a filename (bsc#1005070). - CVE-2016-8689: Heap overflow when reading corrupted 7Zip files (bsc#1005072). - CVE-2016-8688: Use after free because of incorrect calculation in next_line (bsc#1005076). - CVE-2016-5844: Integer overflow in the ISO parser in libarchive allowed remote attackers to cause a denial of service (application crash) via a crafted ISO file (bsc#986566). - CVE-2016-6250: Integer overflow in the ISO9660 writer in libarchive allowed remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow (bsc#989980). - CVE-2016-5418: The sandboxing code in libarchive mishandled hardlink archive entries of non-zero data size, which might allowed remote attackers to write to arbitrary files via a crafted archive file (bsc#998677). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1005070 SUSE bug 1005072 SUSE bug 1005076 SUSE bug 986566 SUSE bug 989980 SUSE bug 998677 CVE-2015-2304 CVE-2016-5418 CVE-2016-5844 CVE-2016-6250 CVE-2016-8687 CVE-2016-8688 CVE-2016-8689 openSUSE Leap 42.2 This update to phpMyAdmin 4.4.15.9 fixes security issues and bugs. The following security issues were fixed: - Unsafe generation of $cfg['blowfish_secret'] (PMASA-2016-58) - phpMyAdmin's phpinfo functionality is removed (PMASA-2016-59) - AllowRoot and allow/deny rule bypass with specially-crafted username (PMASA-2016-60) - Username matching weaknesses with allow/deny rules (PMASA-2016-61) - Possible to bypass logout timeout (PMASA-2016-62) - Full path disclosure (FPD) weaknesses (PMASA-2016-63) - Multiple XSS weaknesses (PMASA-2016-64) - Multiple denial-of-service (DOS) vulnerabilities (PMASA-2016-65) - Possible to bypass white-list protection for URL redirection (PMASA-2016-66) - BBCode injection to login page (PMASA-2016-67) - Denial-of-service (DOS) vulnerability in table partitioning (PMASA-2016-68) - Multiple SQL injection vulnerabilities (PMASA-2016-69 ) - Incorrect serialized string parsing (PMASA-2016-70) - CSRF token not stripped from the URL (PMASA-2016-71) The following bugfix changes are included: - Fix for expanding in navigation pane - Reintroduced a simplified version of PmaAbsoluteUri directive (needed with reverse proxies) - Fix editing of ENUM/SET/DECIMAL field structures - Improvements to the parser Moderate SUSE bug 1012271 openSUSE Leap 42.2 This update for tcpreplay to version 4.1.2 fixes the following issues: - CVE-2016-6160: Increase max packet size to 65549 to prevent segmentation faults (boo#987846) Low SUSE bug 987846 CVE-2016-6160 openSUSE Leap 42.2 This mariadb update to version 10.0.28 fixes the following issues (bsc#1008318): Security fixes: - CVE-2016-8283: Unspecified vulnerability in subcomponent Types (bsc#1005582) - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption (bsc#1005581) - CVE-2016-5629: Unspecified vulnerability in subcomponent Federated (bsc#1005569) - CVE-2016-5626: Unspecified vulnerability in subcomponent GIS (bsc#1005566) - CVE-2016-5624: Unspecified vulnerability in subcomponent DML (bsc#1005564) - CVE-2016-5616: Unspecified vulnerability in subcomponent MyISAM (bsc#1005562) - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption (bsc#1005558) - CVE-2016-3492: Unspecified vulnerability in subcomponent Optimizer (bsc#1005555) - CVE-2016-6663: Privilege Escalation / Race Condition (bsc#1001367) Bugfixes: - mariadb failing test sys_vars.optimizer_switch_basic (bsc#1003800) - Remove useless mysql@default.service (bsc#1004477) - Replace all occurrences of the string "@sysconfdir@" with "/etc" as it wasn't expanded properly (bsc#990890) - Notable changes: * XtraDB updated to 5.6.33-79.0 * TokuDB updated to 5.6.33-79.0 * Innodb updated to 5.6.33 * Performance Schema updated to 5.6.33 - Release notes and upstream changelog: * https://kb.askmonty.org/en/mariadb-10028-release-notes * https://kb.askmonty.org/en/mariadb-10028-changelog This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1001367 SUSE bug 1003800 SUSE bug 1004477 SUSE bug 1005555 SUSE bug 1005558 SUSE bug 1005562 SUSE bug 1005564 SUSE bug 1005566 SUSE bug 1005569 SUSE bug 1005581 SUSE bug 1005582 SUSE bug 1008318 SUSE bug 990890 CVE-2016-3492 CVE-2016-5584 CVE-2016-5616 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-6663 CVE-2016-7440 CVE-2016-8283 openSUSE Leap 42.2 roundcubemail was updated to version 1.1.7 and fixes the following issues: - Update to 1.1.7 * A maliciously crafted FROM value could cause extra parameters to be passed to the sendmail command (boo#1012493) * A maliciously crafted email could cause untrusted code to be executed (cross site scripting using $lt;area href=javascript:...>) (boo#982003, CVE-2016-5103) * Avoid HTML styles that could cause potential click jacking (boo#1001856) - Update to 1.1.5 * Fixed security issue in DBMail driver of password plugin (CVE-2015-2181, boo#976988) Important SUSE bug 1001856 SUSE bug 1012493 SUSE bug 976988 SUSE bug 982003 CVE-2015-2181 CVE-2016-5103 openSUSE Leap 42.2 This update for X Window System client libraries fixes a class of privilege escalation issues. A malicious X server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission level boundaries. The following libraries have been fixed: libX11: - plugged a memory leak (boo#1002991, CVE-2016-7942). - insufficient validation of data from the X server can cause out of boundary memory read (XGetImage()) or write (XListFonts()) (boo#1002991, CVE-2016-7942). libXi: - Integer overflows in libXi can cause out of boundary memory access or endless loops (Denial of Service) (boo#1002998, CVE-2016-7945). - Insufficient validation of data in libXi can cause out of boundary memory access or endless loops (Denial of Service) (boo#1002998, CVE-2016-7946). libXrandr: - Insufficient validation of data from the X server can cause out of boundary memory writes (boo#1003000, CVE-2016-7947, CVE-2016-7948). Moderate SUSE bug 1002991 SUSE bug 1002998 SUSE bug 1003000 CVE-2016-7942 CVE-2016-7945 CVE-2016-7946 CVE-2016-7947 CVE-2016-7948 openSUSE Leap 42.2 The openSUSE Leap 42.2 kernel was updated to 4.4.36 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478). - CVE-2016-7917: The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel did not check whether a batch message's length field is large enough, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability (bnc#1010444). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012754). - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bnc#1001486). - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug (bnc#1007197). - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel misuses the kzalloc function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file (bnc#1007197). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-9794: A use-after-free in alsa pcm could lead to crashes or allowed local users to potentially gain privileges (bsc#1013533). The following non-security bugs were fixed: - acpi / pad: do not register acpi_pad driver if running as Xen dom0 (bnc#995278). - Add power key support for PMIcs which are already included in the configs (boo#1012477). Arm64 already has these so no need to patch it. - alsa: hda - Bind with i915 only when Intel graphics is present (bsc#1012767). - alsa: hda - Clear the leftover component assignment at snd_hdac_i915_exit() (bsc#1012767). - alsa: hda - Degrade i915 binding failure message (bsc#1012767). - alsa: hda - Fix yet another i915 pointer leftover in error path (bsc#1012767). - alsa: hda - Gate the mic jack on HP Z1 Gen3 AiO (bsc#1004365). - arm64/efi: Enable runtime call flag checking (bsc#1005745). - arm64/efi: Move to generic {__,}efi_call_virt() (bsc#1005745). - arm64: Refuse to install 4k kernel on 64k system - arm64: Update config files. Disable CONFIG_IPMI_SI_PROBE_DEFAULTS (bsc#1006576) - arm: bcm2835: add CPU node for ARM core (boo#1012094). - arm: bcm2835: Split the DT for peripherals from the DT for the CPU (boo#1012094). - asoc: cht_bsw_rt5645: Enable jack detection (bsc#1010690). - asoc: cht_bsw_rt5645: Fix writing to string literal (bsc#1010690). - asoc: cht_bsw_rt5672: Use HID translation unit (bsc#1010690). - asoc: intel: add function stub when ACPI is not enabled (bsc#1010690). - asoc: Intel: add fw name to common dsp context (bsc#1010690). - asoc: Intel: Add missing 10EC5672 ACPI ID matching for Cherry Trail (bsc#1010690). - asoc: Intel: Add module tags for common match module (bsc#1010690). - asoc: Intel: add NULL test (bsc#1010690). - asoc: Intel: Add quirks for MinnowBoard MAX (bsc#1010690). - asoc: Intel: Add surface3 entry in CHT-RT5645 machine (bsc#1010690). - asoc: Intel: Atom: add 24-bit support for media playback and capture (bsc#1010690). - asoc: Intel: Atom: add deep buffer definitions for atom platforms (bsc#1010690). - asoc: Intel: Atom: add definitions for modem/SSP0 interface (bsc#1010690). - asoc: Intel: Atom: Add quirk for Surface 3 (bsc#1010690). - asoc: Intel: Atom: add support for CHT w/ RT5640 (bsc#1010690). - asoc: Intel: Atom: Add support for HP ElitePad 1000 G2 (bsc#1010690). - asoc: Intel: Atom: add support for RT5642 (bsc#1010690). - asoc: Intel: Atom: add terminate entry for dmi_system_id tables (bsc#1010690). - asoc: Intel: Atom: auto-detection of Baytrail-CR (bsc#1010690). - asoc: Intel: Atom: clean-up compressed DAI definition (bsc#1010690). - asoc: Intel: atom: enable configuration of SSP0 (bsc#1010690). - asoc: Intel: atom: fix 0-day warnings (bsc#1010690). - asoc: Intel: Atom: fix boot warning (bsc#1010690). - asoc: Intel: Atom: Fix message handling during drop stream (bsc#1010690). - asoc: Intel: atom: fix missing breaks that would cause the wrong operation to execute (bsc#1010690). - asoc: Intel: Atom: fix regression on compress DAI (bsc#1010690). - asoc: Intel: Atom: flip logic for gain Switch (bsc#1010690). - asoc: Intel: atom: Make some messages to debug level (bsc#1010690). - asoc: Intel: Atom: move atom driver to common acpi match (bsc#1010690). - asoc: Intel: atom: statify cht_quirk (bsc#1010690). - asoc: Intel: boards: add DEEP_BUFFER support for BYT/CHT/BSW (bsc#1010690). - asoc: Intel: boards: align pin names between byt-rt5640 drivers (bsc#1010690). - asoc: Intel: boards: merge DMI-based quirks in bytcr-rt5640 driver (bsc#1010690). - asoc: Intel: boards: start merging byt-rt5640 drivers (bsc#1010690). - asoc: Intel: bytcr_rt56040: additional routing quirks (bsc#1010690). - asoc: Intel: bytcr-rt5640: add Asus T100TAF quirks (bsc#1010690). - asoc: Intel: bytcr_rt5640: add IN3 map (bsc#1010690). - asoc: Intel: bytcr_rt5640: add MCLK support (bsc#1010690). - asoc: Intel: bytcr_rt5640: Add quirk for Teclast X98 Air 3G tablet (bsc#1010690). - asoc: Intel: bytcr_rt5640: add SSP2_AIF2 routing (bsc#1010690). - asoc: Intel: bytcr_rt5640: change quirk position (bsc#1010690). - asoc: Intel: bytcr_rt5640: default routing and quirks on Baytrail-CR (bsc#1010690). - asoc: Intel: bytcr-rt5640: enable ASRC (bsc#1010690). - asoc: Intel: bytcr_rt5640: enable differential mic quirk (bsc#1010690). - asoc: Intel: bytcr_rt5640: fix dai/clock setup for SSP0 routing (bsc#1010690). - asoc: Intel: bytcr_rt5640: fixup DAI codec_name with HID (bsc#1010690). - asoc: Intel: bytcr_rt5640: log quirks (bsc#1010690). - asoc: Intel: bytcr_rt5640: quirk for Acer Aspire SWS-012 (bsc#1010690). - asoc: Intel: bytcr_rt5640: quirk for mono speaker (bsc#1010690). - asoc: Intel: bytcr_rt5640: set SSP to I2S mode 2ch (bsc#1010690). - asoc: Intel: bytcr_rt5640: use HID translation util (bsc#1010690). - asoc: Intel: cht: fix uninit variable warning (bsc#1010690). - asoc: Intel: common: add translation from HID to codec-name (bsc#1010690). - asoc: Intel: common: filter ACPI devices with _STA return value (bsc#1010690). - asoc: Intel: common: increase the loglevel of "FW Poll Status" (bsc#1010690). - asoc: Intel: Create independent acpi match module (bsc#1010690). - asoc: intel: Fix sst-dsp dependency on dw stuff (bsc#1010690). - asoc: Intel: Keep building old baytrail machine drivers (bsc#1010690). - asoc: Intel: Load the atom DPCM driver only (bsc#1010690). - asoc: intel: make function stub static (bsc#1010690). - asoc: Intel: Move apci find machine routines (bsc#1010690). - asoc: intel: Replace kthread with work (bsc#1010690). - asoc: Intel: Skylake: Always acquire runtime pm ref on unload (bsc#1005917). - asoc: Intel: sst: fix sst_memcpy32 wrong with non-4x bytes issue (bsc#1010690). - asoc: rt5640: add ASRC support (bsc#1010690). - asoc: rt5640: add internal clock source support (bsc#1010690). - asoc: rt5640: add master clock handling for rt5640 (bsc#1010690). - asoc: rt5640: add supplys for dac power (bsc#1010690). - asoc: rt5640: remove unused variable (bsc#1010690). - asoc: rt5640: Set PLL src according to source (bsc#1010690). - asoc: rt5645: add DAC1 soft volume func control (bsc#1010690). - asoc: rt5645: Add dmi_system_id "Google Setzer" (bsc#1010690). - asoc: rt5645: extend delay time for headphone pop noise (bsc#1010690). - asoc: rt5645: fix reg-2f default value (bsc#1010690). - asoc: rt5645: improve headphone pop when system resumes from S3 (bsc#1010690). - asoc: rt5645: improve IRQ reaction time for HS button (bsc#1010690). - asoc: rt5645: merge DMI tables of google projects (bsc#1010690). - asoc: rt5645: patch reg-0x8a (bsc#1010690). - asoc: rt5645: polling jd status in all conditions (bsc#1010690). - asoc: rt5645: Separate regmap for rt5645 and rt5650 (bsc#1010690). - asoc: rt5645: set RT5645_PRIV_INDEX as volatile (bsc#1010690). - asoc: rt5645: use polling to support HS button (bsc#1010690). - asoc: rt5645: Use the mod_delayed_work instead of the queue_delayed_work and cancel_delayed_work_sync (bsc#1010690). - asoc: rt5670: Add missing 10EC5072 ACPI ID (bsc#1010690). - asoc: rt5670: Enable Braswell platform workaround for Dell Wyse 3040 (bsc#1010690). - asoc: rt5670: fix HP Playback Volume control (bsc#1010690). - asoc: rt5670: patch reg-0x8a (bsc#1010690). - blacklist.conf: Remove intel_pstate potential patch that SLE 12 SP2 The code layout upstream that motivated this patch is completely different to what is in SLE 12 SP2 as schedutil was not backported. - bna: Add synchronization for tx ring (bsc#993739). - btrfs: allocate root item at snapshot ioctl time (bsc#1012452). - btrfs: better packing of btrfs_delayed_extent_op (bsc#1012452). - btrfs: Check metadata redundancy on balance (bsc#1012452). - btrfs: clean up an error code in btrfs_init_space_info() (bsc#1012452). - btrfs: cleanup, stop casting for extent_map->lookup everywhere (bsc#1012452). - btrfs: cleanup, use enum values for btrfs_path reada (bsc#1012452). - btrfs: deal with duplicates during extent_map insertion in btrfs_get_extent (bsc#1001171). - btrfs: deal with existing encompassing extent map in btrfs_get_extent() (bsc#1001171). - btrfs: do an allocation earlier during snapshot creation (bsc#1012452). - btrfs: do not create or leak aliased root while cleaning up orphans (bsc#994881). - btrfs: do not leave dangling dentry if symlink creation failed (bsc#1012452). - btrfs: do not use slab cache for struct btrfs_delalloc_work (bsc#1012452). - btrfs: drop duplicate prefix from scrub workqueues (bsc#1012452). - btrfs: drop unused parameter from lock_extent_bits (bsc#1012452). - btrfs: Enhance chunk validation check (bsc#1012452). - btrfs: Enhance super validation check (bsc#1012452). - btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space (bsc#1005666). - btrfs: Expoert and move leaf/subtree qgroup helpers to qgroup.c (bsc983087, bsc986255). - btrfs: fix incremental send failure caused by balance (bsc#985850). - btrfs: fix locking bugs when defragging leaves (bsc#1012452). - btrfs: fix memory leaks after transaction is aborted (bsc#1012452). - btrfs: fix output of compression message in btrfs_parse_options() (bsc#1012452). - btrfs: fix race between free space endio workers and space cache writeout (bsc#1012452). - btrfs: fix races on root_log_ctx lists (bsc#1007653). - btrfs: fix race when finishing dev replace leading to transaction abort (bsc#1012452). - btrfs: fix relocation incorrectly dropping data references (bsc#990384). - btrfs: fix typo in log message when starting a balance (bsc#1012452). - btrfs: fix unprotected list operations at btrfs_write_dirty_block_groups (bsc#1012452). - btrfs: handle quota reserve failure properly (bsc#1005666). - btrfs: make btrfs_close_one_device static (bsc#1012452). - btrfs: make clear_extent_bit helpers static inline (bsc#1012452). - btrfs: make clear_extent_buffer_uptodate return void (bsc#1012452). - btrfs: make end_extent_writepage return void (bsc#1012452). - btrfs: make extent_clear_unlock_delalloc return void (bsc#1012452). - btrfs: make extent_range_clear_dirty_for_io return void (bsc#1012452). - btrfs: make extent_range_redirty_for_io return void (bsc#1012452). - btrfs: make lock_extent static inline (bsc#1012452). - btrfs: make set_extent_bit helpers static inline (bsc#1012452). - btrfs: make set_extent_buffer_uptodate return void (bsc#1012452). - btrfs: make set_range_writeback return void (bsc#1012452). - btrfs: preallocate path for snapshot creation at ioctl time (bsc#1012452). - btrfs: put delayed item hook into inode (bsc#1012452). - btrfs: qgroup: Add comments explaining how btrfs qgroup works (bsc983087, bsc986255). - btrfs: qgroup: Fix qgroup data leaking by using subtree tracing (bsc983087, bsc986255). - btrfs: qgroup: Rename functions to make it follow reserve, trace, account steps (bsc983087, bsc986255). - btrfs: remove a trivial helper btrfs_set_buffer_uptodate (bsc#1012452). - btrfs: remove root_log_ctx from ctx list before btrfs_sync_log returns (bsc#1007653). - btrfs: remove unused inode argument from uncompress_inline() (bsc#1012452). - btrfs: remove wait from struct btrfs_delalloc_work (bsc#1012452). - btrfs: send, do not bug on inconsistent snapshots (bsc#985850). - btrfs: sink parameter wait to btrfs_alloc_delalloc_work (bsc#1012452). - btrfs: Support convert to -d dup for btrfs-convert (bsc#1012452). - btrfs: Update patches.suse/btrfs-8401-fix-qgroup-accounting-when-creating-snap.patch (bsc#972993). - btrfs: use GFP_KERNEL for allocations in ioctl handlers (bsc#1012452). - btrfs: use GFP_KERNEL for allocations of workqueues (bsc#1012452). - btrfs: use GFP_KERNEL for xattr and acl allocations (bsc#1012452). - btrfs: use smaller type for btrfs_path locks (bsc#1012452). - btrfs: use smaller type for btrfs_path lowest_level (bsc#1012452). - btrfs: use smaller type for btrfs_path reada (bsc#1012452). - btrfs: verbose error when we find an unexpected item in sys_array (bsc#1012452). - config: i2c: Enable CONFIG_I2C_DESIGNWARE_PLATFORM and *_BAYTRAIL (bsc#1010690) Realtek codecs on CHT platform require this i2c bus driver. - config: select new CONFIG_SND_SOC_INTEL_SST_* helpers - config: Update config files. (boo#1012094) - config: Update config files (bsc#1009454) Do not set CONFIG_EFI_SECURE_BOOT_SECURELEVEL in x86_64/default and x86_64/debug. We do not need to set CONFIG_EFI_SECURE_BOOT_SECURELEVEL in openSUSE kernel because openSUSE does not enable kernel module signature check (bsc#843661). Without kernel module signature check, the root account is allowed to load arbitrary kernel module to kernel space. Then lock functions by securelevel is pointless. - cxgbi: fix uninitialized flowi6 (bsc#963904 FATE#320115). - Delete patches.fixes/Add-a-missed-complete-in-iscsit_close_connection.patch. remove patch Add-a-missed-complete-in-iscsit_close_connection.patch add bsc#997807 bsc#992555 in patch-4.4.27-28 references - dell-laptop: Fixate rfkill work on CPU#0 (bsc#1004052). - dell-wmi: Check if Dell WMI descriptor structure is valid (bsc#1004052). - dell-wmi: Clean up hotkey table size check (bsc#1004052). - dell-wmi: Ignore WMI event code 0xe045 (bsc#1004052). - dell-wmi: Improve unknown hotkey handling (bsc#1004052). - dell-wmi: Process only one event on devices with interface version 0 (bsc#1004052). - dell-wmi: Stop storing pointers to DMI tables (bsc#1004052). - dell-wmi: Support new hotkeys on the XPS 13 9350 (Skylake) (bsc#1004052). - dell_wmi: Use a C99-style array for bios_to_linux_keycode (bsc#1004052). - drm/i915: Add missing ring_mask to Pineview (bsc#1005917). - drm/i915: Calculate watermark related members in the crtc_state, v4 (bsc#1011176). - drm/i915/ivb: Move WaCxSRDisabledForSpriteScaling w/a to atomic check (bsc#1011176). - drm/i915: Move disable_cxsr to the crtc_state (bsc#1011176). - drm/mgag200: fix error return code in mgag200fb_create() (bsc#1005917). - drm/radeon: Also call cursor_move_locked when the cursor size changes (bsc#1000433). - drm/radeon: Always store CRTC relative radeon_crtc->cursor_x/y values (bsc#1000433). - drm/radeon: Ensure vblank interrupt is enabled on DPMS transition to on (bsc#998054) - drm/radeon: Hide the HW cursor while it's out of bounds (bsc#1000433). - drm/radeon: Switch to drm_vblank_on/off (bsc#998054). - Drop kernel-obs-qa-xen unconditionally (bsc#1010040) The IBS cannot build it, even if there is a xen-capable kernel-obs-build. - edac/mce_amd: Add missing SMCA error descriptions (fate#320474, bsc#1013700). - edac/mce_amd: Use SMCA prefix for error descriptions arrays (fate#320474, bsc#1013700). - efi/runtime-wrappers: Add {__,}efi_call_virt() templates (bsc#1005745). - efi/runtime-wrappers: Detect firmware IRQ flag corruption (bsc#1005745). - efi/runtime-wrappers: Remove redundant #ifdefs (bsc#1005745). - ext4: fix data exposure after a crash (bsc#1012829). - fs, block: force direct-I/O for dax-enabled block devices (bsc#1012992). - fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655, bsc#979681). - fs/cifs: Compare prepaths when comparing superblocks (bsc#799133). - fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133). - fs/cifs: Move check for prefix path to within cifs_get_root() (bsc#799133). - fuse: Fixup buggy conflict resolution in patches.fixes/fuse-Propagate-dentry-down-to-inode_change_ok.patch. - genirq: Add untracked irq handler (bsc#1006827). - genirq: Use a common macro to go through the actions list (bsc#1006827). - gre: Disable segmentation offloads w/ CSUM and we are encapsulated via FOU (bsc#1001486). - gro: Allow tunnel stacking in the case of FOU/GUE (bsc#1001486). - hpsa: fallback to use legacy REPORT PHYS command (bsc#1006175). - hpsa: use bus '3' for legacy HBA devices (bsc#1010665). - hpsa: use correct DID_NO_CONNECT hostbyte (bsc#1010665). - hv: do not lose pending heartbeat vmbus packets (bnc#1006918). - i2c: designware-baytrail: Work around Cherry Trail semaphore errors (bsc#1011913). - i2c: xgene: Avoid dma_buffer overrun (bsc#1006576). - i40e: fix an uninitialized variable bug (bsc#969476 FATE#319648). - i40e: fix broken i40e_config_rss_aq function (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40e: Remove redundant memset (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i810: Enable Intel i810 audio driver used in OpenQA VMs. - Import kabi files for x86_64/default from 4.4.27-2.1 - iommu/arm-smmu: Add support for 16 bit VMID (fate#319978). - iommu/arm-smmu: Workaround for ThunderX erratum #27704 (fate#319978). - ipmi_si: create hardware-independent softdep for ipmi_devintf (bsc#1009062). - kABI: protect struct mmc_packed (kabi). - kABI: protect struct mmc_packed (kabi). - kABI: reintroduce sk_filter (kabi). - kABI: reintroduce strtobool (kabi). - kABI: reintroduce strtobool (kabi). - kABI: restore ip_cmsg_recv_offset parameters (kabi). - kabi/severities: Ignore kABI for asoc Intel SST drivers (bsc#1010690) These drivers are self-contained, not for 3rd party drivers. - kernel-module-subpackage: Properly quote flavor in expressions That fixes a parse error if the flavor starts with a digit or contains other non-alphabetic characters. - kgr: ignore zombie tasks during the patching (bnc#1008979). - md/raid1: fix: IO can block resync indefinitely (bsc#1001310). - mm: do not use radix tree writeback tags for pages in swap cache (bnc#971975 VM performance -- swap). - mm/filemap: generic_file_read_iter(): check for zero reads unconditionally (bnc#1007955). - mm/mprotect.c: do not touch single threaded PTEs which are on the right node (bnc#971975 VM performance -- numa balancing). - net/mlx5: Add ConnectX-5 PCIe 4.0 to list of supported devices (bsc#1006809). - net: sctp, forbid negative length (bnc#1005921). - netvsc: fix incorrect receive checksum offloading (bnc#1006915). - overlayfs: allow writing on read-only btrfs subvolumes (bsc#1010158) - pci/ACPI: Allow all PCIe services on non-ACPI host bridges (bsc#1006827). - pci: Allow additional bus numbers for hotplug bridges (bsc#1006827). - pci: correctly cast mem_base in pci_read_bridge_mmio_pref() (bsc#1001888). - pci: pciehp: Allow exclusive userspace control of indicators (bsc#1006827). - pci: Remove return values from pcie_port_platform_notify() and relatives (bsc#1006827). - perf/x86: Add perf support for AMD family-17h processors (fate#320473). - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (bsc#1003813). - proc: much faster /proc/vmstat (bnc#971975 VM performance -- vmstat). - qede: Correctly map aggregation replacement pages (bsc#966318 FATE#320158 bsc#966316 FATE#320159). - qed: FLR of active VFs might lead to FW assert (bsc#966318 FATE#320158 bsc#966316 FATE#320159). - Reformat spec files according to the format_spec_file osc helper - Replace patches.kabi/kabi-hide-new-member-recursion_counter-in-struct-sk_.patch by patches.kabi/kabi-hide-bsc-1001486-changes-in-struct-napi_gro_cb.patch - Revert "ACPI / LPSS: allow to use specific PM domain during ->probe()" (bsc#1005917). - Revert "fix minor infoleak in get_user_ex()" (p.k.o). - REVERT fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - Revert "x86/mm: Expand the exception table logic to allow new handling options" (p.k.o). - rpm/config.sh: Build against SP2 in the OBS as well - rpm/constraints.in: increase disk for kernel-syzkaller The kernel-syzkaller build now consumes around 30G. This causes headache in factory where the package rebuilds over and over. Require 35G disk size to successfully build the flavor. - rpm/kernel-binary.spec.in: Build the -base package unconditionally (bsc#1000118) - rpm/kernel-binary.spec.in: Do not create KMPs with CONFIG_MODULES=n - rpm/kernel-binary.spec.in: Only build -base and -extra with CONFIG_MODULES (bsc#1000118) - rpm/kernel-binary.spec.in: Simplify debug info switch Any CONFIG_DEBUG_INFO sub-options are answered in the configs nowadays. - rpm/kernel-spec-macros: Ignore too high rebuild counter (bsc#1012060) - rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059) - rpm/package-descriptions: Add 64kb kernel flavor description - rpm/package-descriptions: add kernel-syzkaller - rpm/package-descriptions: pv has been merged into -default (fate#315712) - rpm/package-descriptions: the flavor is 64kb, not 64k - sched/core: Optimize __schedule() (bnc#978907 Scheduler performance -- context switch). - sched/fair: Optimize find_idlest_cpu() when there is no choice (bnc#978907 Scheduler performance -- idle search). - supported.conf: Add overlay.ko to -base (fate#321903) Also, delete the stale entry for the old overlayfs. - supported.conf: Mark vmx-crypto as supported (fate#319564) - tg3: Avoid NULL pointer dereference in tg3_io_error_detected() (bsc#963609 FATE#320143). - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615). - Whitelist KVM KABI changes resulting from adding a hcall. caused by 5246adec59458b5d325b8e1462ea9ef3ead7f6ae powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec No problem is expected as result of changing KVM KABI so whitelisting for now. If we get some additional input from IBM we can back out the patch. - writeback: initialize inode members that track writeback history (bsc#1012829). - x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq() (bsc#1013479). - x86/efi: Enable runtime call flag checking (bsc#1005745). - x86/efi: Move to generic {__,}efi_call_virt() (bsc#1005745). - x86/mce/AMD, EDAC/mce_amd: Define and use tables for known SMCA IP types (fate#320474, bsc#1013700). Exclude removed symbols from kABI check. They're AMD Zen relevant only and completely useless to other modules - only edac_mce_amd.ko. - x86/mce/AMD: Increase size of the bank_map type (fate#320474, bsc#1013700). - x86/mce/AMD: Read MSRs on the CPU allocating the threshold blocks (fate#320474, bsc#1013700). - x86/mce/AMD: Update sysfs bank names for SMCA systems (fate#320474, bsc#1013700). - x86/mce/AMD: Use msr_ops.misc() in allocate_threshold_blocks() (fate#320474, bsc#1013700). - x86/PCI: VMD: Attach VMD resources to parent domain's resource tree (bsc#1006827). - x86/PCI: VMD: Document code for maintainability (bsc#1006827). - x86/PCI: VMD: Fix infinite loop executing irq's (bsc#1006827). - x86/PCI: VMD: Initialize list item in IRQ disable (bsc#1006827). - x86/PCI: VMD: Request userspace control of PCIe hotplug indicators (bsc#1006827). - x86/PCI: VMD: Select device dma ops to override (bsc#1006827). - x86/PCI: VMD: Separate MSI and MSI-X vector sharing (bsc#1006827). - x86/PCI: VMD: Set bus resource start to 0 (bsc#1006827). - x86/PCI: VMD: Use lock save/restore in interrupt enable path (bsc#1006827). - x86/PCI/VMD: Use untracked irq handler (bsc#1006827). - x86/PCI: VMD: Use x86_vector_domain as parent domain (bsc#1006827). - xen/gntdev: Use VM_MIXEDMAP instead of VM_IO to avoid NUMA balancing (bnc#1005169). - zram: Fix unbalanced idr management at hot removal (bsc#1010970). Important SUSE bug 1000118 SUSE bug 1000433 SUSE bug 1001171 SUSE bug 1001310 SUSE bug 1001486 SUSE bug 1001888 SUSE bug 1003813 SUSE bug 1004052 SUSE bug 1004365 SUSE bug 1004517 SUSE bug 1005169 SUSE bug 1005666 SUSE bug 1005745 SUSE bug 1005917 SUSE bug 1005921 SUSE bug 1005925 SUSE bug 1005929 SUSE bug 1006175 SUSE bug 1006576 SUSE bug 1006809 SUSE bug 1006827 SUSE bug 1006915 SUSE bug 1006918 SUSE bug 1007197 SUSE bug 1007615 SUSE bug 1007653 SUSE bug 1007955 SUSE bug 1008831 SUSE bug 1008979 SUSE bug 1009062 SUSE bug 1009454 SUSE bug 1010040 SUSE bug 1010158 SUSE bug 1010444 SUSE bug 1010478 SUSE bug 1010507 SUSE bug 1010665 SUSE bug 1010690 SUSE bug 1010970 SUSE bug 1011176 SUSE bug 1011685 SUSE bug 1011913 SUSE bug 1012060 SUSE bug 1012094 SUSE bug 1012452 SUSE bug 1012477 SUSE bug 1012754 SUSE bug 1012767 SUSE bug 1012829 SUSE bug 1012992 SUSE bug 1013479 SUSE bug 1013533 SUSE bug 1013700 SUSE bug 799133 SUSE bug 843661 SUSE bug 914939 SUSE bug 954986 SUSE bug 963609 SUSE bug 963655 SUSE bug 963904 SUSE bug 964462 SUSE bug 966186 SUSE bug 966191 SUSE bug 966316 SUSE bug 966318 SUSE bug 966325 SUSE bug 969476 SUSE bug 969477 SUSE bug 971975 SUSE bug 972993 SUSE bug 974313 SUSE bug 978907 SUSE bug 979681 SUSE bug 983087 SUSE bug 983318 SUSE bug 985850 SUSE bug 986255 SUSE bug 987805 SUSE bug 990384 SUSE bug 991414 SUSE bug 992555 SUSE bug 993739 SUSE bug 994881 SUSE bug 995278 SUSE bug 997059 SUSE bug 997807 SUSE bug 998054 CVE-2015-1350 CVE-2015-8964 CVE-2016-7042 CVE-2016-7913 CVE-2016-7917 CVE-2016-8632 CVE-2016-8655 CVE-2016-8666 CVE-2016-9083 CVE-2016-9084 CVE-2016-9555 CVE-2016-9794 openSUSE Leap 42.2 This update for GraphicsMagick fixes the following issues: - a possible shell execution attack was fixed. if the first character of an input filename for 'convert' was a '|' then the remainder of the filename was passed to the shell (CVE-2016-5118, boo#982178) - Maliciously crafted pnm files could crash GraphicsMagick (CVE-2014-9805, [boo#983752]) - Prevent overflow in rle files (CVE-2014-9846, boo#983521) - Fix a double free in pdb coder (CVE-2014-9807, boo#983794) - Fix a possible crash due to corrupted xwd images (CVE-2014-9809, boo#983799) - Fix a possible crash due to corrupted wpg images (CVE-2014-9815, boo#984372) - Fix a heap buffer overflow in pdb file handling (CVE-2014-9817, boo#984400) - Fix a heap overflow in xpm files (CVE-2014-9820, boo#984150) - Fix a heap overflow in pict files (CVE-2014-9834, boo#984436) - Fix a heap overflow in wpf files (CVE-2014-9835, CVE-2014-9831, boo#984145, boo#984375) - Additional PNM sanity checks (CVE-2014-9837, boo#984166) - Fix a possible crash due to corrupted dib file (CVE-2014-9845, boo#984394) - Fix out of bound in quantum handling (CVE-2016-7529, boo#1000399) - Fix out of bound access in xcf file coder (CVE-2016-7528, boo#1000434) - Fix handling of corrupted lle files (CVE-2016-7515, boo#1000689) - Fix out of bound access for malformed psd file (CVE-2016-7522, boo#1000698) - Fix out of bound access for pbd files (CVE-2016-7531, boo#1000704) - Fix out of bound access in corrupted wpg files (CVE-2016-7533, boo#1000707) - Fix out of bound access in corrupted pdb files (CVE-2016-7537, boo#1000711) - BMP Coder Out-Of-Bounds Write Vulnerability (CVE-2016-6823, boo#1001066) - SGI Coder Out-Of-Bounds Read Vulnerability (CVE-2016-7101, boo#1001221) - Divide by zero in WriteTIFFImage (do not divide by zero in WriteTIFFImage, boo#1002206) - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (fix buffer overflow, boo#1002209) - 8BIM/8BIMW unsigned underflow leads to heap overflow (CVE-2016-7800, boo#1002422) - wpg reader issues (CVE-2016-7996, CVE-2016-7997, boo#1003629) - Mismatch between real filesize and header values (CVE-2016-8684, boo#1005123) - Stack-buffer read overflow while reading SCT header (CVE-2016-8682, boo#1005125) - Check that filesize is reasonable compared to the header value (CVE-2016-8683, boo#1005127) - Memory allocation failure in AcquireMagickMemory (CVE-2016-8862, boo#1007245) - heap-based buffer overflow in IsPixelGray (CVE-2016-9556, boo#1011130) Important SUSE bug 1000399 SUSE bug 1000434 SUSE bug 1000689 SUSE bug 1000698 SUSE bug 1000704 SUSE bug 1000707 SUSE bug 1000711 SUSE bug 1001066 SUSE bug 1001221 SUSE bug 1002206 SUSE bug 1002209 SUSE bug 1002422 SUSE bug 1003629 SUSE bug 1005123 SUSE bug 1005125 SUSE bug 1005127 SUSE bug 1007245 SUSE bug 1011130 SUSE bug 982178 SUSE bug 983521 SUSE bug 983752 SUSE bug 983794 SUSE bug 983799 SUSE bug 984145 SUSE bug 984150 SUSE bug 984166 SUSE bug 984372 SUSE bug 984375 SUSE bug 984394 SUSE bug 984400 SUSE bug 984436 CVE-2014-9805 CVE-2014-9807 CVE-2014-9809 CVE-2014-9815 CVE-2014-9817 CVE-2014-9820 CVE-2014-9831 CVE-2014-9834 CVE-2014-9835 CVE-2014-9837 CVE-2014-9845 CVE-2014-9846 CVE-2014-9853 CVE-2016-5118 CVE-2016-6823 CVE-2016-7101 CVE-2016-7515 CVE-2016-7522 CVE-2016-7528 CVE-2016-7529 CVE-2016-7531 CVE-2016-7533 CVE-2016-7537 CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 CVE-2016-8862 CVE-2016-9556 openSUSE Leap 42.2 This update for subversion fixes the following issues: - Version update to 1.9.5: * Unrestricted XML entity expansion in mod_dontdothat and Subversion clients using http(s):// (boo#1011552, CVE-2016-8734) - Client-side bugfixes: * fix accessing non-existent paths during reintegrate merge (r1766699 et al) * fix handling of newly secured subdirectories in working copy (r1724448) * info: remove trailing whitespace in --show-item=revision (issue #4660) * fix recording wrong revisions for tree conflicts (r1734106) * gpg-agent: improve discovery of gpg-agent sockets (r1766327) * gpg-agent: fix file descriptor leak (r1766323) * resolve: fix --accept=mine-full for binary files (issue #4647) * merge: fix possible crash (issue #4652) * resolve: fix possible crash (r1748514) * fix potential crash in Win32 crash reporter (r1663253 et al) - Server-side bugfixes: * fsfs: fix "offset too large" error during pack (issue #4657) * svnserve: enable hook script environments (r1769152) * fsfs: fix possible data reconstruction error (issue #4658) * fix source of spurious 'incoming edit' tree conflicts (r1770108) * fsfs: improve caching for large directories (r1721285) * fsfs: fix crash when encountering all-zero checksums (r1759686) * fsfs: fix potential source of repository corruptions (r1756266) * mod_dav_svn: fix excessive memory usage with mod_headers/mod_deflate (issue #3084) * mod_dav_svn: reduce memory usage during GET requests (r1757529 et al) * fsfs: fix unexpected "database is locked" errors (r1741096 et al) * fsfs: fix opening old repositories without db/format files (r1720015) - Client-side and server-side bugfixes: * fix possible crash when reading invalid configuration files (r1715777) - Bindings bugfixes: * swig-pl: do not corrupt "{DATE}" revision variable (r1767768) * javahl: fix temporary accepting SSL server certificates (r1764851) * swig-pl: fix possible stack corruption (r1683266, r1683267) Low SUSE bug 1011552 CVE-2016-8734 openSUSE Leap 42.2 The openSUSE 14.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604). The following non-security bugs were fixed: - 8250_pci: Fix potential use-after-free in error path (bsc#1013001). - block_dev: do not test bdev->bd_contains when it is not stable (bsc#1008557). - drm/i915/vlv: Disable HPD in valleyview_crt_detect_hotplug() (bsc#1014120). - drm/i915/vlv: Make intel_crt_reset() per-encoder (bsc#1014120). - drm/i915/vlv: Reset the ADPA in vlv_display_power_well_init() (bsc#1014120). - drm/i915: Enable polling when we do not have hpd (bsc#1014120). - i2c: designware-baytrail: Add support for cherrytrail (bsc#1011913). - i2c: designware-baytrail: Pass dw_i2c_dev into helper functions (bsc#1011913). - i2c: designware: Prevent runtime suspend during adapter registration (bsc#1011913). - i2c: designware: Use transfer timeout from ioctl I2C_TIMEOUT (bsc#1011913). - i2c: designware: retry transfer on transient failure (bsc#1011913). - powerpc/xmon: Add xmon command to dump process/task similar to ps(1) (fate#322020). - sched/fair: Fix incorrect task group ->load_avg (bsc#981825). - serial: 8250_pci: Detach low-level driver during PCI error recovery (bsc#1013001). - target: fix tcm_rbd_gen_it_nexus for emulated XCOPY state (bsc#1003606). - x86/PCI: VMD: Synchronize with RCU freeing MSI IRQ descs (bsc#1006827). Important SUSE bug 1003606 SUSE bug 1006827 SUSE bug 1008557 SUSE bug 1011913 SUSE bug 1013001 SUSE bug 1013604 SUSE bug 1014120 SUSE bug 981825 CVE-2016-9576 openSUSE Leap 42.2 This update for php7 fixes the following security issues: - CVE-2016-5385: Setting HTTP_PROXY environment variable via Proxy header (httpoxy) (bsc#988486). - CVE-2016-9137: Fixing a Use After Free in unserialize() (bsc#1008029). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1008029 SUSE bug 988486 CVE-2016-5385 CVE-2016-9137 openSUSE Leap 42.2 This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.8 - OpenJDK 7u121 * Security fixes + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (bsc#1005522) + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (bsc#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (bsc#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (bsc#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (bsc#1005527) + S8160838, CVE-2016-5597: Better HTTP service (bsc#1005528) + PR3207, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (bsc#1005524) * Import of OpenJDK 7 u121 build 0 + S6624200: Regression test fails: test/closed/javax/swing/JMenuItem/4654927/bug4654927.java + S6882559: new JEditorPane("text/plain","") fails for null context class loader + S7090158: Networking Libraries don't build with javac -Werror + S7125055: ContentHandler.getContent API changed in error + S7145960: sun/security/mscapi/ShortRSAKey1024.sh failing on windows + S7187051: ShortRSAKeynnn.sh tests should do cleanup before start test + S8000626: Implement dead key detection for KeyEvent on Linux + S8003890: corelibs test scripts should pass TESTVMOPTS + S8005629: javac warnings compiling java.awt.EventDispatchThread and sun.awt.X11.XIconWindow + S8010297: Missing isLoggable() checks in logging code + S8010782: clean up source files containing carriage return characters + S8014431: cleanup warnings indicated by the -Wunused-value compiler option on linux + S8015265: revise the fix for 8007037 + S8016747: Replace deprecated PlatformLogger isLoggable(int) with isLoggable(Level) + S8020708: NLS mnemonics missing in SwingSet2/JInternalFrame demo + S8024756: method grouping tabs are not selectable + S8026741: jdk8 l10n resource file translation update 5 + S8048147: Privilege tests with JAAS Subject.doAs + S8048357: PKCS basic tests + S8049171: Additional tests for jarsigner's warnings + S8059177: jdk8u40 l10n resource file translation update 1 + S8075584: test for 8067364 depends on hardwired text advance + S8076486: [TESTBUG] javax/security/auth/Subject/doAs/NestedActions.java fails if extra VM options are given + S8077953: [TEST_BUG] com/sun/management/OperatingSystemMXBean/TestTotalSwap.java Compilation failed after JDK-8077387 + S8080628: No mnemonics on Open and Save buttons in JFileChooser + S8083601: jdk8u60 l10n resource file translation update 2 + S8140530: Creating a VolatileImage with size 0,0 results in no longer working g2d.drawString + S8142926: OutputAnalyzer's shouldXXX() calls return this + S8143134: L10n resource file translation update + S8147077: IllegalArgumentException thrown by api/java_awt/Component/FlipBufferStrategy/indexTGF_General + S8148127: IllegalArgumentException thrown by JCK test api/java_awt/Component/FlipBufferStrategy/indexTGF_General in opengl pipeline + S8150611: Security problem on sun.misc.resources.Messages* + S8157653: [Parfait] Uninitialised variable in awt_Font.cpp + S8158734: JEditorPane.createEditorKitForContentType throws NPE after 6882559 + S8159684: (tz) Support tzdata2016f + S8160934: isnan() is not available on older MSVC compilers + S8162411: Service Menu services 2 + S8162419: closed/com/oracle/jfr/runtime/TestVMInfoEvent.sh failing after JDK-8155968 + S8162511: 8u111 L10n resource file updates + S8162792: Remove constraint DSA keySize < 1024 from jdk.jar.disabledAlgorithms in jdk8 + S8164452: 8u111 L10n resource file update - msgdrop 20 + S8165816: jarsigner -verify shows jar unsigned if it was signed with a weak algorithm + S8166381: Back out changes to the java.security file to not disable MD5 * Backports + S6604109, PR3162: javax.print.PrintServiceLookup.lookupPrintServices fails SOMETIMES for Cups + S6907252, PR3162: ZipFileInputStream Not Thread-Safe + S8024046, PR3162: Test sun/security/krb5/runNameEquals.sh failed on 7u45 Embedded linux-ppc* + S8028479, PR3162: runNameEquals still cannot precisely detect if a usable native krb5 is available + S8034057, PR3162: Files.getFileStore and Files.isWritable do not work with SUBST'ed drives (win) + S8038491, PR3162: Improve synchronization in ZipFile.read() + S8038502, PR3162: Deflater.needsInput() should use synchronization + S8059411, PR3162: RowSetWarning does not correctly chain warnings + S8062198, PR3162: Add RowSetMetaDataImpl Tests and add column range validation to isdefinitlyWritable + S8066188, PR3162: BaseRowSet returns the wrong default value for escape processing + S8072466, PR3162: Deadlock when initializing MulticastSocket and DatagramSocket + S8075118, PR3162: JVM stuck in infinite loop during verification + S8076579, PR3162: Popping a stack frame after exception breakpoint sets last method param to exception + S8078495, PR3162: End time checking for native TGT is wrong + S8078668, PR3162: jar usage string mentions unsupported option '-n' + S8080115, PR3162: (fs) Crash in libgio when calling Files.probeContentType(path) from parallel threads + S8081794, PR3162: ParsePosition getErrorIndex returns 0 for TimeZone parsing problem + S8129957, PR3162: Deadlock in JNDI LDAP implementation when closing the LDAP context + S8130136, PR3162: Swing window sometimes fails to repaint partially when it becomes exposed + S8130274, PR3162: java/nio/file/FileStore/Basic.java fails when two successive stores in an iteration are determined to be equal + S8132551, PR3162: Initialize local variables before returning them in p11_convert.c + S8133207, PR3162: [TEST_BUG] ParallelProbes.java test fails after changes for JDK-8080115 + S8133666, PR3162: OperatingSystemMXBean reports abnormally high machine CPU consumption on Linux + S8135002, PR3162: Fix or remove broken links in objectMonitor.cpp comments + S8137121, PR3162: (fc) Infinite loop FileChannel.truncate + S8137230, PR3162: TEST_BUG: java/nio/channels/FileChannel/LoopingTruncate.java timed out + S8139373, PR3162: [TEST_BUG] java/net/MulticastSocket/MultiDead.java failed with timeout + S8140249, PR3162: JVM Crashing During startUp If Flight Recording is enabled + S8141491, PR3160, G592292: Unaligned memory access in Bits.c + S8144483, PR3162: One long Safepoint pause directly after each GC log rotation + S8149611, PR3160, G592292: Add tests for Unsafe.copySwapMemory * Bug fixes + S8078628, PR3151: Zero build fails with pre-compiled headers disabled + PR3128: pax-mark-vm script calls "exit -1" which is invalid in dash + PR3131: PaX marking fails on filesystems which don't support extended attributes + PR3135: Makefile.am rule stamps/add/tzdata-support-debug.stamp has a typo in add-tzdata dependency + PR3141: Pass $(CC) and $(CXX) to OpenJDK build + PR3166: invalid zip timestamp handling leads to error building bootstrap-javac + PR3202: Update infinality configure test + PR3212: Disable ARM32 JIT by default * CACAO + PR3136: CACAO is broken due to 2 new native methods in sun.misc.Unsafe (from S8158260) * JamVM + PR3134: JamVM is broken due to 2 new native methods in sun.misc.Unsafe (from S8158260) * AArch64 port + S8167200, PR3204: AArch64: Broken stack pointer adjustment in interpreter + S8168888: Port 8160591: Improve internal array handling to AArch64. + PR3211: AArch64 build fails with pre-compiled headers disabled - Changed patch: * java-1_7_0-openjdk-gcc6.patch + Rediff to changed context - Disable arm32 JIT, since its build broken (http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2942) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1005522 SUSE bug 1005523 SUSE bug 1005524 SUSE bug 1005525 SUSE bug 1005526 SUSE bug 1005527 SUSE bug 1005528 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 openSUSE Leap 42.2 This update for ImageMagick fixes the following issues: - Memory allocation failure in AcquireMagickMemory (CVE-2016-8862) [bsc#1007245] - update incomplete patch of CVE-2016-6823 [bsc#1001066] This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1001066 SUSE bug 1007245 CVE-2016-6823 CVE-2016-8862 openSUSE Leap 42.2 This update for util-linux fixes the following issues: - Consider redundant slashes when comparing paths (bsc#982331, util-linux-libmount-ignore-redundant-slashes.patch, affects backport of util-linux-libmount-cifs-is_mounted.patch). - Use upstream compatibility patches for --show-pt-geometry with obsolescence and deprecation warning (bsc#990531) - Replace cifs mount detection patch with upstream one that covers all cases (bsc#987176). - Reuse existing loop device to prevent possible data corruption when multiple -o loop are used to mount a single file (bsc#947494) - Safe loop re-use in libmount, mount and losetup (bsc#947494) - UPSTREAM DIVERGENCE!!! losetup -L continues to use SLE12 SP1 and SP2 specific meaning --logical-blocksize instead of upstream --nooverlap (bsc#966891). - Make release-dependent conflict with old sysvinit-tools SLE specific, as it is required only for SLE 11 upgrade, and breaks openSUSE staging builds (bsc#994399). - Extended partition loop in MBR partition table leads to DoS (bsc#988361, CVE-2016-5011) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 947494 SUSE bug 966891 SUSE bug 982331 SUSE bug 987176 SUSE bug 988361 SUSE bug 990531 SUSE bug 994399 CVE-2016-5011 openSUSE Leap 42.2 This update for pcre to version 8.39 (bsc#972127) fixes several issues. If you use pcre extensively please be aware that this is an update to a new version. Please make sure that your software works with the updated version. This version fixes a number of vulnerabilities that affect pcre and applications using the libary when accepting untrusted input as regular expressions or as part thereof. Remote attackers could have caused the application to crash, disclose information or potentially execute arbitrary code. These security issues were fixed: - CVE-2014-8964: Heap-based buffer overflow in PCRE allowed remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats (bsc#906574). - CVE-2015-2325: Heap buffer overflow in compile_branch() (bsc#924960). - CVE-2015-3210: Heap buffer overflow in pcre_compile2() / compile_regex() (bsc#933288) - CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() (bsc#933878). - CVE-2015-5073: Library Heap Overflow Vulnerability in find_fixedlength() (bsc#936227). - bsc#942865: heap overflow in compile_regex() - CVE-2015-8380: The pcre_exec function in pcre_exec.c mishandled a // pattern with a \01 string, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror (bsc#957566). - CVE-2015-2327: PCRE mishandled certain patterns with internal recursive back references, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror (bsc#957567). - bsc#957598: Various security issues - CVE-2015-8381: Heap Overflow in compile_regex() (bsc#957598). - CVE-2015-8382: Regular Expression Uninitialized Pointer Information Disclosure Vulnerability (ZDI-CAN-2547)(bsc#957598). - CVE-2015-8383: Buffer overflow caused by repeated conditional group(bsc#957598). - CVE-2015-8384: Buffer overflow caused by recursive back reference by name within certain group(bsc#957598). - CVE-2015-8385: Buffer overflow caused by forward reference by name to certain group(bsc#957598). - CVE-2015-8386: Buffer overflow caused by lookbehind assertion(bsc#957598). - CVE-2015-8387: Integer overflow in subroutine calls(bsc#957598). - CVE-2015-8388: Buffer overflow caused by certain patterns with an unmatched closing parenthesis(bsc#957598). - CVE-2015-8389: Infinite recursion in JIT compiler when processing certain patterns(bsc#957598). - CVE-2015-8390: Reading from uninitialized memory when processing certain patterns(bsc#957598). - CVE-2015-8391: Some pathological patterns causes pcre_compile() to run for a very long time(bsc#957598). - CVE-2015-8392: Buffer overflow caused by certain patterns with duplicated named groups(bsc#957598). - CVE-2015-8393: Information leak when running pcgrep -q on crafted binary(bsc#957598). - CVE-2015-8394: Integer overflow caused by missing check for certain conditions(bsc#957598). - CVE-2015-8395: Buffer overflow caused by certain references(bsc#957598). - CVE-2015-2328: PCRE mishandled the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression (bsc#957600). - CVE-2016-1283: The pcre_compile2 function in pcre_compile.c in PCRE mishandled certain patterns with named subgroups, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression (bsc#960837). - CVE-2016-3191: The compile_branch function in pcre_compile.c in pcre2_compile.c mishandled patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allowed remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression (bsc#971741). These non-security issues were fixed: - JIT compiler improvements - performance improvements - The Unicode data tables have been updated to Unicode 7.0.0. This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 906574 SUSE bug 924960 SUSE bug 933288 SUSE bug 933878 SUSE bug 936227 SUSE bug 942865 SUSE bug 957566 SUSE bug 957567 SUSE bug 957598 SUSE bug 957600 SUSE bug 960837 SUSE bug 971741 SUSE bug 972127 CVE-2014-8964 CVE-2015-2325 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 CVE-2015-8380 CVE-2015-8381 CVE-2015-8382 CVE-2015-8383 CVE-2015-8384 CVE-2015-8385 CVE-2015-8386 CVE-2015-8387 CVE-2015-8388 CVE-2015-8389 CVE-2015-8390 CVE-2015-8391 CVE-2015-8392 CVE-2015-8393 CVE-2015-8394 CVE-2015-8395 CVE-2016-1283 CVE-2016-3191 openSUSE Leap 42.2 This update for php5 fixes the following issues: - CVE-2016-9137: Use After Free in unserialize() (bsc#1008029) - CVE-2016-5773: ZipArchive class Use After Free Vulnerability in PHP's GC (bsc#986247) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1008029 SUSE bug 986247 CVE-2016-5773 CVE-2016-9137 openSUSE Leap 42.2 libgit2 was updated to fix two security issues. These security issues were fixed: - CVE-2016-8568: Read out-of-bounds in git_oid_nfmt (bsc#1003810). - CVE-2016-8569: DoS caused by a NULL pointer dereference in git_commit_message (bsc#1003810). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1003810 CVE-2016-8568 CVE-2016-8569 openSUSE Leap 42.2 This update to Chromium 55.0.2883.75 fixes the following vulnerabilities: - CVE-2016-9651: Private property access in V8 - CVE-2016-5208: Universal XSS in Blink - CVE-2016-5207: Universal XSS in Blink - CVE-2016-5206: Same-origin bypass in PDFium - CVE-2016-5205: Universal XSS in Blink - CVE-2016-5204: Universal XSS in Blink - CVE-2016-5209: Out of bounds write in Blink - CVE-2016-5203: Use after free in PDFium - CVE-2016-5210: Out of bounds write in PDFium - CVE-2016-5212: Local file disclosure in DevTools - CVE-2016-5211: Use after free in PDFium - CVE-2016-5213: Use after free in V8 - CVE-2016-5214: File download protection bypass - CVE-2016-5216: Use after free in PDFium - CVE-2016-5215: Use after free in Webaudio - CVE-2016-5217: Use of unvalidated data in PDFium - CVE-2016-5218: Address spoofing in Omnibox - CVE-2016-5219: Use after free in V8 - CVE-2016-5221: Integer overflow in ANGLE - CVE-2016-5220: Local file access in PDFium - CVE-2016-5222: Address spoofing in Omnibox - CVE-2016-9650: CSP Referrer disclosure - CVE-2016-5223: Integer overflow in PDFium - CVE-2016-5226: Limited XSS in Blink - CVE-2016-5225: CSP bypass in Blink - CVE-2016-5224: Same-origin bypass in SVG - CVE-2016-9652: Various fixes from internal audits, fuzzing and other initiatives The default bookmarks override was removed. The following packaging changes are included: - Switch to system libraries: harfbuzz, zlib, ffmpeg, where available. - Chromium now requires harfbuzz >= 1.3.0 Important SUSE bug 1013236 CVE-2016-5203 CVE-2016-5204 CVE-2016-5205 CVE-2016-5206 CVE-2016-5207 CVE-2016-5208 CVE-2016-5209 CVE-2016-5210 CVE-2016-5211 CVE-2016-5212 CVE-2016-5213 CVE-2016-5214 CVE-2016-5215 CVE-2016-5216 CVE-2016-5217 CVE-2016-5218 CVE-2016-5219 CVE-2016-5220 CVE-2016-5221 CVE-2016-5222 CVE-2016-5223 CVE-2016-5224 CVE-2016-5225 CVE-2016-5226 CVE-2016-9650 CVE-2016-9651 CVE-2016-9652 openSUSE Leap 42.2 This update for tomcat fixes the following issues: Feature changes: The embedded Apache Commons DBCP component was updated to version 2.0. (bsc#1010893 fate#321029) Security fixes: - CVE-2016-0762: Realm Timing Attack (bsc#1007854) - CVE-2016-5018: Security Manager Bypass (bsc#1007855) - CVE-2016-6794: System Property Disclosure (bsc#1007857) - CVE-2016-6796: Security Manager Bypass (bsc#1007858) - CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853) - CVE-2016-8735: Remote code execution vulnerability in JmxRemoteLifecycleListener (bsc#1011805) - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests (bsc#1011812) Bug fixes: - Enabled optional setenv.sh script. See section '(3.4) Using the "setenv" script' in http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt. (bsc#1002639) This update supplies the new packages apache-commons-pool2 and apache-commons-dbcp in version 2 to allow tomcat to use the DBCP 2.0 interface. This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1002639 SUSE bug 1007853 SUSE bug 1007854 SUSE bug 1007855 SUSE bug 1007857 SUSE bug 1007858 SUSE bug 1010893 SUSE bug 1011805 SUSE bug 1011812 CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 openSUSE Leap 42.2 This update for w3m fixes the following security issues (bsc#1011293): - CVE-2016-9622: w3m: null deref (bsc#1012021) - CVE-2016-9623: w3m: null deref (bsc#1012022) - CVE-2016-9624: w3m: near-null deref (bsc#1012023) - CVE-2016-9625: w3m: stack overflow (bsc#1012024) - CVE-2016-9626: w3m: stack overflow (bsc#1012025) - CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026) - CVE-2016-9628: w3m: null deref (bsc#1012027) - CVE-2016-9629: w3m: null deref (bsc#1012028) - CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029) - CVE-2016-9631: w3m: null deref (bsc#1012030) - CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031) - CVE-2016-9633: w3m: OOM (bsc#1012032) - CVE-2016-9434: w3m: null deref (bsc#1011283) - CVE-2016-9435: w3m: use uninit value (bsc#1011284) - CVE-2016-9436: w3m: use uninit value (bsc#1011285) - CVE-2016-9437: w3m: write to rodata (bsc#1011286) - CVE-2016-9438: w3m: null deref (bsc#1011287) - CVE-2016-9439: w3m: stack overflow (bsc#1011288) - CVE-2016-9440: w3m: near-null deref (bsc#1011289) - CVE-2016-9441: w3m: near-null deref (bsc#1011290) - CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291) - CVE-2016-9443: w3m: null deref (bsc#1011292) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1011283 SUSE bug 1011284 SUSE bug 1011285 SUSE bug 1011286 SUSE bug 1011287 SUSE bug 1011288 SUSE bug 1011289 SUSE bug 1011290 SUSE bug 1011291 SUSE bug 1011292 SUSE bug 1011293 SUSE bug 1012021 SUSE bug 1012022 SUSE bug 1012023 SUSE bug 1012024 SUSE bug 1012025 SUSE bug 1012026 SUSE bug 1012027 SUSE bug 1012028 SUSE bug 1012029 SUSE bug 1012030 SUSE bug 1012031 SUSE bug 1012032 CVE-2016-9434 CVE-2016-9435 CVE-2016-9436 CVE-2016-9437 CVE-2016-9438 CVE-2016-9439 CVE-2016-9440 CVE-2016-9441 CVE-2016-9442 CVE-2016-9443 CVE-2016-9621 CVE-2016-9622 CVE-2016-9623 CVE-2016-9624 CVE-2016-9625 CVE-2016-9626 CVE-2016-9627 CVE-2016-9628 CVE-2016-9629 CVE-2016-9630 CVE-2016-9631 CVE-2016-9632 CVE-2016-9633 openSUSE Leap 42.2 xen was updated to version 4.7.1 to fix 17 security issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host (bsc#1011652). - CVE-2016-9386: x86 null segments were not always treated as unusable allowing an unprivileged guest user program to elevate its privilege to that of the guest operating system. Exploit of this vulnerability is easy on Intel and more complicated on AMD (bsc#1009100). - CVE-2016-9382: x86 task switch to VM86 mode was mis-handled, allowing a unprivileged guest process to escalate its privilege to that of the guest operating system on AMD hardware. On Intel hardware a malicious unprivileged guest process can crash the guest (bsc#1009103). - CVE-2016-9385: x86 segment base write emulation lacked canonical address checks, allowing a malicious guest administrator to crash the host (bsc#1009104). - CVE-2016-9384: Guest 32-bit ELF symbol table load leaking host data to unprivileged guest users (bsc#1009105). - CVE-2016-9383: The x86 64-bit bit test instruction emulation was broken, allowing a guest to modify arbitrary memory leading to arbitray code execution (bsc#1009107). - CVE-2016-9377: x86 software interrupt injection was mis-handled, allowing an unprivileged guest user to crash the guest (bsc#1009108). - CVE-2016-9378: x86 software interrupt injection was mis-handled, allowing an unprivileged guest user to crash the guest (bsc#1009108) - CVE-2016-9381: Improper processing of shared rings allowing guest administrators take over the qemu process, elevating their privilege to that of the qemu process (bsc#1009109). - CVE-2016-9379: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111). - CVE-2016-9380: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111). - CVE-2016-7777: Xen did not properly honor CR0.TS and CR0.EM, which allowed local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it (bsc#1000106). - CVE-2016-8910: The rtl8139_cplus_transmit function in hw/net/rtl8139.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count (bsc#1007157). - CVE-2016-8667: The rc4030_write function in hw/dma/rc4030.c in allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value (bsc#1005004). - CVE-2016-8669: The serial_update_parameters function in hw/char/serial.c allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base (bsc#1005005). - CVE-2016-7908: The mcf_fec_do_tx function in hw/net/mcf_fec.c did not properly limit the buffer descriptor count when transmitting packets, which allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags (bsc#1003030). - CVE-2016-7909: The pcnet_rdra_addr function in hw/net/pcnet.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0 (bsc#1003032). These non-security issues were fixed: - bsc#1004981: Xen RPM didn't contain debug hypervisor for EFI systems - bsc#1007941: Xen tools limited the number of vcpus to 256 This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1000106 SUSE bug 1003030 SUSE bug 1003032 SUSE bug 1004981 SUSE bug 1005004 SUSE bug 1005005 SUSE bug 1007157 SUSE bug 1007941 SUSE bug 1009100 SUSE bug 1009103 SUSE bug 1009104 SUSE bug 1009105 SUSE bug 1009107 SUSE bug 1009108 SUSE bug 1009109 SUSE bug 1009111 SUSE bug 1011652 CVE-2016-7777 CVE-2016-7908 CVE-2016-7909 CVE-2016-8667 CVE-2016-8669 CVE-2016-8910 CVE-2016-9377 CVE-2016-9378 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9384 CVE-2016-9385 CVE-2016-9386 CVE-2016-9637 openSUSE Leap 42.2 This update for gc fixes the following issues: - integer overflow in GC_MALLOC_ATOMIC() (CVE-2016-9427, bsc#1011276) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1011276 CVE-2016-9427 openSUSE Leap 42.2 This update for lxc fixes the following issue: - CVE-2016-8649: guest escape via ptrace of lxc-attach (boo#1010933). Important SUSE bug 1010933 CVE-2016-8649 openSUSE Leap 42.2 This update to MozillaFirefox 50.1.0 fixes the following vulnerabilities: - CVE-2016-9894: Buffer overflow in SkiaGL - CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements - CVE-2016-9895: CSP bypass using marquee tag - CVE-2016-9896: Use-after-free with WebVR - CVE-2016-9897: Memory corruption in libGLES - CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees - CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs - CVE-2016-9904: Cross-origin information leak in shared atoms - CVE-2016-9901: Data from Pocket server improperly sanitized before execution - CVE-2016-9902: Pocket extension does not validate the origin of events - CVE-2016-9903: XSS injection vulnerability in add-ons SDK - CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1 - CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 The following bugs were fixed: - boo#1011922: fix crash after a few seconds of usage on AArch64 Important SUSE bug 1011922 SUSE bug 1015422 CVE-2016-9080 CVE-2016-9893 CVE-2016-9894 CVE-2016-9895 CVE-2016-9896 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9903 CVE-2016-9904 openSUSE Leap 42.2 ceph was updated to version 10.2.4 and fixes the following issues: - A moncommand with empty prefix could crash the monitor (boo#987144, CVE-2016-5009) - Detect crc32 extension support from assembler on AArch64 (boo#999688) - Failing file operations on kernel based cephfs mount point could leave unaccessible file behind on hammer 0.94.7 (boo#985232) - Fixed boo#1008501 + ceph_volume_client: fix _recover_auth_meta() method + ceph_volume_client: check if volume metadata is empty + ceph_volume_client: fix partial auth recovery - Avoid ~100% CPU load after OSD creation / first OSD start (boo#1014338) - Fixed boo#990438: civetweb HTTPS support not working - Avoid systemd limiting OSDs (boo#1007216) - Fix "make check" when building unit tests with --with-xio (boo#977940) - Fix build for ppc64le (boo#982141) - Including performance fix for linux dcache hash algorithm (boo#1005179) - Fix invalid command in SOC7 (boo#1008894) Moderate SUSE bug 1005179 SUSE bug 1007216 SUSE bug 1008501 SUSE bug 1008894 SUSE bug 1014338 SUSE bug 977940 SUSE bug 982141 SUSE bug 985232 SUSE bug 987144 SUSE bug 990438 SUSE bug 999688 CVE-2016-5009 openSUSE Leap 42.2 shellinabox was updated to version 2.20 to fix the following security issues: - It was possible to fallback to the HTTP protocol even when configured for HTTPS. (CVE-2015-8400, boo#957748) - Disable secure client-initiated renegotiation - Set SSL options for increased security (disable SSLv2, SSLv3) - Protection against large HTTP requests non security fixes: - Includes some MSIE and iOS rendering fixes Moderate SUSE bug 957748 CVE-2015-8400 openSUSE Leap 42.2 This update for mcabber fixes the following issues: - Update to version 1.0.4 (changes since 1.0.2): * Check the origin of roster pushes (boo#1014976, CVE-2015-8688 (Gajim), https://gultsch.de/gajim_roster_push_and_message_interception.html) * Link with the tinfo library. * Fix default modules directory on OpenBSD. * Create the history log directory if it doesn't exist. * [OTR] Do not send empty subjects. * [UI] /set does not display password values anymore. * [MUC] Use nick to set the role. * Misc help/documentation updates. Moderate SUSE bug 1014976 CVE-2015-8688 openSUSE Leap 42.2 This update for qemu to version 2.6.2 fixes the several issues. These security issues were fixed: - CVE-2016-7161: Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allowed attackers to execute arbitrary code on the QEMU host via a large ethlite packet (bsc#1001151). - CVE-2016-7170: OOB stack memory access when processing svga command (bsc#998516). - CVE-2016-7466: xhci memory leakage during device unplug (bsc#1000345). - CVE-2016-7422: NULL pointer dereference in virtqueu_map_desc (bsc#1000346). - CVE-2016-7908: The mcf_fec_do_tx function in hw/net/mcf_fec.c did not properly limit the buffer descriptor count when transmitting packets, which allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags (bsc#1002550). - CVE-2016-7995: Memory leak in ehci_process_itd (bsc#1003612). - CVE-2016-8576: The xhci_ring_fetch function in hw/usb/hcd-xhci.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process (bsc#1003878). - CVE-2016-8578: The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c allowed local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation (bsc#1003894). - CVE-2016-9105: Memory leakage in v9fs_link (bsc#1007494). - CVE-2016-8577: Memory leak in the v9fs_read function in hw/9pfs/9p.c allowed local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation (bsc#1003893). - CVE-2016-9106: Memory leakage in v9fs_write (bsc#1007495). - CVE-2016-8669: The serial_update_parameters function in hw/char/serial.c allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base (bsc#1004707). - CVE-2016-7909: The pcnet_rdra_addr function in hw/net/pcnet.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0 (bsc#1002557). - CVE-2016-9101: eepro100 memory leakage whern unplugging a device (bsc#1007391). - CVE-2016-8668: The rocker_io_writel function in hw/net/rocker/rocker.c allowed local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size (bsc#1004706). - CVE-2016-8910: The rtl8139_cplus_transmit function in hw/net/rtl8139.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count (bsc#1006538). - CVE-2016-8909: The intel_hda_xfer function in hw/audio/intel-hda.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position (bsc#1006536). - CVE-2016-7994: Memory leak in virtio_gpu_resource_create_2d (bsc#1003613). - CVE-2016-9104: Integer overflow leading to OOB access in 9pfs (bsc#1007493). - CVE-2016-8667: The rc4030_write function in hw/dma/rc4030.c allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value (bsc#1004702). - CVE-2016-7907: The pcnet_rdra_addr function in hw/net/pcnet.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0 (bsc#1002549). These non-security issues were fixed: - Change kvm-supported.txt to be per-architecture documentation, stored in the package documentation directory of each per-arch package (bsc#1005353). - Update support doc to include current ARM64 (AArch64) support stance (bsc#1005374). - Fix migration failure when snapshot also has been done (bsc#1008148). - Change package post script udevadm trigger calls to be device specific (bsc#1002116). - Add qmp-commands.txt documentation file back in. It was inadvertently dropped. - Add an x86 cpu option (l3-cache) to specify that an L3 cache is present and another option (cpuid-0xb) to enable the cpuid 0xb leaf (bsc#1007769). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1000345 SUSE bug 1000346 SUSE bug 1001151 SUSE bug 1002116 SUSE bug 1002549 SUSE bug 1002550 SUSE bug 1002557 SUSE bug 1003612 SUSE bug 1003613 SUSE bug 1003878 SUSE bug 1003893 SUSE bug 1003894 SUSE bug 1004702 SUSE bug 1004706 SUSE bug 1004707 SUSE bug 1005353 SUSE bug 1005374 SUSE bug 1006536 SUSE bug 1006538 SUSE bug 1007391 SUSE bug 1007493 SUSE bug 1007494 SUSE bug 1007495 SUSE bug 1007769 SUSE bug 1008148 SUSE bug 998516 CVE-2016-7161 CVE-2016-7170 CVE-2016-7422 CVE-2016-7466 CVE-2016-7907 CVE-2016-7908 CVE-2016-7909 CVE-2016-7994 CVE-2016-7995 CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8667 CVE-2016-8668 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9101 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106 openSUSE Leap 42.2 This security update for GraphicsMagick fixes the following issues: - a memory allocation failure was fixed (CVE-2016-8866, boo#1009318) - maliciously crafted jng files could crash the identify utility (CVE-2016-9830, boo#1013640) Moderate SUSE bug 1009318 SUSE bug 1013640 CVE-2016-8866 CVE-2016-9830 openSUSE Leap 42.2 This update for ntp fixes the following issues: ntp was updated to 4.2.8p9. Security issues fixed: - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap information disclosure and DDoS vector. - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay Prevention DoS. - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval Enforcement DoS. - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero Origin Timestamp Bypass. - CVE-2016-7434, bsc#1011398: Null pointer dereference in _IO_str_init_static_internal(). - CVE-2016-7429, bsc#1011404: Interface selection attack. - CVE-2016-7426, bsc#1011406: Client rate limiting and server responses. - CVE-2016-7433, bsc#1011411: Reboot sync calculation problem. - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). Non-security issues fixed: - Fix a spurious error message. - Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog. - Fix a regression in "trap" (bsc#981252). - Reduce the number of netlink groups to listen on for changes to the local network setup (bsc#992606). - Fix segfault in "sntp -a" (bsc#1009434). - Silence an OpenSSL version warning (bsc#992038). - Make the resolver task change user and group IDs to the same values as the main task. (bsc#988028) - Simplify ntpd's search for its own executable to prevent AppArmor warnings (bsc#956365). This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1009434 SUSE bug 1011377 SUSE bug 1011390 SUSE bug 1011395 SUSE bug 1011398 SUSE bug 1011404 SUSE bug 1011406 SUSE bug 1011411 SUSE bug 1011417 SUSE bug 943216 SUSE bug 956365 SUSE bug 981252 SUSE bug 988028 SUSE bug 992038 SUSE bug 992606 CVE-2015-5219 CVE-2016-7426 CVE-2016-7427 CVE-2016-7428 CVE-2016-7429 CVE-2016-7431 CVE-2016-7433 CVE-2016-7434 CVE-2016-9310 CVE-2016-9311 openSUSE Leap 42.2 This update for tor updates to version 0.2.8.12 and fixes the following issues: - a hostile hidden service could cause tor clients to crash (boo#1016343, CVE-2016-1254) - updated fallback directory list - updated geoip and geoip6 to the December 7 2016 Maxmind GeoLite2 Country database. - When Tor leaves standby because of a new application request, open circuits as needed to serve that request - Clients now respond to new application stream requests immediately when they arrive, rather than waiting up to one second before starting to handle them Moderate SUSE bug 1005292 SUSE bug 1016343 CVE-2016-1254 openSUSE Leap 42.2 This updates irc-otr to version 1.0.2 and fixes the following issues: - Only the first line of messages transmitted via OTR sessions was a PRIVMSG and additional data was sent as a raw command to the IRC server (boo#1016942). - Detect the libotr-emitted HTML-formatted init string and replace it with a description customized for IRC and irssi-otr. Low SUSE bug 1016942 openSUSE Leap 42.2 This update to Mozilla Thunderbird 45.6.0 fixes security issues and bugs. In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. The following vulnerabilities were fixed: (boo#1015422) - CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements - CVE-2016-9895: CSP bypass using marquee tag - CVE-2016-9897: Memory corruption in libGLES - CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees - CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs - CVE-2016-9904: Cross-origin information leak in shared atoms - CVE-2016-9905: Crash in EnumerateSubDocuments - CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6 The following bugs were fixed: - The system integration dialog was shown every time when starting Thunderbird Moderate SUSE bug 1015422 CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9904 CVE-2016-9905 openSUSE Leap 42.2 This update for dnsmasq fixes the following issues: - CVE-2015-8899: Denial of service between local and remote dns entries (bsc#983273) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 983273 CVE-2015-8899 openSUSE Leap 42.2 This update for icinga includes various upstream fixes and the following security security fixes: - icinga was updated to version 1.14.0 - the classic-UI was vulnerable to a cross site scripting attack (CVE-2015-8010, boo#952777) - A user with nagios privileges could have gained root privileges by placing a symbolic link at the logfile location (CVE-2016-9566, boo#1014637) Important SUSE bug 1014637 SUSE bug 952777 CVE-2015-8010 CVE-2016-9566 openSUSE Leap 42.2 This update for openjpeg2 fixes the following issues: * CVE-2016-9114: NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740] * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741] * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975] * CVE-2016-9117: NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743] * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744] * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] * CVE-2016-9116: NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742] * CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543] * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414] * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash [bsc#999817] This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1002414 SUSE bug 1007739 SUSE bug 1007740 SUSE bug 1007741 SUSE bug 1007742 SUSE bug 1007743 SUSE bug 1007744 SUSE bug 1007747 SUSE bug 1014543 SUSE bug 1014975 SUSE bug 999817 CVE-2016-7445 CVE-2016-8332 CVE-2016-9112 CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 CVE-2016-9572 CVE-2016-9573 CVE-2016-9580 CVE-2016-9581 openSUSE Leap 42.2 This update for php5 fixes the following issues: - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454) - CVE-2017-11143: An invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP interpreter. (bsc#1048097) - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096) - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak. (bsc#1048112) - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111) - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information. (bsc#1048094) - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting could lead to heap overflow (bsc#986386) - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() in Zend/zend_ini_parser.c (bsc#1050726) - CVE-2017-7890: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1047454 SUSE bug 1048094 SUSE bug 1048096 SUSE bug 1048097 SUSE bug 1048111 SUSE bug 1048112 SUSE bug 1050241 SUSE bug 1050726 SUSE bug 986386 CVE-2016-10397 CVE-2016-5766 CVE-2017-11143 CVE-2017-11144 CVE-2017-11145 CVE-2017-11146 CVE-2017-11147 CVE-2017-11628 CVE-2017-7890 openSUSE Leap 42.2 icu was updated to fix two security issues. These security issues were fixed: - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text (bsc#929629). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 929629 CVE-2014-8146 CVE-2014-8147 openSUSE Leap 42.2 This update for postgresql94 fixes the following issues: * CVE-2017-7547: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1051685) * CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. (bsc#1051684) * CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1051684 SUSE bug 1051685 SUSE bug 1053259 CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 openSUSE Leap 42.2 This update for postgresql96 fixes the following issues: * CVE-2017-7547: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1051685) * CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. (bsc#1051684) * CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259) The changelog for this release is here: https://www.postgresql.org/docs/9.6/static/release-9-6-4.html This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1051684 SUSE bug 1051685 SUSE bug 1053259 CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 openSUSE Leap 42.2 This update for xen to version 4.7.3 fixes several issues. These security issues were fixed: - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information (XSA-226, bsc#1051787). - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for privilege escalation (XSA-227, bsc#1051788). - CVE-2017-12136: Race conditions with maptrack free list handling allows a malicious guest administrator to crash the host or escalate their privilege to that of the host (XSA-228, bsc#1051789). - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049578). - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046637). - CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to potentially leaking sensitive information (XSA-230 CVE-2017-12855). These non-security issues were fixed: - bsc#1055695: XEN: 11SP4 and 12SP3 HVM guests can not be restored after the save using xl stack - bsc#1035231: Migration of HVM domU did not use superpages on destination dom0 - bsc#1002573: Optimized LVM functions in block-dmmd block-dmmd - bsc#1037840: Xen-detect always showed HVM for PV guests This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1002573 SUSE bug 1026236 SUSE bug 1035231 SUSE bug 1037840 SUSE bug 1046637 SUSE bug 1049578 SUSE bug 1051787 SUSE bug 1051788 SUSE bug 1051789 SUSE bug 1052686 SUSE bug 1055695 CVE-2016-9603 CVE-2017-10664 CVE-2017-11434 CVE-2017-12135 CVE-2017-12136 CVE-2017-12137 CVE-2017-12855 openSUSE Leap 42.2 This update for gdk-pixbuf fixes the following issues: - CVE-2017-2862: JPEG gdk_pixbuf__jpeg_image_load_increment Code Execution Vulnerability (bsc#1048289) - CVE-2017-2870: tiff_image_parse Code Execution Vulnerability (bsc#1048544) - CVE-2017-6313: A dangerous integer underflow in io-icns.c (bsc#1027024) - CVE-2017-6314: Infinite loop in io-tiff.c (bsc#1027025) - CVE-2017-6312: Out-of-bounds read on io-ico.c (bsc#1027026) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1027024 SUSE bug 1027025 SUSE bug 1027026 SUSE bug 1048289 SUSE bug 1048544 SUSE bug 1049877 CVE-2017-2862 CVE-2017-2870 CVE-2017-6312 CVE-2017-6313 CVE-2017-6314 openSUSE Leap 42.2 This update for clamav-database refreshes the database. This update was imported from the SUSE:SLE-12:Update update project. Moderate openSUSE Leap 42.2 This update for chromium to version 61.0.3163.79 fixes several issues. These security issues were fixed: - CVE-2017-5111: Use after free in PDFium (boo#1057364). - CVE-2017-5112: Heap buffer overflow in WebGL (boo#1057364). - CVE-2017-5113: Heap buffer overflow in Skia (boo#1057364). - CVE-2017-5114: Memory lifecycle issue in PDFium (boo#1057364). - CVE-2017-5115: Type confusion in V8 (boo#1057364). - CVE-2017-5116: Type confusion in V8 (boo#1057364). - CVE-2017-5117: Use of uninitialized value in Skia (boo#1057364). - CVE-2017-5118: Bypass of Content Security Policy in Blink (boo#1057364). - CVE-2017-5119: Use of uninitialized value in Skia (boo#1057364). - CVE-2017-5120: Potential HTTPS downgrade during redirect navigation (boo#1057364). Important SUSE bug 1057364 CVE-2017-5111 CVE-2017-5112 CVE-2017-5113 CVE-2017-5114 CVE-2017-5115 CVE-2017-5116 CVE-2017-5117 CVE-2017-5118 CVE-2017-5119 CVE-2017-5120 openSUSE Leap 42.2 LibreOffice was updated to version 5.3.5.2, bringing new features and enhancements: Writer: - New "Go to Page" dialog for quickly jumping to another page. - Support for "Table Styles". - New drawing tools were added. - Improvements in the toolbar. - Borderless padding is displayed. Calc: - New drawing tools were added. - In new installations the default setting for new documents is now "Enable wildcards in formulas" instead of regular expressions. - Improved compatibility with ODF 1.2 Impress: - Images inserted via "Photo Album" can now be linked instead of embedded in the document. - When launching Impress, a Template Selector allows you to choose a Template to start with. - Two new default templates: Vivid and Pencil. - All existing templates have been improved. Draw: - New arrow endings, including Crow's foot notation's ones. Base: - Firebird has been upgraded to version 3.0.0. It is unable to read back Firebird 2.5 data, so embedded Firebird odb files created in LibreOffice version up to 5.2 cannot be opened with LibreOffice 5.3. Some security issues have also been fixed: - CVE-2017-7870: An out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function. - CVE-2017-7882: An out-of-bounds write related to the HWPFile::TagsRead function. - CVE-2017-8358: an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function. - CVE-2016-10327: An out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function. - CVE-2017-9433: An out-of-bounds write caused by a heap-based buffer overflow related to the MsWrd1Parser::readFootnoteCorrespondance function in libmwaw. A comprehensive list of new features and changes in this release is available at: https://wiki.documentfoundation.org/ReleaseNotes/5.3 This update contains binaries for the ports architectures only. This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1015115 SUSE bug 1015118 SUSE bug 1015360 SUSE bug 1017925 SUSE bug 1021369 SUSE bug 1021373 SUSE bug 1021675 SUSE bug 1028817 SUSE bug 1034192 SUSE bug 1034329 SUSE bug 1034568 SUSE bug 1035087 SUSE bug 1035589 SUSE bug 1036975 SUSE bug 1042828 SUSE bug 1045339 SUSE bug 947117 SUSE bug 948058 SUSE bug 954776 SUSE bug 959926 SUSE bug 962777 SUSE bug 963436 SUSE bug 972777 SUSE bug 975283 SUSE bug 976831 SUSE bug 989564 CVE-2015-8947 CVE-2016-10327 CVE-2016-2052 CVE-2017-7870 CVE-2017-7882 CVE-2017-8358 CVE-2017-9433 openSUSE Leap 42.2 This update for icoutils to version 0.31.1 fixes the following issues: - CVE-2017-5208: An integer overflow allows maliciously crafted files to cause DoS or code execution (boo#1018756). - CVE-2017-5331: Incorrect out of bounds checks in check_offset allow for DoS or code execution (boo#1018756). - CVE-2017-5332: Missing out of bounds checks in extract_group_icon_cursor_resource allow for DoS or code execution (boo#1018756). - CVE-2017-5333: Incorrect out of bounds checks in check_offset allow for DoS or code execution (boo#1018756). Important SUSE bug 1018756 CVE-2017-5208 CVE-2017-5331 CVE-2017-5332 CVE-2017-5333 openSUSE Leap 42.2 pcsc-lite was updated to fix one security issue. This security issue was fixed: - CVE-2016-10109: This use-after-free and double-free issue allowed local attacker to cause a Denial of Service and possible privilege escalation (bsc#1017902). Moderate SUSE bug 1017902 CVE-2016-10109 openSUSE Leap 42.2 This update for cvs fixes the following issues: - CVE-2017-12836: A leading dash in the argument of the "-d" option could lead to argument injection (bsc#1053364) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1053364 CVE-2017-12836 openSUSE Leap 42.2 This update for php7 fixes several issues. These security issues were fixed: - CVE-2017-12932: Prevent heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue could have had an unspecified impact on the integrity of PHP (bsc#1054432). - CVE-2017-12934: Prevent heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue could have had an unspecified impact on the integrity of PHP (bsc#1054408). - CVE-2017-12933: The finish_nested_data function in ext/standard/var_unserializer.re was prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue could have had an unspecified impact on the integrity of PHP (bsc#1054430) These non-security issues were fixed: - bsc#1057104: php7-devel now requires php7-pear - bsc#1057845: Fixed namespace encapsulation of imported classes/functions/constants This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1054408 SUSE bug 1054430 SUSE bug 1054432 SUSE bug 1057104 SUSE bug 1057845 CVE-2017-12932 CVE-2017-12933 CVE-2017-12934 openSUSE Leap 42.2 The openSUSE Leap 42.2 kernel was updated to 4.4.87 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bnc#1057389). - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982). - CVE-2017-11472: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table (bnc#1049580). - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588). - CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 1053919). The following non-security bugs were fixed: - acpi / scan: Prefer devices without _HID for _ADR matching (git-fixes). - alsa: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978) (bsc#1020657). - alsa: hda - Implement mic-mute LED mode enum (bsc#1055013). - alsa: hda/realtek - Add support headphone Mic for ALC221 of HP platform (bsc#1024405). - alsa: ice1712: Add support for STAudio ADCIII (bsc#1048934). - alsa: usb-audio: Apply sample rate quirk to Sennheiser headset (bsc#1052580). - Add "shutdown" to "struct class" (bsc#1053117). - bluetooth: bnep: fix possible might sleep error in bnep_session (bsc#1031784). - bluetooth: cmtp: fix possible might sleep error in cmtp_session (bsc#1031784). - btrfs: fix early ENOSPC due to delalloc (bsc#1049226). - nfs: flush data when locking a file to ensure cache coherence for mmap (bsc#981309). - Revert "/proc/iomem: only expose physical resource addresses to privileged users" (kabi). - Revert "Make file credentials available to the seqfile interfaces" (kabi). - usb: core: fix device node leak (bsc#1047487). - Update patches.drivers/tpm-141-fix-RC-value-check-in-tpm2_seal_trusted.patch (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 5ca4c20cfd37). - bnxt: add a missing rcu synchronization (bnc#1038583). - bnxt: do not busy-poll when link is down (bnc#1038583). - bnxt_en: Enable MRU enables bit when configuring VNIC MRU (bnc#1038583). - bnxt_en: Fix "uninitialized variable" bug in TPA code path (bnc#1038583). - bnxt_en: Fix NULL pointer dereference in a failure path during open (bnc#1038583). - bnxt_en: Fix NULL pointer dereference in reopen failure path (bnc#1038583). - bnxt_en: Fix TX push operation on ARM64 (bnc#1038583). - bnxt_en: Fix VF virtual link state (bnc#1038583). - bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583). - bnxt_en: Fix and clarify link_info->advertising (bnc#1038583). - bnxt_en: Fix ring arithmetic in bnxt_setup_tc() (bnc#1038583). - bnxt_en: Pad TX packets below 52 bytes (bnc#1038583). - bnxt_en: Refactor TPA code path (bnc#1038583). - bnxt_en: fix pci cleanup in bnxt_init_one() failure path (bnc#1038583). - bnxt_en: initialize rc to zero to avoid returning garbage (bnc#1038583). - ceph: fix readpage from fscache (bsc#1057015). - cxgb4: Fix stack out-of-bounds read due to wrong size to t4_record_mbox() (bsc#1021424 bsc#1022743). - drivers: net: xgene: Fix wrong logical operation (bsc#1056827). - drm/vmwgfx: Limit max desktop dimensions to 8Kx8K (bsc#1048155). - fuse: initialize the flock flag in fuse_file on allocation (git-fixes). - gfs2: Do not clear SGID when inheriting ACLs (bsc#1012829). - ibmvnic: Clean up resources on probe failure (fate#323285, bsc#1058116). - iwlwifi: missing error code in iwl_trans_pcie_alloc() (bsc#1031717). - iwlwifi: mvm: do not send CTDP commands via debugfs if not supported (bsc#1031717). - kernel/*: switch to memdup_user_nul() (bsc#1048893). - lib: test_rhashtable: Fix KASAN warning (bsc#1055359). - lib: test_rhashtable: fix for large entry counts (bsc#1055359). - lightnvm: remove unused rq parameter of nvme_nvm_rqtocmd() to kill warning (FATE#319466). - md/raid5: fix a race condition in stripe batch (linux-stable). - mm, madvise: ensure poisoned pages are removed from per-cpu lists (VM hw poison -- git fixes). - mm/page_alloc.c: apply gfp_allowed_mask before the first allocation attempt (bnc#971975 VM -- git fixes). - mptsas: Fixup device hotplug for VMWare ESXi (bsc#1030850). - netfilter: fix IS_ERR_VALUE usage (bsc#1052888). - netfilter: x_tables: pack percpu counter allocations (bsc#1052888). - netfilter: x_tables: pass xt_counters struct instead of packet counter (bsc#1052888). - netfilter: x_tables: pass xt_counters struct to counter allocator (bsc#1052888). - new helper: memdup_user_nul() (bsc#1048893). - of: fix "/cpus" reference leak in of_numa_parse_cpu_nodes() (bsc#1056827). - ovl: fix dentry leak for default_permissions (bsc#1054084). - percpu_ref: allow operation mode switching operations to be called concurrently (bsc#1055096). - percpu_ref: remove unnecessary RCU grace period for staggered atomic switching confirmation (bsc#1055096). - percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate percpu_ref_switch_to_atomic() (bsc#1055096). - percpu_ref: restructure operation mode switching (bsc#1055096). - percpu_ref: unify staggered atomic switching wait behavior (bsc#1055096). - rtnetlink: fix rtnl_vfinfo_size (bsc#1056261). - s390: export symbols for crash-kmp (bsc#1053915). - supported.conf: clear mistaken external support flag for cifs.ko (bsc#1053802). - sysctl: fix lax sysctl_check_table() sanity check (bsc#1048893). - sysctl: fold sysctl_writes_strict checks into helper (bsc#1048893). - sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893). - sysctl: simplify unsigned int support (bsc#1048893). - tpm: Issue a TPM2_Shutdown for TPM2 devices (bsc#1053117). - tpm: KABI fix (bsc#1053117). - tpm: fix: return rc when devm_add_action() fails (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 8e0ee3c9faed). - tpm: read burstcount from TPM_STS in one 32-bit transaction (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 27084efee0c3). - tpm_tis_core: Choose appropriate timeout for reading burstcount (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes aec04cbdf723). - tpm_tis_core: convert max timeouts from msec to jiffies (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes aec04cbdf723). - tty: serial: msm: Support more bauds (git-fixes). - ubifs: Correctly evict xattr inodes (bsc#1012829). - ubifs: Do not leak kernel memory to the MTD (bsc#1012829). - xfs: fix inobt inode allocation search optimization (bsc#1012829). Important SUSE bug 1012829 SUSE bug 1020645 SUSE bug 1020657 SUSE bug 1021424 SUSE bug 1022743 SUSE bug 1024405 SUSE bug 1030850 SUSE bug 1031717 SUSE bug 1031784 SUSE bug 1034048 SUSE bug 1038583 SUSE bug 1047487 SUSE bug 1048155 SUSE bug 1048893 SUSE bug 1048934 SUSE bug 1049226 SUSE bug 1049580 SUSE bug 1051790 SUSE bug 1052580 SUSE bug 1052888 SUSE bug 1053117 SUSE bug 1053802 SUSE bug 1053915 SUSE bug 1053919 SUSE bug 1054084 SUSE bug 1055013 SUSE bug 1055096 SUSE bug 1055359 SUSE bug 1056261 SUSE bug 1056588 SUSE bug 1056827 SUSE bug 1056982 SUSE bug 1057015 SUSE bug 1057389 SUSE bug 1058116 SUSE bug 971975 SUSE bug 981309 CVE-2017-1000251 CVE-2017-11472 CVE-2017-12134 CVE-2017-14051 CVE-2017-14106 openSUSE Leap 42.2 This update introduces lame and twolame. For ffmpeg2 it updates to version 2.8.13 and fixes several issues. These security issues were fixed: - CVE-2017-14058: The read_data function in libavformat/hls.c did not restrict reload attempts for an insufficient list, which allowed remote attackers to cause a denial of service (infinite loop) (bsc#1056762) - CVE-2017-14057: In asf_read_marker() due to lack of an EOF (End of File) check might have caused huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but did not contain sufficient backing data, was provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops (bsc#1056761) - CVE-2017-14059: A DoS in cine_read_header() due to lack of an EOF check might have caused huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but did not contain sufficient backing data, was provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop (bsc#1056763) - CVE-2017-14056: A DoS in rl2_read_header() due to lack of an EOF (End of File) check might have caused huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but did not contain sufficient backing data, was provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops (bsc#1056760) - CVE-2017-14055: a DoS in mv_read_header() due to lack of an EOF (End of File) check might have caused huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but did not contain sufficient backing data, was provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop (bsc#1056766) - boo#1046211: Lots of integer overflow fixes - CVE-2017-14169: In the mxf_read_primer_pack function an integer signedness error have might occured when a crafted file, which claims a large "item_num" field such as 0xffffffff, was provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value (bsc#1057536) - CVE-2017-14170: Prevent DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check that might have caused huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but did not contain sufficient backing data, was provided, the loop would consume huge CPU resources, since there was no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file (bsc#1057537) - CVE-2017-14171: Prevent DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check taht might have caused huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but did not contain sufficient backing data, was provided, the loop over 'table_entries_used' would consume huge CPU resources, since there was no EOF check inside the loop (bsc#1057539) - !: CVE-2017-14223: Prevent DoS in asf_build_simple_index() due to lack of an EOF (End of File) check that might have caused huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but did not contain sufficient backing data, was provided, the for loop would consume huge CPU and memory resources, since there was no EOF check inside the loop (bsc#1058019) - !: CVE-2017-14222: Prevent DoS in read_tfra() due to lack of an EOF (End of File) check that might have caused huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but did not contain sufficient backing data, was provided, the loop would consume huge CPU and memory resources, since there was no EOF check inside the loop (bsc#1058020) These non-security issues were fixed: - Unconditionalize celt, ass, openjpeg, webp, libva, vdpau. - Build unconditionally with lame and twolame For ffmpeg it updates to version 3.3.4 and fixes several issues. These security issues were fixed: - CVE-2017-14058: The read_data function in libavformat/hls.c did not restrict reload attempts for an insufficient list, which allowed remote attackers to cause a denial of service (infinite loop) (bsc#1056762) - CVE-2017-14057: In asf_read_marker() due to lack of an EOF (End of File) check might have caused huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but did not contain sufficient backing data, was provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops (bsc#1056761) - CVE-2017-14059: A DoS in cine_read_header() due to lack of an EOF check might have caused huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but did not contain sufficient backing data, was provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop (bsc#1056763) - CVE-2017-14054: A DoS in ivr_read_header() due to lack of an EOF (End of File) check might have caused huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but did not contain sufficient backing data, was provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop (bsc#1056765) - CVE-2017-14056: A DoS in rl2_read_header() due to lack of an EOF (End of File) check might have caused huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but did not contain sufficient backing data, was provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops (bsc#1056760) - CVE-2017-14055: a DoS in mv_read_header() due to lack of an EOF (End of File) check might have caused huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but did not contain sufficient backing data, was provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop (bsc#1056766) - CVE-2017-11399: Integer overflow in the ape_decode_frame function allowed remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file (bsc#1049095) - CVE-2017-14171: Prevent DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check taht might have caused huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but did not contain sufficient backing data, was provided, the loop over 'table_entries_used' would consume huge CPU resources, since there was no EOF check inside the loop (bsc#1057539) - CVE-2017-14170: Prevent DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check that might have caused huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but did not contain sufficient backing data, was provided, the loop would consume huge CPU resources, since there was no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file (bsc#1057537) - CVE-2017-14169: In the mxf_read_primer_pack function an integer signedness error have might occured when a crafted file, which claims a large "item_num" field such as 0xffffffff, was provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value (bsc#1057536) - CVE-2017-14225: The av_color_primaries_name function may have returned a NULL pointer depending on a value contained in a file, but callers did not anticipate this, leading to a NULL pointer dereference (bsc#1058018) - CVE-2017-14223: Prevent DoS in asf_build_simple_index() due to lack of an EOF (End of File) check that might have caused huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but did not contain sufficient backing data, was provided, the for loop would consume huge CPU and memory resources, since there was no EOF check inside the loop (bsc#1058019) - CVE-2017-14222: Prevent DoS in read_tfra() due to lack of an EOF (End of File) check that might have caused huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but did not contain sufficient backing data, was provided, the loop would consume huge CPU and memory resources, since there was no EOF check inside the loop (bsc#1058020) It also includes various fixes for integer overflows and too-large bit shifts that didn't receive a CVE. These non-security issues were fixed: - Unconditionalize celt, ass, openjpeg, webp, netcdf, libva, vdpau. - Build unconditionally with lame and twolame - boo#1041794: Disable cuda extensions - Add additional checks to ensure MPEG is off Moderate SUSE bug 1041794 SUSE bug 1046211 SUSE bug 1049095 SUSE bug 1056760 SUSE bug 1056761 SUSE bug 1056762 SUSE bug 1056763 SUSE bug 1056765 SUSE bug 1056766 SUSE bug 1057536 SUSE bug 1057537 SUSE bug 1057539 SUSE bug 1058018 SUSE bug 1058019 SUSE bug 1058020 CVE-2017-11399 CVE-2017-14054 CVE-2017-14055 CVE-2017-14056 CVE-2017-14057 CVE-2017-14058 CVE-2017-14059 CVE-2017-14169 CVE-2017-14170 CVE-2017-14171 CVE-2017-14222 CVE-2017-14223 CVE-2017-14225 openSUSE Leap 42.2 This update for emacs fixes one issues. This security issue was fixed: - CVE-2017-14482: Remote code execution via mails with "Content-Type: text/enriched" (bsc#1058425) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1058425 CVE-2017-14482 openSUSE Leap 42.2 This update for php5 fixes on issues. This security issue was fixed: - CVE-2017-12933: The finish_nested_data function in ext/standard/var_unserializer.re was prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue could have had an unspecified impact on the integrity of PHP (bsc#1054430) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1054430 CVE-2017-12933 openSUSE Leap 42.2 This update for xen fixes several issues. These security issues were fixed: - CVE-2017-14316: Missing bound check in function `alloc_heap_pages` for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen (XSA-231, bsc#1056278) - CVE-2017-14318: The function __gnttab_cache_flush missed a check for grant tables, allowing a malicious guest to crash the host or for x86 PV guests to potentially escalate privileges (XSA-232, bsc#1056280) - CVE-2017-14317: A race in cxenstored may have cause a double-free allowind for DoS of the xenstored daemon (XSA-233, bsc#1056281). - CVE-2017-14319: An error while handling grant mappings allowed malicious or buggy x86 PV guest to escalate its privileges or crash the hypervisor (XSA-234, bsc#1056282). These non-security issues were fixed: - bsc#1055695: Fixed restoring updates for HVM guests for ballooned domUs This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1027519 SUSE bug 1055695 SUSE bug 1056278 SUSE bug 1056280 SUSE bug 1056281 SUSE bug 1056282 CVE-2017-14316 CVE-2017-14317 CVE-2017-14318 CVE-2017-14319 openSUSE Leap 42.2 This update for fossil to version fixes security issues and bugs. The following vulnerabilities were fixed: - boo#1053267: XSS vulnerability on the /help webpage The version update to version 2.3 also contains a number of upstream improvements and bug fixes. Moderate SUSE bug 1053267 openSUSE Leap 42.2 This update for freexl to version 1.0.4 fixes several issues. These security issues were fixed: - CVE-2017-2924: Prevent heap-based buffer overflow in the read_legacy_biff function (bsc#1058433). - CVE-2017-2923: Prevent heap-based buffer overflow in the read_biff_next_record function (bsc#1058431). Low SUSE bug 1058431 SUSE bug 1058433 CVE-2017-2923 CVE-2017-2924 openSUSE Leap 42.2 This update for apache2 fixes the following security issue: - CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS (bsc#1058058). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1058058 CVE-2017-9798 openSUSE Leap 42.2 This update for libzip fixes the following security issue: - CVE-2017-14107: The _zip_read_eocd64 function mishandled EOCD records, which allowed remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive (bsc#1056996). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1056996 CVE-2017-14107 openSUSE Leap 42.2 This update to Chromium 61.0.3163.100 fixes the following vulnerabilities: - CVE-2017-5121: Out-of-bounds access in V8 - CVE-2017-5122: Out-of-bounds access in V8 - Various fixes from internal audits, fuzzing and other initiatives Moderate SUSE bug 1060019 CVE-2017-5121 CVE-2017-5122 openSUSE Leap 42.2 This update for libraw fixes the following issues: - CVE-2017-14348: A specially crafted file could have been used to trigger a heap-based buffer overflow (boo#1058467) Moderate SUSE bug 1058467 CVE-2017-14348 openSUSE Leap 42.2 This update for tor fixes the following issues: - CVE-2017-0380: hidden services with the SafeLogging option disabled could disclose the stack (boo#1059194) Moderate SUSE bug 1059194 CVE-2017-0380 openSUSE Leap 42.2 This update for vlc to version 2.2.6 fixes several issues. This security issue was fixed: - CVE-2017-9300: Heap corruption allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted FLAC file (bsc#1041907). These non-security issues were fixed: - Stop depending on libkde4-devel: It's only used to find the install path for kde4, but configure falls back to the correct default for openSUSE anyway (boo#1057736). - Disable vnc access module For the various other fixes introduced by 2.2.6 please see the changelog. Moderate SUSE bug 1041907 SUSE bug 1057736 CVE-2017-9300 openSUSE Leap 42.2 This update for weechat fixes the following issues: - CVE-2017-14727: A uninitialized buffer could be used to crash the logger plugin in WeeChat (boo#1060140) Moderate SUSE bug 1060140 CVE-2017-14727 openSUSE Leap 42.2 This update to Mozilla Firefox 52.4esr, along with Mozilla NSS 3.28.6, fixes security issues and bugs. The following vulnerabilities advised upstream under MFSA 2017-22 (boo#1060445) were fixed: - CVE-2017-7793: Use-after-free with Fetch API - CVE-2017-7818: Use-after-free during ARIA array manipulation - CVE-2017-7819: Use-after-free while resizing images in design mode - CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE - CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings - CVE-2017-7823: CSP sandbox directive did not create a unique origin - CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 The following security issue was fixed in Mozilla NSS 3.28.6: - CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes (bsc#1061005) The following bug was fixed: - boo#1029917: language accept header use incorrect locale For compatibility reasons, java-1_8_0-openjdk was rebuilt to the updated version of NSS. Important SUSE bug 1060445 SUSE bug 1061005 CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 openSUSE Leap 42.2 This update for dnsmasq fixes the following security issues: - CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354] - CVE-2017-14492: heap based overflow. [bsc#1060355] - CVE-2017-14493: stack based overflow. [bsc#1060360] - CVE-2017-14494: DHCP - info leak. [bsc#1060361] - CVE-2017-14495: DNS - OOM DoS. [bsc#1060362] - CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364] This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1060354 SUSE bug 1060355 SUSE bug 1060360 SUSE bug 1060361 SUSE bug 1060362 SUSE bug 1060364 CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 openSUSE Leap 42.2 This update for otrs to version 3.3.18 fixes the following issue: This security issue was fixed: - CVE-2017-14635: Remote authenticated users could have leveraged statistics-write permissions to gain privileges via code injection (bsc#1059691). Moderate SUSE bug 1059691 CVE-2017-14635 openSUSE Leap 42.2 This update for tiff to version 4.0.8 fixes a several bugs and security issues: These security issues were fixed: - CVE-2017-7595: The JPEGSetupEncode function allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image (bsc#1033127). - CVE-2016-10371: The TIFFWriteDirectoryTagCheckedRational function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file (bsc#1038438). - CVE-2017-7598: Error in tif_dirread.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image (bsc#1033118). - CVE-2017-7596: Undefined behavior because of floats outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033126). - CVE-2017-7597: Undefined behavior because of floats outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033120). - CVE-2017-7599: Undefined behavior because of shorts outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033113). - CVE-2017-7600: Undefined behavior because of chars outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033112). - CVE-2017-7601: Because of a shift exponent too large for 64-bit type long undefined behavior was caused, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033111). - CVE-2017-7602: Prevent signed integer overflow, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033109). - CVE-2017-7592: The putagreytile function had a left-shift undefined behavior issue, which might allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033131). - CVE-2017-7593: Ensure that tif_rawdata is properly initialized, to prevent remote attackers to obtain sensitive information from process memory via a crafted image (bsc#1033129). - CVE-2017-7594: The OJPEGReadHeaderInfoSecTablesDcTable function allowed remote attackers to cause a denial of service (memory leak) via a crafted image (bsc#1033128). - CVE-2017-9403: Prevent memory leak in function TIFFReadDirEntryLong8Array, which allowed attackers to cause a denial of service via a crafted file (bsc#1042805). - CVE-2017-9404: Fixed memory leak vulnerability in function OJPEGReadHeaderInfoSecTablesQTable, which allowed attackers to cause a denial of service via a crafted file (bsc#1042804). These various other issues were fixed: - Fix uint32 overflow in TIFFReadEncodedStrip() that caused an integer division by zero. Reported by Agostino Sarubbo. - fix heap-based buffer overflow on generation of PixarLog / LUV compressed files, with ColorMap, TransferFunction attached and nasty plays with bitspersample. The fix for LUV has not been tested, but suffers from the same kind of issue of PixarLog. - modify ChopUpSingleUncompressedStrip() to instanciate compute ntrips as TIFFhowmany_32(td->td_imagelength, rowsperstrip), instead of a logic based on the total size of data. Which is faulty is the total size of data is not sufficient to fill the whole image, and thus results in reading outside of the StripByCounts/StripOffsets arrays when using TIFFReadScanline() - make OJPEGDecode() early exit in case of failure in OJPEGPreDecode(). This will avoid a divide by zero, and potential other issues. - fix misleading indentation as warned by GCC. - revert change done on 2016-01-09 that made Param member of TIFFFaxTabEnt structure a uint16 to reduce size of the binary. It happens that the Hylafax software uses the tables that follow this typedef (TIFFFaxMainTable, TIFFFaxWhiteTable, TIFFFaxBlackTable), although they are not in a public libtiff header. - add TIFFReadRGBAStripExt() and TIFFReadRGBATileExt() variants of the functions without ext, with an extra argument to control the stop_on_error behaviour. - fix potential memory leaks in error code path of TIFFRGBAImageBegin(). - increase libjpeg max memory usable to 10 MB instead of libjpeg 1MB default. This helps when creating files with "big" tile, without using libjpeg temporary files. - add _TIFFcalloc() - return 0 in Encode functions instead of -1 when TIFFFlushData1() fails. - only run JPEGFixupTagsSubsampling() if the YCbCrSubsampling tag is not explicitly present. This helps a bit to reduce the I/O amount when the tag is present (especially on cloud hosted files). - in LZWPostEncode(), increase, if necessary, the code bit-width after flushing the remaining code and before emitting the EOI code. - fix memory leak in error code path of PixarLogSetupDecode(). - fix potential memory leak in OJPEGReadHeaderInfoSecTablesQTable, OJPEGReadHeaderInfoSecTablesDcTable and OJPEGReadHeaderInfoSecTablesAcTable - avoid crash in Fax3Close() on empty file. - TIFFFillStrip(): add limitation to the number of bytes read in case td_stripbytecount[strip] is bigger than reasonable, so as to avoid excessive memory allocation. - fix memory leak when the underlying codec (ZIP, PixarLog) succeeds its setupdecode() method, but PredictorSetup fails. - TIFFFillStrip() and TIFFFillTile(): avoid excessive memory allocation in case of shorten files. Only effective on 64 bit builds and non-mapped cases. - TIFFFillStripPartial() / TIFFSeek(), avoid potential integer overflows with read_ahead in CHUNKY_STRIP_READ_SUPPORT mode. - avoid excessive memory allocation in case of shorten files. Only effective on 64 bit builds. - update tif_rawcc in CHUNKY_STRIP_READ_SUPPORT mode with tif_rawdataloaded when calling TIFFStartStrip() or TIFFFillStripPartial(). - avoid potential int32 overflow in TIFFYCbCrToRGBInit() Fixes - avoid potential int32 overflows in multiply_ms() and add_ms(). - fix out-of-buffer read in PackBitsDecode() Fixes - LogL16InitState(): avoid excessive memory allocation when RowsPerStrip tag is missing. - update dec_bitsleft at beginning of LZWDecode(), and update tif_rawcc at end of LZWDecode(). This is needed to properly work with the latest chnges in tif_read.c in CHUNKY_STRIP_READ_SUPPORT mode. - PixarLogDecode(): resync tif_rawcp with next_in and tif_rawcc with avail_in at beginning and end of function, similarly to what is done in LZWDecode(). Likely needed so that it works properly with latest chnges in tif_read.c in CHUNKY_STRIP_READ_SUPPORT mode. - initYCbCrConversion(): add basic validation of luma and refBlackWhite coefficients (just check they are not NaN for now), to avoid potential float to int overflows. - _TIFFVSetField(): fix outside range cast of double to float. - initYCbCrConversion(): check luma[1] is not zero to avoid division by zero - _TIFFVSetField(): fix outside range cast of double to float. - initYCbCrConversion(): check luma[1] is not zero to avoid division by zero. - initYCbCrConversion(): stricter validation for refBlackWhite coefficients values. - avoid uint32 underflow in cpDecodedStrips that can cause various issues, such as buffer overflows in the library. - fix readContigStripsIntoBuffer() in -i (ignore) mode so that the output buffer is correctly incremented to avoid write outside bounds. - add 3 extra bytes at end of strip buffer in readSeparateStripsIntoBuffer() to avoid read outside of heap allocated buffer. - fix integer division by zero when BitsPerSample is missing. - fix null pointer dereference in -r mode when the image has no StripByteCount tag. - avoid potential division by zero is BitsPerSamples tag is missing. - when TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) is called, limit the return number of inks to SamplesPerPixel, so that code that parses ink names doesn't go past the end of the buffer. - avoid potential division by zero is BitsPerSamples tag is missing. - fix uint32 underflow/overflow that can cause heap-based buffer overflow. - replace assert( (bps % 8) == 0 ) by a non assert check. - fix 2 heap-based buffer overflows (in PSDataBW and PSDataColorContig). - prevent heap-based buffer overflow in -j mode on a paletted image. - fix wrong usage of memcpy() that can trigger unspecified behaviour. - avoid potential invalid memory read in t2p_writeproc. - avoid potential heap-based overflow in t2p_readwrite_pdf_image_tile(). - remove extraneous TIFFClose() in error code path, that caused double free. - error out cleanly in cpContig2SeparateByRow and cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based overflow. - avoid integer division by zero. - call TIFFClose() in error code paths. - emit appropriate message if the input file is empty. - close TIFF handle in error code path. This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1033109 SUSE bug 1033111 SUSE bug 1033112 SUSE bug 1033113 SUSE bug 1033118 SUSE bug 1033120 SUSE bug 1033126 SUSE bug 1033127 SUSE bug 1033128 SUSE bug 1033129 SUSE bug 1033131 SUSE bug 1038438 SUSE bug 1042804 SUSE bug 1042805 CVE-2016-10371 CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602 CVE-2017-9403 CVE-2017-9404 openSUSE Leap 42.2 This update for libraw fixes the following issues: Security issue fixed: * CVE-2017-14265: A stack based buffer overflow in the xtrans_interpolate function was fixed. [boo#1060163] * CVE-2017-13735: A floating point exception in the kodak_radc_load_raw function was fixed which could have lead to aborts of programs using libraw on reading malicious files. [bsc#1060321] Moderate SUSE bug 1060163 SUSE bug 1060321 CVE-2017-13735 CVE-2017-14265 openSUSE Leap 42.2 This update for pdns fixes the following issues: - CVE-2016-2120: Crafted zone record could have caused a denial of service (bsc#1018329). - CVE-2016-7068: Crafted queries could have caused abnormal CPU usage (bsc#1018326). - CVE-2016-7072: Denial of service via the web server (bsc#1018327). - CVE-2016-7073: Fixed insufficient validation of TSIG signatures (bsc#1018328). - CVE-2016-7074: Fixed insufficient validation of TSIG signatures ((bsc#1018328). Moderate SUSE bug 1018326 SUSE bug 1018327 SUSE bug 1018328 SUSE bug 1018329 CVE-2016-2120 CVE-2016-7068 CVE-2016-7072 CVE-2016-7073 CVE-2016-7074 openSUSE Leap 42.2 This update for liblouis fixes several issues. These security issues were fixed: - CVE-2017-13738: Prevent illegal address access in the _lou_getALine function that allowed to cause remote DoS (bsc#1056105). - CVE-2017-13739: Prevent heap-based buffer overflow in the function resolveSubtable() that could have caused DoS or remote code execution (bsc#1056101). - CVE-2017-13740: Prevent stack-based buffer overflow in the function parseChars() that could have caused DoS or possibly unspecified other impact (bsc#1056097) - CVE-2017-13741: Prevent use-after-free in function compileBrailleIndicator() that allowed to cause remote DoS (bsc#1056095). - CVE_2017-13742: Prevent stack-based buffer overflow in function includeFile that allowed to cause remote DoS (bsc#1056093). - CVE-2017-13743: Prevent buffer overflow triggered in the function _lou_showString() that allowed to cause remote DoS (bsc#1056090). - CVE-2017-13744: Prevent illegal address access in the function _lou_getALine() that allowed to cause remote DoS (bsc#1056088). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1056088 SUSE bug 1056090 SUSE bug 1056093 SUSE bug 1056095 SUSE bug 1056097 SUSE bug 1056101 SUSE bug 1056105 CVE-2017-13738 CVE-2017-13739 CVE-2017-13740 CVE-2017-13741 CVE-2017-13743 CVE-2017-13744 openSUSE Leap 42.2 This update for bind fixes the following issues: - Fix a potential assertion failure that could have been triggered by a malformed response to an ANY query, thereby facilitating a denial-of-service attack. [CVE-2016-9131, bsc#1018700, bsc#1018699] - Fix a potential assertion failure that could have been triggered by responding to a query with inconsistent DNSSEC information, thereby facilitating a denial-of-service attack. [CVE-2016-9147, bsc#1018701, bsc#1018699] - Fix potential assertion failure that could have been triggered by DNS responses that contain unusually-formed DS resource records, facilitating a denial-of-service attack. [CVE-2016-9444, bsc#1018702, bsc#1018699] This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1018699 SUSE bug 1018700 SUSE bug 1018701 SUSE bug 1018702 CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 openSUSE Leap 42.2 This update for openjpeg2 fixes several issues. These security issues were fixed: - CVE-2016-10507: Integer overflow vulnerability in the bmp24toimage function allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file (bsc#1056421). - CVE-2017-14039: A heap-based buffer overflow was discovered in the opj_t2_encode_packet function. The vulnerability caused an out-of-bounds write, which may have lead to remote denial of service or possibly unspecified other impact (bsc#1056622). - CVE-2017-14164: A size-validation issue was discovered in opj_j2k_write_sot. The vulnerability caused an out-of-bounds write, which may have lead to remote DoS or possibly remote code execution (bsc#1057511). - CVE-2017-14040: An invalid write access was discovered in bin/jp2/convert.c, triggering a crash in the tgatoimage function. The vulnerability may have lead to remote denial of service or possibly unspecified other impact (bsc#1056621). - CVE-2017-14041: A stack-based buffer overflow was discovered in the pgxtoimage function. The vulnerability caused an out-of-bounds write, which may have lead to remote denial of service or possibly remote code execution (bsc#1056562). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1056421 SUSE bug 1056562 SUSE bug 1056621 SUSE bug 1056622 SUSE bug 1057511 CVE-2016-10507 CVE-2017-14039 CVE-2017-14040 CVE-2017-14041 CVE-2017-14164 openSUSE Leap 42.2 Mozilla Thunderbird was updated to 52.4.0 (boo#1060445) * new behavior was introduced for replies to mailing list posts: "When replying to a mailing list, reply will be sent to address in From header ignoring Reply-to header". A new preference mail.override_list_reply_to allows to restore the previous behavior. * Under certain circumstances (image attachment and non-image attachment), attached images were shown truncated in messages stored in IMAP folders not synchronised for offline use. * IMAP UIDs > 0x7FFFFFFF now handled properly Security fixes from Gecko 52.4esr * CVE-2017-7793 (bmo#1371889) Use-after-free with Fetch API * CVE-2017-7818 (bmo#1363723) Use-after-free during ARIA array manipulation * CVE-2017-7819 (bmo#1380292) Use-after-free while resizing images in design mode * CVE-2017-7824 (bmo#1398381) Buffer overflow when drawing and validating elements with ANGLE * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement) Use-after-free in TLS 1.2 generating handshake hashes * CVE-2017-7814 (bmo#1376036) Blob and data URLs bypass phishing and malware protection warnings * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only) OS X fonts render some Tibetan and Arabic unicode characters as spaces * CVE-2017-7823 (bmo#1396320) CSP sandbox directive did not create a unique origin * CVE-2017-7810 Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 - Add alsa-devel BuildRequires: we care for ALSA support to be built and thus need to ensure we get the dependencies in place. In the past, alsa-devel was pulled in by accident: we buildrequire libgnome-devel. This required esound-devel and that in turn pulled in alsa-devel for us. libgnome is being fixed to no longer require esound-devel. Important SUSE bug 1060445 CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 CVE-2017-7825 openSUSE Leap 42.2 This update for krb5 fixes several issues. This security issue was fixed: - CVE-2017-11462: Prevent automatic security context deletion to prevent double-free (bsc#1056995) These non-security issues were fixed: - Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf in order to improve client security in handling service principle names. (bsc#1054028) - Prevent kadmind.service startup failure caused by absence of LDAP service. (bsc#903543) - Remove main package's dependency on systemd (bsc#1032680) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1032680 SUSE bug 1054028 SUSE bug 1056995 SUSE bug 903543 CVE-2017-11462 openSUSE Leap 42.2 This update for samba fixes several issues. These security issues were fixed: - CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file, leaking information from the server to the client (bsc#1058624). - CVE-2017-12150: Always enforce smb signing when it is configured (bsc#1058622). - CVE-2017-12151: Keep required encryption across SMB3 dfs redirects (bsc#1058565). These non-security issues were fixed: - Fixed error where short name length was read as 2 bytes, should be 1 (bsc#1042419) - Fixed GUID string format on GetPrinter to prevent published printers from disappearing 7 (bsc#1050707). - Halt endless forest trust scan to prevent winbind from running out of memory (bsc#1044084). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1042419 SUSE bug 1044084 SUSE bug 1050707 SUSE bug 1058565 SUSE bug 1058622 SUSE bug 1058624 CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 openSUSE Leap 42.2 This update for libvirt fixes several issues. This security issue was fixed: - bsc#1053600: Escape ssh commed line to prevent interpreting malicious hostname as arguments, allowing for command execution These non-security issues were fixed: - bsc#1049505, bsc#1051017: Security manager: Don't autogenerate seclabels of type 'none' when AppArmor is inactive - bsc#1052151: Moved /usr/share/libvirt/libvirtLogo.png symlink from client to doc subpackage, where its target resides - bsc#1048783: Ignore newlines in libvirt-guests.sh guest list - bsc#1031056: Add default controllers for USB devices - bsc#1012143: Define path to parted using autoconf cache variable. parted is used for management of disk-based storage pools - bsc#1036785: Prevent output of null target in domxml-to-native This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1012143 SUSE bug 1017189 SUSE bug 1031056 SUSE bug 1036785 SUSE bug 1048783 SUSE bug 1049505 SUSE bug 1051017 SUSE bug 1052151 SUSE bug 1053600 openSUSE Leap 42.2 This update for squid fixes the following issues: - CVE-2016-10003: Prevent incorrect forwarding of cached private responses when Collapsed Forwarding feature is enabled. This allowed remote attacker (proxy user) to discover private and sensitive information about another user (bsc#1016169). - CVE-2016-10002: Fixed incorrect processing of responses to If-None-Modified HTTP conditional requests. This allowed responses containing private data to clients it should not have reached (bsc#1016168). - CVE-2014-9749: Prevent nonce replay in Digest authentication, preventing the reuse of stale auth tokens (bsc#949942). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1016168 SUSE bug 1016169 SUSE bug 949942 CVE-2014-9749 CVE-2016-10002 CVE-2016-10003 openSUSE Leap 42.2 This update for GraphicsMagick fixes the following security issues: - CVE-2017-14532: NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c allowing for DoS (bsc#1059663) - CVE-2017-15033: Memory leak in ReadYUVImage could have allowed DoS (boo#1061873) Moderate SUSE bug 1059663 SUSE bug 1061873 CVE-2017-14532 CVE-2017-15033 openSUSE Leap 42.2 This update for mbedtls fixes the following issues: - CVE-2017-14032: Possible authentication bypass of peer based authentication when auth mode is configured as 'optional' (boo#1056544). Moderate SUSE bug 1056544 CVE-2017-14032 openSUSE Leap 42.2 This update for wireshark to version 2.2.10 fixes multiple minor security issues. These vulnerabilities that could be used to trigger dissector crashes or infinite loops by making Wireshark read specially crafted packages from the network or a capture file: * CVE-2017-15192: BT ATT dissector crash * CVE-2017-15193: MBIM dissector crash * CVE-2017-15191: DMP dissector crash Moderate SUSE bug 1062645 CVE-2017-15191 CVE-2017-15192 CVE-2017-15193 openSUSE Leap 42.2 The openSUSE Leap 42.2 Kernel was updated to 4.4.90 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038). - CVE-2017-14489: The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local users to cause a denial of service (panic) by leveraging incorrect length validation (bnc#1059051). - CVE-2017-12153: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel This function did not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash (bnc#1058410). - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel did not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allowed KVM L2 guest OS users to obtain read and write access to the hardware CR8 register (bnc#1058507). The following non-security bugs were fixed: - arc: Re-enable MMU upon Machine Check exception (bnc#1012382). - arm64: fault: Route pte translation faults via do_translation_fault (bnc#1012382). - arm64: Make sure SPsel is always set (bnc#1012382). - arm: pxa: add the number of DMA requestor lines (bnc#1012382). - arm: pxa: fix the number of DMA requestor lines (bnc#1012382). - bcache: correct cache_dirty_target in __update_writeback_rate() (bnc#1012382). - bcache: Correct return value for sysfs attach errors (bnc#1012382). - bcache: do not subtract sectors_to_gc for bypassed IO (bnc#1012382). - bcache: fix bch_hprint crash and improve output (bnc#1012382). - bcache: fix for gc and write-back race (bnc#1012382). - bcache: Fix leak of bdev reference (bnc#1012382). - bcache: initialize dirty stripes in flash_dev_run() (bnc#1012382). - blacklist.conf: Add commit b5accbb0dfae - blacklist.conf: add one more - block: Relax a check in blk_start_queue() (bnc#1012382). - bsg-lib: do not free job in bsg_prepare_job (bnc#1012382). - btrfs: change how we decide to commit transactions during flushing (bsc#1060197). - btrfs: fix NULL pointer dereference from free_reloc_roots() (bnc#1012382). - btrfs: prevent to set invalid default subvolid (bnc#1012382). - btrfs: propagate error to btrfs_cmp_data_prepare caller (bnc#1012382). - btrfs: qgroup: move noisy underflow warning to debugging build (bsc#1055755). - cifs: Fix SMB3.1.1 guest authentication to Samba (bnc#1012382). - cifs: release auth_key.response for reconnect (bnc#1012382). - crypto: AF_ALG - remove SGL terminator indicator when chaining (bnc#1012382). - crypto: talitos - Do not provide setkey for non hmac hashing algs (bnc#1012382). - crypto: talitos - fix sha224 (bnc#1012382). - cxl: Fix driver use count (bnc#1012382). - dmaengine: mmp-pdma: add number of requestors (bnc#1012382). - drm: Add driver-private objects to atomic state (bsc#1055493). - drm/dp: Introduce MST topology state to track available link bandwidth (bsc#1055493). - ext4: fix incorrect quotaoff if the quota feature is enabled (bnc#1012382). - ext4: fix quota inconsistency during orphan cleanup for read-only mounts (bnc#1012382). - f2fs: check hot_data for roll-forward recovery (bnc#1012382). - fix xen_swiotlb_dma_mmap prototype (bnc#1012382). - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bnc#1012382). - ftrace: Fix selftest goto location on error (bnc#1012382). - genirq: Fix for_each_action_of_desc() macro (bsc#1061064). - getcwd: Close race with d_move called by lustre (bsc#1052593). - gfs2: Fix debugfs glocks dump (bnc#1012382). - gianfar: Fix Tx flow control deactivation (bnc#1012382). - hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM switch (bnc#1022967). - input: i8042 - add Gigabyte P57 to the keyboard reset table (bnc#1012382). - iommu/vt-d: Avoid calling virt_to_phys() on null pointer (bsc#1061067). - ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() (bnc#1012382). - ipv6: add rcu grace period before freeing fib6_node (bnc#1012382). - ipv6: fix memory leak with multiple tables during netns destruction (bnc#1012382). - ipv6: fix sparse warning on rt6i_node (bnc#1012382). - ipv6: fix typo in fib6_net_exit() (bnc#1012382). - kabi/severities: ignore nfs_pgio_data_destroy - keys: fix writing past end of user-supplied buffer in keyring_read() (bnc#1012382). - keys: prevent creating a different user's keyrings (bnc#1012382). - keys: prevent KEYCTL_READ on negative key (bnc#1012382). - kvm: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready" exceptions simultaneously (bsc#1061017). - kvm: PPC: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce() (bnc#1012382). - kvm: SVM: Add a missing 'break' statement (bsc#1061017). - kvm: VMX: do not change SN bit in vmx_update_pi_irte() (bsc#1061017). - kvm: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt (bsc#1061017). - kvm: VMX: use cmpxchg64 (bnc#1012382). - mac80211: flush hw_roc_start work before cancelling the ROC (bnc#1012382). - md/bitmap: disable bitmap_resize for file-backed bitmaps (bsc#1061172). - md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list (bnc#1012382). - md/raid5: release/flush io in raid5_do_work() (bnc#1012382). - media: uvcvideo: Prevent heap overflow when accessing mapped controls (bnc#1012382). - media: v4l2-compat-ioctl32: Fix timespec conversion (bnc#1012382). - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of both infinite inputs (bnc#1012382). - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of input values with opposite signs (bnc#1012382). - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix cases of both inputs zero (bnc#1012382). - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix quiet NaN propagation (bnc#1012382). - mips: math-emu: <MAX|MIN>.<D|S>: Fix cases of both inputs negative (bnc#1012382). - mips: math-emu: MINA.<D|S>: Fix some cases of infinity and zero inputs (bnc#1012382). - mm: prevent double decrease of nr_reserved_highatomic (bnc#1012382). - nfsd: Fix general protection fault in release_lock_stateid() (bnc#1012382). - pci: Allow PCI express root ports to find themselves (bsc#1061046). - pci: fix oops when try to find Root Port for a PCI device (bsc#1061046). - pci: Fix race condition with driver_override (bnc#1012382). - pci: shpchp: Enable bridge bus mastering if MSI is enabled (bnc#1012382). - perf/x86: Fix RDPMC vs. mm_struct tracking (bsc#1061831). - perf/x86: kABI Workaround for 'perf/x86: Fix RDPMC vs. mm_struct tracking' (bsc#1061831). - powerpc: Fix DAR reporting when alignment handler faults (bnc#1012382). - powerpc/pseries: Fix parent_dn reference leak in add_dt_node() (bnc#1012382). - qlge: avoid memcpy buffer overflow (bnc#1012382). - Revert "net: fix percpu memory leaks" (bnc#1012382). - Revert "net: phy: Correctly process PHY_HALTED in phy_stop_machine()" (bnc#1012382). - Revert "net: use lib/percpu_counter API for fragmentation mem accounting" (bnc#1012382). - scsi: ILLEGAL REQUEST + ASC==27 => target failure (bsc#1059465). - scsi: megaraid_sas: Check valid aen class range to avoid kernel panic (bnc#1012382). - scsi: megaraid_sas: Return pended IOCTLs with cmd_status MFI_STAT_WRONG_STATE in case adapter is dead (bnc#1012382). - scsi: sg: factor out sg_fill_request_table() (bnc#1012382). - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE (bnc#1012382). - scsi: sg: off by one in sg_ioctl() (bnc#1012382). - scsi: sg: remove 'save_scat_len' (bnc#1012382). - scsi: sg: use standard lists for sg_requests (bnc#1012382). - scsi: storvsc: fix memory leak on ring buffer busy (bnc#1012382). - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path (bnc#1012382). - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace records (bnc#1012382). - scsi: zfcp: fix missing trace records for early returns in TMF eh handlers (bnc#1012382). - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with HBA (bnc#1012382). - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records (bnc#1012382). - scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled (bnc#1012382). - scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response (bnc#1012382). - scsi: zfcp: trace high part of "new" 64 bit SCSI LUN (bnc#1012382). - seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter() (bnc#1012382). - skd: Avoid that module unloading triggers a use-after-free (bnc#1012382). - skd: Submit requests to firmware before triggering the doorbell (bnc#1012382). - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bnc#1012382). - smb: Validate negotiate (to protect against downgrade) even if signing off (bnc#1012382). - swiotlb-xen: implement xen_swiotlb_dma_mmap callback (bnc#1012382). - timer/sysclt: Restrict timer migration sysctl values to 0 and 1 (bnc#1012382). - tracing: Apply trace_clock changes to instance max buffer (bnc#1012382). - tracing: Erase irqsoff trace with empty write (bnc#1012382). - tracing: Fix trace_pipe behavior for instance traces (bnc#1012382). - tty: fix __tty_insert_flip_char regression (bnc#1012382). - tty: improve tty_insert_flip_char() fast path (bnc#1012382). - tty: improve tty_insert_flip_char() slow path (bnc#1012382). - vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets (bnc#1012382). - video: fbdev: aty: do not leak uninitialized padding in clk to userspace (bnc#1012382). - Workaround for kABI compatibility with DP-MST patches (bsc#1055493). - x86/fpu: Do not let userspace set bogus xcomp_bv (bnc#1012382). - x86/fsgsbase/64: Report FSBASE and GSBASE correctly in core dumps (bnc#1012382). - x86/ldt: Fix off by one in get_segment_base() (bsc#1061872). - xfs/dmapi: fix incorrect file->f_path.dentry->d_inode usage (bsc#1055896). Important SUSE bug 1012382 SUSE bug 1022967 SUSE bug 1052593 SUSE bug 1055493 SUSE bug 1055755 SUSE bug 1055896 SUSE bug 1058038 SUSE bug 1058410 SUSE bug 1058507 SUSE bug 1059051 SUSE bug 1059465 SUSE bug 1060197 SUSE bug 1061017 SUSE bug 1061046 SUSE bug 1061064 SUSE bug 1061067 SUSE bug 1061172 SUSE bug 1061831 SUSE bug 1061872 CVE-2017-1000252 CVE-2017-12153 CVE-2017-12154 CVE-2017-14489 openSUSE Leap 42.2 qemu was updated to fix several issues. These security issues were fixed: - CVE-2016-9102: Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number (bsc#1014256). - CVE-2016-9103: The v9fs_xattrcreate function in hw/9pfs/9p.c in allowed local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values writing to them (bsc#1007454). - CVE-2016-9381: Improper processing of shared rings allowing guest administrators take over the qemu process, elevating their privilege to that of the qemu process (bsc#1009109) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013285). - CVE-2016-9845: The Virtio GPU Device emulator support as vulnerable to an information leakage issue while processing the 'VIRTIO_GPU_CMD_GET_CAPSET_INFO' command. A guest user/process could have used this flaw to leak contents of the host memory (bsc#1013767). - CVE-2016-9846: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue while updating the cursor data in update_cursor_data_virgl. A guest user/process could have used this flaw to leak host memory bytes, resulting in DoS for the host (bsc#1013764). - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a memory leakage flaw when destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could have used this issue to leak host memory, resulting in DoS for a host (bsc#1014109). - CVE-2016-9908: The Virtio GPU Device emulator support was vulnerable to an information leakage issue while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could have used this flaw to leak contents of the host memory (bsc#1014514). - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014111). - CVE-2016-9912: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could have used this flaw to leak host memory bytes, resulting in DoS for the host (bsc#1014112). - CVE-2016-9913: VirtFS was vulnerable to memory leakage issue via its '9p-handle' or '9p-proxy' backend drivers. A privileged user inside guest could have used this flaw to leak host memory, thus affecting other services on the host and/or potentially crash the Qemu process on the host (bsc#1014110). These non-security issues were fixed: - Fixed uint64 property parsing and add regression tests (bsc#937125) - Added a man page for kvm_stat - Fix crash in vte (bsc#1008519) - Various upstream commits targeted towards stable releases (bsc#1013341) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1007454 SUSE bug 1008519 SUSE bug 1009109 SUSE bug 1013285 SUSE bug 1013341 SUSE bug 1013764 SUSE bug 1013767 SUSE bug 1014109 SUSE bug 1014110 SUSE bug 1014111 SUSE bug 1014112 SUSE bug 1014256 SUSE bug 1014514 SUSE bug 1016779 SUSE bug 937125 CVE-2016-9102 CVE-2016-9103 CVE-2016-9381 CVE-2016-9776 CVE-2016-9845 CVE-2016-9846 CVE-2016-9907 CVE-2016-9908 CVE-2016-9911 CVE-2016-9912 CVE-2016-9913 CVE-2016-9921 CVE-2016-9922 openSUSE Leap 42.2 This update for wpa_supplicant fixes the security issues: - Several vulnerabilities in standard conforming implementations of the WPA2 protocol have been discovered and published under the code name KRACK. This update remedies those issues in a backwards compatible manner, i.e. the updated wpa_supplicant can interface properly with both vulnerable and patched implementations of WPA2, but an attacker won't be able to exploit the KRACK weaknesses in those connections anymore even if the other party is still vulnerable. [bsc#1056061, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088] This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1056061 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13087 CVE-2017-13088 openSUSE Leap 42.2 This update for git fixes the following issues: This security issue was fixed: - CVE-2017-14867: Git used unsafe Perl scripts to support subcommands such as cvsserver, which allowed attackers to execute arbitrary OS commands via shell metacharacters in a module name (bsc#1061041). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1061041 CVE-2017-14867 openSUSE Leap 42.2 This update for cacti and cacti-spine fixes the following issues: Build version 1.1.26 - issue#841: --input-fields variable not working with add_graphs.php cli - issue#986: Resolve minor appearance problem on Modern theme - issue#989: Resolve issue with data input method commands loosing spaces on import - issue#1000: add_graphs.php not recognizing input fields - issue#1003: Reversing resolution to Issue#995 due to adverse impact to polling times - issue#1008: Remove developer debug warning about thumbnail validation - issue#1009: Resolving minor issue with cmd_realtime.php and a changing hostname - issue#1010: CVE-2017-15194 - Path-Based Cross-Site Scripting (XSS) (bsc#1062554) - issue#1027: Confirm that the PHP date.timezone setting is properly set during install - issue: Fixed database session handling for PHP 7.1 - issue: Fixed some missing i18n - issue: Fixed typo's - feature: Updated Dutch translations - feature: Schema changes; Examined queries without key usage and added/changed some keys - feature: Some small improvements Build version 1.1.25 - issue#966: Email still using SMTP security even though set to none - issue#995: Redirecting exec_background() to dev null breaks some functions - issue#998: Allow removal of external data template and prevent their creation - issue: Remove spikes uses wrong variance value from WebGUI - issue: Changing filters on log page does not reset to first page - issue: Allow manual creation of external data sources once again - feature: Updated Dutch translations Build version 1.1.24 - issue#932: Zoom positioning breaks when you scroll the graph page - issue#970: Remote Data Collector Cache Synchronization missing plugin sub-directories - issue#980: Resolve issue where a new tree branches refreshs before you have a chance to name it - issue#982: Data Source Profile size information not showing properly - issue: Long sysDescriptions on automation page cause columns to be hidden - issue: Resolve visual issues in Classic theme - feature: Allow Resynchronization of Poller Resource Cache Build version 1.1.23 - issue#963: SQL Errors with snmpagent and MariaDB 10.2 - issue#964: SQL Mode optimization failing in 1.1.22 Build version 1.1.22 - issue#950: Automation - New graph rule looses name on change - issue#952: CSV Export not rendering chinese characters correctly (Second attempt) - issue#955: Validation error trying to view graph debug syntax - issue: MySQL/MariaDB database sql_mode NO_AUTO_VALUE_ON_ZERO corrupts Cacti database - issue: When creating a data source, the data source profile does not default to the system default - feature: Enhance table filters to support new Cycle plugin - feature: Updated Dutch Translations Build version 1.1.21 - issue#938: Problems upgrading to 1.1.20 with one table alter statement - issue#952: CSV Export not rendering chinese characters correctly - issue: Minor alignment issue on tables Build version 1.1.20 - issue#920: Issue with scrollbars after update to 1.1.19 related to #902 - issue#921: Tree Mode no longer expands to accomodate full tree item names - issue#922: When using LDAP domains some setings are not passed correctly to the Cacti LDAP library - issue#923: Warninga in cacti.log are displayed incorrectly - issue#926: Update Utilities page to provide more information on rebuilding poller cache - issue#927: Minor schema change to support XtraDB Cluster - issue#929: Overlapping frames on certain themes - issue#931: Aggregate graphs missing from list view - issue#933: Aggregate graphs page counter off - issue#935: Support utf8 printable in data query inserts - issue#936: TimeZone query failure undefined function - issue: Taking actions on users does not use callbacks - issue: Undefined constant in lib/snmp.php on RHEL7 - issue: Human readable socket errno's not defined - issue: Audit of ping methods tcp, udp, and icmp ping. IPv6 will still not work till php 5.5.4 Moderate SUSE bug 1062554 CVE-2017-15194 openSUSE Leap 42.2 This update for upx fixes the following security issue: * CVE-2017-15056: specially crafted package may have caused a denial of service (boo#1062059) In addition upx was updated to 3.94, with the following improvements: * Support for aarch64). * Support for --lzma compression on 64-bit PowerPC Moderate SUSE bug 1062059 CVE-2017-15056 openSUSE Leap 42.2 This update for bluez fixes the following vulnerabilities: * CVE-2016-7837: Buffer overflow in parse_line function (bsc#1026652) * CVE-2017-1000250: information disclosure vulnerability in service_search_attr_req (bsc#1057342) Moderate SUSE bug 1026652 SUSE bug 1057342 CVE-2016-7837 CVE-2017-1000250 openSUSE Leap 42.2 This update for xorg-x11-server fixes the following vulnerabilities: * CVE-2017-12176: Unvalidated extra length in ProcEstablishConnection (bsc#1063041) * CVE-2017-12177: dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo (bsc#1063040) * CVE-2017-12178: Xi: fix wrong extra length check in ProcXIChangeHierarchy (bsc#1063039) * CVE-2017-12179: Xi: integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer (bsc#1063038) * CVE-2017-12180,CVE-2017-12181,CVE-2017-12182: Unvalidated lengths in XFree86-VidMode/XFree86-DGA/XFree86-DRI extension (bsc#1063037) * CVE-2017-12183: Unvalidated lengths in XFIXES extension (bsc#1063035) * CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12187: Unvalidated lengths in multiple extensions (bsc#1063034) Moderate SUSE bug 1063034 SUSE bug 1063035 SUSE bug 1063037 SUSE bug 1063038 SUSE bug 1063039 SUSE bug 1063040 SUSE bug 1063041 CVE-2017-12176 CVE-2017-12177 CVE-2017-12178 CVE-2017-12179 CVE-2017-12180 CVE-2017-12181 CVE-2017-12182 CVE-2017-12183 CVE-2017-12184 CVE-2017-12185 CVE-2017-12186 CVE-2017-12187 openSUSE Leap 42.2 xerces-j2 was updated to fix several issues. This security issue was fixed: - bsc#814241: Prevent possible DoS through very long attribute names This non-security issue was fixed: - Prevent StackOverflowError when applying a pattern restriction on long strings while trying to validate an XML file against a schema (bsc#1047536, bsc#879138) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1047536 SUSE bug 814241 SUSE bug 879138 openSUSE Leap 42.2 This update for exiv2 fixes the following issues: Security issues fixed: - CVE-2017-11591: There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. (boo#1050257) - CVE-2017-11683: There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. (boo#1051188) - CVE-2017-14865: There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. (boo#1061003) - CVE-2017-14862: An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. (boo#1060996) - CVE-2017-14859: An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. (boo#1061000) Moderate SUSE bug 1050257 SUSE bug 1051188 SUSE bug 1060996 SUSE bug 1061000 SUSE bug 1061003 CVE-2017-11591 CVE-2017-11683 CVE-2017-14859 CVE-2017-14862 CVE-2017-14865 openSUSE Leap 42.2 Salt was updated to 2017.7.2 and also to fix various bugs and security issues. See the following resources for the full changelog: https://docs.saltstack.com/en/develop/topics/releases/2017.7.2.html https://docs.saltstack.com/en/develop/topics/releases/2017.7.1.html https://docs.saltstack.com/en/develop/topics/releases/2017.7.0.html Security issues fixed: - CVE-2017-14695: A directory traversal during minion id validation was fixed. (boo#1062462) - CVE-2017-14696: A remote denial of service attack with a specially crafted authentication request was fixed. (boo#1062464) - CVE-2017-12791: crafted minion ID could lead directory traversal on the Salt-master (boo#1053955) Non security issues fixed: - Add possibility to generate _version.py at the build time for raw builds: https://github.com/saltstack/salt/pull/43955 - Fix salt target-type field returns "String" for existing jids but an empty "Array" for non existing jids. (issue #1711) - Fixed minion resource exhaustion when many functions are being executed in parallel (boo#1059758) - Remove 'TasksTask' attribute from salt-master.service in older versions of systemd (boo#985112) - Provide custom SUSE salt-master.service file. - Fix wrong version reported by Salt (boo#1061407) - list_pkgs: add parameter for returned attribute selection (boo#1052264) - Adding the leftover for zypper and yum list_pkgs functionality. - Use $HOME to get the user home directory instead using '~' char (boo#1042749) - fix ownership for whole master cache directory (boo#1035914) - fix setting the language on SUSE systems (boo#1038855) - wrong os_family grains on SUSE - fix unittests (boo#1038855) - speed-up cherrypy by removing sleep call - Disable 3rd party runtime packages to be explicitly recommended. (boo#1040886) - fix format error (boo#1043111) - Add a salt-minion watchdog for RHEL6 and SLES11 systems (sysV) to restart salt-minion in case of crashes during upgrade. - Add procps as dependency. - Bugfix: jobs scheduled to run at a future time stay pending for Salt minions (boo#1036125) - Wrong os_family grains on SUSE - fix unittests. (boo#1038855) - Fix setting the language on SUSE systems. (boo#1038855) - Bugfix: unable to use hostname for minion ID as '127'. (upstream) - Bugfix: remove sleep call in CheppryPy API handler. (upstream) - Fix core grains constants for timezone. (boo#1032931) - Prevents zero length error on Python 2.6. - Fixes zypper test error after backporting. - Refactoring on Zypper and Yum execution and state modules to allow installation of patches/errata. - Allows to set 'timeout' and 'gather_job_timeout' via kwargs. - Add missing bootstrap script for Salt Cloud. (boo#1032452) - raet protocol is no longer supported. (boo#1020831) - Fix: add missing /var/cache/salt/cloud directory. (boo#1032213) - Cleanup salt user environment preparation. (boo#1027722) - Fix: race condition on cache directory creation. - Fix: /var/log/salt/minion fails logrotate. (boo#1030009) - Fix: Result of master_tops extension is mutually overwritten. (boo#1030073) - Allows to set custom timeouts for 'manage.up' and 'manage.status'. - Keep fix for migrating salt home directory. (boo#1022562) - Fix salt-minion update on RHEL. (boo#1022841) - Prevents 'OSError' exception in case certain job cache path doesn't exist. (boo#1023535) Moderate SUSE bug 1020831 SUSE bug 1022562 SUSE bug 1022841 SUSE bug 1023535 SUSE bug 1027722 SUSE bug 1030009 SUSE bug 1030073 SUSE bug 1032213 SUSE bug 1032452 SUSE bug 1032931 SUSE bug 1035914 SUSE bug 1036125 SUSE bug 1038855 SUSE bug 1040886 SUSE bug 1042749 SUSE bug 1043111 SUSE bug 1052264 SUSE bug 1053955 SUSE bug 1059758 SUSE bug 1061407 SUSE bug 1062462 SUSE bug 1062464 SUSE bug 985112 CVE-2017-12791 CVE-2017-14695 CVE-2017-14696 openSUSE Leap 42.2 This security update for irssi to version 1.0.5 addresses the following security issues: * CVE-2017-15228: When installing themes with unterminated colour formatting sequences, Irssi may access data beyond the end of the string. This issue could have resulted in denial of service (remote crash) when installing a malicious or broken theme file. * CVE-2017-15227: While waiting for the channel synchronisation, Irssi may incorrectly fail to remove destroyed channels from the query list, resulting in use after free conditions when updating the state later on. This issue could have caused denial of service (remote crash) when connecting to a malicious or broken ircd. * CVE-2017-15721: Certain incorrectly formatted DCC CTCP messages could cause NULL pointer dereference. This issue could have caused denial of service (remote crash) when connecting to a malicious or broken ircd. * CVE-2017-15723: Overlong nicks or targets may result in a NULL pointer dereference while splitting the message. This issue could have caused denial of service (remote crash) when connecting to a malicious or broken ircd. * CVE-2017-15722: In certain cases Irssi may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string. Moderate SUSE bug 1064540 CVE-2017-15227 CVE-2017-15228 CVE-2017-15721 CVE-2017-15722 CVE-2017-15723 openSUSE Leap 42.2 This update for v8 fixes the following issues: - maliciously crafted java script code could cause v8 in chromium to crash Moderate SUSE bug 1013274 CVE-2016-5219 openSUSE Leap 42.2 This update for jq fixes the following minor security issue: * CVE-2016-4074: stack exhaustion could affect availability when parsing untrusted imput (bsc#1014176) The following tracked packaging changes are included: * Update tests dependencies to increase test coverage (bsc#1017157) This update was imported from the SUSE:SLE-12:Update update project. Low SUSE bug 1014176 SUSE bug 1017157 CVE-2016-4074 openSUSE Leap 42.2 This update for freeradius-server fixes the following issues: Fix a number of security issues found via fuzzing by Guido Vranken See http://freeradius.org/security/fuzzer-2017.html for details. (boo#1049086) - CVE-2017-10987 / FR-GV-304: DHCP - Buffer over-read in fr_dhcp_decode_suboptions() - CVE-2017-10986 / FR-GV-303: DHCP - Infinite read in dhcp_attr2vp() - FR-AD-001: Use strncmp() instead of memcmp() for string data - CVE-2017-10983 / FR-GV-206: DHCP - Read overflow when decoding option 63 - CVE-2017-10985 / FR-GV-302: Infinite loop and memory exhaustion with 'concat' attributes - CVE-2017-10984 / FR-GV-301: Write overflow in data2vp_wimax() - FR-AD-002: String lifetime issues in rlm_python - FR-GV-305: Decode 'signed' attributes correctly - CVE-2017-10978 / FR-GV-201: Read / write overflow in make_secret() Moderate SUSE bug 1049086 CVE-2017-10978 CVE-2017-10983 CVE-2017-10984 CVE-2017-10985 CVE-2017-10986 CVE-2017-10987 openSUSE Leap 42.2 This update for libraw fixes the following issues: Changes in libraw: * CVE-2017-14608: An out of bounds read in the kodak_65000_load_raw function could lead to an information leak. [boo#1063798] Moderate SUSE bug 1063798 CVE-2017-14608 openSUSE Leap 42.2 This update for mysql-community-server to 5.6.38 fixes the following issues: Full list of changes: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-38.html CVEs fixed: - [boo#1064116] CVE-2017-10379 - [boo#1064117] CVE-2017-10384 - [boo#1064115] CVE-2017-10378 - [boo#1064101] CVE-2017-10268 - [boo#1064096] CVE-2017-10155 - [boo#1064118] CVE-2017-3731 - [boo#1064102] CVE-2017-10276 - [boo#1064105] CVE-2017-10283 - [boo#1064112] CVE-2017-10314 - [boo#1064100] CVE-2017-10227 - [boo#1064104] CVE-2017-10279 - [boo#1064108] CVE-2017-10294 - [boo#1064107] CVE-2017-10286 Additional changes: - add "BuildRequires: unixODBC-devel" to allow ODBC support for Connect engine [boo#1039034] - update filename in /var/adm/update-messages to match documentation, and build-compare pattern - some scripts from the tools subpackage, namely: wsrep_sst_xtrabackup, wsrep_sst_mariabackup.sh and wsrep_sst_xtrabackup-v2.sh need socat - fixed incorrect descriptions and mismatching RPM groups Important SUSE bug 1039034 SUSE bug 1064096 SUSE bug 1064100 SUSE bug 1064101 SUSE bug 1064102 SUSE bug 1064104 SUSE bug 1064105 SUSE bug 1064107 SUSE bug 1064108 SUSE bug 1064112 SUSE bug 1064115 SUSE bug 1064116 SUSE bug 1064117 SUSE bug 1064118 SUSE bug 1064119 CVE-2017-10155 CVE-2017-10227 CVE-2017-10268 CVE-2017-10276 CVE-2017-10279 CVE-2017-10283 CVE-2017-10286 CVE-2017-10294 CVE-2017-10314 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 CVE-2017-3731 openSUSE Leap 42.2 This update for GraphicsMagick fixes the following issues: * CVE-2017-13775: Fixed a denial of service issue in ReadJNXImage() in coders/jnx.c (boo#1056431) * CVE-2017-13063: Fixed a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c (bsc#1055050) * CVE-2017-13064: Fixed a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c (bsc#1055042) * CVE-2017-12936: The ReadWMFImage function in coders/wmf.c in GraphicsMagick had a use-after-free issue for data associated with exception reporting. (bsc#1054598) * CVE-2017-13139: The ReadOneMNGImage function in coders/png.c had an out-of-bounds read with the MNG CLIP chunk. (bsc#1055430) * CVE-2017-12937: The ReadSUNImage function in coders/sun.c in GraphicsMagick had a colormap heap-based buffer over-read. (bsc#1054596) Moderate SUSE bug 1054596 SUSE bug 1054598 SUSE bug 1055042 SUSE bug 1055050 SUSE bug 1055430 SUSE bug 1056431 CVE-2017-12936 CVE-2017-12937 CVE-2017-13063 CVE-2017-13064 CVE-2017-13139 CVE-2017-13775 openSUSE Leap 42.2 This update for samba fixes the following issues: Security issues fixed: - CVE-2016-2125: Don't send delegated credentials to all servers. (bsc#1014441). - CVE-2016-2126: Denial of service due to a client triggered crash in the winbindd parent process. (bsc#1014442). - CVE-2016-2123: Heap-based Buffer Overflow Remote Code Execution Vulnerability. (bsc#1014437). This component is not built into our packages, so we are not affected. Non security issues fixed: - s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port; (bsc#1009085) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1009085 SUSE bug 1014437 SUSE bug 1014441 SUSE bug 1014442 CVE-2016-2123 CVE-2016-2125 CVE-2016-2126 openSUSE Leap 42.2 This update for curl fixes the following issues: Security issues fixed: - CVE-2017-1000254: FTP PWD response parser out of bounds read (bsc#1061876) - CVE-2017-1000257: IMAP FETCH response out of bounds read (bsc#1063824) Bugs fixed: - Fixed error "error:1408F10B:SSL routines" when connecting to ftps via proxy (bsc#1060653) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1060653 SUSE bug 1061876 SUSE bug 1063824 CVE-2017-1000254 CVE-2017-1000257 openSUSE Leap 42.2 This update for hostapd fixes the following issues: - Fix KRACK attacks on the AP side (boo#1063479, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088): Hostap was updated to upstream release 2.6 * fixed EAP-pwd last fragment validation [http://w1.fi/security/2015-7/] (CVE-2015-5314) * fixed WPS configuration update vulnerability with malformed passphrase [http://w1.fi/security/2016-1/] (CVE-2016-4476) * extended channel switch support for VHT bandwidth changes * added support for configuring new ANQP-elements with anqp_elem=<InfoID>:<hexdump of payload> * fixed Suite B 192-bit AKM to use proper PMK length (note: this makes old releases incompatible with the fixed behavior) * added no_probe_resp_if_max_sta=1 parameter to disable Probe Response frame sending for not-associated STAs if max_num_sta limit has been reached * added option (-S as command line argument) to request all interfaces to be started at the same time * modified rts_threshold and fragm_threshold configuration parameters to allow -1 to be used to disable RTS/fragmentation * EAP-pwd: added support for Brainpool Elliptic Curves (with OpenSSL 1.0.2 and newer) * fixed EAPOL reauthentication after FT protocol run * fixed FTIE generation for 4-way handshake after FT protocol run * fixed and improved various FST operations * TLS server - support SHA384 and SHA512 hashes - support TLS v1.2 signature algorithm with SHA384 and SHA512 - support PKCS #5 v2.0 PBES2 - support PKCS #5 with PKCS #12 style key decryption - minimal support for PKCS #12 - support OCSP stapling (including ocsp_multi) * added support for OpenSSL 1.1 API changes - drop support for OpenSSL 0.9.8 - drop support for OpenSSL 1.0.0 * EAP-PEAP: support fast-connect crypto binding * RADIUS - fix Called-Station-Id to not escape SSID - add Event-Timestamp to all Accounting-Request packets - add Acct-Session-Id to Accounting-On/Off - add Acct-Multi-Session-Id ton Access-Request packets - add Service-Type (= Frames) - allow server to provide PSK instead of passphrase for WPA-PSK Tunnel_password case - update full message for interim accounting updates - add Acct-Delay-Time into Accounting messages - add require_message_authenticator configuration option to require CoA/Disconnect-Request packets to be authenticated * started to postpone WNM-Notification frame sending by 100 ms so that the STA has some more time to configure the key before this frame is received after the 4-way handshake * VHT: added interoperability workaround for 80+80 and 160 MHz channels * extended VLAN support (per-STA vif, etc.) * fixed PMKID derivation with SAE * nl80211 - added support for full station state operations - fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use unencrypted EAPOL frames * added initial MBO support; number of extensions to WNM BSS Transition Management * added initial functionality for location related operations * added assocresp_elements parameter to allow vendor specific elements to be added into (Re)Association Response frames * improved Public Action frame addressing - use Address 3 = wildcard BSSID in GAS response if a query from an unassociated STA used that address - fix TX status processing for Address 3 = wildcard BSSID - add gas_address3 configuration parameter to control Address 3 behavior * added command line parameter -i to override interface parameter in hostapd.conf * added command completion support to hostapd_cli * added passive client taxonomy determination (CONFIG_TAXONOMY=y compile option and "SIGNATURE <addr>" control interface command) * number of small fixes hostapd was updated to upstream release 2.5 * (CVE-2015-1863) is fixed in upstream release 2.5 * fixed WPS UPnP vulnerability with HTTP chunked transfer encoding [http://w1.fi/security/2015-2/] (CVE-2015-4141 boo#930077) * fixed WMM Action frame parser [http://w1.fi/security/2015-3/] (CVE-2015-4142 boo#930078) * fixed EAP-pwd server missing payload length validation [http://w1.fi/security/2015-4/] (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, boo#930079) * fixed validation of WPS and P2P NFC NDEF record payload length [http://w1.fi/security/2015-5/] * nl80211: - fixed vendor command handling to check OUI properly * fixed hlr_auc_gw build with OpenSSL * hlr_auc_gw: allow Milenage RES length to be reduced * disable HT for a station that does not support WMM/QoS * added support for hashed password (NtHash) in EAP-pwd server * fixed and extended dynamic VLAN cases * added EAP-EKE server support for deriving Session-Id * set Acct-Session-Id to a random value to make it more likely to be unique even if the device does not have a proper clock * added more 2.4 GHz channels for 20/40 MHz HT co-ex scan * modified SAE routines to be more robust and PWE generation to be stronger against timing attacks * added support for Brainpool Elliptic Curves with SAE * increases maximum value accepted for cwmin/cwmax * added support for CCMP-256 and GCMP-256 as group ciphers with FT * added Fast Session Transfer (FST) module * removed optional fields from RSNE when using FT with PMF (workaround for interoperability issues with iOS 8.4) * added EAP server support for TLS session resumption * fixed key derivation for Suite B 192-bit AKM (this breaks compatibility with the earlier version) * added mechanism to track unconnected stations and do minimal band steering * number of small fixes Important SUSE bug 1063479 SUSE bug 930077 SUSE bug 930078 SUSE bug 930079 CVE-2015-1863 CVE-2015-4141 CVE-2015-4142 CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-5314 CVE-2016-4476 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13087 CVE-2017-13088 openSUSE Leap 42.2 This update for openvpn fixes the following issues: - CVE-2017-12166: Lack of bound check in read_key in old legacy key handling before using values could be used for a remote buffer overflow (bsc#1060877). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1060877 CVE-2017-12166 openSUSE Leap 42.2 This update for tcpdump to version 4.9.2 fixes several issues. These security issues were fixed: - CVE-2017-11108: Prevent remote attackers to cause DoS (heap-based buffer over-read and application crash) via crafted packet data. The crash occured in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol (bsc#1047873, bsc#1057247). - CVE-2017-11543: Prevent buffer overflow in the sliplink_print function in print-sl.c that allowed remote DoS (bsc#1057247). - CVE-2017-13011: Prevent buffer overflow in bittok2str_internal() that allowed remote DoS (bsc#1057247) - CVE-2017-12989: Prevent infinite loop in the RESP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12990: Prevent infinite loop in the ISAKMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12995: Prevent infinite loop in the DNS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12997: Prevent infinite loop in the LLDP parser that allowed remote DoS (bsc#1057247) - CVE-2017-11541: Prevent heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c that allowed remote DoS (bsc#1057247). - CVE-2017-11542: Prevent heap-based buffer over-read in the pimv1_print function in print-pim.c that allowed remote DoS (bsc#1057247). - CVE-2017-12893: Prevent buffer over-read in the SMB/CIFS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12894: Prevent buffer over-read in several protocol parsers that allowed remote DoS (bsc#1057247) - CVE-2017-12895: Prevent buffer over-read in the ICMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12896: Prevent buffer over-read in the ISAKMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12897: Prevent buffer over-read in the ISO CLNS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12898: Prevent buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12899: Prevent buffer over-read in the DECnet parser that allowed remote DoS (bsc#1057247) - CVE-2017-12900: Prevent buffer over-read in the in several protocol parsers that allowed remote DoS (bsc#1057247) - CVE-2017-12901: Prevent buffer over-read in the EIGRP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12902: Prevent buffer over-read in the Zephyr parser that allowed remote DoS (bsc#1057247) - CVE-2017-12985: Prevent buffer over-read in the IPv6 parser that allowed remote DoS (bsc#1057247) - CVE-2017-12986: Prevent buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247) - CVE-2017-12987: Prevent buffer over-read in the 802.11 parser that allowed remote DoS (bsc#1057247) - CVE-2017-12988: Prevent buffer over-read in the telnet parser that allowed remote DoS (bsc#1057247) - CVE-2017-12991: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12992: Prevent buffer over-read in the RIPng parser that allowed remote DoS (bsc#1057247) - CVE-2017-12993: Prevent buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247) - CVE-2017-12994: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12996: Prevent buffer over-read in the PIMv2 parser that allowed remote DoS (bsc#1057247) - CVE-2017-12998: Prevent buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12999: Prevent buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13000: Prevent buffer over-read in the IEEE 802.15.4 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13001: Prevent buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13002: Prevent buffer over-read in the AODV parser that allowed remote DoS (bsc#1057247) - CVE-2017-13003: Prevent buffer over-read in the LMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13004: Prevent buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247) - CVE-2017-13005: Prevent buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13006: Prevent buffer over-read in the L2TP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13007: Prevent buffer over-read in the Apple PKTAP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13008: Prevent buffer over-read in the IEEE 802.11 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13009: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247) - CVE-2017-13010: Prevent buffer over-read in the BEEP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13012: Prevent buffer over-read in the ICMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13013: Prevent buffer over-read in the ARP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13014: Prevent buffer over-read in the White Board protocol parser that allowed remote DoS (bsc#1057247) - CVE-2017-13015: Prevent buffer over-read in the EAP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13016: Prevent buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13017: Prevent buffer over-read in the DHCPv6 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13018: Prevent buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13019: Prevent buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13020: Prevent buffer over-read in the VTP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13021: Prevent buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13022: Prevent buffer over-read in the IP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13023: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247) - CVE-2017-13024: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247) - CVE-2017-13025: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247) - CVE-2017-13026: Prevent buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13027: Prevent buffer over-read in the LLDP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13028: Prevent buffer over-read in the BOOTP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13029: Prevent buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13030: Prevent buffer over-read in the PIM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13031: Prevent buffer over-read in the IPv6 fragmentation header parser that allowed remote DoS (bsc#1057247) - CVE-2017-13032: Prevent buffer over-read in the RADIUS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13033: Prevent buffer over-read in the VTP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13034: Prevent buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13035: Prevent buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13036: Prevent buffer over-read in the OSPFv3 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13037: Prevent buffer over-read in the IP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13038: Prevent buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13039: Prevent buffer over-read in the ISAKMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13040: Prevent buffer over-read in the MPTCP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13041: Prevent buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13042: Prevent buffer over-read in the HNCP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13043: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13044: Prevent buffer over-read in the HNCP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13045: Prevent buffer over-read in the VQP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13046: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13047: Prevent buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13048: Prevent buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13049: Prevent buffer over-read in the Rx protocol parser that allowed remote DoS (bsc#1057247) - CVE-2017-13050: Prevent buffer over-read in the RPKI-Router parser that allowed remote DoS (bsc#1057247) - CVE-2017-13051: Prevent buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13052: Prevent buffer over-read in the CFM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13053: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13054: Prevent buffer over-read in the LLDP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13055: Prevent buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13687: Prevent buffer over-read in the Cisco HDLC parser that allowed remote DoS (bsc#1057247) - CVE-2017-13688: Prevent buffer over-read in the OLSR parser that allowed remote DoS (bsc#1057247) - CVE-2017-13689: Prevent buffer over-read in the IKEv1 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13690: Prevent buffer over-read in the IKEv2 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13725: Prevent buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247) - Prevent segmentation fault in ESP decoder with OpenSSL 1.1 (bsc#1057247) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1047873 SUSE bug 1057247 CVE-2017-11108 CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725 openSUSE Leap 42.2 This update for wget fixes the following security issues: - CVE-2017-13089,CVE-2017-13090: Missing checks for negative remaining_chunk_size in skip_short_body and fd_read_body could cause stack buffer overflows, which could have been exploited by malicious servers. (bsc#1064715,bsc#1064716) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1064715 SUSE bug 1064716 CVE-2017-13089 CVE-2017-13090 openSUSE Leap 42.2 This update for SDL2 fixes the following issues: - CVE-2017-2888: An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. (bsc#1062784) Moderate SUSE bug 1062784 CVE-2017-2888 openSUSE Leap 42.2 This update for libjpeg-turbo to version 1.5.2 fixes the following issues: * CVE-2017-15232: NULL pointer dereference in jdpostct.c and jquant1.c (boo#1062937) This compatible version update contains the following improvements: * Improved and updated upsampling support and sampling factors * Memory handling correctness fixes * Improved robustness when decoding images This version is a dependency of Chromium 62. Moderate SUSE bug 1062937 CVE-2017-15232 openSUSE Leap 42.2 This update to Chromium 62.0.3202.75 fixes the following security issues: - CVE-2017-5124: UXSS with MHTML - CVE-2017-5125: Heap overflow in Skia - CVE-2017-5126: Use after free in PDFium - CVE-2017-5127: Use after free in PDFium - CVE-2017-5128: Heap overflow in WebGL - CVE-2017-5129: Use after free in WebAudio - CVE-2017-5132: Incorrect stack manipulation in WebAssembly. - CVE-2017-5130: Heap overflow in libxml2 - CVE-2017-5131: Out of bounds write in Skia - CVE-2017-5133: Out of bounds write in Skia - CVE-2017-15386: UI spoofing in Blink - CVE-2017-15387: Content security bypass - CVE-2017-15388: Out of bounds read in Skia - CVE-2017-15389: URL spoofing in OmniBox - CVE-2017-15390: URL spoofing in OmniBox - CVE-2017-15391: Extension limitation bypass in Extensions. - CVE-2017-15392: Incorrect registry key handling in PlatformIntegration - CVE-2017-15393: Referrer leak in Devtools - CVE-2017-15394: URL spoofing in extensions UI - CVE-2017-15395: Null pointer dereference in ImageCapture - CVE-2017-15396: Stack overflow in V8 Important SUSE bug 1064066 SUSE bug 1065405 CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 CVE-2017-15396 CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127 CVE-2017-5128 CVE-2017-5129 CVE-2017-5130 CVE-2017-5131 CVE-2017-5132 CVE-2017-5133 openSUSE Leap 42.2 This update for gcc48 fixes the following issues: Security issues fixed: - A new option -fstack-clash-protection is now offered, which mitigates the stack clash type of attacks. [bnc#1039513] Future maintenance releases of packages will be built with this option. - CVE-2017-11671: Fixed rdrand/rdseed code generation issue [bsc#1050947] Bugs fixed: - Enable LFS support in 32bit libgcov.a. [bsc#1044016] - Bump libffi version in libffi.pc to 3.0.11. - Fix libffi issue for armv7l. [bsc#988274] - Properly diagnose missing -fsanitize=address support on ppc64le. [bnc#1028744] - Backport patch for PR65612. [bnc#1022062] - Fixed DR#1288. [bnc#1011348] This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1011348 SUSE bug 1022062 SUSE bug 1028744 SUSE bug 1039513 SUSE bug 1044016 SUSE bug 1050947 SUSE bug 988274 CVE-2017-11671 openSUSE Leap 42.2 The openSUSE Leap 42.2 kernel was updated to 4.4.92 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (bnc#1062520). - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bnc#1064388). The following non-security bugs were fixed: - alsa: au88x0: avoid theoretical uninitialized access (bnc#1012382). - alsa: compress: Remove unused variable (bnc#1012382). - alsa: usb-audio: Check out-of-bounds access by corrupted buffer descriptor (bnc#1012382). - alsa: usx2y: Suppress kernel warning at page allocation failures (bnc#1012382). - arm: 8635/1: nommu: allow enabling REMAP_VECTORS_TO_RAM (bnc#1012382). - arm: dts: r8a7790: Use R-Car Gen 2 fallback binding for msiof nodes (bnc#1012382). - arm: remove duplicate 'const' annotations' (bnc#1012382). - asoc: dapm: fix some pointer error handling (bnc#1012382). - asoc: dapm: handle probe deferrals (bnc#1012382). - audit: log 32-bit socketcalls (bnc#1012382). - blacklist 0e7736c6b806 powerpc/powernv: Fix data type for @r in pnv_ioda_parse_m64_window() - blacklist.conf: not fitting cleanup patch - brcmfmac: setup passive scan if requested by user-space (bnc#1012382). - bridge: netlink: register netdevice before executing changelink (bnc#1012382). - ceph: avoid panic in create_session_open_msg() if utsname() returns NULL (bsc#1061451). - ceph: check negative offsets in ceph_llseek() (bsc#1061451). - driver core: platform: Do not read past the end of "driver_override" buffer (bnc#1012382). - drivers: firmware: psci: drop duplicate const from psci_of_match (bnc#1012382). - drivers: hv: fcopy: restore correct transfer length (bnc#1012382). - drm/amdkfd: fix improper return value on error (bnc#1012382). - drm: bridge: add DT bindings for TI ths8135 (bnc#1012382). - drm_fourcc: Fix DRM_FORMAT_MOD_LINEAR #define (bnc#1012382). - drm/i915/bios: ignore HDMI on port A (bnc#1012382). - ext4: do not allow encrypted operations without keys (bnc#1012382). - extcon: axp288: Use vbus-valid instead of -present to determine cable presence (bnc#1012382). - exynos-gsc: Do not swap cb/cr for semi planar formats (bnc#1012382). - fix whitespace according to upstream commit - fs/epoll: cache leftmost node (bsc#1056427). - ftrace: Fix kmemleak in unregister_ftrace_graph (bnc#1012382). - gfs2: Fix reference to ERR_PTR in gfs2_glock_iter_next (bnc#1012382). - hid: i2c-hid: allocate hid buffers for real worst case (bnc#1012382). - hpsa: correct lun data caching bitmap definition (bsc#1028971). - hwmon: (gl520sm) Fix overflows and crash seen when writing into limit attributes (bnc#1012382). - i2c: meson: fix wrong variable usage in meson_i2c_put_data (bnc#1012382). - i40e: Initialize 64-bit statistics TX ring seqcount (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40iw: Add missing memory barriers (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40iw: Fix port number for query QP (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - ib/core: Fix for core panic (bsc#1022595 FATE#322350). - ib/core: Fix the validations of a multicast LID in attach or detach operations (bsc#1022595 FATE#322350). - ib/i40iw: Fix error code in i40iw_create_cq() (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - ib/ipoib: Fix deadlock over vlan_mutex (bnc#1012382). - ib/ipoib: Replace list_del of the neigh->list with list_del_init (bnc#1012382). - ib/ipoib: rtnl_unlock can not come after free_netdev (bnc#1012382). - ib/mlx5: Fix Raw Packet QP event handler assignment (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - ibmvnic: Set state UP (bsc#1062962). - ib/qib: fix false-postive maybe-uninitialized warning (bnc#1012382). - igb: re-assign hw address pointer on reset after PCI error (bnc#1012382). - iio: ad7793: Fix the serial interface reset (bnc#1012382). - iio: adc: axp288: Drop bogus AXP288_ADC_TS_PIN_CTRL register modifications (bnc#1012382). - iio: adc: hx711: Add DT binding for avia,hx711 (bnc#1012382). - iio: adc: mcp320x: Fix oops on module unload (bnc#1012382). - iio: adc: mcp320x: Fix readout of negative voltages (bnc#1012382). - iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling path of 'twl4030_madc_probe()' (bnc#1012382). - iio: adc: twl4030: Fix an error handling path in 'twl4030_madc_probe()' (bnc#1012382). - iio: ad_sigma_delta: Implement a dedicated reset function (bnc#1012382). - iio: core: Return error for failed read_reg (bnc#1012382). - iommu/io-pgtable-arm: Check for leaf entry before dereferencing it (bnc#1012382). - iwlwifi: add workaround to disable wide channels in 5GHz (bnc#1012382). - ixgbe: Fix incorrect bitwise operations of PTP Rx timestamp flags (bsc#969474 FATE#319812 bsc#969475 FATE#319814). - kABI: protect struct rm_data_op (kabi). - kABI: protect struct sdio_func (kabi). - libata: transport: Remove circular dependency at free time (bnc#1012382). - lsm: fix smack_inode_removexattr and xattr_getsecurity memleak (bnc#1012382). - md/raid10: submit bio directly to replacement disk (bnc#1012382). - mips: Ensure bss section ends on a long-aligned address (bnc#1012382). - mips: Fix minimum alignment requirement of IRQ stack (git-fixes). - mips: IRQ Stack: Unwind IRQ stack onto task stack (bnc#1012382). - mips: Lantiq: Fix another request_mem_region() return code check (bnc#1012382). - mips: ralink: Fix incorrect assignment on ralink_soc (bnc#1012382). - mlx5: Avoid that mlx5_ib_sg_to_klms() overflows the klms array (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - mm/backing-dev.c: fix an error handling path in 'cgwb_create()' (bnc#1063475). - mm,compaction: serialize waitqueue_active() checks (for real) (bsc#971975). - mmc: sdio: fix alignment issue in struct sdio_func (bnc#1012382). - mm: discard memblock data later (bnc#1063460). - mm/memblock.c: reversed logic in memblock_discard() (bnc#1063460). - mm: meminit: mark init_reserved_page as __meminit (bnc#1063509). - mm/memory_hotplug: change pfn_to_section_nr/section_nr_to_pfn macro to inline function (bnc#1063501). - mm/memory_hotplug: define find_{smallest|biggest}_section_pfn as unsigned long (bnc#1063520). - net: core: Prevent from dereferencing null pointer when releasing SKB (bnc#1012382). - netfilter: invoke synchronize_rcu after set the _hook_ to NULL (bnc#1012382). - netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max (bnc#1012382). - net/mlx4_core: Enable 4K UAR if SRIOV module parameter is not enabled (bsc#966191 FATE#320230 bsc#966186 FATE#320228). - net/mlx5e: Fix wrong delay calculation for overflow check scheduling (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Schedule overflow check work to mlx5e workqueue (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: Skip mlx5_unload_one if mlx5_load_one fails (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/packet: check length in getsockopt() called with PACKET_HDRLEN (bnc#1012382). - nvme: protect against simultaneous shutdown invocations (FATE#319965 bnc#1012382 bsc#964944). - parisc: perf: Fix potential NULL pointer dereference (bnc#1012382). - partitions/efi: Fix integer overflow in GPT size calculation (bnc#1012382). - qed: Fix stack corruption on probe (bsc#966318 FATE#320158 bsc#966316 FATE#320159). - rds: ib: add error handle (bnc#1012382). - rds: RDMA: Fix the composite message user notification (bnc#1012382). - README.BRANCH: Add Michal and Johannes as co-maintainers. - sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs (bnc#1012382). - scsi: hpsa: add 'ctlr_num' sysfs attribute (bsc#1028971). - scsi: hpsa: bump driver version (bsc#1022600 fate#321928). - scsi: hpsa: change driver version (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: Check for null device pointers (bsc#1028971). - scsi: hpsa: Check for null devices in ioaccel (bsc#1028971). - scsi: hpsa: Check for vpd support before sending (bsc#1028971). - scsi: hpsa: cleanup reset handler (bsc#1022600 fate#321928). - scsi: hpsa: correct call to hpsa_do_reset (bsc#1028971). - scsi: hpsa: correct logical resets (bsc#1028971). - scsi: hpsa: correct queue depth for externals (bsc#1022600 fate#321928). - scsi: hpsa: correct resets on retried commands (bsc#1022600 fate#321928). - scsi: hpsa: correct scsi 6byte lba calculation (bsc#1028971). - scsi: hpsa: Determine device external status earlier (bsc#1028971). - scsi: hpsa: do not get enclosure info for external devices (bsc#1022600 fate#321928). - scsi: hpsa: do not reset enclosures (bsc#1022600 fate#321928). - scsi: hpsa: do not timeout reset operations (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: fallback to use legacy REPORT PHYS command (bsc#1028971). - scsi: hpsa: fix volume offline state (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: limit outstanding rescans (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: Prevent sending bmic commands to externals (bsc#1028971). - scsi: hpsa: remove abort handler (bsc#1022600 fate#321928). - scsi: hpsa: remove coalescing settings for ioaccel2 (bsc#1028971). - scsi: hpsa: remove memory allocate failure message (bsc#1028971). - scsi: hpsa: Remove unneeded void pointer cast (bsc#1028971). - scsi: hpsa: rescan later if reset in progress (bsc#1022600 fate#321928). - scsi: hpsa: send ioaccel requests with 0 length down raid path (bsc#1022600 fate#321928). - scsi: hpsa: separate monitor events from rescan worker (bsc#1022600 fate#321928). - scsi: hpsa: update check for logical volume status (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: update identify physical device structure (bsc#1022600 fate#321928). - scsi: hpsa: update pci ids (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: update reset handler (bsc#1022600 fate#321928). - scsi: hpsa: use designated initializers (bsc#1028971). - scsi: hpsa: use %phN for short hex dumps (bsc#1028971). - scsi: libfc: fix a deadlock in fc_rport_work (bsc#1063695). - scsi: sd: Do not override max_sectors_kb sysfs setting (bsc#1025461). - scsi: sd: Remove LBPRZ dependency for discards (bsc#1060985). This patch is originally part of a larger series which can't be easily backported to SLE-12. For a reasoning why we think it's safe to apply, see bsc#1060985, comment 20. - scsi: sg: close race condition in sg_remove_sfp_usercontext() (bsc#1064206). - sh_eth: use correct name for ECMR_MPDE bit (bnc#1012382). - staging: iio: ad7192: Fix - use the dedicated reset function avoiding dma from stack (bnc#1012382). - stm class: Fix a use-after-free (bnc#1012382). - supported.conf: mark hid-multitouch as supported (FATE#323670) - team: call netdev_change_features out of team lock (bsc#1055567). - team: fix memory leaks (bnc#1012382). - tpm_tis: Do not fall back to a hardcoded address for TPM2 (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048). - ttpci: address stringop overflow warning (bnc#1012382). - tty: goldfish: Fix a parameter of a call to free_irq (bnc#1012382). - usb: chipidea: vbus event may exist before starting gadget (bnc#1012382). - usb: core: harden cdc_parse_cdc_header (bnc#1012382). - usb: devio: Do not corrupt user memory (bnc#1012382). - usb: dummy-hcd: fix connection failures (wrong speed) (bnc#1012382). - usb: dummy-hcd: Fix erroneous synchronization change (bnc#1012382). - usb: dummy-hcd: fix infinite-loop resubmission bug (bnc#1012382). - usb: fix out-of-bounds in usb_set_configuration (bnc#1012382). - usb: gadgetfs: fix copy_to_user while holding spinlock (bnc#1012382). - usb: gadgetfs: Fix crash caused by inadequate synchronization (bnc#1012382). - usb: gadget: inode.c: fix unbalanced spin_lock in ep0_write (bnc#1012382). - usb: gadget: mass_storage: set msg_registered after msg registered (bnc#1012382). - usb: gadget: udc: atmel: set vbus irqflags explicitly (bnc#1012382). - usb: g_mass_storage: Fix deadlock when driver is unbound (bnc#1012382). - usb: Increase quirk delay for USB devices (bnc#1012382). - usb: pci-quirks.c: Corrected timeout values used in handshake (bnc#1012382). - usb: plusb: Add support for PL-27A1 (bnc#1012382). - usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe (bnc#1012382). - usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction (bnc#1012382). - usb: serial: mos7720: fix control-message error handling (bnc#1012382). - usb: serial: mos7840: fix control-message error handling (bnc#1012382). - usb-storage: unusual_devs entry to fix write-access regression for Seagate external drives (bnc#1012382). - usb: uas: fix bug in handling of alternate settings (bnc#1012382). - uwb: ensure that endpoint is interrupt (bnc#1012382). - uwb: properly check kthread_run return value (bnc#1012382). - xfs: handle error if xfs_btree_get_bufs fails (bsc#1059863). - xfs: remove kmem_zalloc_greedy (bnc#1012382). - xhci: fix finding correct bus_state structure for USB 3.1 hosts (bnc#1012382). Important SUSE bug 1012382 SUSE bug 1020645 SUSE bug 1022595 SUSE bug 1022600 SUSE bug 1025461 SUSE bug 1028971 SUSE bug 1034048 SUSE bug 1055567 SUSE bug 1056427 SUSE bug 1059863 SUSE bug 1060985 SUSE bug 1061451 SUSE bug 1062520 SUSE bug 1062962 SUSE bug 1063460 SUSE bug 1063475 SUSE bug 1063501 SUSE bug 1063509 SUSE bug 1063520 SUSE bug 1063667 SUSE bug 1063695 SUSE bug 1064206 SUSE bug 1064388 SUSE bug 964944 SUSE bug 966170 SUSE bug 966172 SUSE bug 966186 SUSE bug 966191 SUSE bug 966316 SUSE bug 966318 SUSE bug 969474 SUSE bug 969475 SUSE bug 969476 SUSE bug 969477 SUSE bug 971975 CVE-2017-13080 CVE-2017-15265 CVE-2017-15649 openSUSE Leap 42.2 This update for xen fixes several issues: These security issues were fixed: - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1059777) - CVE-2017-15593: Missing cleanup in the page type system allowed a malicious or buggy PV guest to cause DoS (XSA-242 bsc#1061084) - CVE-2017-15592: A problem in the shadow pagetable code allowed a malicious or buggy HVM guest to cause DoS or cause hypervisor memory corruption potentially allowing the guest to escalate its privilege (XSA-243 bsc#1061086) - CVE-2017-15594: Problematic handling of the selector fields in the Interrupt Descriptor Table (IDT) allowed a malicious or buggy x86 PV guest to escalate its privileges or cause DoS (XSA-244 bsc#1061087) - CVE-2017-15591: Missing checks in the handling of DMOPs allowed malicious or buggy stub domain kernels or tool stacks otherwise living outside of Domain0 to cause a DoS (XSA-238 bsc#1061077) - CVE-2017-15589: Intercepted I/O write operations with less than a full machine word's worth of data were not properly handled, which allowed a malicious unprivileged x86 HVM guest to obtain sensitive information from the host or other guests (XSA-239 bsc#1061080) - CVE-2017-15595: In certain configurations of linear page tables a stack overflow might have occured that allowed a malicious or buggy PV guest to cause DoS and potentially privilege escalation and information leaks (XSA-240 bsc#1061081) - CVE-2017-15588: Under certain conditions x86 PV guests could have caused the hypervisor to miss a necessary TLB flush for a page. This allowed a malicious x86 PV guest to access all of system memory, allowing for privilege escalation, DoS, and information leaks (XSA-241 bsc#1061082) - CVE-2017-15590: Multiple issues existed with the setup of PCI MSI interrupts that allowed a malicious or buggy guest to cause DoS and potentially privilege escalation and information leaks (XSA-237 bsc#1061076) This non-security issue was fixed: - bsc#1057358: Fixed boot when secure boot is enabled This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1027519 SUSE bug 1057358 SUSE bug 1059777 SUSE bug 1061076 SUSE bug 1061077 SUSE bug 1061080 SUSE bug 1061081 SUSE bug 1061082 SUSE bug 1061084 SUSE bug 1061086 SUSE bug 1061087 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15591 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-5526 openSUSE Leap 42.2 This update for SuSEfirewall2 fixes the following issues: - CVE-2017-15638: Fixed a security issue with too open implicit portmapper rules (bsc#1064127): A source net restriction for _rpc_ services was not taken into account for the implicitly added rules for port 111, making the portmap service accessible to everyone in the affected zone. This update was imported from the SUSE:SLE-12:Update and SUSE:SLE-12-SP3:Update update projects. Moderate SUSE bug 1064127 CVE-2017-15638 openSUSE Leap 42.2 This update for libwpd fixes the following issues: Security issue fixed: - CVE-2017-14226: WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application. (bnc#1058025) Bugfixes: - Fix various crashes, leaks and hangs when reading damaged files found by oss-fuzz. - Fix crash when NULL is passed as input stream. - Use symbol visibility on Linux. The library only exports public functions now. - Avoid infinite loop. (libwpd#3) - Remove bashism. (libwpd#5) - Fix various crashes and hangs when reading broken files found with the help of american-fuzzy-lop. - Make --help output of all command line tools more help2man-friendly. - Miscellaneous fixes and cleanups. - Generate manpages for the libwpd-tools This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1058025 CVE-2017-14226 openSUSE Leap 42.2 This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c (bsc#1062942). - CVE-2017-9524: The qemu-nbd server when built with the Network Block Device (NBD) Server support allowed remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs talking to a client in the nbd_negotiate function (bsc#1043808). - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063122) - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes (bsc#1062069) - CVE-2017-10911: The make_response function in the Linux kernel allowed guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures (bsc#1057378) - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive (bsc#1054724) - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046636) - CVE-2017-10806: Stack-based buffer overflow allowed local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages (bsc#1047674) - CVE-2017-14167: Integer overflow in the load_multiboot function allowed local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write (bsc#1057585) - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049381) - CVE-2017-11334: The address_space_write_continue function allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048902) - CVE-2017-13672: The VGA display emulator support allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update (bsc#1056334) These non-security issues were fixed: - Fixed not being able to build from rpm sources due to undefined macro (bsc#1057966) - Fixed wrong permissions for kvm_stat.1 file - Fixed KVM lun resize not working as expected on SLES12 SP2 HV (bsc#1043176) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1043176 SUSE bug 1043808 SUSE bug 1046636 SUSE bug 1047674 SUSE bug 1048902 SUSE bug 1049381 SUSE bug 1054724 SUSE bug 1056334 SUSE bug 1057378 SUSE bug 1057585 SUSE bug 1057966 SUSE bug 1059369 SUSE bug 1062069 SUSE bug 1062942 SUSE bug 1063122 SUSE bug 997358 CVE-2017-10664 CVE-2017-10806 CVE-2017-10911 CVE-2017-11334 CVE-2017-11434 CVE-2017-12809 CVE-2017-13672 CVE-2017-14167 CVE-2017-15038 CVE-2017-15268 CVE-2017-15289 CVE-2017-9524 openSUSE Leap 42.2 This update for libsass fixes the following DoS vulnerabilities: - CVE-2017-11554: Stack consumption vulnerability allowed remote DoS via crafted input (1050148) - CVE-2017-11555: Illegal address access in Eval::operator allowed remote DoS via crafted input (boo#1050149) - CVE-2017-11556: Stack consumption vulnerability allowed remote DoS via crafted input (boo#1050150) - CVE-2017-11605: Heap based buffer over-read allowed remote DoS via crafted input (boo#1050151) - CVE-2017-11608: Heap-based buffer over-read allowed remote DoS via crafted input (boo#1050380) Moderate SUSE bug 1050148 SUSE bug 1050149 SUSE bug 1050150 SUSE bug 1050151 SUSE bug 1050380 CVE-2017-11554 CVE-2017-11555 CVE-2017-11556 CVE-2017-11605 CVE-2017-11608 openSUSE Leap 42.2 This update for sssd provides the following fixes: Security issues fixed: - CVE-2017-12173: Fixed unsanitized input when searching in local cache database (bsc#1061832). Non security issues fixed: - Fixed a segfault issue in ldap_rfc_2307_fallback_to_local_users. (bsc#1055123) - Install /var/lib/sss/mc directory to correct sssd cache invalidation behaviour. (bsc#1039567) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1039567 SUSE bug 1055123 SUSE bug 1061832 CVE-2017-12173 openSUSE Leap 42.2 This update for Chromium to version 62.0.3202.89 fixes the following vulnerabilities (boo#1066851): - CVE-2017-15398: Stack buffer overflow in QUIC - CVE-2017-15399: Use after free in V8 Important SUSE bug 1066851 CVE-2017-15398 CVE-2017-15399 openSUSE Leap 42.2 This update for redis to version 4.0.2 fixes the following issues: - CVE-2016-8339: CONFIG SET client-output-buffer-limit Code Execution Vulnerability (boo#1002351) The following upstream changes are included: - SLOWLOG now logs the offending client name and address - The modules native data types RDB format changed. - The AOF check utility is now able to deal with RDB preambles. - GEORADIUS_RO and GEORADIUSBYMEMBER_RO variants, not supporting the STORE option, were added in order to allow read-only scaling of such queries. - HSET is now variadic, and HMSET is considered deprecated - GEORADIUS huge radius (>= ~6000 km) corner cases fixed - HyperLogLog commands no longer crash on certain input (non HLL) strings. - Fixed SLAVEOF inside MULTI/EXEC blocks. - TCP binding bug fixed when only certain addresses were available for a given por - MIGRATE could crash the server after a socket error Moderate SUSE bug 1064980 CVE-2016-10517 openSUSE Leap 42.2 This update for ansible to version 2.4.1.0 fixes the following vulnerabilities: - CVE-2017-7481: Security issue with lookup return not tainting the jinja2 environment (bsc#1038785) - CVE-2016-9587: host to controller command execution vulnerability (bsc#1019021) - CVE-2016-8628: Command injection by compromised server via fact variables (bsc#1008037) - CVE-2016-8614: Improper verification of key fingerprints in apt_key module (bsc#1008038) - CVE-2017-7550: jenkins_plugin module may have exposed passwords in remote host logs (bsc#1065872) This update also contains a number of upstream bug fixes and improvements. Moderate SUSE bug 1008037 SUSE bug 1008038 SUSE bug 1019021 SUSE bug 1038785 SUSE bug 1065872 CVE-2016-8614 CVE-2016-8628 CVE-2016-9587 CVE-2017-7481 CVE-2017-7550 openSUSE Leap 42.2 This update for shadow fixes several issues. This security issue was fixed: - CVE-2017-12424: The newusers tool could have been forced to manipulate internal data structures in ways unintended by the authors. Malformed input may have lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors (bsc#1052261). These non-security issues were fixed: - bsc#1023895: Fixed man page to not contain invalid options and also prevent warnings when using these options in certain settings - bsc#980486: Reset user in /var/log/tallylog because of the usage of pam_tally2 This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1023895 SUSE bug 1052261 SUSE bug 980486 CVE-2017-12424 openSUSE Leap 42.2 This update for krb5 fixes the following securitz issue? - CVE-2017-15088: A buffer overflow in get_matching_data() was fixed that could under specific circumstances be used to execute code (bsc#1065274) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1065274 CVE-2017-15088 openSUSE Leap 42.2 This update for virtualbox fixes the following issues: - CVE-2017-10392: A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data, partially modify data, and deny service - CVE-2017-10407: A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data, partially modify data, and deny service - CVE-2017-10408: A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data, partially modify data, and deny service - CVE-2017-10428: A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data, partially modify data, and partially deny service The following packaging changes are included: - Further to usage of vboxdrv if virtualbox-qt is not installed: updates to vboxdrv.sh (boo#1060072) - The virtualbox package no longer requires libX11, an library module files were moved to virtualbox-qt This update also contains all upstream improvements in the 5.1.30 release, including: - Fix for double mouse cursor when using mouse integration without Guest Additions. - Translation updates Moderate SUSE bug 1060072 SUSE bug 1064200 SUSE bug 1066488 CVE-2017-10392 CVE-2017-10407 CVE-2017-10408 CVE-2017-10428 openSUSE Leap 42.2 This update for webkit2gtk3 to version 2.18.0 fixes the following issues: These security issues were fixed: - CVE-2017-7039: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7018: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7030: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7037: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7034: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7055: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7056: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7064: An issue was fixed that allowed remote attackers to bypass intended memory-read restrictions via a crafted app (bsc#1050469). - CVE-2017-7061: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7048: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7046: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-2538: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1045460) - CVE-2017-2496: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2539: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2510: An issue was fixed that allowed remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with pageshow events. - CVE-2017-2365: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2366: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2373: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2363: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2362: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2350: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2350: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2354: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749). - CVE-2017-2355: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2356: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2371: An issue was fixed that allowed remote attackers to launch popups via a crafted web site (bsc#1024749) - CVE-2017-2364: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2369: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2016-7656: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7635: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7654: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7639: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7645: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7652: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7641: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7632: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7599: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that used HTTP redirects (bsc#1020950) - CVE-2016-7592: An issue was fixed that allowed remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site (bsc#1020950) - CVE-2016-7589: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7623: An issue was fixed that allowed remote attackers to obtain sensitive information via a blob URL on a web site (bsc#1020950) - CVE-2016-7586: An issue was fixed that allowed remote attackers to obtain sensitive information via a crafted web site (bsc#1020950) For other non-security fixes please check the changelog. This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1020950 SUSE bug 1024749 SUSE bug 1045460 SUSE bug 1050469 CVE-2016-7586 CVE-2016-7589 CVE-2016-7592 CVE-2016-7599 CVE-2016-7623 CVE-2016-7632 CVE-2016-7635 CVE-2016-7639 CVE-2016-7641 CVE-2016-7645 CVE-2016-7652 CVE-2016-7654 CVE-2016-7656 CVE-2017-2350 CVE-2017-2354 CVE-2017-2355 CVE-2017-2356 CVE-2017-2362 CVE-2017-2363 CVE-2017-2364 CVE-2017-2365 CVE-2017-2366 CVE-2017-2369 CVE-2017-2371 CVE-2017-2373 CVE-2017-2496 CVE-2017-2510 CVE-2017-2538 CVE-2017-2539 CVE-2017-7018 CVE-2017-7030 CVE-2017-7034 CVE-2017-7037 CVE-2017-7039 CVE-2017-7046 CVE-2017-7048 CVE-2017-7055 CVE-2017-7056 CVE-2017-7061 CVE-2017-7064 openSUSE Leap 42.2 This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u151 (icedtea 3.6.0) Security issues fixed: - CVE-2017-10274: Handle smartcard clean up better (bsc#1064071) - CVE-2017-10281: Better queuing priorities (bsc#1064072) - CVE-2017-10285: Unreferenced references (bsc#1064073) - CVE-2017-10295: Better URL connections (bsc#1064075) - CVE-2017-10388: Correct Kerberos ticket grants (bsc#1064086) - CVE-2017-10346: Better invokespecial checks (bsc#1064078) - CVE-2017-10350: Better Base Exceptions (bsc#1064082) - CVE-2017-10347: Better timezone processing (bsc#1064079) - CVE-2017-10349: Better X processing (bsc#1064081) - CVE-2017-10345: Better keystore handling (bsc#1064077) - CVE-2017-10348: Better processing of unresolved permissions (bsc#1064080) - CVE-2017-10357: Process Proxy presentation (bsc#1064085) - CVE-2017-10355: More stable connection processing (bsc#1064083) - CVE-2017-10356: Update storage implementations (bsc#1064084) - CVE-2016-10165: Improve CMS header processing (bsc#1064069) - CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843: Upgrade compression library (bsc#1064070) Bug fixes: - Fix bsc#1032647, bsc#1052009 with btrfs subvolumes and overlayfs This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1032647 SUSE bug 1052009 SUSE bug 1064069 SUSE bug 1064070 SUSE bug 1064071 SUSE bug 1064072 SUSE bug 1064073 SUSE bug 1064075 SUSE bug 1064077 SUSE bug 1064078 SUSE bug 1064079 SUSE bug 1064080 SUSE bug 1064081 SUSE bug 1064082 SUSE bug 1064083 SUSE bug 1064084 SUSE bug 1064085 SUSE bug 1064086 CVE-2016-10165 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 openSUSE Leap 42.2 This update for ImageMagick fixes the following issues: Security issues fixed: * CVE-2017-15033: A denial of service attack (memory leak) was fixed in ReadYUVImage in coders/yuv.c [bsc#1061873] * CVE-2017-11446: An infinite loop in ReadPESImage was fixed. (bsc#1049379) * CVE-2017-12433: A memory leak in ReadPESImage in coders/pes.c was fixed. (bsc#1052545) * CVE-2017-12428: A memory leak in ReadWMFImage in coders/wmf.c was fixed. (bsc#1052249) * CVE-2017-12431: A use-after-free in ReadWMFImage was fixed. (bsc#1052253) * CVE-2017-11534: A memory leak in the lite_font_map() in coders/wmf.c was fixed. (bsc#1050135) * CVE-2017-13133: A memory exhaustion in load_level function in coders/xcf.c was fixed. (bsc#1055219) * CVE-2017-13139: A out-of-bounds read in the ReadOneMNGImage was fixed. (bsc#1055430) This update also reverts an incorrect fix for CVE-2016-7530 [bsc#1054924]. This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1049379 SUSE bug 1050135 SUSE bug 1052249 SUSE bug 1052253 SUSE bug 1052545 SUSE bug 1054924 SUSE bug 1055219 SUSE bug 1055430 SUSE bug 1061873 CVE-2016-7530 CVE-2017-11446 CVE-2017-11534 CVE-2017-12428 CVE-2017-12431 CVE-2017-12433 CVE-2017-13133 CVE-2017-13139 CVE-2017-15033 openSUSE Leap 42.2 This update for GraphicsMagick fixes the following security issues: - CVE-2017-13776: denial of service issue in ReadXBMImage() in a coders/xbm.c (bsc#1056429) - CVE-2017-13777: denial of service issue in ReadXBMImage() in a coders/xbm.c (bsc#1056426) - CVE-2017-13134: heap-based buffer over-read allowing DoS via crafted sfw files (bsc#1055214) - CVE-2017-15930: Specially crafted JPEG files could lead to a Null Pointer dereference and DoS (bsc#1066003) - CVE-2017-14165: Memory allocation issue may allow DoS through specially crafted files (bsc#1057508) - CVE-2017-12983: Heap-based buffer overflow could have triggered an application crash or possibly have unspecified other impact via a crafted file. (bnc#1054757) Moderate SUSE bug 1054757 SUSE bug 1055214 SUSE bug 1056426 SUSE bug 1056429 SUSE bug 1057508 SUSE bug 1066003 CVE-2017-12983 CVE-2017-13134 CVE-2017-13776 CVE-2017-13777 CVE-2017-14165 CVE-2017-15930 openSUSE Leap 42.2 This update for snack fixes the following issues: Security issue fixed: - CVE-2012-6303: Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file. (bnc#793860) Important SUSE bug 793860 CVE-2012-6303 openSUSE Leap 42.2 MozillaFirefox was updated to 52.5.0esr (boo#1068101) MFSA 2017-25 * CVE-2017-7828: Fixed a use-after-free of PressShell while restyling layout * CVE-2017-7830: Cross-origin URL information leak through Resource Timing API * CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5 Also fixed: - Correct plugin directory for aarch64 (boo#1061207). The wrapper script was not detecting aarch64 as a 64 bit architecture, thus used /usr/lib/browser-plugins/. Important SUSE bug 1061207 SUSE bug 1068101 CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 openSUSE Leap 42.2 This update for pdns-recursor fixes the following issue: - CVE-2016-7068: Crafted queries could have caused abnormal CPU usage (bsc#1018326) Moderate SUSE bug 1018326 CVE-2016-7068 openSUSE Leap 42.2 This update for cacti, cacti-spine to version 1.1.28 fixes the following issues: - CVE-2017-16641: Potential code execution vulnerability in RRDtool functions (boo#1067166) - CVE-2017-16660: Remote execution vulnerability in logging function (boo#1067164) - CVE-2017-16661: Arbitrary file read vulnerability in view log file (boo#1067163) - CVE-2017-16785: Reflection XSS vulnerability (boo#1068028) This update to version 1.1.28 also contains a number of upstream bug fixes and improvements. Important SUSE bug 1067163 SUSE bug 1067164 SUSE bug 1067166 SUSE bug 1068028 CVE-2017-16641 CVE-2017-16660 CVE-2017-16661 CVE-2017-16785 openSUSE Leap 42.2 This update for otrs fixes the following security issues: - CVE-2017-15864: Remote authenticated attackers could have caused otrs to disclose configuration information, including database credentials (boo#1068677, OSA-2017-06) - CVE-2017-16664: Remote authenticated attackers could have caused the execution of shell commands with the permission of the web server user (boo#1069391, OSA-2017-07) Important SUSE bug 1068677 SUSE bug 1069391 CVE-2017-15864 CVE-2017-16664 openSUSE Leap 42.2 The GNU file utility was updated to version 5.22. Security issues fixed: - CVE-2014-9621: The ELF parser in file allowed remote attackers to cause a denial of service via a long string. (bsc#913650) - CVE-2014-9620: The ELF parser in file allowed remote attackers to cause a denial of service via a large number of notes. (bsc#913651) - CVE-2014-9653: readelf.c in file did not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. (bsc#917152) - CVE-2014-8116: The ELF parser (readelf.c) in file allowed remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (bsc#910253) - CVE-2014-8117: softmagic.c in file did not properly limit recursion, which allowed remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (bsc#910253) Version update to file version 5.22 * add indirect relative for TIFF/Exif * restructure elf note printing to avoid repeated messages * add note limit, suggested by Alexander Cherepanov * Bail out on partial pread()'s (Alexander Cherepanov) * Fix incorrect bounds check in file_printable (Alexander Cherepanov) * PR/405: ignore SIGPIPE from uncompress programs * change printable -> file_printable and use it in more places for safety * in ELF, instead of "(uses dynamic libraries)" when PT_INTERP is present print the interpreter name. Version update to file version 5.21 * there was an incorrect free in magic_load_buffers() * there was an out of bounds read for some pascal strings * there was a memory leak in magic lists * don't interpret strings printed from files using the current locale, convert them to ascii format first. * there was an out of bounds read in elf note reads Update to file version 5.20 * recognize encrypted CDF documents * add magic_load_buffers from Brooks Davis * add thumbs.db support Additional non-security bug fixes: * Fixed a memory corruption during rpmbuild (bsc#1063269) * Backport of a fix for an increased printable string length as found in file 5.30 (bsc#996511) * file command throws "Composite Document File V2 Document, corrupt: Can't read SSAT" error against excel 97/2003 file format. (bsc#1009966) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1009966 SUSE bug 1063269 SUSE bug 910252 SUSE bug 910253 SUSE bug 913650 SUSE bug 913651 SUSE bug 917152 SUSE bug 996511 CVE-2014-8116 CVE-2014-8117 CVE-2014-9620 CVE-2014-9621 CVE-2014-9653 openSUSE Leap 42.2 This update for tomcat fixes the following issues: Security issues fixed: - CVE-2017-5664: A problem in handling error pages was fixed, to avoid potential file overwrites during error page handling. (bsc#1042910). - CVE-2017-7674: A CORS Filter issue could lead to client and server side cache poisoning (bsc#1053352) - CVE-2017-12617: A remote code execution possibility via JSP Upload was fixed (bsc#1059554) Non security bugs fixed: - Fix tomcat-digest classpath error (bsc#977410) - Fix packaged /etc/alternatives symlinks for api libs that caused rpm -V to report link mismatch (bsc#1019016) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1019016 SUSE bug 1042910 SUSE bug 1053352 SUSE bug 1059554 SUSE bug 977410 CVE-2017-12617 CVE-2017-5664 CVE-2017-7674 openSUSE Leap 42.2 This update for libgme fixes the following issues: - CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961: Various issues were fixed in the handling of SPC music files that could have been exploited for gaining privileges of desktop users. [bsc#1015941] This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1015941 CVE-2016-9957 CVE-2016-9958 CVE-2016-9959 CVE-2016-9960 CVE-2016-9961 openSUSE Leap 42.2 This update for perl-DBD-mysql fixes the following issues: - CVE-2016-1251: A use-after-free when used with mysql_server_prepare=1 (bsc#1012546). - CVE-2016-1246: Buffer overflow allowed context-dependent attackers to cause a denial of service (crash) via vectors related to an error message (bsc#1002626). - CVE-2016-1249: Out-of-bounds read when using server-side prepared statement support (bsc#1010457). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1002626 SUSE bug 1010457 SUSE bug 1012546 CVE-2016-1246 CVE-2016-1249 CVE-2016-1251 openSUSE Leap 42.2 This update for mupdf fixes the following issues: Security issues fixed: - CVE-2017-7976: integer overflow (jbig2_image_compose function in jbig2_image.c) during operations on a crafted .jb2 file (boo#1052029). - CVE-2016-10221: count_entries in pdf-layer.c allows for DoS (boo#1032140). - CVE-2016-8728: Fitz library font glyph scaling Code Execution Vulnerability (boo#1039850). Bug fixes: - Update to version 1.11 * This is primarily a bug fix release. * PDF portfolio support with command line tool "mutool portfolio". * Add callbacks to load fallback fonts from the system. * Use system fonts in Android to reduce install size. * Flag to disable publisher styles in EPUB layout. * Improved SVG output. - Add reproducible.patch to sort input files to make build reproducible (boo#1041090) - mupdf is not a terminal app (boo#1036637) Moderate SUSE bug 1032140 SUSE bug 1036637 SUSE bug 1039850 SUSE bug 1041090 SUSE bug 1052029 CVE-2016-10221 CVE-2016-8728 CVE-2016-8729 CVE-2017-7976 openSUSE Leap 42.2 This update for perl fixes the following issues: Security issues fixed: - CVE-2017-12837: Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier. (bnc#1057724) - CVE-2017-12883: Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape. (bnc#1057721) - CVE-2017-6512: Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. (bnc#1047178) Bug fixes: - backport set_capture_string changes from upstream (bsc#999735) - reformat baselibs.conf as source validator workaround This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1047178 SUSE bug 1057721 SUSE bug 1057724 SUSE bug 999735 CVE-2017-12837 CVE-2017-12883 CVE-2017-6512 openSUSE Leap 42.2 This update for konversation fixes the following issues: Security issue fixed: - CVE-2017-15923: Fix a crash in parsing IRC color formatting codes (boo#1068097). Moderate SUSE bug 1068097 CVE-2017-15923 openSUSE Leap 42.2 This update for tnef fixes the following issues: Security issue fixed: - CVE-2017-8911: Fix underflow problem (boo#1038837). Bug fixes: - Update to version 1.4.15: * Use __builtin_mul_overflow when available. * Fixing Unicode related bugs introduced in previous release. * Prevent against various cases of null derefences, buffer overshooting, and fix some integer overflows. Moderate SUSE bug 1038837 CVE-2017-8911 openSUSE Leap 42.2 This update for tboot fixes the following issues: Security issues fixed: - CVE-2017-16837: Fix tbootfailed to validate a number of immutable function pointers, which could allow an attacker to bypass the chain of trust and execute arbitrary code (boo#1068390). - Make tboot package compatible with OpenSSL 1.1.0 for SLE-15 support (boo#1067229). Bug fixes: - Update to new upstream version. See release notes for details (1.9.6; 1.9.5, FATE#321510; 1.9.4, FATE#320665; 1.8.3, FATE#318542): * https://sourceforge.net/p/tboot/code/ci/default/tree/CHANGELOG - Fix some gcc7 warnings that lead to errors. (boo#1041264) - Fix wrong pvops kernel config matching (boo#981948) - Fix a excessive stack usage pattern that could lead to resets/crashes (boo#967441) - fixes a boot issue on Skylake (boo#964408) - Trim filler words from description; use modern macros over shell vars. - Add reproducible.patch to call gzip -n to make build fully reproducible. Important SUSE bug 1041264 SUSE bug 1067229 SUSE bug 1068390 SUSE bug 964408 SUSE bug 967441 SUSE bug 981948 CVE-2017-16837 openSUSE Leap 42.2 This update for backintime fixes the following issues: Security issue fixed: - CVE-2017-16667: Fixed shell injection in notify-send (boo#1067342). Moderate SUSE bug 1067342 CVE-2017-16667 openSUSE Leap 42.2 This update for Mozilla Thunderbird fixes the following issues: Security issues fixed in 52.5.0 ESR as advised in MFSA 2017-26 (boo#1068101): - CVE-2017-7828: Use-after-free of PressShell while restyling layout - CVE-2017-7830: Cross-origin URL information leak through Resource Timing API - CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5 The following bug fixes and improvements are included: - Better support for Charter/Spectrum IMAP - No longer mark other messages as read in search folders spanning multiple base folders - IMAP alerts have been corrected and now show the correct server name in case of connection problems - POP alerts have been corrected and now indicate connection problems in case the configured POP server cannot be found Moderate SUSE bug 1068101 CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 openSUSE Leap 42.2 This update for samba fixes the following issues: Security issues fixed: - CVE-2017-14746: Use-after-free vulnerability (bsc#1060427). - CVE-2017-15275: Server heap memory information leak (bsc#1063008). Bug fixes: - Update 'winbind expand groups' doc in smb.conf man page (bsc#1027593). This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1027593 SUSE bug 1060427 SUSE bug 1063008 CVE-2017-14746 CVE-2017-15275 openSUSE Leap 42.2 This update for kernel-firmware fixes the following issues: - Update Intel WiFi firmwares for the 3160, 7260 and 7265 adapters. Security issues fixed are part of the "KRACK" attacks affecting the firmware: - CVE-2017-13080: The reinstallation of the Group Temporal key could be used for replay attacks (bsc#1066295): - CVE-2017-13081: The reinstallation of the Integrity Group Temporal key could be used for replay attacks (bsc#1066295): This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1066295 CVE-2017-13080 CVE-2017-13081 openSUSE Leap 42.2 This update for xtrabackup fixes the following issues: - CVE-2016-6225: xbcrypt encryption IV not being set properly (boo#1019858) In addition, XtraBackup was updated to 2.3.6 to include the following improvements: - now supports SHA256 passwords - new supports command options for secure connections The following bugs were fixed: - intermittent assertion failures when not correctly identifying server version - Safe slave backup algorithm performed too short delays between retries which could cause backups to fail on a busy servers - fix compilation warnings with gcc6 - Backup would still succeed even if xtrabackup would fail to write the metadata - xbcloud now supports EMC ECS Swift API Authorization requests - backup failed with MariaDB 10.2 with the unsupported server version error message Moderate SUSE bug 1019858 CVE-2016-6225 openSUSE Leap 42.2 This update for optipng fixes the following issues: Security issue fixed: - CVE-2017-1000229: Fix integer overflow bug in function minitiff_read_info() allows an attacker to remotely execute code or cause denial of service (boo#1068720). - CVE-2017-16938: Fix a global buffer overflow that allows attackers to cause DoS via a maliciously crafted GIF file (bsc#1069774). Moderate SUSE bug 1068720 SUSE bug 1069774 CVE-2017-1000229 CVE-2017-16938 openSUSE Leap 42.2 This update for xen to version 4.7.4 (bsc#1027519) fixes several issues. This new feature was added: - Support migration of HVM domains larger than 1 TB These security issues were fixed: - bsc#1068187: Failure to recognize errors in the Populate on Demand (PoD) code allowed for DoS (XSA-246) - bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged guests to retain a writable mapping of freed memory leading to information leaks, privilege escalation or DoS (XSA-247). - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063123) - CVE-2017-15597: A grant copy operation being done on a grant of a dying domain allowed a malicious guest administrator to corrupt hypervisor memory, allowing for DoS or potentially privilege escalation and information leaks (bsc#1061075). This non-security issue was fixed: - bsc#1055047: Fixed --initrd-inject option in virt-install This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1027519 SUSE bug 1055047 SUSE bug 1061075 SUSE bug 1063123 SUSE bug 1068187 SUSE bug 1068191 CVE-2017-15289 CVE-2017-15597 openSUSE Leap 42.2 This update for libressl fixes the following issues: - an out-of-bounds read in the DES code may have led to an application crash (boo#1065363) Low SUSE bug 1065363 openSUSE Leap 42.2 This update for openssl fixes the following issues: Security issues fixed: - CVE-2017-3735: openssl1,openssl: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058) - CVE-2017-3736: openssl: bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242) - Out of bounds read+crash in DES_fcrypt (bsc#1065363) - openssl DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1055825 SUSE bug 1056058 SUSE bug 1065363 SUSE bug 1066242 CVE-2017-3735 CVE-2017-3736 openSUSE Leap 42.2 GNU binutil was updated to the 2.29.1 release, bringing various new features, fixing a lot of bugs and security issues. Following security issues are being addressed by this release: * 18750 bsc#1030296 CVE-2014-9939 * 20891 bsc#1030585 CVE-2017-7225 * 20892 bsc#1030588 CVE-2017-7224 * 20898 bsc#1030589 CVE-2017-7223 * 20905 bsc#1030584 CVE-2017-7226 * 20908 bsc#1031644 CVE-2017-7299 * 20909 bsc#1031656 CVE-2017-7300 * 20921 bsc#1031595 CVE-2017-7302 * 20922 bsc#1031593 CVE-2017-7303 * 20924 bsc#1031638 CVE-2017-7301 * 20931 bsc#1031590 CVE-2017-7304 * 21135 bsc#1030298 CVE-2017-7209 * 21137 bsc#1029909 CVE-2017-6965 * 21139 bsc#1029908 CVE-2017-6966 * 21156 bsc#1029907 CVE-2017-6969 * 21157 bsc#1030297 CVE-2017-7210 * 21409 bsc#1037052 CVE-2017-8392 * 21412 bsc#1037057 CVE-2017-8393 * 21414 bsc#1037061 CVE-2017-8394 * 21432 bsc#1037066 CVE-2017-8396 * 21440 bsc#1037273 CVE-2017-8421 * 21580 bsc#1044891 CVE-2017-9746 * 21581 bsc#1044897 CVE-2017-9747 * 21582 bsc#1044901 CVE-2017-9748 * 21587 bsc#1044909 CVE-2017-9750 * 21594 bsc#1044925 CVE-2017-9755 * 21595 bsc#1044927 CVE-2017-9756 * 21787 bsc#1052518 CVE-2017-12448 * 21813 bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450, bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450 * 21933 bsc#1053347 CVE-2017-12799 * 21990 bsc#1058480 CVE-2017-14333 * 22018 bsc#1056312 CVE-2017-13757 * 22047 bsc#1057144 CVE-2017-14129 * 22058 bsc#1057149 CVE-2017-14130 * 22059 bsc#1057139 CVE-2017-14128 * 22113 bsc#1059050 CVE-2017-14529 * 22148 bsc#1060599 CVE-2017-14745 * 22163 bsc#1061241 CVE-2017-14974 * 22170 bsc#1060621 CVE-2017-14729 Update to binutils 2.29. [fate#321454, fate#321494, fate#323293]: * The MIPS port now supports microMIPS eXtended Physical Addressing (XPA) instructions for assembly and disassembly. * The MIPS port now supports the microMIPS Release 5 ISA for assembly and disassembly. * The MIPS port now supports the Imagination interAptiv MR2 processor, which implements the MIPS32r3 ISA, the MIPS16e2 ASE as well as a couple of implementation-specific regular MIPS and MIPS16e2 ASE instructions. * The SPARC port now supports the SPARC M8 processor, which implements the Oracle SPARC Architecture 2017. * The MIPS port now supports the MIPS16e2 ASE for assembly and disassembly. * Add support for ELF SHF_GNU_MBIND and PT_GNU_MBIND_XXX. * Add support for the wasm32 ELF conversion of the WebAssembly file format. * Add --inlines option to objdump, which extends the --line-numbers option so that inlined functions will display their nesting information. * Add --merge-notes options to objcopy to reduce the size of notes in a binary file by merging and deleting redundant notes. * Add support for locating separate debug info files using the build-id method, where the separate file has a name based upon the build-id of the original file. - GAS specific: * Add support for ELF SHF_GNU_MBIND. * Add support for the WebAssembly file format and wasm32 ELF conversion. * PowerPC gas now checks that the correct register class is used in instructions. For instance, "addi %f4,%cr3,%r31" warns three times that the registers are invalid. * Add support for the Texas Instruments PRU processor. * Support for the ARMv8-R architecture and Cortex-R52 processor has been added to the ARM port. - GNU ld specific: * Support for -z shstk in the x86 ELF linker to generate GNU_PROPERTY_X86_FEATURE_1_SHSTK in ELF GNU program properties. * Add support for GNU_PROPERTY_X86_FEATURE_1_SHSTK in ELF GNU program properties in the x86 ELF linker. * Add support for GNU_PROPERTY_X86_FEATURE_1_IBT in ELF GNU program properties in the x86 ELF linker. * Support for -z ibtplt in the x86 ELF linker to generate IBT-enabled PLT. * Support for -z ibt in the x86 ELF linker to generate IBT-enabled PLT as well as GNU_PROPERTY_X86_FEATURE_1_IBT in ELF GNU program properties. * Add support for ELF SHF_GNU_MBIND and PT_GNU_MBIND_XXX. * Add support for ELF GNU program properties. * Add support for the Texas Instruments PRU processor. * When configuring for arc*-*-linux* targets the default linker emulation will change if --with-cpu=nps400 is used at configure time. * Improve assignment of LMAs to orphan sections in some edge cases where a mixture of both AT>LMA_REGION and AT(LMA) are used. * Orphan sections placed after an empty section that has an AT(LMA) will now take an load memory address starting from LMA. * Section groups can now be resolved (the group deleted and the group members placed like normal sections) at partial link time either using the new linker option --force-group-allocation or by placing FORCE_GROUP_ALLOCATION into the linker script. - Add riscv64 target, tested with gcc7 and downstream newlib 2.4.0 - Prepare riscv32 target (gh#riscv/riscv-newlib#8) - Make compressed debug section handling explicit, disable for old products and enable for gas on all architectures otherwise. [bsc#1029995] - Remove empty rpath component removal optimization from to workaround CMake rpath handling. [bsc#1025282] Minor security bugs fixed: PR 21147, PR 21148, PR 21149, PR 21150, PR 21151, PR 21155, PR 21158, PR 21159 - Update to binutils 2.28. * Add support for locating separate debug info files using the build-id method, where the separate file has a name based upon the build-id of the original file. * This version of binutils fixes a problem with PowerPC VLE 16A and 16D relocations which were functionally swapped, for example, R_PPC_VLE_HA16A performed like R_PPC_VLE_HA16D while R_PPC_VLE_HA16D performed like R_PPC_VLE_HA16A. This could have been fixed by renumbering relocations, which would keep object files created by an older version of gas compatible with a newer ld. However, that would require an ABI update, affecting other assemblers and linkers that create and process the relocations correctly. It is recommended that all VLE object files be recompiled, but ld can modify the relocations if --vle-reloc-fixup is passed to ld. If the new ld command line option is not used, ld will ld warn on finding relocations inconsistent with the instructions being relocated. * The nm program has a new command line option (--with-version-strings) which will display a symbol's version information, if any, after the symbol's name. * The ARC port of objdump now accepts a -M option to specify the extra instruction class(es) that should be disassembled. * The --remove-section option for objcopy and strip now accepts section patterns starting with an exclamation point to indicate a non-matching section. A non-matching section is removed from the set of sections matched by an earlier --remove-section pattern. * The --only-section option for objcopy now accepts section patterns starting with an exclamation point to indicate a non-matching section. A non-matching section is removed from the set of sections matched by an earlier --only-section pattern. * New --remove-relocations=SECTIONPATTERN option for objcopy and strip. This option can be used to remove sections containing relocations. The SECTIONPATTERN is the section to which the relocations apply, not the relocation section itself. - GAS specific: * Add support for the RISC-V architecture. * Add support for the ARM Cortex-M23 and Cortex-M33 processors. - GNU ld specific: * The EXCLUDE_FILE linker script construct can now be applied outside of the section list in order for the exclusions to apply over all input sections in the list. * Add support for the RISC-V architecture. * The command line option --no-eh-frame-hdr can now be used in ELF based linkers to disable the automatic generation of .eh_frame_hdr sections. * Add --in-implib=<infile> to the ARM linker to enable specifying a set of Secure Gateway veneers that must exist in the output import library specified by --out-implib=<outfile> and the address they must have. As such, --in-implib is only supported in combination with --cmse-implib. * Extended the --out-implib=<file> option, previously restricted to x86 PE targets, to any ELF based target. This allows the generation of an import library for an ELF executable, which can then be used by another application to link against the executable. - GOLD specific: * Add -z bndplt option (x86-64 only) to support Intel MPX. * Add --orphan-handling option. * Add --stub-group-multi option (PowerPC only). * Add --target1-rel, --target1-abs, --target2 options (Arm only). * Add -z stack-size option. * Add --be8 option (Arm only). * Add HIDDEN support in linker scripts. * Add SORT_BY_INIT_PRIORITY support in linker scripts. - Other fixes: * Fix section alignment on .gnu_debuglink. [bso#21193] * Add s390x to gold_archs. * Fix alignment frags for aarch64 (bsc#1003846) * Call ldconfig for libbfd * Fix an assembler problem with clang on ARM. * Restore monotonically increasing section offsets. - Update to binutils 2.27. * Add a configure option, --enable-64-bit-archive, to force use of a 64-bit format when creating an archive symbol index. * Add --elf-stt-common= option to objcopy for ELF targets to control whether to convert common symbols to the STT_COMMON type. - GAS specific: * Default to --enable-compressed-debug-sections=gas for Linux/x86 targets. * Add --no-pad-sections to stop the assembler from padding the end of output sections up to their alignment boundary. * Support for the ARMv8-M architecture has been added to the ARM port. Support for the ARMv8-M Security and DSP Extensions has also been added to the ARM port. * ARC backend accepts .extInstruction, .extCondCode, .extAuxRegister, and .extCoreRegister pseudo-ops that allow an user to define custom instructions, conditional codes, auxiliary and core registers. * Add a configure option --enable-elf-stt-common to decide whether ELF assembler should generate common symbols with the STT_COMMON type by default. Default to no. * New command line option --elf-stt-common= for ELF targets to control whether to generate common symbols with the STT_COMMON type. * Add ability to set section flags and types via numeric values for ELF based targets. * Add a configure option --enable-x86-relax-relocations to decide whether x86 assembler should generate relax relocations by default. Default to yes, except for x86 Solaris targets older than Solaris 12. * New command line option -mrelax-relocations= for x86 target to control whether to generate relax relocations. * New command line option -mfence-as-lock-add=yes for x86 target to encode lfence, mfence and sfence as "lock addl $0x0, (%[re]sp)". * Add assembly-time relaxation option for ARC cpus. * Add --with-cpu=TYPE configure option for ARC gas. This allows the default cpu type to be adjusted at configure time. - GOLD specific: * Add a configure option --enable-relro to decide whether -z relro should be enabled by default. Default to yes. * Add support for s390, MIPS, AArch64, and TILE-Gx architectures. * Add support for STT_GNU_IFUNC symbols. * Add support for incremental linking (--incremental). - GNU ld specific: * Add a configure option --enable-relro to decide whether -z relro should be enabled in ELF linker by default. Default to yes for all Linux targets except FRV, HPPA, IA64 and MIPS. * Support for -z noreloc-overflow in the x86-64 ELF linker to disable relocation overflow check. * Add -z common/-z nocommon options for ELF targets to control whether to convert common symbols to the STT_COMMON type during a relocatable link. * Support for -z nodynamic-undefined-weak in the x86 ELF linker, which avoids dynamic relocations against undefined weak symbols in executable. * The NOCROSSREFSTO command was added to the linker script language. * Add --no-apply-dynamic-relocs to the AArch64 linker to do not apply link-time values for dynamic relocations. This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1003846 SUSE bug 1025282 SUSE bug 1029907 SUSE bug 1029908 SUSE bug 1029909 SUSE bug 1029995 SUSE bug 1030296 SUSE bug 1030297 SUSE bug 1030298 SUSE bug 1030583 SUSE bug 1030584 SUSE bug 1030585 SUSE bug 1030588 SUSE bug 1030589 SUSE bug 1031590 SUSE bug 1031593 SUSE bug 1031595 SUSE bug 1031638 SUSE bug 1031644 SUSE bug 1031656 SUSE bug 1033122 SUSE bug 1037052 SUSE bug 1037057 SUSE bug 1037061 SUSE bug 1037062 SUSE bug 1037066 SUSE bug 1037070 SUSE bug 1037072 SUSE bug 1037273 SUSE bug 1038874 SUSE bug 1038875 SUSE bug 1038876 SUSE bug 1038877 SUSE bug 1038878 SUSE bug 1038880 SUSE bug 1038881 SUSE bug 1044891 SUSE bug 1044897 SUSE bug 1044901 SUSE bug 1044909 SUSE bug 1044925 SUSE bug 1044927 SUSE bug 1046094 SUSE bug 1052061 SUSE bug 1052496 SUSE bug 1052503 SUSE bug 1052507 SUSE bug 1052509 SUSE bug 1052511 SUSE bug 1052514 SUSE bug 1052518 SUSE bug 1053347 SUSE bug 1056312 SUSE bug 1056437 SUSE bug 1057139 SUSE bug 1057144 SUSE bug 1057149 SUSE bug 1058480 SUSE bug 1059050 SUSE bug 1060599 SUSE bug 1060621 SUSE bug 1061241 SUSE bug 437293 SUSE bug 445037 SUSE bug 546106 SUSE bug 561142 SUSE bug 578249 SUSE bug 590820 SUSE bug 691290 SUSE bug 698346 SUSE bug 713504 SUSE bug 776968 SUSE bug 863764 SUSE bug 938658 SUSE bug 970239 CVE-2014-9939 CVE-2017-12448 CVE-2017-12450 CVE-2017-12452 CVE-2017-12453 CVE-2017-12454 CVE-2017-12456 CVE-2017-12799 CVE-2017-13757 CVE-2017-14128 CVE-2017-14129 CVE-2017-14130 CVE-2017-14333 CVE-2017-14529 CVE-2017-14729 CVE-2017-14745 CVE-2017-14974 CVE-2017-6965 CVE-2017-6966 CVE-2017-6969 CVE-2017-7209 CVE-2017-7210 CVE-2017-7223 CVE-2017-7224 CVE-2017-7225 CVE-2017-7226 CVE-2017-7227 CVE-2017-7299 CVE-2017-7300 CVE-2017-7301 CVE-2017-7302 CVE-2017-7303 CVE-2017-7304 CVE-2017-7614 CVE-2017-8392 CVE-2017-8393 CVE-2017-8394 CVE-2017-8395 CVE-2017-8396 CVE-2017-8397 CVE-2017-8398 CVE-2017-8421 CVE-2017-9038 CVE-2017-9039 CVE-2017-9040 CVE-2017-9041 CVE-2017-9042 CVE-2017-9043 CVE-2017-9044 CVE-2017-9746 CVE-2017-9747 CVE-2017-9748 CVE-2017-9750 CVE-2017-9755 CVE-2017-9756 CVE-2017-9954 CVE-2017-9955 openSUSE Leap 42.2 This update for lynx fixes the following issues: Security issue fixed: - CVE-2017-1000211: Fix use after free in the HTMLparser that can resulting in memory disclosure (bsc#1068885). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1068885 CVE-2017-1000211 openSUSE Leap 42.2 This update for tor fixes vulnerabilities that allowed some traffic confirmation, DoS and other attacks (bsc#1070849): - CVE-2017-8819: Replay-cache ineffective for v2 onion services - CVE-2017-8820: Remote DoS attack against directory authorities - CVE-2017-8821: An attacker can make Tor ask for a password - CVE-2017-8822: Relays can pick themselves in a circuit path - CVE-2017-8823: Use-after-free in onion service v2 Moderate SUSE bug 1070849 CVE-2017-8819 CVE-2017-8820 CVE-2017-8821 CVE-2017-8822 CVE-2017-8823 openSUSE Leap 42.2 This update for wireshark to version 2.2.11 fixes the following issues: Minor vulnerabilities that could be used to trigger dissector crashes by making Wireshark read specially crafted packages from the network or capture files (boo#1070727): - CVE-2017-17084: IWARP_MPA dissector crash (wnpa-sec-2017-47) - CVE-2017-17083: NetBIOS dissector crash (wnpa-sec-2017-48) - CVE-2017-17085: CIP Safety dissector crash (wnpa-sec-2017-49) This update also fixes further bugs and updates protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.11.html Low SUSE bug 1070727 CVE-2017-17083 CVE-2017-17084 CVE-2017-17085 openSUSE Leap 42.2 This update for pdns-recursor fixes the following issues: Security issues fixed: - CVE-2017-15090: An issue has been found in the DNSSEC validation component of PowerDNS Recursor, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records (boo#1069242). - CVE-2017-15092: An issue has been found in the web interface of PowerDNS Recursor, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content (boo#1069242). - CVE-2017-15093: When `api-config-dir` is set to a non-empty value, which is not the case by default, the API allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration (boo#1069242). - CVE-2017-15094: An issue has been found in the DNSSEC parsing code of PowerDNS Recursor during a code audit by Nixu, leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys (boo#1069242). Moderate SUSE bug 1069242 CVE-2017-15090 CVE-2017-15092 CVE-2017-15093 CVE-2017-15094 openSUSE Leap 42.2 This update for pdns fixes the following issues: Security issue fixed: - CVE-2017-15091: An issue has been found in the API component of PowerDNS Authoritative, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only. This missing check allows an attacker with valid API credentials could flush the cache, trigger a zone transfer or send a NOTIFY (boo#1069242). Moderate SUSE bug 1069242 CVE-2017-15091 openSUSE Leap 42.2 This update for graphviz fixes the following issues: Security issue fixed: - CVE-2014-9157: Fix format string vulnerability (boo#908426). Moderate SUSE bug 908426 CVE-2014-9157 openSUSE Leap 42.2 This update for exim fixes the following issues: Security issue fixed: - CVE-2017-16943: Fix possible remote code execution (boo#1069857). Important SUSE bug 1069857 CVE-2017-16943 openSUSE Leap 42.2 This update for GraphicsMagick fixes the following issues: Security issues fixed: - CVE-2017-16546: Fix ReadWPGImage function in coders/wpg.c that could lead to a denial of service (bsc#1067181). - CVE-2017-14342: Fix a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c that could lead to a denial of service (bsc#1058485). - CVE-2017-16669: Fix coders/wpg.c that allows remote attackers to cause a denial of service via crafted files (bsc#1067409). - CVE-2017-16545: Fix the ReadWPGImage function in coders/wpg.c as a validation problems could lead to a denial of service (bsc#1067184). - CVE-2017-14341: Fix infinite loop in the ReadWPGImage function (bsc#1058637). - CVE-2017-13737: Fix invalid free in the MagickFree function in magick/memory.c (tiff.c) (bsc#1056162). - CVE-2017-11640: Fix NULL pointer deref in WritePTIFImage() in coders/tiff.c (bsc#1050632). Important SUSE bug 1050632 SUSE bug 1056162 SUSE bug 1058485 SUSE bug 1058637 SUSE bug 1067181 SUSE bug 1067184 SUSE bug 1067409 CVE-2017-11640 CVE-2017-13737 CVE-2017-14341 CVE-2017-14342 CVE-2017-16545 CVE-2017-16546 CVE-2017-16669 openSUSE Leap 42.2 This update for shibboleth-sp fixes the following issues: Security issue fixed: - CVE-2017-16852: Fix critical security checks in the Dynamic MetadataProvider plugin in Shibboleth Service (bsc#1068689). This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1068689 CVE-2017-16852 openSUSE Leap 42.2 This update to Chromium 63.0.3239.84 fixes the following security issues: - CVE-2017-15408: Heap buffer overflow in PDFium - CVE-2017-15409: Out of bounds write in Skia - CVE-2017-15410: Use after free in PDFium - CVE-2017-15411: Use after free in PDFium - CVE-2017-15412: Use after free in libXML - CVE-2017-15413: Type confusion in WebAssembly - CVE-2017-15415: Pointer information disclosure in IPC call - CVE-2017-15416: Out of bounds read in Blink - CVE-2017-15417: Cross origin information disclosure in Skia - CVE-2017-15418: Use of uninitialized value in Skia - CVE-2017-15419: Cross origin leak of redirect URL in Blink - CVE-2017-15420: URL spoofing in Omnibox - CVE-2017-15422: Integer overflow in ICU - CVE-2017-15423: Issue with SPAKE implementation in BoringSSL - CVE-2017-15424: URL Spoof in Omnibox - CVE-2017-15425: URL Spoof in Omnibox - CVE-2017-15426: URL Spoof in Omnibox - CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox Important SUSE bug 1071691 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15412 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15422 CVE-2017-15423 CVE-2017-15424 CVE-2017-15425 CVE-2017-15426 CVE-2017-15427 openSUSE Leap 42.2 This update for opensaml fixes the following issues: Security issue fixed: - CVE-2017-16853: Fix the DynamicMetadataProvider class to properly configure itself with the MetadataFilter plugins, to avoid possible MITM attacks (bsc#1068685). This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1068685 CVE-2017-16853 openSUSE Leap 42.2 This update for openssh fixes the following issues: Security issue fixed: - CVE-2017-15906: Stricter checking of operations in read-only mode in sftp server (bsc#1065000). Bug fixes: - FIPS: Startup selfchecks (bsc#1068310). - FIPS: Silent complaints about unsupported key exchange methods (bsc#1006166). - Refine handling of sockets for X11 forwarding to remove reintroduced CVE-2008-1483 (bsc#1069509). - Test configuration before running daemon to prevent looping resulting in service shutdown (bsc#1048367) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1006166 SUSE bug 1048367 SUSE bug 1065000 SUSE bug 1068310 SUSE bug 1069509 CVE-2008-1483 CVE-2017-15906 openSUSE Leap 42.2 This update for php7 fixes the following issues: Security issues fixed: - CVE-2017-16642: Fix timelib_meridian error that could be used to leak information from the interpreter (bsc#1067441). - CVE-2017-9229: Fix invalid pointer dereference in left_adjust_char_head() (bsc#1069631). - CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitset_set_range() during regex compilation (bsc#1069606). Bugs fixed: - Fix wrong reference when serialize/unserialize an object (bsc#1063815). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1063815 SUSE bug 1067441 SUSE bug 1069606 SUSE bug 1069631 CVE-2017-16642 CVE-2017-9228 CVE-2017-9229 openSUSE Leap 42.2 This update for libXfont fixes several issues. These security issues were fixed: - CVE-2017-13720: Improper check for end of string in PatterMatch caused invalid reads (bsc#1054285) - CVE-2017-13722: Malformed PCF file could have caused DoS or leak information (bsc#1049692) - Prevent the X server from accessing arbitrary files as root. It is not possible to leak information, but special files can be touched allowing for causing side effects (bsc#1050459) Moderate SUSE bug 1049692 SUSE bug 1050459 SUSE bug 1054285 CVE-2017-13720 CVE-2017-13722 openSUSE Leap 42.2 This update for erlang fixes security issues and bugs. The following vulnerabilities were addressed: - CVE-2017-1000385: Harden against the Bleichenbacher attacher against RSA - CVE-2016-10253: Heap overflow through regular expressions (bsc#1030062) In addition Erlang was updated to version 18.3.4.6, containing a number of upstream bug fixes and improvements. Moderate SUSE bug 1030062 CVE-2016-10253 CVE-2017-1000385 openSUSE Leap 42.2 This OBS toolchain update fixes the following issues: Package 'build': - CVE-2010-4226: force use of bsdtar for VMs (bnc#665768) - CVE-2017-14804: Improve file name check extractbuild (bsc#1069904) - switch baselibs scheme for debuginfo packages from foo-debuginfo-32bit to foo-32bit-debuginfo (fate#323217) Package 'obs-service-source_validator': - CVE-2017-9274: Don't use rpmbuild to extract sources, patches etc. from a spec (bnc#938556). - Update to version 0.7 - use spec_query instead of output_versions using the specfile parser from the build package (boo#1059858) Package 'osc': - update to version 0.162.0 - add Recommends: ca-certificates to enable TLS verification without manually installing them. (bnc#1061500) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1059858 SUSE bug 1061500 SUSE bug 1069904 SUSE bug 665768 SUSE bug 938556 CVE-2010-4226 CVE-2017-14804 CVE-2017-9274 openSUSE Leap 42.2 This update for GraphicsMagick fixes the following issues: * CVE-2017-12140: ReadDCMImage in coders\dcm.c has a ninteger signedness error leading to excessive memory consumption (bnc#1051847) * CVE-2017-14994: NULL pointer in ReadDCMImage in coders/dcm.c could lead to denial of service (bnc#1061587) * CVE-2017-12662: Memory leak in WritePDFImage in coders/pdf.c could lead to denial of service (bnc#1052758) * CVE-2017-14733: Heap overflow on ReadRLEImage in coders/rle.c could lead to denial of service (bnc#1060577) * CVE-2017-12644: Memory leak in ReadDCMImage in coders\dcm.c could lead to denial of service (bnc#1052764) * CVE-2017-10799: denial of service (OOM) can occur inReadDPXImage() (bnc#1047054) Important SUSE bug 1047054 SUSE bug 1051847 SUSE bug 1052758 SUSE bug 1052764 SUSE bug 1060577 SUSE bug 1061587 CVE-2017-10799 CVE-2017-12140 CVE-2017-12644 CVE-2017-12662 CVE-2017-14733 CVE-2017-14994 openSUSE Leap 42.2 This update for libheimdal fixes the following issues: - CVE-2017-17439: Remote unauthenticated attackers may have crashed the KDC (boo#1071675) Moderate SUSE bug 1071675 CVE-2017-17439 openSUSE Leap 42.2 This update for fossil to version 2.4 fixes the following issues: - CVE-2017-17459: Client-side code execution via crafted "ssh://" URLs (bsc#1071709) The impact of this vulnerability is more limited than similar vectors fixed in other SCMs, as there is no known way to mask the repository URL or otherwise trigger non-interactively. This update also contains all bug fixes and improvements in the 2.4 release: - URL Aliases - tech-note search capability - Various added command line options - Annation depth is now configurable The following legacy options are no longer available: - --no-dir-symlinks option - legacy configuration sync protocol Moderate SUSE bug 1071709 CVE-2017-17459 openSUSE Leap 42.2 This update for MozillaFirefox to 52.5.2esr fixes the following issue: - CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data (boo#1072034, bmo#1410106, MFSA 2017-28) Moderate SUSE bug 1072034 CVE-2017-7843 openSUSE Leap 42.2 This update for python3-sleekxmpp fixes the following issues: - Check the origin of roster pushes (2015-8688, 2016-9928, boo#1014976). Also see https://gultsch.de/gajim_roster_push_and_message_interception.html - An error in legacyauth support was fixed Moderate SUSE bug 1014976 CVE-2015-8688 CVE-2016-9928 openSUSE Leap 42.2 This update for libapr-util1 fixes the following issues: Security issue fixed: - CVE-2017-12618: DoS via crafted SDBM database files in apr_sdbm*() functions (bsc#1064990) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1064990 CVE-2017-12618 openSUSE Leap 42.2 This update for php5 fixes the following issues: Security issues fixed: - CVE-2017-16642: Fix timelib_meridian error that could be used to leak information from the interpreter (bsc#1067441). - CVE-2017-4025: Fix pathname truncation in set_include_path, tempnam, rmdir, and readlink (bsc#1067090). - CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitset_set_range() during regex compilation (bsc#1069606). - CVE-2017-9229: Fix invalid pointer dereference in left_adjust_char_head() (bsc#1069631). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1067090 SUSE bug 1067441 SUSE bug 1069606 SUSE bug 1069631 CVE-2015-4025 CVE-2017-16642 CVE-2017-9228 CVE-2017-9229 openSUSE Leap 42.2 This update to Chromium 63.0.3239.108 fixes the following issues: - CVE-2017-15429: UXSS in V8 (bsc#1072976) - Various fuzzing fixes Important SUSE bug 1072976 CVE-2017-15429 openSUSE Leap 42.2 This update for openssl fixes the following issues: - OpenSSL Security Advisory [07 Dec 2017] * CVE-2017-3737: OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. (bsc#1071905) * CVE-2017-3738: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. (bsc#1071906) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1071905 SUSE bug 1071906 CVE-2017-3737 CVE-2017-3738 openSUSE Leap 42.2 This update for GraphicsMagick fixes the following issues: - CVE-2017-14042: Denial of service through a large memory allocation via specially crafted PNM images (boo#1056550) - CVE-2017-14504: NULL pointer dereference via specially crafted PNM images (boo#1059721) - CVE-2017-17498: Denial of service or unspecified other impact through a heap-based buffer overflow via specially crafted PNM images (boo#1072103) - CVE-2017-15277: Information leak from the application into palette data via specially crafted GIF images (boo#1063050) Moderate SUSE bug 1056550 SUSE bug 1059721 SUSE bug 1063050 SUSE bug 1072103 CVE-2017-14042 CVE-2017-14504 CVE-2017-15277 CVE-2017-17498 openSUSE Leap 42.2 This update for mercurial fixes the following issue: - CVE-2017-17458: A specially malformed repository may have caused Git subrepositories to run arbitrary code (bsc#1071715) Moderate SUSE bug 1071715 CVE-2017-17458 openSUSE Leap 42.2 The openSUSE Leap 42.2 kernel was updated to 4.4.102 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000405: A bug in the THP CoW support could be used by local attackers to corrupt memory of other processes and cause them to crash (bnc#1069496). - CVE-2017-1000410: The Linux kernel was affected by an information leak in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. (bnc#1070535). - CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bnc#1050231). - CVE-2017-12193: The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel mishandled node splitting, which allowed local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations (bnc#1066192). - CVE-2017-15115: The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel did not check whether the intended netns is used in a peel-off action, which allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls (bnc#1068671). - CVE-2017-16528: sound/core/seq_device.c in the Linux kernel allowed local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066629). - CVE-2017-16536: The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066606). - CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066573). - CVE-2017-16645: The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel allowed local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067132). - CVE-2017-16646: drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel allowed local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067105). - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bnc#1069702). - CVE-2017-16994: The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel mishandled holes in hugetlb ranges, which allowed local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call (bnc#1069996). - CVE-2017-17448: net/netfilter/nfnetlink_cthelper.c in the Linux kernel did not require the CAP_NET_ADMIN capability for new, get, and del operations, which allowed local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces (bnc#1071693). - CVE-2017-17449: The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel did not restrict observations of Netlink messages to a single net namespace, which allowed local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system (bnc#1071694). - CVE-2017-17450: net/netfilter/xt_osf.c in the Linux kernel did not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allowed local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces (bnc#1071695). - CVE-2017-7482: Fixed an overflow when decoding a krb5 principal. (bnc#1046107). - CVE-2017-8824: The dccp_disconnect function in net/dccp/proto.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state (bnc#1070771). The following non-security bugs were fixed: - adm80211: return an error if adm8211_alloc_rings() fails (bsc#1031717). - adv7604: Initialize drive strength to default when using DT (bnc#1012382). - af_netlink: ensure that NLMSG_DONE never fails in dumps (bnc#1012382). - alsa: caiaq: Fix stray URB at probe error path (bnc#1012382). - alsa: hda: Add Raven PCI ID (bnc#1012382). - alsa: hda - Apply ALC269_FIXUP_NO_SHUTUP on HDA_FIXUP_ACT_PROBE (bnc#1012382). - alsa: hda/ca0132 - Fix memory leak at error path (bsc#1031717). - alsa: hda - fix headset mic problem for Dell machines with alc236 (bnc#1012382). - alsa: hda - No loopback on ALC299 codec (git-fixes). - alsa: hda/realtek: Add headset mic support for Intel NUC Skull Canyon (bsc#1031717). - alsa: hda/realtek - Add new codec ID ALC299 (bnc#1012382). - alsa: hda/realtek - Add support for ALC236/ALC3204 (bnc#1012382). - alsa: hda/realtek - Fix ALC700 family no sound issue (bsc#1031717). - alsa: hda: Remove superfluous '-' added by printk conversion (bnc#1012382). - alsa: line6: Fix leftover URB at error-path during probe (bnc#1012382). - alsa: pcm: update tstamp only if audio_tstamp changed (bsc#1031717). - alsa: seq: Avoid invalid lockdep class warning (bsc#1031717). - alsa: seq: Enable 'use' locking in all configurations (bnc#1012382). - alsa: seq: Fix copy_from_user() call inside lock (bnc#1012382). - alsa: seq: Fix nested rwsem annotation for lockdep splat (bnc#1012382). - alsa: seq: Fix OSS sysex delivery in OSS emulation (bnc#1012382). - alsa: timer: Add missing mutex lock for compat ioctls (bnc#1012382). - alsa: timer: Remove kernel warning at compat ioctl error paths (bsc#1031717). - alsa: usb-audio: Add native DSD support for Pro-Ject Pre Box S2 Digital (bnc#1012382). - alsa: usb-audio: Add sanity checks in v2 clock parsers (bsc#1031717). - alsa: usb-audio: Add sanity checks to FE parser (bsc#1031717). - alsa: usb-audio: Fix potential out-of-bound access at parsing SU (bsc#1031717). - alsa: usb-audio: Kill stray URB at exiting (bnc#1012382). - alsa: usb-audio: uac1: Invalidate ctl on interrupt (bsc#1031717). - alsa: vx: Do not try to update capture stream before running (bnc#1012382). - alsa: vx: Fix possible transfer overflow (bnc#1012382). - Apply generic ppc build fixes to vanilla (bsc#1070805) - arm64: dts: NS2: reserve memory for Nitro firmware (bnc#1012382). - arm64: ensure __dump_instr() checks addr_limit (bnc#1012382). - arm64: fix dump_instr when PAN and UAO are in use (bnc#1012382). - arm: 8715/1: add a private asm/unaligned.h (bnc#1012382). - arm: 8720/1: ensure dump_instr() checks addr_limit (bnc#1012382). - arm: 8721/1: mm: dump: check hardware RO bit for LPAE (bnc#1012382). - arm: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE (bnc#1012382). - arm: crypto: reduce priority of bit-sliced AES cipher (bnc#1012382). - arm: dts: Fix am335x and dm814x scm syscon to probe children (bnc#1012382). - arm: dts: Fix compatible for ti81xx uarts for 8250 (bnc#1012382). - arm: dts: Fix omap3 off mode pull defines (bnc#1012382). - arm: dts: mvebu: pl310-cache disable double-linefill (bnc#1012382). - arm: OMAP2+: Fix init for multiple quirks for the same SoC (bnc#1012382). - arm: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6 (bnc#1012382). - arm: pxa: Do not rely on public mmc header to include leds.h (bnc#1012382). - asm/sections: add helpers to check for section data (bsc#1063026). - asoc: adau17x1: Workaround for noise bug in ADC (bnc#1012382). - asoc: cs42l56: Fix reset GPIO name in example DT binding (bsc#1031717). - asoc: davinci-mcasp: Fix an error handling path in 'davinci_mcasp_probe()' (bsc#1031717). - asoc: rsnd: do not double free kctrl (bnc#1012382). - asoc: samsung: Fix possible double iounmap on s3c24xx driver probe failure (bsc#1031717). - asoc: wm_adsp: Do not overrun firmware file buffer when reading region data (bnc#1012382). - ata: ATA_BMDMA should depend on HAS_DMA (bnc#1012382). - ata: fixes kernel crash while tracing ata_eh_link_autopsy event (bnc#1012382). - ata: SATA_HIGHBANK should depend on HAS_DMA (bnc#1012382). - ata: SATA_MV should depend on HAS_DMA (bnc#1012382). - ath10k: convert warning about non-existent OTP board id to debug message (git-fixes). - ath10k: fix a warning during channel switch with multiple vaps (bsc#1031717). - ath10k: fix board data fetch error message (bsc#1031717). - ath10k: fix diag_read to collect data for larger memory (bsc#1031717). - ath10k: fix incorrect txpower set by P2P_DEVICE interface (bnc#1012382). - ath10k: fix potential memory leak in ath10k_wmi_tlv_op_pull_fw_stats() (bnc#1012382). - ath10k: free cached fw bin contents when get board id fails (bsc#1031717). - ath10k: ignore configuring the incorrect board_id (bnc#1012382). - ath10k: set CTS protection VDEV param only if VDEV is up (bnc#1012382). - ath9k_htc: check for underflow in ath9k_htc_rx_msg() (bsc#1031717). - ath9k: off by one in ath9k_hw_nvram_read_array() (bsc#1031717). - autofs: do not fail mount for transient error (bsc#1065180). - backlight: adp5520: Fix error handling in adp5520_bl_probe() (bnc#1012382). - backlight: lcd: Fix race condition during register (bnc#1012382). - bcache: check ca->alloc_thread initialized before wake up it (bnc#1012382). - blacklist 0278b34bf15f spi: spidev_test: Fix buffer overflow in unescape() This is a binary built from Documentation and the build logs do not show it built - blacklist.conf: 79b63f12abcbbd2caf7064b294af648a87de07ff # bsc#1061756 may break existing setups - blacklist.conf: Add ath10k, mmc and rtl8192u commits (bsc#1031717) - blacklist.conf: Add drm/i915 blacklist (bsc#1031717) - blacklist.conf: added misc commits (bsc#1031717) - blacklist.conf: Add misc entries (bsc#1031717) - blacklist.conf: Blacklist 33e465ce7cb3 ("percpu_ref: allow operation mode switching operations to be called concurrently"). The benefits are not worth the possible risks eventually introduced. - blacklist.conf: blacklisted 16af97dc5a89 (bnc#1053919) - blacklist.conf: blacklist not-applicable patch (bsc#1071231) - blacklist.conf: commit fe22cd9b7c980b8b948 ("printk: help pr_debug and pr_devel to optimize out arguments") is just a cosmetic change. - blacklist.conf: Update blacklist (bsc#1031717) - blacklist.conf: Update iwlwifi blacklist (bsc#1031717) - blacklist.conf: yet another serial entry (bsc#1031717) - block: Fix a race between blk_cleanup_queue() and timeout handling (FATE#319965, bsc#964944). - bluetooth: btusb: fix QCA Rome suspend/resume (bnc#1012382). - bnxt_en: Call firmware to approve the random VF MAC address (bsc#963575 FATE#320144). - bnxt_en: Do not setup MAC address in bnxt_hwrm_func_qcaps() (bsc#963575 FATE#320144). - bnxt_en: Fix possible corrupted NVRAM parameters from firmware response (bsc#963575 FATE#320144). - bnxt_en: Fix VF PCIe link speed and width logic (bsc#963575 FATE#320144). - bnxt_en: Re-arrange bnxt_hwrm_func_qcaps() (bsc#963575 FATE#320144). - bnxt_en: use eth_hw_addr_random() (bsc#963575 FATE#320144). - bonding: discard lowest hash bit for 802.3ad layer3+4 (bnc#1012382). - bpf: one perf event close won't free bpf program attached by another perf event (bnc#1012382). - bpf/verifier: reject BPF_ALU64|BPF_END (bnc#1012382). - brcmfmac: add length check in brcmf_cfg80211_escan_handler() (bnc#1012382). - brcmfmac: remove setting IBSS mode when stopping AP (bnc#1012382). - brcmsmac: make some local variables 'static const' to reduce stack size (bnc#1012382). - bt8xx: fix memory leak (bnc#1012382). - btrfs: add a node counter to each of the rbtrees (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: add cond_resched() calls when resolving backrefs (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: allow backref search checks for shared extents (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: backref, add tracepoints for prelim_ref insertion and merging (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: backref, add unode_aux_to_inode_list helper (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: backref, cleanup __ namespace abuse (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: backref, constify some arguments (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: btrfs_check_shared should manage its own transaction (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: clean up extraneous computations in add_delayed_refs (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: constify tracepoint arguments (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: convert prelimary reference tracking to use rbtrees (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: fix leak and use-after-free in resolve_indirect_refs (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: Fix typo in may_commit_transaction Rather than comparing the result of the percpu comparison I was comparing the value of the percpu counter against 0 or 1. - btrfs: remove ref_tree implementation from backref.c (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: return the actual error value from from btrfs_uuid_tree_iterate (bnc#1012382). - btrfs: struct-funcs, constify readers (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - bus: mbus: fix window size calculation for 4GB windows (bnc#1012382). - can: c_can: do not indicate triple sampling support for D_CAN (bnc#1012382). - can: esd_usb2: Fix can_dlc value for received RTR, frames (bnc#1012382). - can: gs_usb: fix busy loop if no more TX context is available (bnc#1012382). - can: kvaser_usb: Correct return value in printout (bnc#1012382). - can: kvaser_usb: Ignore CMD_FLUSH_QUEUE_REPLY messages (bnc#1012382). - can: sun4i: fix loopback mode (bnc#1012382). - can: sun4i: handle overrun in RX FIFO (bnc#1012382). - cdc_ncm: Set NTB format again after altsetting switch for Huawei devices (bnc#1012382). - ceph: clean up unsafe d_parent accesses in build_dentry_path (bnc#1012382). - ceph: unlock dangling spinlock in try_flush_caps() (bsc#1065639). - cgroup, net_cls: iterate the fds of only the tasks which are being migrated (bnc#1064926). - cifs: add build_path_from_dentry_optional_prefix() (fate#323482) - cifs: Add capability to decrypt big read responses (FATE#324404). Allow to decrypt transformed packets that are bigger than the big buffer size. In particular it is used for read responses that can only exceed the big buffer size. - cifs: Add capability to transform requests before sending (FATE#324404). This will allow us to do protocol specific tranformations of packets before sending to the server. For SMB3 it can be used to support encryption. - cifs: Add copy into pages callback for a read operation (FATE#324404). Since we have two different types of reads (pagecache and direct) we need to process such responses differently after decryption of a packet. The change allows to specify a callback that copies a read payload data into preallocated pages. - cifs: Add mid handle callback (FATE#324404). We need to process read responses differently because the data should go directly into preallocated pages. This can be done by specifying a mid handle callback. - cifs: Add soft dependencies (FATE#324404). List soft dependencies of cifs so that mkinitrd and dracut can include the required helper modules. - cifs: Add transform header handling callbacks (FATE#324404). We need to recognize and parse transformed packets in demultiplex thread to find a corresponsing mid and process it further. - cifs: add use_ipc flag to SMB2_ioctl() (fate#323482) - cifs: Allow to switch on encryption with seal mount option (FATE#324404). This allows users to inforce encryption for SMB3 shares if a server supports it. - cifs: check MaxPathNameComponentLength != 0 before using it (bnc#1012382). - cifs: Decrypt and process small encrypted packets (FATE#324404). Allow to decrypt transformed packets, find a corresponding mid and process as usual further. - cifs: do not bother with kmap on read_pages side (FATE#324404). just do ITER_BVEC recvmsg - cifs: Enable encryption during session setup phase (FATE#324404). In order to allow encryption on SMB connection we need to exchange a session key and generate encryption and decryption keys. - cifs: Encrypt SMB3 requests before sending (FATE#324404). This change allows to encrypt packets if it is required by a server for SMB sessions or tree connections. - cifs: fix circular locking dependency (bsc#1064701). - cifs: Fix some return values in case of error in 'crypt_message' (fate#324404). - cifs: Fix sparse warnings (fate#323482) - cifs: implement get_dfs_refer for SMB2+ (fate#323482) - cifs: let ses->ipc_tid hold smb2 TreeIds (fate#323482) - cifs: Make send_cancel take rqst as argument (FATE#324404). - cifs: Make SendReceive2() takes resp iov (FATE#324404). Now SendReceive2 frees the first iov and returns a response buffer in it that increases a code complexity. Simplify this by making a caller responsible for freeing request buffer itself and returning a response buffer in a separate iov. - cifs: move DFS response parsing out of SMB1 code (fate#323482) - cifs: no need to wank with copying and advancing iovec on recvmsg side either (FATE#324404). - cifs: Only select the required crypto modules (FATE#324404). The sha256 and cmac crypto modules are only needed for SMB2+, so move the select statements to config CIFS_SMB2. Also select CRYPTO_AES there as SMB2+ needs it. - cifs: Prepare for encryption support (first part). Add decryption and encryption key generation. (FATE#324404). - cifs_readv_receive: use cifs_read_from_socket() (FATE#324404). - cifs: Reconnect expired SMB sessions (bnc#1012382). - cifs: remove any preceding delimiter from prefix_path (fate#323482) - cifs: Send RFC1001 length in a separate iov (FATE#324404). In order to simplify further encryption support we need to separate RFC1001 length and SMB2 header when sending a request. Put the length field in iov[0] and the rest of the packet into following iovs. - cifs: Separate RFC1001 length processing for SMB2 read (FATE#324404). Allocate and initialize SMB2 read request without RFC1001 length field to directly call cifs_send_recv() rather than SendReceive2() in a read codepath. - cifs: Separate SMB2 header structure (FATE#324404). In order to support compounding and encryption we need to separate RFC1001 length field and SMB2 header structure because the protocol treats them differently. This change will allow to simplify parsing of such complex SMB2 packets further. - cifs: Separate SMB2 sync header processing (FATE#324404). Do not process RFC1001 length in smb2_hdr_assemble() because it is not a part of SMB2 header. This allows to cleanup the code and adds a possibility combine several SMB2 packets into one for compounding. - cifs: set signing flag in SMB2+ TreeConnect if needed (fate#323482) - cifs: Simplify SMB2 and SMB311 dependencies (FATE#324404). * CIFS_SMB2 depends on CIFS, which depends on INET and selects NLS. So these dependencies do not need to be repeated for CIFS_SMB2. * CIFS_SMB311 depends on CIFS_SMB2, which depends on INET. So this dependency does not need to be repeated for CIFS_SMB311. - cifs: use DFS pathnames in SMB2+ Create requests (fate#323482) - clk: ti: dra7-atl-clock: fix child-node lookups (bnc#1012382). - clk: ti: dra7-atl-clock: Fix of_node reference counting (bnc#1012382). - clockevents/drivers/cs5535: Improve resilience to spurious interrupts (bnc#1012382). - cma: fix calculation of aligned offset (VM Functionality, bsc#1050060). - coda: fix 'kernel memory exposure attempt' in fsync (bnc#1012382). - cpufreq: CPPC: add ACPI_PROCESSOR dependency (bnc#1012382). - crypto: shash - Fix zero-length shash ahash digest crash (bnc#1012382). - crypto: vmx - disable preemption to enable vsx in aes_ctr.c (bnc#1012382). - crypto: x86/sha1-mb - fix panic due to unaligned access (bnc#1012382). - crypto: xts - Add ECB dependency (bnc#1012382). - cx231xx: Fix I2C on Internal Master 3 Bus (bnc#1012382). - cxgb4: Fix error codes in c4iw_create_cq() (bsc#1021424). - cxl: Fix DAR check & use REGION_ID instead of opencoding (bsc#1066223). - cxl: Fix leaking pid refs in some error paths (bsc#1066223). - cxl: Force context lock during EEH flow (bsc#1066223). - cxl: Prevent adapter reset if an active context exists (bsc#1066223). - cxl: Route eeh events to all drivers in cxl_pci_error_detected() (bsc#1066223). - direct-io: Prevent NULL pointer access in submit_page_section (bnc#1012382). - Disable IPMI fix patches due to regression (bsc#1071833) - Disable patches.kernel.org/4.4.93-022-fix-unbalanced-page-refcounting-in-bio_map_use.patch (bsc#1070767) Refresh patches.drivers/0004-bio-use-offset_in_page-macro.patch. - dmaengine: dmatest: warn user when dma test times out (bnc#1012382). - dmaengine: edma: Align the memcpy acnt array size with the transfer (bnc#1012382). - dmaengine: zx: set DMA_CYCLIC cap_mask bit (bnc#1012382). - dm bufio: fix integer overflow when limiting maximum cache size (bnc#1012382). - dm: fix race between dm_get_from_kobject() and __dm_destroy() (bnc#1012382). - drivers: dma-mapping: Do not leave an invalid area->pages pointer in dma_common_contiguous_remap() (Git-fixes, bsc#1065692). - drm/amdgpu: when dpm disabled, also need to stop/start vce (bnc#1012382). - drm/amdkfd: NULL dereference involving create_process() (bsc#1031717). - drm: Apply range restriction after color adjustment when allocation (bnc#1012382). - drm/armada: Fix compile fail (bnc#1012382). - drm: drm_minor_register(): Clean up debugfs on failure (bnc#1012382). - drm: gma500: fix logic error (bsc#1031717). - drm/i915/bxt: set min brightness from VBT (bsc#1031717). - drm/i915: Do not try indexed reads to alternate slave addresses (bsc#1031717). - drm/i915: fix backlight invert for non-zero minimum brightness (bsc#1031717). - drm/i915: Prevent zero length "index" write (bsc#1031717). - drm/i915: Read timings from the correct transcoder in intel_crtc_mode_get() (bsc#1031717). - drm/msm: fix an integer overflow test (bnc#1012382). - drm/msm: Fix potential buffer overflow issue (bnc#1012382). - drm/nouveau/bsp/g92: disable by default (bnc#1012382). - drm/nouveau/gr: fallback to legacy paths during firmware lookup (bsc#1031717). - drm/nouveau/mmu: flush tlbs before deleting page tables (bnc#1012382). - drm/omap: Fix error handling path in 'omap_dmm_probe()' (bsc#1031717). - drm/panel: simple: Add missing panel_simple_unprepare() calls (bsc#1031717). - drm/sti: sti_vtg: Handle return NULL error from devm_ioremap_nocache (bnc#1012382). - drm/vc4: Fix leak of HDMI EDID (bsc#1031717). - drm/vmwgfx: Fix Ubuntu 17.10 Wayland black screen issue (bnc#1012382). - e1000e: Fix error path in link detection (bnc#1012382). - e1000e: Fix return value test (bnc#1012382). - e1000e: Separate signaling for link check/link up (bnc#1012382). - ecryptfs: fix dereference of NULL user_key_payload (bnc#1012382). - eCryptfs: use after free in ecryptfs_release_messaging() (bsc#1012829). - epoll: avoid calling ep_call_nested() from ep_poll_safewake() (bsc#1056427). - epoll: remove ep_call_nested() from ep_eventpoll_poll() (bsc#1056427). - ext4: cleanup goto next group (bsc#1066285). - ext4: do not use stripe_width if it is not set (bnc#1012382). - ext4: fix interaction between i_size, fallocate, and delalloc after a crash (bnc#1012382). - ext4: fix stripe-unaligned allocations (bnc#1012382). - ext4: in ext4_seek_{hole,data}, return -ENXIO for negative offsets (bnc#1012382). - ext4: reduce lock contention in __ext4_new_inode (bsc#1066285). - extcon: palmas: Check the parent instance to prevent the NULL (bnc#1012382). - exynos4-is: fimc-is: Unmap region obtained by of_iomap() (bnc#1012382). - f2fs crypto: add missing locking for keyring_key access (bnc#1012382). - f2fs crypto: replace some BUG_ON()'s with error checks (bnc#1012382). - f2fs: do not wait for writeback in write_begin (bnc#1012382). - fealnx: Fix building error on MIPS (bnc#1012382). - fix a page leak in vhost_scsi_iov_to_sgl() error recovery (bnc#1012382). - Fix tracing sample code warning (bnc#1012382). - fix unbalanced page refcounting in bio_map_user_iov (bnc#1012382). - fm10k: request reset when mbx->state changes (bnc#1012382). - fm10k: Use smp_rmb rather than read_barrier_depends (bnc#1012382). - fs/9p: Compare qid.path in v9fs_test_inode (bsc#1012829). - fs-cache: fix dereference of NULL user_key_payload (bnc#1012382). - fscrypt: fix dereference of NULL user_key_payload (bnc#1012382). - fscrypt: lock mutex before checking for bounce page pool (bnc#1012382). - fscrypto: require write access to mount to set encryption policy (bnc#1012382). - fuse: fix READDIRPLUS skipping an entry (bnc#1012382). - gpu: drm: mgag200: mgag200_main:- Handle error from pci_iomap (bnc#1012382). - hid: elo: clear BTN_LEFT mapping (bsc#1065866). - hid: usbhid: fix out-of-bounds bug (bnc#1012382). - hsi: ssi_protocol: double free in ssip_pn_xmit() (bsc#1031717). - i2c: at91: ensure state is restored after suspending (bnc#1012382). - i2c: cadance: fix ctrl/addr reg write order (bsc#1031717). - i2c: imx: Use correct function to write to register (bsc#1031717). - i2c: ismt: Separate I2C block read from SMBus block read (bnc#1012382). - i2c: riic: correctly finish transfers (bnc#1012382). - i2c: riic: fix restart condition (git-fixes). - i40e: Use smp_rmb rather than read_barrier_depends (bnc#1012382). - i40evf: Use smp_rmb rather than read_barrier_depends (bnc#1012382). - ib/core: Fix calculation of maximum RoCE MTU (bsc#1022595 FATE#322350). - ib/core: Namespace is mandatory input for address resolution (bsc#1022595 FATE#322350). - ib/ipoib: Change list_del to list_del_init in the tx object (bnc#1012382). - ib/ipoib: Clean error paths in add port (bsc#1022595 FATE#322350). - ib/ipoib: Prevent setting negative values to max_nonsrq_conn_qp (bsc#1022595 FATE#322350). - ib/ipoib: Remove double pointer assigning (bsc#1022595 FATE#322350). - ib/ipoib: Set IPOIB_NEIGH_TBL_FLUSH after flushed completion initialization (bsc#1022595 FATE#322350). - ib/mlx5: Fix RoCE Address Path fields (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - ibmvnic: Add netdev_dbg output for debugging (fate#323285). - ibmvnic: Add vnic client data to login buffer (bsc#1069942). - ibmvnic: Convert vnic server reported statistics to cpu endian (fate#323285). - ibmvnic: Enable scatter-gather support (bsc#1066382). - ibmvnic: Enable TSO support (bsc#1066382). - ibmvnic: Feature implementation of Vital Product Data (VPD) for the ibmvnic driver (bsc#1069942). - ibmvnic: Fix calculation of number of TX header descriptors (bsc#1066382). - ibmvnic: fix dma_mapping_error call (bsc#1069942). - ibmvnic: Fix failover error path for non-fatal resets (bsc#1066382). - ibmvnic: Implement .get_channels (fate#323285). - ibmvnic: Implement .get_ringparam (fate#323285). - ibmvnic: Implement per-queue statistics reporting (fate#323285). - ibmvnic: Let users change net device features (bsc#1066382). - ibmvnic: Update reset infrastructure to support tunable parameters (bsc#1066382). - ib/srp: Avoid that a cable pull can trigger a kernel crash (bsc#1022595 FATE#322350). - ib/srpt: Do not accept invalid initiator port names (bnc#1012382). - ib/uverbs: Fix device cleanup (bsc#1022595 FATE#322350). - ib/uverbs: Fix NULL pointer dereference during device removal (bsc#1022595 FATE#322350). - igb: close/suspend race in netif_device_detach (bnc#1012382). - igb: Fix hw_dbg logging in igb_update_flash_i210 (bnc#1012382). - igb: reset the PHY before reading the PHY ID (bnc#1012382). - igb: Use smp_rmb rather than read_barrier_depends (bnc#1012382). - igbvf: Use smp_rmb rather than read_barrier_depends (bnc#1012382). - iio: adc: xilinx: Fix error handling (bnc#1012382). - iio: dummy: events: Add missing break (bsc#1031717). - iio: light: fix improper return value (bnc#1012382). - iio: trigger: free trigger resource correctly (bnc#1012382). - ima: do not update security.ima if appraisal status is not INTEGRITY_PASS (bnc#1012382). - input: ar1021_i2c - fix too long name in driver's device table (bsc#1031717). - input: edt-ft5x06 - fix setting gain, offset, and threshold via device tree (bsc#1031717). - input: elan_i2c - add ELAN060C to the ACPI table (bnc#1012382). - input: elan_i2c - add ELAN0611 to the ACPI table (bnc#1012382). - input: gtco - fix potential out-of-bound access (bnc#1012382). - input: mpr121 - handle multiple bits change of status register (bnc#1012382). - input: mpr121 - set missing event capability (bnc#1012382). - input: ti_am335x_tsc - fix incorrect step config for 5 wire touchscreen (bsc#1031717). - input: twl4030-pwrbutton - use correct device for irq request (bsc#1031717). - input: ucb1400_ts - fix suspend and resume handling (bsc#1031717). - input: uinput - avoid crash when sending FF request to device going away (bsc#1031717). - iommu/amd: Finish TLB flush in amd_iommu_unmap() (bnc#1012382). - iommu/arm-smmu-v3: Clear prior settings when updating STEs (bnc#1012382). - iommu/vt-d: Do not register bus-notifier under dmar_global_lock (bsc#1069793). - ip6_gre: only increase err_count for some certain type icmpv6 in ip6gre_err (bnc#1012382). - ip6_gre: skb_push ipv6hdr before packing the header in ip6gre_header (bnc#1012382). - ipip: only increase err_count for some certain type icmp in ipip_err (bnc#1012382). - ipmi: fix unsigned long underflow (bnc#1012382). - ipmi: Pick up slave address from SMBIOS on an ACPI device (bsc#1070006). - ipmi: Prefer ACPI system interfaces over SMBIOS ones (bsc#1070006). - ipmi_si: Clean up printks (bsc#1070006). - ipmi_si: fix memory leak on new_smi (bsc#1070006). - ipsec: do not ignore crypto err in ah4 input (bnc#1012382). - ipv6: flowlabel: do not leave opt->tot_len with garbage (bnc#1012382). - ipv6: only call ip6_route_dev_notify() once for NETDEV_UNREGISTER (bnc#1012382). - ipvs: make drop_entry protection effective for SIP-pe (bsc#1056365). - irqchip/crossbar: Fix incorrect type of local variables (bnc#1012382). - isa: Prevent NULL dereference in isa_bus driver callbacks (bsc#1031717). - iscsi-target: Fix non-immediate TMR reference leak (bnc#1012382). - isdn/i4l: fetch the ppp_write buffer in one shot (bnc#1012382). - isofs: fix timestamps beyond 2027 (bnc#1012382). - iwlwifi: mvm: fix the coex firmware API (bsc#1031717). - iwlwifi: mvm: return -ENODATA when reading the temperature with the FW down (bsc#1031717). - iwlwifi: mvm: set the RTS_MIMO_PROT bit in flag mask when sending sta to fw (bsc#1031717). - iwlwifi: mvm: use IWL_HCMD_NOCOPY for MCAST_FILTER_CMD (bnc#1012382). - iwlwifi: split the regulatory rules when the bandwidth flags require it (bsc#1031717). - ixgbe: add mask for 64 RSS queues (bnc#1012382). - ixgbe: do not disable FEC from the driver (bnc#1012382). - ixgbe: fix AER error handling (bnc#1012382). - ixgbe: Fix skb list corruption on Power systems (bnc#1012382). - ixgbe: handle close/suspend race with netif_device_detach/present (bnc#1012382). - ixgbe: Reduce I2C retry count on X550 devices (bnc#1012382). - ixgbevf: Use smp_rmb rather than read_barrier_depends (bnc#1012382). - kABI fix for 4.4.99 net changes (stable-4.4.99). - kABI: protect struct l2tp_tunnel (kabi). - kABI: protect struct regulator_dev (kabi). - kABI: protect structs rt_rq+root_domain (kabi). - kABI: protect typedef rds_rdma_cookie_t (kabi). - kernel/sysctl.c: remove duplicate UINT_MAX check on do_proc_douintvec_conv() (bsc#1066470). - kernel/watchdog: Prevent false positives with turbo modes (bnc#1063516). - keys: do not let add_key() update an uninstantiated key (bnc#1012382). - keys: do not revoke uninstantiated key in request_key_auth_new() (bsc#1031717). - keys: encrypted: fix dereference of NULL user_key_payload (bnc#1012382). - keys: fix cred refcount leak in request_key_auth_new() (bsc#1031717). - keys: fix key refcount leak in keyctl_assume_authority() (bsc#1031717). - keys: fix key refcount leak in keyctl_read_key() (bsc#1031717). - keys: fix NULL pointer dereference during ASN.1 parsing [ver #2] (bnc#1012382). - keys: fix out-of-bounds read during ASN.1 parsing (bnc#1012382). - keys: Fix race between updating and finding a negative key (bnc#1012382). - keys: return full count in keyring_read() if buffer is too small (bnc#1012382). - keys: trusted: fix writing past end of buffer in trusted_read() (bnc#1012382). - keys: trusted: sanitize all key material (bnc#1012382). - KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit (bnc#1012382). - kvm: nVMX: set IDTR and GDTR limits when loading L1 host state (bnc#1012382). - KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter (bnc#1012382). - kvm: SVM: obey guest PAT (bnc#1012382). - l2tp: Avoid schedule while atomic in exit_net (bnc#1012382). - l2tp: check ps->sock before running pppol2tp_session_ioctl() (bnc#1012382). - l2tp: fix race condition in l2tp_tunnel_delete (bnc#1012382). - lib/digsig: fix dereference of NULL user_key_payload (bnc#1012382). - libertas: Fix lbs_prb_rsp_limit_set() (bsc#1031717). - lib/mpi: call cond_resched() from mpi_powm() loop (bnc#1012382). - libnvdimm, namespace: fix label initialization to use valid seq numbers (bnc#1012382). - libnvdimm, namespace: make 'resource' attribute only readable by root (bnc#1012382). - libnvdimm, pfn: make 'resource' attribute only readable by root (FATE#319858). - lib/ratelimit.c: use deferred printk() version (bsc#979928). - locking/lockdep: Add nest_lock integrity test (bnc#1012382). - mac80211: agg-tx: call drv_wake_tx_queue in proper context (bsc#1031717). - mac80211: do not compare TKIP TX MIC key in reinstall prevention (bsc#1066472). - mac80211: do not send SMPS action frame in AP mode when not needed (bsc#1031717). - mac80211: Fix addition of mesh configuration element (git-fixes). - mac80211: Fix BW upgrade for TDLS peers (bsc#1031717). - mac80211: fix mgmt-tx abort cookie and leak (bsc#1031717). - mac80211: fix power saving clients handling in iwlwifi (bnc#1012382). - mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length (bnc#1012382). - mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl() (bsc#1031717). - mac80211: Remove invalid flag operations in mesh TSF synchronization (bnc#1012382). - mac80211: Remove unused 'beaconint_us' variable (bsc#1031717). - mac80211: Remove unused 'i' variable (bsc#1031717). - mac80211: Remove unused 'len' variable (bsc#1031717). - mac80211: Remove unused 'rates_idx' variable (bsc#1031717). - mac80211: Remove unused 'sband' and 'local' variables (bsc#1031717). - mac80211: Remove unused 'struct ieee80211_rx_status' ptr (bsc#1031717). - mac80211: Suppress NEW_PEER_CANDIDATE event if no room (bnc#1012382). - mac80211: TDLS: always downgrade invalid chandefs (bsc#1031717). - mac80211: TDLS: change BW calculation for WIDER_BW peers (bsc#1031717). - mac80211: use constant time comparison with keys (bsc#1066471). - md/linear: shutup lockdep warnning (bnc#1012382). - media: au0828: fix RC_CORE dependency (bsc#1031717). - media: Do not do DMA on stack for firmware upload in the AS102 driver (bnc#1012382). - media: em28xx: calculate left volume level correctly (bsc#1031717). - media: mceusb: fix memory leaks in error path (bsc#1031717). - media: rc: check for integer overflow (bnc#1012382). - media: v4l2-ctrl: Fix flags field on Control events (bnc#1012382). - megaraid_sas: Do not fire MR_DCMD_PD_LIST_QUERY to controllers which do not support it (bsc#1027301). - mei: return error on notification request to a disconnected client (bnc#1012382). - mfd: ab8500-sysctrl: Handle probe deferral (bnc#1012382). - mfd: axp20x: Fix axp288 PEK_DBR and PEK_DBF irqs being swapped (bnc#1012382). - mips: AR7: Defer registration of GPIO (bnc#1012382). - mips: AR7: Ensure that serial ports are properly set up (bnc#1012382). - mips: BCM47XX: Fix LED inversion for WRT54GSv1 (bnc#1012382). - mips: End asm function prologue macros with .insn (bnc#1012382). - mips: Fix an n32 core file generation regset support regression (bnc#1012382). - mips: Fix CM region target definitions (bnc#1012382). - mips: Fix race on setting and getting cpu_online_mask (bnc#1012382). - mips: init: Ensure bootmem does not corrupt reserved memory (bnc#1012382). - mips: init: Ensure reserved memory regions are not added to bootmem (bnc#1012382). - mips: math-emu: Remove pr_err() calls from fpu_emu() (bnc#1012382). - mips: microMIPS: Fix incorrect mask in insn_table_MM (bnc#1012382). - mips: Netlogic: Exclude netlogic,xlp-pic code from XLR builds (bnc#1012382). - mips: ralink: Fix MT7628 pinmux (bnc#1012382). - mips: ralink: Fix typo in mt7628 pinmux function (bnc#1012382). - mips: SMP: Fix deadlock & online race (bnc#1012382). - mips: SMP: Use a completion event to signal CPU up (bnc#1012382). - misc: panel: properly restore atomic counter on error path (bnc#1012382). - mmc: block: return error on failed mmc_blk_get() (bsc#1031717). - mmc: core/mmci: restore pre/post_req behaviour (bsc#1031717). - mmc: dw_mmc: rockchip: Set the drive phase properly (bsc#1031717). - mm: check the return value of lookup_page_ext for all call sites (bnc#1068982). - mmc: host: omap_hsmmc: avoid possible overflow of timeout value (bsc#1031717). - mmc: host: omap_hsmmc: checking for NULL instead of IS_ERR() (bsc#1031717). - mmc: mediatek: Fixed size in dma_free_coherent (bsc#1031717). - mmc: s3cmci: include linux/interrupt.h for tasklet_struct (bnc#1012382). - mmc: sd: limit SD card power limit according to cards capabilities (bsc#1031717). - mm, hwpoison: fixup "mm: check the return value of lookup_page_ext for all call sites" (bnc#1012382). - mm/madvise.c: fix madvise() infinite loop under special circumstances (bnc#1070964). - mm/page_alloc.c: broken deferred calculation (bnc#1068980). - mm, page_alloc: fix potential false positive in __zone_watermark_ok (Git-fixes, bsc#1068978). - mm/page_ext.c: check if page_ext is not prepared (bnc#1068982). - mm/page_owner: avoid null pointer dereference (bnc#1068982). - mm/pagewalk.c: report holes in hugetlb ranges (bnc#1012382). - net: 3com: typhoon: typhoon_init_one: fix incorrect return values (bnc#1012382). - net: 3com: typhoon: typhoon_init_one: make return values more specific (bnc#1012382). - net/9p: Switch to wait_event_killable() (bnc#1012382). - net: Allow IP_MULTICAST_IF to set index to L3 slave (bnc#1012382). - net: cdc_ether: fix divide by 0 on bad descriptors (bnc#1012382). - net: cdc_ncm: GetNtbFormat endian fix (git-fixes). - net: dsa: select NET_SWITCHDEV (bnc#1012382). - net: emac: Fix napi poll list corruption (bnc#1012382). - netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed (bnc#1012382). - netfilter: nf_ct_expect: Change __nf_ct_expect_check() return value (bnc#1012382). - netfilter: nf_tables: fix oob access (bnc#1012382). - netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family (bnc#1012382). - netfilter: nft_queue: use raw_smp_processor_id() (bnc#1012382). - net: ibm: ibmvnic: constify vio_device_id (fate#323285). - net/mlx4_core: Fix VF overwrite of module param which disables DMFS on new probed PFs (bnc#1012382). - net/mlx4_en: fix overflow in mlx4_en_init_timestamp() (bnc#1012382). - net: mvpp2: release reference to txq_cpu[] entry after unmapping (bnc#1012382). - net: qmi_wwan: fix divide by 0 on bad descriptors (bnc#1012382). - net/sctp: Always set scope_id in sctp_inet6_skb_msgname (bnc#1012382). - net: Set sk_prot_creator when cloning sockets to the right proto (bnc#1012382). - net/unix: do not show information about sockets from other namespaces (bnc#1012382). - nfc: fix device-allocation error return (bnc#1012382). - nfsd/callback: Cleanup callback cred on shutdown (bnc#1012382). - nfsd: deal with revoked delegations appropriately (bnc#1012382). - nfs: Do not disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261). - nfs: Fix typo in nomigration mount option (bnc#1012382). - nfs: Fix ugly referral attributes (bnc#1012382). - nilfs2: fix race condition that causes file system corruption (bnc#1012382). - nl80211: Define policy for packet pattern attributes (bnc#1012382). - nvme: Fix memory order on async queue deletion (bnc#1012382). - ocfs2: fstrim: Fix start offset of first cluster group during fstrim (bnc#1012382). - ocfs2: should wait dio before inode lock in ocfs2_setattr() (bnc#1012382). - packet: avoid panic in packet_getsockopt() (bnc#1012382). - packet: only test po->has_vnet_hdr once in packet_snd (bnc#1012382). - parisc: Avoid trashing sr2 and sr3 in LWS code (bnc#1012382). - parisc: Fix double-word compare and exchange in LWS code on 32-bit kernels (bnc#1012382). - parisc: Fix validity check of pointer size argument in new CAS implementation (bnc#1012382). - pci: Apply _HPX settings only to relevant devices (bnc#1012382). - pci: mvebu: Handle changes to the bridge windows while enabled (bnc#1012382). - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bnc#1012382). - perf tools: Fix build failure on perl script context (bnc#1012382). - perf tools: Only increase index if perf_evsel__new_idx() succeeds (bnc#1012382). - perf/x86/intel/bts: Fix exclusive event reference leak (git-fixes d2878d642a4ed). - phy: increase size of MII_BUS_ID_SIZE and bus_id (bnc#1012382). - pkcs#7: fix unitialized boolean 'want' (bnc#1012382). - pkcs7: Prevent NULL pointer dereference, since sinfo is not always set (bnc#1012382). - platform/x86: acer-wmi: setup accelerometer when ACPI device was found (bsc#1031717). - platform/x86: hp-wmi: Do not shadow error values (bnc#1012382). - platform/x86: hp-wmi: Fix detection for dock and tablet mode (bnc#1012382). - platform/x86: hp-wmi: Fix error value for hp_wmi_tablet_state (bnc#1012382). - platform/x86: intel_mid_thermal: Fix module autoload (bnc#1012382). - platform/x86: sony-laptop: Fix error handling in sony_nc_setup_rfkill() (bsc#1031717). - pm / OPP: Add missing of_node_put(np) (bnc#1012382). - power: bq27xxx_battery: Fix bq27541 AveragePower register address (bsc#1031717). - power: bq27xxx: fix reading for bq27000 and bq27010 (bsc#1031717). - powercap: Fix an error code in powercap_register_zone() (bsc#1031717). - power: ipaq-micro-battery: freeing the wrong variable (bsc#1031717). - powerpc/64: Fix race condition in setting lock bit in idle/wakeup code (bsc#1066223). - powerpc/bpf/jit: Disable classic BPF JIT on ppc64le (bsc#1066223). - powerpc/corenet: explicitly disable the SDHC controller on kmcoge4 (bnc#1012382). - powerpc: Correct instruction code for xxlor instruction (bsc#1066223). - powerpc: Fix VSX enabling/flushing to also test MSR_FP and MSR_VEC (bsc#1066223). - powerpc/mm: Fix check of multiple 16G pages from device tree (bsc#1066223). - powerpc/mm: Fix virt_addr_valid() etc. on 64-bit hash (bsc#1066223). - powerpc/mm/hash64: Fix subpage protection with 4K HPTE config (bsc#1010201, bsc#1066223). - powerpc/mm/hash: Free the subpage_prot_table correctly (bsc#1066223). - powerpc/numa: Fix multiple bugs in memory_hotplug_max() (bsc#1066223). - powerpc/numa: Fix whitespace in hot_add_drconf_memory_max() (bsc#1066223). - powerpc/opal: Fix EBUSY bug in acquiring tokens (bsc#1066223). - powerpc/perf: Remove PPMU_HAS_SSLOT flag for Power8 (bsc#1066223). - powerpc/powernv/ioda: Fix endianness when reading TCEs (bsc#1066223). - powerpc/powernv: Make opal_event_shutdown() callable from IRQ context (bsc#1066223). - powerpc/pseries/vio: Dispose of virq mapping on vdevice unregister (bsc#1067888). - powerpc/signal: Properly handle return value from uprobe_deny_signal() (bsc#1066223). - powerpc/sysrq: Fix oops whem ppmu is not registered (bsc#1066223). - power: supply: bq27xxx_battery: Fix register map for BQ27510 and BQ27520 ("bsc#1069270"). - power: supply: isp1704: Fix unchecked return value of devm_kzalloc (bsc#1031717). - power: supply: lp8788: prevent out of bounds array access (bsc#1031717). - power_supply: tps65217-charger: Fix NULL deref during property export (bsc#1031717). - ppp: fix race in ppp device destruction (bnc#1012382). - printk/console: Always disable boot consoles that use init memory before it is freed (bsc#1063026). - printk/console: Enhance the check for consoles using init memory (bsc#1063026). - printk: include <asm/sections.h> instead of <asm-generic/sections.h> (bsc#1063026). - printk: only unregister boot consoles when necessary (bsc#1063026). - quota: Check for register_shrinker() failure (bsc#1012829). - r8169: Do not increment tx_dropped in TX ring cleaning (bsc#1031717). - rbd: use GFP_NOIO for parent stat and data requests (bnc#1012382). - rcu: Allow for page faults in NMI handlers (bnc#1012382). - rdma/uverbs: Prevent leak of reserved field (bsc#1022595 FATE#322350). - rds: RDMA: return appropriate error on rdma map failures (bnc#1012382). - regulator: core: Limit propagation of parent voltage count and list (bsc#1070145). - regulator: fan53555: fix I2C device ids (bnc#1012382). - Revert "bpf: one perf event close won't free bpf program attached by another perf event" (kabi). - Revert "bsg-lib: do not free job in bsg_prepare_job" (bnc#1012382). - Revert "crypto: xts - Add ECB dependency" (bnc#1012382). - Revert "drm: bridge: add DT bindings for TI ths8135" (bnc#1012382). - Revert "keys: Fix race between updating and finding a negative key" (kabi). - Revert "phy: increase size of MII_BUS_ID_SIZE and bus_id" (kabi). - Revert "sctp: do not peel off an assoc from one netns to another one" (bnc#1012382). - Revert "tty: goldfish: Fix a parameter of a call to free_irq" (bnc#1012382). - Revert "uapi: fix linux/rds.h userspace compilation errors" (bnc#1012382). - rpm/kernel-binary.spec.in: add the kernel-binary dependencies to kernel-binary-base (bsc#1060333). - rpm/kernel-binary.spec.in: Correct supplements for recent SLE products (bsc#1067494) - rpm/kernel-binary.spec.in: only rewrite modules.dep if non-zero in size (bsc#1056979). - rtc: ds1307: Fix relying on reset value for weekday (bsc#1031717). - rtc: ds1374: wdt: Fix issue with timeout scaling from secs to wdt ticks (bsc#1031717). - rtc: ds1374: wdt: Fix stop/start ioctl always returning -EINVAL (bsc#1031717). - rtc: rtc-nuc900: fix loop timeout test (bsc#1031717). - rtc: sa1100: fix unbalanced clk_prepare_enable/clk_disable_unprepare (bsc#1031717). - rtlwifi: fix uninitialized rtlhal->last_suspend_sec time (bnc#1012382). - rtlwifi: rtl8192ee: Fix memory leak when loading firmware (bnc#1012382). - rtlwifi: rtl8821ae: Fix connection lost problem (bnc#1012382). - rtlwifi: rtl8821ae: Fix HW_VAR_NAV_UPPER operation (bsc#1031717). - s390/dasd: check for device error pointer within state change interrupts (bnc#1012382). - s390/disassembler: add missing end marker for e7 table (bnc#1012382). - s390/disassembler: correct disassembly lines alignment (bsc#1070825). - s390/disassembler: increase show_code buffer size (bnc#1012382). - s390: fix transactional execution control register handling (bnc#1012382). - s390/kbuild: enable modversions for symbols exported from asm (bnc#1012382). - s390/qeth: issue STARTLAN as first IPA command (bnc#1012382). - s390/runtime instrumention: fix possible memory corruption (bnc#1012382). - sched/autogroup: Fix autogroup_move_group() to never skip sched_move_task() (bnc#1012382). - sched: Make resched_cpu() unconditional (bnc#1012382). - sched/rt: Simplify the IPI based RT balancing logic (bnc#1012382). - scsi: aacraid: Process Error for response I/O (bnc#1012382). - scsi_devinfo: cleanly zero-pad devinfo strings (bsc#1062941). - scsi: ipr: Fix scsi-mq lockdep issue (bsc#1066213). - scsi: ipr: Set no_report_opcodes for RAID arrays (bsc#1066213). - scsi: libiscsi: fix shifting of DID_REQUEUE host byte (bsc#1056003). - scsi: lpfc: Add missing memory barrier (bnc#1012382). - scsi: lpfc: Clear the VendorVersion in the PLOGI/PLOGI ACC payload (bnc#1012382). - scsi: lpfc: Correct host name in symbolic_name field (bnc#1012382). - scsi: lpfc: Correct issue leading to oops during link reset (bnc#1012382). - scsi: lpfc: FCoE VPort enable-disable does not bring up the VPort (bnc#1012382). - scsi: reset wait for IO completion (bsc#996376). - scsi: scsi_devinfo: fixup string compare (bsc#1062941). updated patches.fixes/scsi_devinfo-fixup-string-compare.patch to the version merged upstream. - scsi: scsi_devinfo: handle non-terminated strings (bsc#1062941). - scsi: scsi_dh_emc: return success in clariion_std_inquiry() (bnc#1012382). - scsi: scsi_transport_fc: Also check for NOTPRESENT in fc_remote_port_add() (bsc#1037890). - scsi: scsi_transport_fc: set scsi_target_id upon rescan (bsc#1058135). - scsi: sg: Re-fix off by one in sg_fill_request_table() (bnc#1012382). - scsi: ufs: add capability to keep auto bkops always enabled (bnc#1012382). - scsi: ufs-qcom: Fix module autoload (bnc#1012382). - scsi: virtio_scsi: let host do exception handling (bsc#1060682). - scsi: zfcp: fix erp_action use-before-initialize in REC action trace (bnc#1012382). - sctp: add the missing sock_owned_by_user check in sctp_icmp_redirect (bnc#1012382). - sctp: do not peel off an assoc from one netns to another one (bnc#1012382). - sctp: potential read out of bounds in sctp_ulpevent_type_enabled() (bnc#1012382). - sctp: reset owner sk for data chunks on out queues when migrating a sock (bnc#1012382). - security/keys: add CONFIG_KEYS_COMPAT to Kconfig (bnc#1012382). - selftests: firmware: add empty string and async tests (bnc#1012382). - selftests: firmware: send expected errors to /dev/null (bnc#1012382). - serial: 8250_fintek: Fix rs485 disablement on invalid ioctl() (bsc#1031717). - serial: 8250_uniphier: fix serial port index in private data (bsc#1031717). - serial: Fix serial console on SNI RM400 machines (bsc#1031717). - serial: omap: Fix EFR write on RTS deassertion (bnc#1012382). - serial: Remove unused port type (bsc#1066045). - serial: sh-sci: Fix register offsets for the IRDA serial port (bnc#1012382). - slub: do not merge cache if slub_debug contains a never-merge flag (bnc#1012382). - smb3: parsing for new snapshot timestamp mount parm (FATE#324404). New mount option "snapshot=<time>" to allow mounting an earlier version of the remote volume (if such a snapshot exists on the server). Note that eventually specifying a snapshot time of 1 will allow the user to mount the oldest snapshot. A subsequent patch add the processing for that and another for actually specifying the "time warp" create context on SMB2/SMB3 open. Check to make sure SMB2 negotiated, and ensure that we use a different tcon if mount same share twice but with different snaphshot times - sparc64: Migrate hvcons irq to panicked cpu (bnc#1012382). - spi: SPI_FSL_DSPI should depend on HAS_DMA (bnc#1012382). - spi: uapi: spidev: add missing ioctl header (bnc#1012382). - staging: iio: cdc: fix improper return value (bnc#1012382). - staging: lustre: hsm: stack overrun in hai_dump_data_field (bnc#1012382). - staging: lustre: llite: do not invoke direct_IO for the EOF case (bnc#1012382). - staging: lustre: ptlrpc: skip lock if export failed (bnc#1012382). - staging: r8712u: Fix Sparse warning in rtl871x_xmit.c (bnc#1012382). - staging: rtl8188eu: fix incorrect ERROR tags from logs (bnc#1012382). - staging: rtl8712: fixed little endian problem (bnc#1012382). - staging: rtl8712u: Fix endian settings for structs describing network packets (bnc#1012382). - sunrpc: Fix tracepoint storage issues with svc_recv and svc_rqst_status (bnc#1012382). - target: fix ALUA state file path truncation (bsc#1071231). - target: Fix node_acl demo-mode + uncached dynamic shutdown regression (bnc#1012382). - target: fix PR state file path truncation (bsc#1071231). - target: Fix QUEUE_FULL + SCSI task attribute handling (bnc#1012382). - target/iscsi: Fix iSCSI task reassignment handling (bnc#1012382). - target/iscsi: Fix unsolicited data seq_end_offset calculation (bnc#1012382). - tcp/dccp: fix ireq->opt races (bnc#1012382). - tcp/dccp: fix lockdep splat in inet_csk_route_req() (bnc#1012382). - tcp/dccp: fix other lockdep splats accessing ireq_opt (bnc#1012382). - tcp: do not mangle skb->cb[] in tcp_make_synack() (bnc#1012382). - tcp: fix tcp_mtu_probe() vs highest_sack (bnc#1012382). - test: firmware_class: report errors properly on failure (bnc#1012382). - timer: Prevent timer value 0 for MWAITX (bsc#1065717). - tipc: fix link attribute propagation bug (bnc#1012382). - tipc: use only positive error codes in messages (bnc#1012382). - tools: firmware: check for distro fallback udev cancel rule (bnc#1012382). - tracing/samples: Fix creation and deletion of simple_thread_fn creation (bnc#1012382). - tun: allow positive return values on dev_get_valid_name() call (bnc#1012382). - tun: bail out from tun_get_user() if the skb is empty (bnc#1012382). - tun: call dev_get_valid_name() before register_netdevice() (bnc#1012382). - tun/tap: sanitize TUNSETSNDBUF input (bnc#1012382). - uapi: fix linux/mroute6.h userspace compilation errors (bnc#1012382). - uapi: fix linux/rds.h userspace compilation error (bnc#1012382). - uapi: fix linux/rds.h userspace compilation errors (bnc#1012382). - udpv6: Fix the checksum computation when HW checksum does not apply (bnc#1012382). - usb: Add delay-init quirk for Corsair K70 LUX keyboards (bnc#1012382). - usb: cdc_acm: Add quirk for Elatec TWN3 (bnc#1012382). - usb: core: fix out-of-bounds access bug in usb_get_bos_descriptor() (bnc#1012382). - usb: devio: Revert "USB: devio: Do not corrupt user memory" (bnc#1012382). - usb: dummy-hcd: Fix deadlock caused by disconnect detection (bnc#1012382). - usb: gadget: composite: Fix use-after-free in usb_composite_overwrite_options (bnc#1012382). - usb: hcd: initialize hcd->flags to 0 when rm hcd (bnc#1012382). - usb: hub: Allow reset retry for USB2 devices on connect bounce (bnc#1012382). - usb: musb: Check for host-mode using is_host_active() on reset interrupt (bnc#1012382). - usb: musb: sunxi: Explicitly release USB PHY on exit (bnc#1012382). - usb: quirks: add quirk for WORLDE MINI MIDI keyboard (bnc#1012382). - usb: renesas_usbhs: Fix DMAC sequence for receiving zero-length packet (bnc#1012382). - usb: serial: console: fix use-after-free after failed setup (bnc#1012382). - usb: serial: cp210x: add support for ELV TFD500 (bnc#1012382). - usb: serial: ftdi_sio: add id for Cypress WICED dev board (bnc#1012382). - usb: serial: garmin_gps: fix I/O after failed probe and remove (bnc#1012382). - usb: serial: garmin_gps: fix memory leak on probe errors (bnc#1012382). - usb: serial: metro-usb: add MS7820 device id (bnc#1012382). - usb: serial: option: add support for TP-Link LTE module (bnc#1012382). - usb: serial: qcserial: add Dell DW5818, DW5819 (bnc#1012382). - usb: serial: qcserial: add pid/vid for Sierra Wireless EM7355 fw update (bnc#1012382). - usb: usbfs: compute urb->actual_length for isochronous (bnc#1012382). - usb: usbtest: fix NULL pointer dereference (bnc#1012382). - usb: xhci: Handle error condition in xhci_stop_device() (bnc#1012382). - vfs: expedite unmount (bsc#1024412). - video: fbdev: pmag-ba-fb: Remove bad `__init' annotation (bnc#1012382). - video: udlfb: Fix read EDID timeout (bsc#1031717). - vlan: fix a use-after-free in vlan_device_event() (bnc#1012382). - vsock: use new wait API for vsock_stream_sendmsg() (bnc#1012382). - vti: fix use after free in vti_tunnel_xmit/vti6_tnl_xmit (bnc#1012382). - watchdog: kempld: fix gcc-4.3 build (bnc#1012382). - workqueue: Fix NULL pointer dereference (bnc#1012382). - workqueue: replace pool->manager_arb mutex with a flag (bnc#1012382). - x86/alternatives: Fix alt_max_short macro to really be a max() (bnc#1012382). - x86/decoder: Add new TEST instruction pattern (bnc#1012382). - x86/MCE/AMD: Always give panic severity for UC errors in kernel context (git-fixes bf80bbd7dcf5). - x86/microcode/AMD: Add support for fam17h microcode loading (bsc#1068032). - x86/microcode/intel: Disable late loading on model 79 (bnc#1012382). - x86/oprofile/ppro: Do not use __this_cpu*() in preemptible context (bnc#1012382). - x86/uaccess, sched/preempt: Verify access_ok() context (bnc#1012382). - xen: do not print error message in case of missing Xenstore entry (bnc#1012382). - xen/events: events_fifo: Do not use {get,put}_cpu() in xen_evtchn_fifo_init() (bnc#1065600). - xen: fix booting ballooned down hvm guest (bnc#1065600). - xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() (bnc#1012382). - xen/manage: correct return value check on xenbus_scanf() (bnc#1012382). - xen-netback: fix error handling output (bnc#1065600). - xen: x86: mark xen_find_pt_base as __init (bnc#1065600). - xen: xenbus driver must not accept invalid transaction ids (bnc#1012382). - zd1211rw: fix NULL-deref at probe (bsc#1031717). Important SUSE bug 1010201 SUSE bug 1012382 SUSE bug 1012829 SUSE bug 1017461 SUSE bug 1021424 SUSE bug 1022595 SUSE bug 1022914 SUSE bug 1024412 SUSE bug 1027301 SUSE bug 1030061 SUSE bug 1031717 SUSE bug 1037890 SUSE bug 1046107 SUSE bug 1050060 SUSE bug 1050231 SUSE bug 1053919 SUSE bug 1056003 SUSE bug 1056365 SUSE bug 1056427 SUSE bug 1056979 SUSE bug 1057199 SUSE bug 1058135 SUSE bug 1060333 SUSE bug 1060682 SUSE bug 1061756 SUSE bug 1062941 SUSE bug 1063026 SUSE bug 1063516 SUSE bug 1064701 SUSE bug 1064926 SUSE bug 1065180 SUSE bug 1065600 SUSE bug 1065639 SUSE bug 1065692 SUSE bug 1065717 SUSE bug 1065866 SUSE bug 1066045 SUSE bug 1066192 SUSE bug 1066213 SUSE bug 1066223 SUSE bug 1066285 SUSE bug 1066382 SUSE bug 1066470 SUSE bug 1066471 SUSE bug 1066472 SUSE bug 1066573 SUSE bug 1066606 SUSE bug 1066629 SUSE bug 1067105 SUSE bug 1067132 SUSE bug 1067494 SUSE bug 1067888 SUSE bug 1068671 SUSE bug 1068978 SUSE bug 1068980 SUSE bug 1068982 SUSE bug 1069270 SUSE bug 1069496 SUSE bug 1069702 SUSE bug 1069793 SUSE bug 1069942 SUSE bug 1069996 SUSE bug 1070006 SUSE bug 1070145 SUSE bug 1070535 SUSE bug 1070767 SUSE bug 1070771 SUSE bug 1070805 SUSE bug 1070825 SUSE bug 1070964 SUSE bug 1071231 SUSE bug 1071693 SUSE bug 1071694 SUSE bug 1071695 SUSE bug 1071833 SUSE bug 963575 SUSE bug 964944 SUSE bug 966170 SUSE bug 966172 SUSE bug 974590 SUSE bug 979928 SUSE bug 989261 SUSE bug 996376 CVE-2017-1000405 CVE-2017-1000410 CVE-2017-11600 CVE-2017-12193 CVE-2017-15115 CVE-2017-16528 CVE-2017-16536 CVE-2017-16537 CVE-2017-16646 CVE-2017-16939 CVE-2017-16994 CVE-2017-17448 CVE-2017-17449 CVE-2017-17450 CVE-2017-7482 CVE-2017-8824 openSUSE Leap 42.2 This update for 389-ds fixes the following issues: - CVE-2017-7551: 389-ds-base: Password brute-force possible for locked account due to different return codes (bsc#1051997) - CVE-2016-4992: 389-ds: Information disclosure via repeated use of LDAP ADD operation (bsc#997256) - CVE-2016-5405: 389-ds: Password verification vulnerable to timing attack (bsc#1007004) - CVE-2017-2591: 389-ds-base: Heap buffer overflow in uiduniq.c (bsc#1020670) - CVE-2017-2668 389-ds Remote crash via crafted LDAP messages (bsc#1069067) - CVE-2016-0741: 389-ds: worker threads do not detect abnormally closed connections causing DoS (bsc#1069074) Moderate SUSE bug 1007004 SUSE bug 1020670 SUSE bug 1051997 SUSE bug 1069067 SUSE bug 1069074 SUSE bug 997256 CVE-2016-4992 CVE-2016-5405 CVE-2017-2668 CVE-2017-7551 openSUSE Leap 42.2 This update for ImageMagick fixes the following issues: * CVE-2016-9556 Possible Heap-overflow found by fuzzing [bsc#1011130] * CVE-2016-9559 Possible Null pointer access found by fuzzing [bsc#1011136] * CVE-2016-8707 Possible code execution in Tiff conver utility [bsc#1014159] * CVE-2016-8866 Memory allocation failure in AcquireMagickMemory could lead to Heap overflow [bsc#1009318] * CVE-2016-9559 Possible Null pointer access found by fuzzing [bsc#1011136] This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1009318 SUSE bug 1011130 SUSE bug 1011136 SUSE bug 1013376 SUSE bug 1014159 CVE-2014-9848 CVE-2016-8707 CVE-2016-8866 CVE-2016-9556 CVE-2016-9559 CVE-2016-9773 openSUSE Leap 42.2 This update for enigmail to version 1.9.9 fixes the following issues (boo#1073858): * Enigmail could be coerced to use a malicious PGP public key with a corresponding secret key controlled by an attacker * Enigmail could have replayed encrypted content in partially encrypted e-mails, allowing a plaintext leak * Enigmail could be tricked into displaying incorrect signature verification results * Specially crafted content may cause denial of service Important SUSE bug 1073858 openSUSE Leap 42.2 This update for python-PyJWT fixes the following issues: - CVE-2017-12880: fix symmetric/asymmetric confusion when handling PKCS1 public keys (bsc#1054106) This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1054106 CVE-2017-12880 openSUSE Leap 42.2 This update for virtualbox fixes the following issues: - The version has been updated from 5.1.8 to 5.1.12. Upstream fixed various functional and security issues. - Multiple security issues have been fixed that could cause DoS and possibly privilege escalation (CVE-2016-5501,CVE-2016-5538,CVE-2016-5605,CVE-2016-5608,CVE-2016-5610, CVE-2016-5611,CVE-2016-561313, boo#1005621) - A security warning regarding USB passthru has been added. It will be shown only the first time virtualbox is started. (bnc#1018340) - Reverted a previously introduced user interface scaling change, because it caused problems (https://forums.opensuse.org/showthread.php/521520-VirtualBox-interface-scaling, bsc#1014694) Moderate SUSE bug 1005621 SUSE bug 1014694 SUSE bug 1018340 CVE-2016-5501 CVE-2016-5538 CVE-2016-5605 CVE-2016-5608 CVE-2016-5610 CVE-2016-5611 CVE-2016-561313 openSUSE Leap 42.2 This update for postgresql96 fixes the following issues: Security issues fixed: - CVE-2017-15098: Fix crash due to rowtype mismatch in json{b}_populate_recordset() (bsc#1067844). - CVE-2017-15099: Ensure that INSERT ... ON CONFLICT DO UPDATE checks table permissions and RLS policies in all cases (bsc#1067841). Bug fixes: - Update to version 9.6.6: * https://www.postgresql.org/docs/9.6/static/release-9-6-6.html * https://www.postgresql.org/docs/9.6/static/release-9-6-5.html This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1067841 SUSE bug 1067844 CVE-2017-15098 CVE-2017-15099 openSUSE Leap 42.2 This update for ImageMagick fixes the following issues: * CVE-2017-14989: use-after-free in RenderFreetype in MagickCore/annotate.c could lead to denial of service [bsc#1061254] * CVE-2017-14682: GetNextToken in MagickCore/token.c heap buffer overflow could lead to denial of service [bsc#1060176] * Memory leak in WriteINLINEImage in coders/inline.c could lead to denial of service [bsc#1052744] * CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas could possibly disclose potentially sensitive memory [bsc#1059778] * CVE-2017-11640: NULL pointer deref in WritePTIFImage() in coders/tiff.c [bsc#1050632] * CVE-2017-14342: a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1058485] * CVE-2017-14341: Infinite loop in the ReadWPGImage function [bsc#1058637] * CVE-2017-16546: problem in the function ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1067181] * CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in validation problems could lead to denial of service [bsc#1067184] * CVE-2017-16669: problem in coders/wpg.c could allow remote attackers to cause a denial of service via crafted file [bsc#1067409] * CVE-2017-14175: Lack of End of File check could lead to denial of service [bsc#1057719] * CVE-2017-14138: memory leak vulnerability in ReadWEBPImage in coders/webp.c could lead to denial of service [bsc#1057157] * CVE-2017-13769: denial of service issue in function WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432] * CVE-2017-13134: a heap-based buffer over-read was found in thefunction SFWScan in coders/sfw.c, which allows attackers to cause adenial of service via a crafted file. [bsc#1055214] * CVE-2017-15217: memory leak in ReadSGIImage in coders/sgi.c [bsc#1062750] * CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in ImageMagick allows remote attackers to cause a DoS [bsc#1049796] * CVE-2017-15930: Null Pointer dereference while transfering JPEG scanlines could lead to denial of service [bsc#1066003] * CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c inImageMagick 7.0.6-8 allows remote attackers to cause a denial of service [bsc#1054757] * CVE-2017-14531: memory exhaustion issue in ReadSUNImage incoders/sun.c. [bsc#1059666] * CVE-2017-12435: Memory exhaustion in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service [bsc#1052553] * CVE-2017-12587: User controlable large loop in the ReadPWPImage in coders\pwp.c could lead to denial of service [bsc#1052450] * CVE-2017-11523: ReadTXTImage in coders/txt.c allows remote attackers to cause a denial of service [bsc#1050083] * CVE-2017-14173: unction ReadTXTImage is vulnerable to a integer overflow that could lead to denial of service [bsc#1057729] * CVE-2017-11188: ImageMagick: The ReadDPXImage function in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop vulnerability that can cause CPU exhaustion via a crafted DPX file, relatedto lack of an EOF check. [bnc#1048457] * CVE-2017-11527: ImageMagick: ReadDPXImage in coders/dpx.c allows remote attackers to cause DoS [bnc#1050116] * CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based buffer over-read in WritePSImage() in coders/ps.c [bnc#1050139] * CVE-2017-11752: ImageMagick: ReadMAGICKImage in coders/magick.c allows to cause DoS [bnc#1051441] * CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c has a ninteger signedness error leading to excessive memory consumption [bnc#1051847] * CVE-2017-12669: ImageMagick: Memory leak in WriteCALSImage in coders/cals.c [bnc#1052689] * CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak in WritePDFImage in coders/pdf.c [bnc#1052758] * CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage in codersdcm.c [bnc#1052764] * CVE-2017-14172: ImageMagick: Lack of end of file check in ReadPSImage() could lead to a denial of service [bnc#1057730] * CVE-2017-14733: GraphicsMagick: Heap overflow on ReadRLEImage in coders/rle.c could lead to denial of service [bnc#1060577] This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1048457 SUSE bug 1049796 SUSE bug 1050083 SUSE bug 1050116 SUSE bug 1050139 SUSE bug 1050632 SUSE bug 1051441 SUSE bug 1051847 SUSE bug 1052450 SUSE bug 1052553 SUSE bug 1052689 SUSE bug 1052744 SUSE bug 1052758 SUSE bug 1052764 SUSE bug 1054757 SUSE bug 1055214 SUSE bug 1056432 SUSE bug 1057157 SUSE bug 1057719 SUSE bug 1057729 SUSE bug 1057730 SUSE bug 1058485 SUSE bug 1058637 SUSE bug 1059666 SUSE bug 1059778 SUSE bug 1060176 SUSE bug 1060577 SUSE bug 1061254 SUSE bug 1062750 SUSE bug 1066003 SUSE bug 1067181 SUSE bug 1067184 SUSE bug 1067409 CVE-2017-11188 CVE-2017-11478 CVE-2017-11523 CVE-2017-11527 CVE-2017-11535 CVE-2017-11640 CVE-2017-11752 CVE-2017-12140 CVE-2017-12435 CVE-2017-12587 CVE-2017-12644 CVE-2017-12662 CVE-2017-12669 CVE-2017-12983 CVE-2017-13134 CVE-2017-13769 CVE-2017-14138 CVE-2017-14172 CVE-2017-14173 CVE-2017-14175 CVE-2017-14341 CVE-2017-14342 CVE-2017-14531 CVE-2017-14607 CVE-2017-14682 CVE-2017-14733 CVE-2017-14989 CVE-2017-15217 CVE-2017-15930 CVE-2017-16545 CVE-2017-16546 CVE-2017-16669 openSUSE Leap 42.2 This update for evince fixes the following issues: Security issue fixed: - CVE-2017-1000083: Remove support for tar and tar-like commands in comics backend (bsc#1046856). This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1046856 CVE-2017-1000083 openSUSE Leap 42.2 This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities: - CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin (bsc#1074043) - CVE-2017-7847: Local path string can be leaked from RSS feed (bsc#1074044) - CVE-2017-7848: RSS Feed vulnerable to new line Injection (bsc#1074045) - CVE-2017-7829: From address with encoded null character is cut off in message header display (bsc#1074046) Important SUSE bug 1074043 SUSE bug 1074044 SUSE bug 1074045 SUSE bug 1074046 CVE-2017-7829 CVE-2017-7846 CVE-2017-7847 CVE-2017-7848 openSUSE Leap 42.2 This update for global fixes the following issue: - CVE-2017-17531: Argument-injection vulnerability allowed execution of arbitrary code via crafted URLs (boo#1073197) Moderate SUSE bug 1073197 CVE-2017-17531 openSUSE Leap 42.2 This update for phpMyAdmin to version 4.7.7 fixes a security issue and bugs. The following vulnerability was fixed: - By deceiving a user to click on a crafted URL, it was possible to perform harmful database operations (bsc#1074066, PMASA-2017-09) This update also contains all upstream improvements and bugfixes in version 4.7.7: - various display and UI fixes - PHP error fixes - Improved deteciton of MySQL server needing SSL connections - Support JSON datatype on MariaDB 10.2.7 and newer - Fix constructing ALTER query with AFTER - Fix changing password on MariaDB cluster Important SUSE bug 1074066 openSUSE Leap 42.2 This update for gdk-pixbuf provides the following fixes: - Add overflow checks when creating pixbuf structures in general - Fix arithmetic overflow in the BMP loader (bsc#1053417) - Adds support for BMPv3 with bitmasks (bsc#1053417) This update was imported from the SUSE:SLE-12-SP2:Update update project. Low SUSE bug 1053417 openSUSE Leap 42.2 This update for systemd fixes the following issues: This security issue was fixed: - CVE-2016-10156: Fix permissions set on permanent timer timestamp files, preventing local unprivileged users from escalating privileges (bsc#1020601). These non-security issues were fixed: - Fix permission set on /var/lib/systemd/linger/* - install: follow config_path symlink (#3362) - install: fix disable when /etc/systemd/system is a symlink (bsc#1014560) - run: make --slice= work in conjunction with --scope (bsc#1014566) - core: don't dispatch load queue when setting Slice= for transient units - systemctl: remove duplicate entries showed by list-dependencies (#5049) (bsc#1012266) - rule: don't automatically online standby memory on s390x (bsc#997682) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1012266 SUSE bug 1014560 SUSE bug 1014566 SUSE bug 1020601 SUSE bug 997682 CVE-2016-10156 openSUSE Leap 42.2 This update for tigervnc fixes one issue. This security issue was fixed: - boo#1019274: Prevent the server from overflowing a buffer in the client, causing DoS or potentially code execution. Moderate SUSE bug 1019274 openSUSE Leap 42.2 This update for apache2 fixes the following issues: - CVE-2016-8740 Server memory can be exhausted and service denied when HTTP/2 is used [bsc#1013648] This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1013648 CVE-2016-8740 openSUSE Leap 42.2 This update for rabbitmq-server fixes the following issue: - CVE-2016-9877: An issue in Pivotal RabbitMQ caused connection authentication with a username/password pair to succeed if an existing username was provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate were not affected (bsc#1017642). Important SUSE bug 1017642 CVE-2016-9877 openSUSE Leap 42.2 This update for gstreamer-plugins-base fixes the following issues: * CVE-2016-9811: Malicious file could could cause an invalid read leading to crash [bsc#1013669] This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1013669 CVE-2016-9811 openSUSE Leap 42.2 This update for - containerd, - docker to version 1.12.6 and - runc fixes several issues. This security issues was fixed: - CVE-2016-9962: container escape vulnerability (bsc#1012568). Thsese non-security issues were fixed: - boo#1019251: Add a delay when starting docker service - Fixed bash-completion - boo#1015661: add the /usr/bin/docker-run symlink For additional details please see the changelog. Moderate SUSE bug 1004490 SUSE bug 1009961 SUSE bug 1012568 SUSE bug 1015661 SUSE bug 1016307 SUSE bug 1019251 SUSE bug 988408 CVE-2016-9962 openSUSE Leap 42.2 This update for openssh fixes several issues. These security issues were fixed: - CVE-2016-8858: The kex_input_kexinit function in kex.c allowed remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests (bsc#1005480). - CVE-2016-10012: The shared memory manager (associated with pre-authentication compression) did not ensure that a bounds check is enforced by all compilers, which might allowed local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures (bsc#1016370). - CVE-2016-10009: Untrusted search path vulnerability in ssh-agent.c allowed remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket (bsc#1016366). - CVE-2016-10010: When forwarding unix domain sockets with privilege separation disabled, the resulting sockets have be created as 'root' instead of the authenticated user. Forwarding unix domain sockets without privilege separation enabled is now rejected. - CVE-2016-10011: authfile.c in sshd did not properly consider the effects of realloc on buffer contents, which might allowed local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process (bsc#1016369). These non-security issues were fixed: - Adjusted suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221) - Properly verify CIDR masks in configuration (bsc#1005893 bsc#1021626) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1005480 SUSE bug 1005893 SUSE bug 1006221 SUSE bug 1016366 SUSE bug 1016368 SUSE bug 1016369 SUSE bug 1016370 SUSE bug 1021626 CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 CVE-2016-8858 openSUSE Leap 42.2 This update for MozillaFirefox to version 51.0.1 fixes security issues and bugs. These security issues were fixed: * CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (bmo#1325200, boo#1021814) * CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817) CVE-2017-5377: Memory corruption with transforms to create gradients in Skia (bmo#1306883, boo#1021826) * CVE-2017-5378: Pointer and frame data leakage of Javascript objects (bmo#1312001, bmo#1330769, boo#1021818) * CVE-2017-5379: Use-after-free in Web Animations (bmo#1309198,boo#1021827) * CVE-2017-5380: Potential use-after-free during DOM manipulations (bmo#1322107, boo#1021819) * CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (bmo#1297361, boo#1021820) * CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests (bmo#1308688, boo#1021828) * CVE-2017-5396: Use-after-free with Media Decoder (bmo#1329403, boo#1021821) * CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations (bmo#1017616, boo#1021830) * CVE-2017-5382: Feed preview can expose privileged content errors and exceptions (bmo#1295322, boo#1021831) * CVE-2017-5383: Location bar spoofing with unicode characters (bmo#1323338, bmo#1324716, boo#1021822) * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) (bmo#1255474, boo#1021832) * CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers (bmo#1295945, boo#1021833) * CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions (bmo#1319070, boo#1021823) * CVE-2017-5391: Content about: pages can load privileged about: pages (bmo#1309310, boo#1021835) * CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager (bmo#1309282, boo#1021837) * CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages (bmo#1295023, boo#1021839) * CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks (bmo#1281482, boo#1021840) * CVE-2017-5374: Memory safety bugs (boo#1021841) * CVE-2017-5373: Memory safety bugs (boo#1021824) These non-security issues in MozillaFirefox were fixed: * Added support for FLAC (Free Lossless Audio Codec) playback * Added support for WebGL 2 * Added Georgian (ka) and Kabyle (kab) locales * Support saving passwords for forms without 'submit' events * Improved video performance for users without GPU acceleration * Zoom indicator is shown in the URL bar if the zoom level is not at default level * View passwords from the prompt before saving them * Remove Belarusian (be) locale * Use Skia for content rendering (Linux) * Improve recognition of LANGUAGE env variable (boo#1017174) * Multiprocess incompatibility did not correctly register with some add-ons (bmo#1333423) Important SUSE bug 1017174 SUSE bug 1021814 SUSE bug 1021817 SUSE bug 1021818 SUSE bug 1021819 SUSE bug 1021820 SUSE bug 1021821 SUSE bug 1021822 SUSE bug 1021823 SUSE bug 1021824 SUSE bug 1021826 SUSE bug 1021827 SUSE bug 1021828 SUSE bug 1021830 SUSE bug 1021831 SUSE bug 1021832 SUSE bug 1021833 SUSE bug 1021835 SUSE bug 1021837 SUSE bug 1021839 SUSE bug 1021840 SUSE bug 1021841 CVE-2017-5373 CVE-2017-5374 CVE-2017-5375 CVE-2017-5376 CVE-2017-5377 CVE-2017-5378 CVE-2017-5379 CVE-2017-5380 CVE-2017-5381 CVE-2017-5382 CVE-2017-5383 CVE-2017-5384 CVE-2017-5385 CVE-2017-5386 CVE-2017-5387 CVE-2017-5388 CVE-2017-5389 CVE-2017-5390 CVE-2017-5391 CVE-2017-5392 CVE-2017-5393 CVE-2017-5394 CVE-2017-5395 CVE-2017-5396 openSUSE Leap 42.2 This update to Mozilla Thunderbird 45.7.0 fixes security issues and bugs. The following security issues from advisory MFSA 2017-03 were fixed (boo#1021991) In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts: - CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (boo#1021814) - CVE-2017-5376: Use-after-free in XSL (boo#1021817) - CVE-2017-5378: Pointer and frame data leakage of Javascript objects (boo#1021818) - CVE-2017-5380: Potential use-after-free during DOM manipulations (boo#1021819) - CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (boo#1021820) - CVE-2017-5396: Use-after-free with Media Decoder (boo#1021821) - CVE-2017-5383: Location bar spoofing with unicode characters (boo#1021822) - CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7 (boo#1021824) The following non-security bugs were fixed: - Message preview pane non-functional after IMAP folder was renamed or moved - "Move To" button on "Search Messages" panel not working - Message sent to "undisclosed recipients" shows no recipient (non-functional since Thunderbird version 38) Moderate SUSE bug 1021814 SUSE bug 1021817 SUSE bug 1021818 SUSE bug 1021819 SUSE bug 1021820 SUSE bug 1021821 SUSE bug 1021822 SUSE bug 1021824 SUSE bug 1021991 CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5390 CVE-2017-5396 openSUSE Leap 42.2 This update for Seamonkey to version 2.46 fixes security issues and bugs. The following vulnerabilities were fixed: - Fix all Gecko related security issues between 43.0.1 and 49.0.2 - CVE-2016-6354: buffer overrun in flex (boo#990856) The following non-security changes are included: - improve recognition of LANGUAGE env variable (boo#1017174) - improve TLS compatibility with certain websites (boo#1021636) - Seamonkey now requires NSPR 4.12 and NSS 3.25 - based on Gecko 49.0.2 - Chatzilla and DOM Inspector were disabled Important SUSE bug 1017174 SUSE bug 1021636 SUSE bug 984637 SUSE bug 990856 CVE-2016-6354 openSUSE Leap 42.2 This update for kopete fixes the following issues: - fix encrypting OTR messages after closing and re-opening kopete (boo#1016982, kde#362535) Low SUSE bug 1016982 openSUSE Leap 42.2 This update for nginx fixes the following vulnerability: - CVE-2016-4450: Remote attackers could have caused a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. Moderate SUSE bug 982505 CVE-2016-4450 openSUSE Leap 42.2 This update for bzrtp fixes one security issue. The following vulnerability was fixed: - CVE-2016-6271: missing HVI check on DHPart2 packet reception may have allowed man-in-the-middle attackers to conduct spoofing attacks boo#1020844) Moderate SUSE bug 1020844 CVE-2016-6271 openSUSE Leap 42.2 This update to Wireshark 2.2.4 fixes two minor vulnerabilities that could be used to cause Wireshark to go into a large or infinite loop by sending specially crafted packages over the network or into a capture file. (bsc#1021739) - CVE-2017-5596: The ASTERIX dissector could go into an infinite loop (wnpa-sec-2017-01) - CVE-2017-5597: The DHCPv6 dissector could go into a large loop (wnpa-sec-2017-02) - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.4.html Low SUSE bug 1021739 CVE-2017-5596 CVE-2017-5597 openSUSE Leap 42.2 This update for clamav-database on January 30th refreshes the database. This update was imported from the SUSE:SLE-12:Update update project. Moderate openSUSE Leap 42.2 This update for mupdf to version 1.10a fixes the following issues: These security issues were fixed: - CVE-2016-10132: Null pointer dereference in regexp because of a missing check after allocating memory allowing for DoS (bsc#1019877). - CVE-2016-10133: Heap buffer overflow write in js_stackoverflow allowing for DoS or possible code execution (bsc#1019877). - CVE-2016-10141: An integer overflow vulnerability triggered by a regular expression with nested repetition. A successful exploitation of this issue can lead to code execution or a denial of service (buffer overflow) condition (bsc#1019877). These non-security issues were fixed: - A bug with mutool and saving PDF files using the 'ascii' option has been fixed. - Stop defining OPJ_STATIC Low SUSE bug 1019877 CVE-2016-10132 CVE-2016-10133 CVE-2016-10141 openSUSE Leap 42.2 This update to phpMyAdmin 4.4.15.10 fixes the following security issues: - CVE-2016-6621: Multiple vulnerabilities in setup script (PMASA-2016-44) - Open redirect (PMASA-2017-1) - CVE-2015-8980: php-gettext code execution (PMASA-2017-2) - DOS vulnerability in table editing (PMASA-2017-3) - CSS injection in themes (PMASA-2017-4) - SSRF in replication (PMASA-2017-6) - DOS in replication status (PMASA-2017-7) Moderate SUSE bug 1021597 CVE-2015-8980 CVE-2016-6621 openSUSE Leap 42.2 This update for xen fixes the following issues: - A Mishandling of SYSCALL singlestep during emulation which could have lead to privilege escalation. (XSA-204, bsc#1016340, CVE-2016-10013) - CMPXCHG8B emulation failed to ignore operand size override which could have lead to information disclosure. (XSA-200, bsc#1012651, CVE-2016-9932) - PV guests may have been able to mask interrupts causing a Denial of Service. (XSA-202, bsc#1014298, CVE-2016-10024) - A missing NULL pointer check in VMFUNC emulation could lead to a hypervisor crash leading to a Denial of Servce. (XSA-203, bsc#1014300, CVE-2016-10025) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1012651 SUSE bug 1014298 SUSE bug 1014300 SUSE bug 1016340 CVE-2016-10013 CVE-2016-10024 CVE-2016-10025 CVE-2016-9932 openSUSE Leap 42.2 This update for java-1_8_0-openjdk fixes the following issues: Oracle Critical Patch Update of January 2017 (bsc#1020905) Upgrade to version jdk8u121 (icedtea 3.3.0): - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution - S8156804, CVE-2017-3241: Better constraint checking - S8158406: Limited Parameter Processing - S8158997: JNDI Protocols Switch - S8159507: RuntimeVisibleAnnotation validation - S8161218: Better bytecode loading - S8161743, CVE-2017-3252: Provide proper login context - S8162577: Standardize logging levels - S8162973: Better component components - S8164143, CVE-2017-3260: Improve components for menu items - S8164147, CVE-2017-3261: Improve streaming socket output - S8165071, CVE-2016-2183: Expand TLS support - S8165344, CVE-2017-3272: Update concurrency support - S8166988, CVE-2017-3253: Improve image processing performance - S8167104, CVE-2017-3289: Additional class construction refinements - S8167223, CVE-2016-5552: URL handling improvements - S8168705, CVE-2016-5547: Better ObjectIdentifier validation - S8168714, CVE-2016-5546: Tighten ECDSA validation - S8168728, CVE-2016-5548: DSA signing improvements - S8168724, CVE-2016-5549: ECDSA signing improvements This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1020905 SUSE bug 1022053 CVE-2016-2183 CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3260 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 openSUSE Leap 42.2 This update for virtualbox to version 5.1.14 fixes the following issues: These security issues were fixed: - CVE-2016-5545: Vulnerability in the GUI subcomponent of virtualbox allows unauthenticated attacker unauthorized update, insert or delete access to some data as well as unauthorized read access to a subset of VirtualBox accessible data and unauthorized ability to cause a partial denial of service (bsc#1020856). - CVE-2017-3290: Vulnerability in the Shared Folder subcomponent of virtualbox allows high privileged attacker unauthorized creation, deletion or modification access to critical data and unauthorized ability to cause a hang or frequently repeatable crash (bsc#1020856). - CVE-2017-3316: Vulnerability in the GUI subcomponent of virtualbox allows high privileged attacker with network access via multiple protocols to compromise Oracle VM VirtualBox (bsc#1020856). - CVE-2017-3332: Vulnerability in the SVGA Emulation subcomponent of virtualbox allows low privileged attacker unauthorized creation, deletion or modification access to critical data and unauthorized ability to cause a hang or frequently repeatable crash (bsc#1020856). For other changes please read the changelog. Important SUSE bug 1020856 CVE-2016-5545 CVE-2017-3290 CVE-2017-3316 CVE-2017-3332 openSUSE Leap 42.2 This update for gnutls fixes the following security issues: - GnuTLS could have crashed when processing maliciously crafted OpenPGP certificates (GNUTLS-SA-2017-2, bsc#1018832, CVE-2017-5335, CVE-2017-5337, CVE-2017-5336) - GnuTLS could have falsely accepted certificates when using OCSP (GNUTLS-SA-2016-3, bsc#999646, CVE-2016-7444) - GnuTLS could have suffered from 100% CPU load DoS attacks by using SSL alert packets during the handshake (bsc#1005879, CVE-2016-8610) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1005879 SUSE bug 1018832 SUSE bug 999646 CVE-2016-7444 CVE-2016-8610 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337 openSUSE Leap 42.2 This update for gstreamer-0_10-plugins-bad fixes the following issue: - CVE-2016-9809: Off by one read in gst_h264_parse_set_caps() (bsc#1013659) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1013659 CVE-2016-9809 openSUSE Leap 42.2 This update for cpio fixes two issues. This security issue was fixed: - CVE-2016-2037: The cpio_safer_name_suffix function in util.c in cpio allowed remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file (bsc#963448). This non-security issue was fixed: - bsc#1020108: Always use 32 bit CRC to prevent checksum errors for files greater than 32MB This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1020108 SUSE bug 963448 CVE-2016-2037 openSUSE Leap 42.2 This update for GraphicsMagick fixes several issues. These security issues were fixed: - CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped (bsc#1017310) - CVE-2016-10050: Corrupt RLE files could have overflowed a heap buffer due to a missing offset check (bsc#1017312) - CVE-2016-10051: Fixed use after free when reading PWP files (bsc#1017313) - CVE-2016-10052: Added bound check to exif parsing of JPEG files (bsc#1017314) - CVE-2016-10068: Prevent NULL pointer access when using the MSL interpreter (bsc#1017324) - CVE-2016-10070: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326) - CVE-2016-10146: Captions and labels were handled incorrectly, causing a memory leak that could have lead to DoS (bsc#1020443) - CVE-2017-5511: A missing cast when reading PSD files could have caused memory corruption by a heap overflow (bsc#1020448) Moderate SUSE bug 1017310 SUSE bug 1017312 SUSE bug 1017313 SUSE bug 1017314 SUSE bug 1017324 SUSE bug 1017326 SUSE bug 1020443 SUSE bug 1020448 CVE-2016-10048 CVE-2016-10050 CVE-2016-10051 CVE-2016-10052 CVE-2016-10068 CVE-2016-10070 CVE-2016-10146 CVE-2017-5511 openSUSE Leap 42.2 This update for libressl fixes the following issues: - CVE-2016-7056: Difficult to execute cache timing attack that may have allowed a local user to recover the private part from ECDSA P-256 keys (boo#1019334) Moderate SUSE bug 1019334 CVE-2016-7056 openSUSE Leap 42.2 This security update for spice fixes the following issues: - CVE-2016-9577: A buffer overflow in the spice server could have potentially been used by unauthenticated attackers to execute arbitrary code. (bsc#1023078) - CVE-2016-9578: Unauthenticated attackers could have caused a denial of service via a crafted message. (bsc#1023079) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1023078 SUSE bug 1023079 CVE-2016-9577 CVE-2016-9578 openSUSE Leap 42.2 This update for libplist addresses the following vulnerabilities: - CVE-2017-5545: OOB heap buffer read which could allow attackers to obtain sensitive information from process memory or cause a DoS (bsc#1021610) - CVE-2017-5209: base64decode function could have allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data Low SUSE bug 1019531 SUSE bug 1021610 CVE-2017-5209 CVE-2017-5545 openSUSE Leap 42.2 This update for rubygem-minitar fixes the following issues: - CVE-2016-10173: Fixed a directory traversal vulnerability in rubygem-minitar, rubygem-archive-tar-minitar. (boo#1021740) Moderate SUSE bug 1021740 CVE-2016-10173 openSUSE Leap 42.2 NonFree This update for opera fixes the following issues: Changes in opera: - Update to version 43.0.2442.806: * See https://opera.com/blogs/desktop/changelog-for-43 Moderate openSUSE Leap 42.2 The IRC textmode client irssi was updated to version 1.0.1 to fix bugs and security issues. irssi 1.0.1: * Fix Perl compilation in object dir * Fix incorrect HELP SERVER example * Correct memory leak in /OP and /VOICE * Fix regression that broke second level completion * Correct missing NULL termination in perl_parse boo#1023638 * Sync broken mail.pl script * Prevent a memory leak during the processing of the SASL response boo#1023637 irssi 1.0.0: * irssiproxy can now forward all tags through a single port. * The kill buffer now remembers consecutive kills. New bindings were added: yank_next_cutbuffer and append_next_kill. * autolog_ignore_targets and activity_hide_targets learn a new syntax tag/* and * to ignore whole networks or everything. * hilight got a -matchcase flag to hilight case sensitively. * Display TLS connection information upon connect. You can disable this by setting tls_verbose_connect to FALSE * Certificate pinning for TLS certificates * /names and $[…] now uses utf8 string operations. * New setting completion_nicks_match_case * /channel /server /network now support modify subcommand. * New option sasl_disconnect_on_failure to disconnect when SASL log-in failed. Moderate SUSE bug 1023637 SUSE bug 1023638 openSUSE Leap 42.2 This update for tigervnc fixes the following issues: This security issue was fixed: - CVE-2016-10207: Prevent crash caused by failed TLS connection (bnc#1023012) This non-security issue was fixed: * Fix random client disconnections (boo#1022432) Important SUSE bug 1022432 SUSE bug 1023012 CVE-2016-10207 openSUSE Leap 42.2 This update for libxml2 fixes the following issues: * CVE-2016-4658: use-after-free error could lead to crash [bsc#1005544] * Fix NULL dereference in xpointer.c when in recovery mode [bsc#1014873] * CVE-2016-9597: An XML document with many opening tags could have caused a overflow of the stack not detected by the recursion limits, allowing for DoS (bsc#1017497). For CVE-2016-9318 we decided not to ship a fix since it can break existing setups. Please take appropriate actions if you parse untrusted XML files and use the new -noxxe flag if possible (bnc#1010675, bnc#1013930). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1005544 SUSE bug 1010675 SUSE bug 1013930 SUSE bug 1014873 SUSE bug 1017497 CVE-2016-4658 CVE-2016-9318 CVE-2016-9597 openSUSE Leap 42.2 The openSUSE 42.2 kernel was updated to 4.4.42 stable release. The following security bugs were fixed: - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077 1003253). - CVE-2017-5576, CVE-2017-5577: A buffer overflow in the VC4_SUBMIT_CL IOCTL in the VideoCore DRM driver for Raspberry Pi was fixed. (bsc#1021294) - CVE-2017-5551: tmpfs: Fixed a bug that could have allowed users to set setgid bits on files they don't down. (bsc#1021258). - CVE-2017-2583: A Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. A user/process inside guest could have used this flaw to crash the guest resulting in DoS or potentially escalate their privileges inside guest. (bsc#1020602). - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt (bnc#1019851). - CVE-2015-8709: ** DISPUTED ** kernel/ptrace.c in the Linux kernel mishandled uid and gid mappings, which allowed local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states "there is no kernel bug here (bnc#959709 bsc#960561). - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bnc#1013540 1017589). - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) via a crafted application that made sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531 bsc#1013542). - CVE-2016-9919: The icmp6_send function in net/ipv6/icmp.c in the Linux kernel omits a certain check of the dst data structure, which allowed remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet (bnc#1014701). The following non-security bugs were fixed: - 8250/fintek: rename IRQ_MODE macro (boo#1009546). - acpi, nfit: fix bus vs dimm confusion in xlat_status (bsc#1023175). - acpi, nfit, libnvdimm: fix / harden ars_status output length handling (bsc#1023175). - acpi, nfit: validate ars_status output buffer size (bsc#1023175). - arm64/numa: fix incorrect log for memory-less node (bsc#1019631). - ASoC: cht_bsw_rt5645: Fix leftover kmalloc (bsc#1010690). - ASoC: Intel: bytcr_rt5640: fallback mechanism if MCLK is not enabled (bsc#1010690). - ASoC: rt5670: add HS ground control (bsc#1016250). - avoid including "mountproto=" with no protocol in /proc/mounts (bsc#1019260). - bcache: Make gc wakeup sane, remove set_task_state() (bsc#1021260). - bcache: partition support: add 16 minors per bcacheN device (bsc#1019784). - blacklist.conf: add 1b8d2afde54f libnvdimm, pfn: fix ARCH=alpha allmodconfig build failure (bsc#1023175). - blacklist.conf: Add i915 stable commits that can be ignored (bsc#1015367) - blk: Do not collide with QUEUE_FLAG_WC from upstream (bsc#1022547) - blk-mq: Allow timeouts to run while queue is freezing (bsc#1020817). - blk-mq: Always schedule hctx->next_cpu (bsc#1020817). - blk-mq: Avoid memory reclaim when remapping queues (bsc#1020817). - blk-mq: do not overwrite rq->mq_ctx (bsc#1020817). - blk-mq: Fix failed allocation path when mapping queues (bsc#1020817). - blk-mq: improve warning for running a queue on the wrong CPU (bsc#1020817). - block: Change extern inline to static inline (bsc#1023175). - Bluetooth: btmrvl: fix hung task warning dump (bsc#1018813). - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214). - brcmfmac: Change error print on wlan0 existence (bsc#1000092). - btrfs: add support for RENAME_EXCHANGE and RENAME_WHITEOUT (bsc#1020975). - btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in btrfs_ioctl (bsc#1018100). - btrfs: fix inode leak on failure to setup whiteout inode in rename (bsc#1020975). - btrfs: fix lockdep warning about log_mutex (bsc#1021455). - btrfs: fix lockdep warning on deadlock against an inode's log mutex (bsc#1021455). - btrfs: fix number of transaction units for renames with whiteout (bsc#1020975). - btrfs: incremental send, fix invalid paths for rename operations (bsc#1018316). - btrfs: incremental send, fix premature rmdir operations (bsc#1018316). - btrfs: increment ctx->pos for every emitted or skipped dirent in readdir (bsc#981709). - btrfs: pin log earlier when renaming (bsc#1020975). - btrfs: pin logs earlier when doing a rename exchange operation (bsc#1020975). - btrfs: remove old tree_root dirent processing in btrfs_real_readdir() (bsc#981709). - btrfs: send, add missing error check for calls to path_loop() (bsc#1018316). - btrfs: send, avoid incorrect leaf accesses when sending utimes operations (bsc#1018316). - btrfs: send, fix failure to move directories with the same name around (bsc#1018316). - btrfs: send, fix invalid leaf accesses due to incorrect utimes operations (bsc#1018316). - btrfs: send, fix warning due to late freeing of orphan_dir_info structures (bsc#1018316). - btrfs: test_check_exists: Fix infinite loop when searching for free space entries (bsc#987192). - btrfs: unpin log if rename operation fails (bsc#1020975). - btrfs: unpin logs if rename exchange operation fails (bsc#1020975). - [BZ 149851] kernel: Fix invalid domain response handling (bnc#1009718, LTC#149851). - ceph: fix bad endianness handling in parse_reply_info_extra (bsc#1020488). - clk: xgene: Add PMD clock (bsc#1019351). - clk: xgene: Do not call __pa on ioremaped address (bsc#1019351). - clk: xgene: Remove CLK_IS_ROOT (bsc#1019351). - config: enable Ceph kernel client modules for ppc64le (fate#321098) - config: enable Ceph kernel client modules for s390x (fate#321098) - config: enable CONFIG_OCFS2_DEBUG_MASKLOG for ocfs2 (bsc#1015038) - crypto: drbg - do not call drbg_instantiate in healt test (bsc#1018913). - crypto: drbg - remove FIPS 140-2 continuous test (bsc#1018913). - crypto: FIPS - allow tests to be disabled in FIPS mode (bsc#1018913). - crypto: qat - fix bar discovery for c62x (bsc#1021251). - crypto: qat - zero esram only for DH85x devices (1021248). - crypto: rsa - allow keys >= 2048 bits in FIPS mode (bsc#1018913). - crypto: xts - consolidate sanity check for keys (bsc#1018913). - crypto: xts - fix compile errors (bsc#1018913). - cxl: fix potential NULL dereference in free_adapter() (bsc#1016517). - dax: fix deadlock with DAX 4k holes (bsc#1012829). - dax: fix device-dax region base (bsc#1023175). - device-dax: check devm_nsio_enable() return value (bsc#1023175). - device-dax: fail all private mapping attempts (bsc#1023175). - device-dax: fix percpu_ref_exit ordering (bsc#1023175). - driver core: fix race between creating/querying glue dir and its cleanup (bnc#1008742). - drivers:hv: balloon: account for gaps in hot add regions (fate#320485). - drivers:hv: balloon: Add logging for dynamic memory operations (fate#320485). - drivers:hv: balloon: Disable hot add when CONFIG_MEMORY_HOTPLUG is not set (fate#320485). - drivers:hv: balloon: Fix info request to show max page count (fate#320485). - drivers:hv: balloon: keep track of where ha_region starts (fate#320485). - drivers:hv: balloon: replace ha_region_mutex with spinlock (fate#320485). - drivers:hv: balloon: Use available memory value in pressure report (fate#320485). - drivers:hv: cleanup vmbus_open() for wrap around mappings (fate#320485). - drivers:hv: do not leak memory in vmbus_establish_gpadl() (fate#320485). - drivers:hv: get rid of id in struct vmbus_channel (fate#320485). - drivers:hv: get rid of redundant messagecount in create_gpadl_header() (fate#320485). - drivers:hv: get rid of timeout in vmbus_open() (fate#320485). - drivers:hv: Introduce a policy for controlling channel affinity (fate#320485). - drivers:hv: make VMBus bus ids persistent (fate#320485). - drivers:hv: ring_buffer: count on wrap around mappings in get_next_pkt_raw() (v2) (fate#320485). - drivers:hv: ring_buffer: use wrap around mappings in hv_copy{from, to}_ringbuffer() (fate#320485). - drivers:hv: ring_buffer: wrap around mappings for ring buffers (fate#320485). - drivers:hv: utils: Check VSS daemon is listening before a hot backup (fate#320485). - drivers:hv: utils: Continue to poll VSS channel after handling requests (fate#320485). - drivers:hv: utils: fix a race on userspace daemons registration (bnc#1014392). - drivers:hv: utils: Fix the mapping between host version and protocol to use (fate#320485). - drivers:hv: utils: reduce HV_UTIL_NEGO_TIMEOUT timeout (fate#320485). - drivers:hv: vmbus: Base host signaling strictly on the ring state (fate#320485). - drivers:hv: vmbus: Enable explicit signaling policy for NIC channels (fate#320485). - drivers:hv: vmbus: finally fix hv_need_to_signal_on_read() (fate#320485, bug#1018385). - drivers:hv: vmbus: fix the race when querying & updating the percpu list (fate#320485). - drivers:hv: vmbus: Implement a mechanism to tag the channel for low latency (fate#320485). - drivers: hv: vmbus: Make mmio resource local (fate#320485). - drivers:hv: vmbus: On the read path cleanup the logic to interrupt the host (fate#320485). - drivers:hv: vmbus: On write cleanup the logic to interrupt the host (fate#320485). - drivers:hv: vmbus: Reduce the delay between retries in vmbus_post_msg() (fate#320485). - drivers:hv: vmbus: suppress some "hv_vmbus: Unknown GUID" warnings (fate#320485). - drivers:hv: vss: Improve log messages (fate#320485). - drivers:hv: vss: Operation timeouts should match host expectation (fate#320485). - drivers: net: phy: mdio-xgene: Add hardware dependency (bsc#1019351). - drivers: net: phy: xgene: Fix 'remove' function (bsc#1019351). - drivers: net: xgene: Add change_mtu function (bsc#1019351). - drivers: net: xgene: Add flow control configuration (bsc#1019351). - drivers: net: xgene: Add flow control initialization (bsc#1019351). - drivers: net: xgene: Add helper function (bsc#1019351). - drivers: net: xgene: Add support for Jumbo frame (bsc#1019351). - drivers: net: xgene: Configure classifier with pagepool (bsc#1019351). - drivers: net: xgene: fix build after change_mtu function change (bsc#1019351). - drivers: net: xgene: fix: Coalescing values for v2 hardware (bsc#1019351). - drivers: net: xgene: fix: Disable coalescing on v1 hardware (bsc#1019351). - drivers: net: xgene: Fix MSS programming (bsc#1019351). - drivers: net: xgene: fix: RSS for non-TCP/UDP (bsc#1019351). - drivers: net: xgene: fix: Use GPIO to get link status (bsc#1019351). - drivers: net: xgene: uninitialized variable in xgene_enet_free_pagepool() (bsc#1019351). - drm: Fix broken VT switch with video=1366x768 option (bsc#1018358). - drm/i915: add helpers for platform specific revision id range checks (bsc#1015367). - drm/i915: Apply broader WaRsDisableCoarsePowerGating for guc also (bsc#1015367). - drm/i915/bxt: add revision id for A1 stepping and use it (bsc#1015367). - drm/i915: Call intel_dp_mst_resume() before resuming displays (bsc#1015359). - drm/i915: Cleaning up DDI translation tables (bsc#1014392). - drm/i915: Clean up L3 SQC register field definitions (bsc#1014392). - drm/i915: Do not init hpd polling for vlv and chv from runtime_suspend() (bsc#1014120). - drm-i915-dp-Restore-PPS-HW-state-from-the-encoder-re - drm/i915/dp: Restore PPS HW state from the encoder resume hook (bsc#1019061). - drm/i915/dsi: fix CHV dsi encoder hardware state readout on port C (bsc#1015367). - drm/i915: Exit cherryview_irq_handler() after one pass (bsc#1015367). - drm/i915: Fix iboost setting for SKL Y/U DP DDI buffer translation entry 2 (bsc#1014392). - drm/i915: Fix system resume if PCI device remained enabled (bsc#1015367). - drm/i915: Fix watermarks for VLV/CHV (bsc#1011176). - drm/i915: Force ringbuffers to not be at offset 0 (bsc#1015367). - drm/i915: Force VDD off on the new power seqeuencer before starting to use it (bsc#1009674). - drm/i915/gen9: Add WaInPlaceDecompressionHang (bsc#1014392). - drm/i915/gen9: Fix PCODE polling during CDCLK change notification (bsc#1015367). - drm/i915: Mark CPU cache as dirty when used for rendering (bsc#1015367). - drm/i915: Mark i915_hpd_poll_init_work as static (bsc#1014120). - drm-i915-Prevent-PPS-stealing-from-a-normal-DP-port - drm/i915: Prevent PPS stealing from a normal DP port on VLV/CHV (bsc#1019061). - drm/i915: remove parens around revision ids (bsc#1015367). - drm/i915/skl: Add WaDisableGafsUnitClkGating (bsc#1014392). - drm/i915/skl: Fix rc6 based gpu/system hang (bsc#1015367). - drm/i915/skl: Fix spurious gpu hang with gt3/gt4 revs (bsc#1015367). - drm/i915/skl: Update DDI translation tables for SKL (bsc#1014392). - drm/i915/skl: Update watermarks before the crtc is disabled (bsc#1015367). - drm/i915: Update Skylake DDI translation table for DP (bsc#1014392). - drm/i915: Update Skylake DDI translation table for HDMI (bsc#1014392). - drm/i915/userptr: Hold mmref whilst calling get-user-pages (bsc#1015367). - drm/i915/vlv: Prevent enabling hpd polling in late suspend (bsc#1014120). - drm/i915: Workaround for DP DPMS D3 on Dell monitor (bsc#1019061). - drm: Use u64 for intermediate dotclock calculations (bnc#1006472). - drm/vc4: Fix an integer overflow in temporary allocation layout (bsc#1021294). - drm/vc4: Return -EINVAL on the overflow checks failing (bsc#1021294). - drm: virtio-gpu: get the fb from the plane state for atomic updates (bsc#1023101). - EDAC, xgene: Fix spelling mistake in error messages (bsc#1019351). - efi/libstub: Move Graphics Output Protocol handling to generic code (bnc#974215). - fbcon: Fix vc attr at deinit (bsc#1000619). - Fix kABI breakage by i2c-designware baytrail fix (bsc#1011913). - Fix kABI breakage by linux/acpi.h inclusion in i8042-x86ia46io.h (bsc#1011660). - gpio: xgene: make explicitly non-modular (bsc#1019351). - gro_cells: mark napi struct as not busy poll candidates (bsc#966191 FATE#320230 bsc#966186 FATE#320228). - hv: acquire vmbus_connection.channel_mutex in vmbus_free_channels() (fate#320485). - hv: change clockevents unbind tactics (fate#320485). - hv: do not reset hv_context.tsc_page on crash (fate#320485, bnc#1007729). - hv_netvsc: add ethtool statistics for tx packet issues (fate#320485). - hv_netvsc: Add handler for physical link speed change (fate#320485). - hv_netvsc: Add query for initial physical link speed (fate#320485). - hv_netvsc: count multicast packets received (fate#320485). - hv_netvsc: dev hold/put reference to VF (fate#320485). - hv_netvsc: fix a race between netvsc_send() and netvsc_init_buf() (fate#320485). - hv_netvsc: fix comments (fate#320485). - hv_netvsc: fix rtnl locking in callback (fate#320485). - hv_netvsc: Implement batching of receive completions (fate#320485). - hv_netvsc: improve VF device matching (fate#320485). - hv_netvsc: init completion during alloc (fate#320485). - hv_netvsc: make device_remove void (fate#320485). - hv_netvsc: make inline functions static (fate#320485). - hv_netvsc: make netvsc_destroy_buf void (fate#320485). - hv_netvsc: make RSS hash key static (fate#320485). - hv_netvsc: make variable local (fate#320485). - hv_netvsc: rearrange start_xmit (fate#320485). - hv_netvsc: refactor completion function (fate#320485). - hv_netvsc: remove excessive logging on MTU change (fate#320485). - hv_netvsc: remove VF in flight counters (fate#320485). - hv_netvsc: report vmbus name in ethtool (fate#320485). - hv_netvsc: simplify callback event code (fate#320485). - hv_netvsc: style cleanups (fate#320485). - hv_netvsc: use ARRAY_SIZE() for NDIS versions (fate#320485). - hv_netvsc: use consume_skb (fate#320485). - hv_netvsc: use kcalloc (fate#320485). - hv_netvsc: use RCU to protect vf_netdev (fate#320485). - hyperv: Fix spelling of HV_UNKOWN (fate#320485). - i2c: designware-baytrail: Disallow the CPU to enter C6 or C7 while holding the punit semaphore (bsc#1011913). - i2c: designware: fix wrong Tx/Rx FIFO for ACPI (bsc#1019351). - i2c: designware: Implement support for SMBus block read and write (bsc#1019351). - i2c: xgene: Fix missing code of DTB support (bsc#1019351). - i40e: Be much more verbose about what we can and cannot offload (bsc#985561). - i915: Delete previous two fixes for i915 (bsc#1019061). These upstream fixes brought some regressions, so better to revert for now. - i915: Disable patches.drivers/drm-i915-Exit-cherryview_irq_handler-after-one-pass The patch seems leading to the instability on Wyse box (bsc#1015367). - IB/core: Fix possible memory leak in cma_resolve_iboe_route() (bsc#966191 FATE#320230 bsc#966186 FATE#320228). - IB/mlx5: Fix iteration overrun in GSI qps (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - IB/mlx5: Fix steering resource leak (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - IB/mlx5: Set source mac address in FTE (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - ibmveth: calculate gso_segs for large packets (bsc#1019148). - ibmveth: check return of skb_linearize in ibmveth_start_xmit (bsc#1019148). - ibmveth: consolidate kmalloc of array, memset 0 to kcalloc (bsc#1019148). - ibmveth: set correct gso_size and gso_type (bsc#1019148). - ibmvnic: convert to use simple_open() (bsc#1015416). - ibmvnic: Driver Version 1.0.1 (bsc#1015416). - ibmvnic: drop duplicate header seq_file.h (bsc#1015416). - ibmvnic: fix error return code in ibmvnic_probe() (bsc#1015416). - ibmvnic: Fix GFP_KERNEL allocation in interrupt context (bsc#1015416). - ibmvnic: Fix missing brackets in init_sub_crq_irqs (bsc#1015416). - ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context (bsc#1015416). - ibmvnic: Fix size of debugfs name buffer (bsc#1015416). - ibmvnic: Handle backing device failover and reinitialization (bsc#1015416). - ibmvnic: Start completion queue negotiation at server-provided optimum values (bsc#1015416). - ibmvnic: Unmap ibmvnic_statistics structure (bsc#1015416). - ibmvnic: Update MTU after device initialization (bsc#1015416). - igb: add i211 to i210 PHY workaround (bsc#1009911). - igb: Workaround for igb i210 firmware issue (bsc#1009911). - Input: i8042 - Trust firmware a bit more when probing on X86 (bsc#1011660). - intel_idle: Add KBL support (bsc#1016884). - ipc: msg, make msgrcv work with LONG_MIN (bnc#1005918). - ipc/sem.c: add cond_resched in exit_sme (bsc#979378). - ixgbe: Do not clear RAR entry when clearing VMDq for SAN MAC (bsc#969474 FATE#319812 bsc#969475 FATE#319814). - ixgbe: Force VLNCTRL.VFE to be set in all VMDq paths (bsc#969474 FATE#319812 bsc#969475 FATE#319814). - KABI fix (bsc#1014410). - kABI: protect struct mm_struct (kabi). - kABI: protect struct musb_platform_ops (kabi). - kABI: protect struct task_struct (kabi). - kABI: protect struct user_fpsimd_state (kabi). - kABI: protect struct wake_irq (kabi). - kABI: protect struct xhci_hcd (kabi). - kABI: protect user_namespace include in fs/exec (kabi). - kABI: protect user_namespace include in kernel/ptrace (kabi). - kabi/severities: Ignore changes in drivers/hv - kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread (bsc#1010612, fate#313296). - kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410, fate#313296). - libnvdimm, pfn: fix align attribute (bsc#1023175). - locking/pv-qspinlock: Use cmpxchg_release() in __pv_queued_spin_unlock() (bsc#969756). - locking/rtmutex: Prevent dequeue vs. unlock race (bsc#1015212). - locking/rtmutex: Use READ_ONCE() in rt_mutex_owner() (bsc#1015212). - mailbox: xgene-slimpro: Fix wrong test for devm_kzalloc (bsc#1019351). - md-cluster: convert the completion to wait queue (fate#316335). - md-cluster: protect md_find_rdev_nr_rcu with rcu lock (fate#316335). - md: fix refcount problem on mddev when stopping array (bsc#1022304). - md linear: fix a race between linear_add() and linear_congested() (bsc#1018446). - [media] uvcvideo: uvc_scan_fallback() for webcams with broken chain (bsc#1021474). - misc/genwqe: ensure zero initialization (fate#321595). - mmc: sdhci-of-arasan: Remove no-hispd and no-cmd23 quirks for sdhci-arasan4.9a (bsc#1019351). - mm: do not loop on GFP_REPEAT high order requests if there is no reclaim progress (bnc#1013000). - mm, memcg: do not retry precharge charges (bnc#1022559). - mm, page_alloc: fix check for NULL preferred_zone (bnc#971975 VM performance -- page allocator). - mm, page_alloc: fix fast-path race with cpuset update or removal (bnc#971975 VM performance -- page allocator). - mm, page_alloc: fix premature OOM when racing with cpuset mems update (bnc#971975 VM performance -- page allocator). - mm, page_alloc: keep pcp count and list contents in sync if struct page is corrupted (bnc#971975 VM performance -- page allocator). - mm, page_alloc: move cpuset seqcount checking to slowpath (bnc#971975 VM performance -- page allocator). - mwifiex: add missing check for PCIe8997 chipset (bsc#1018813). - mwifiex: fix IBSS data path issue (bsc#1018813). - mwifiex: fix PCIe register information for 8997 chipset (bsc#1018813). - net/af_iucv: do not use paged skbs for TX on HiperSockets (bnc#1020945, LTC#150566). - net: ethernet: apm: xgene: use phydev from struct net_device (bsc#1019351). - net/hyperv: avoid uninitialized variable (fate#320485). - net: icmp6_send should use dst dev to determine L3 domain (bsc#1014701). - net: ipv6: tcp reset, icmp need to consider L3 domain (bsc#1014701). - net/mlx4_en: Fix panic on xmit while port is down (bsc#966191 FATE#320230). - net/mlx5e: Use correct flow dissector key on flower offloading (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: Fix autogroups groups num not decreasing (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: Keep autogroups list ordered (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net: remove useless memset's in drivers get_stats64 (bsc#1019351). - net_sched: fix a typo in tc_for_each_action() (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - netvsc: add rcu_read locking to netvsc callback (fate#320485). - netvsc: fix checksum on UDP IPV6 (fate#320485). - netvsc: reduce maximum GSO size (fate#320485). - netvsc: Remove mistaken udp.h inclusion (fate#320485). - net: xgene: avoid bogus maybe-uninitialized warning (bsc#1019351). - net: xgene: fix backward compatibility fix (bsc#1019351). - net/xgene: fix error handling during reset (bsc#1019351). - net: xgene: move xgene_cle_ptree_ewdn data off stack (bsc#1019351). - nfit: fail DSMs that return non-zero status by default (bsc#1023175). - NFSv4: Cap the transport reconnection timer at 1/2 lease period (bsc#1014410). - NFSv4: Cleanup the setting of the nfs4 lease period (bsc#1014410). - nvdimm: kabi protect nd_cmd_out_size() (bsc#1023175). - nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too (bsc#1020685). - ocfs2: fix deadlock on mmapped page in ocfs2_write_begin_nolock() (bnc#921494). - pci: Add devm_request_pci_bus_resources() (bsc#1019351). - PCI/AER: include header file (bsc#964944,FATE#319965). - pci: generic: Fix pci_remap_iospace() failure path (bsc#1019630). - pci: hv: Allocate physically contiguous hypercall params buffer (fate#320485). - pci: hv: Delete the device earlier from hbus->children for hot-remove (fate#320485). - pci: hv: Fix hv_pci_remove() for hot-remove (fate#320485). - pci: hv: Handle hv_pci_generic_compl() error case (fate#320485). - pci: hv: Handle vmbus_sendpacket() failure in hv_compose_msi_msg() (fate#320485). - pci: hv: Make unnecessarily global IRQ masking functions static (fate#320485). - pci: hv: Remove the unused 'wrk' in struct hv_pcibus_device (fate#320485). - pci: hv: Use list_move_tail() instead of list_del() + list_add_tail() (fate#320485). - pci: hv: Use pci_function_description in struct definitions (fate#320485). - pci: hv: Use the correct buffer size in new_pcichild_device() (fate#320485). - pci: hv: Use zero-length array in struct pci_packet (fate#320485). - pci: xgene: Add local struct device pointers (bsc#1019351). - pci: xgene: Add register accessors (bsc#1019351). - pci: xgene: Free bridge resource list on failure (bsc#1019351). - pci: xgene: Make explicitly non-modular (bsc#1019351). - pci: xgene: Pass struct xgene_pcie_port to setup functions (bsc#1019351). - pci: xgene: Remove unused platform data (bsc#1019351). - pci: xgene: Request host bridge window resources (bsc#1019351). - perf: xgene: Remove bogus IS_ERR() check (bsc#1019351). - phy: xgene: rename "enum phy_mode" to "enum xgene_phy_mode" (bsc#1019351). - powerpc/fadump: Fix the race in crash_fadump() (bsc#1022971). - power: reset: xgene-reboot: Unmap region obtained by of_iomap (bsc#1019351). - qeth: check not more than 16 SBALEs on the completion queue (bnc#1009718, LTC#148203). - raid1: ignore discard error (bsc#1017164). - reiserfs: fix race in prealloc discard (bsc#987576). - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422) - rpm/kernel-binary.spec.in: Fix installation of /etc/uefi/certs (bsc#1019594) - rtc: cmos: avoid unused function warning (bsc#1022429). - rtc: cmos: Clear ACPI-driven alarms upon resume (bsc#1022429). - rtc: cmos: Do not enable interrupts in the middle of the interrupt handler (bsc#1022429). - rtc: cmos: Restore alarm after resume (bsc#1022429). - s390/cpuinfo: show maximum thread id (bnc#1009718, LTC#148580). - s390/sysinfo: show partition extended name and UUID if available (bnc#1009718, LTC#150160). - s390/time: LPAR offset handling (bnc#1009718, LTC#146920). - s390/time: move PTFF definitions (bnc#1009718, LTC#146920). - sched: Allow hotplug notifiers to be setup early (bnc#1022476). - sched/core: Fix incorrect utilization accounting when switching to fair class (bnc#1022476). - sched/core: Fix set_user_nice() (bnc#1022476). - sched/core, x86/topology: Fix NUMA in package topology bug (bnc#1022476). - sched/cputime: Add steal time support to full dynticks CPU time accounting (bnc#1022476). - sched/cputime: Fix prev steal time accouting during CPU hotplug (bnc#1022476). - sched/deadline: Always calculate end of period on sched_yield() (bnc#1022476). - sched/deadline: Fix a bug in dl_overflow() (bnc#1022476). - sched/deadline: Fix lock pinning warning during CPU hotplug (bnc#1022476). - sched/deadline: Fix wrap-around in DL heap (bnc#1022476). - sched/fair: Avoid using decay_load_missed() with a negative value (bnc#1022476). - sched/fair: Fix fixed point arithmetic width for shares and effective load (bnc#1022476). - sched/fair: Fix load_above_capacity fixed point arithmetic width (bnc#1022476). - sched/fair: Fix min_vruntime tracking (bnc#1022476). - sched/fair: Fix the wrong throttled clock time for cfs_rq_clock_task() (bnc#1022476). - sched/fair: Improve PELT stuff some more (bnc#1022476). - sched: Make wake_up_nohz_cpu() handle CPUs going offline (bnc#1022476). - sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1022476). - sched/rt: Kick RT bandwidth timer immediately on start up (bnc#1022476). - sched/rt, sched/dl: Do not push if task's scheduling class was changed (bnc#1022476). - scsi: Add 'AIX VDASD' to blacklist (bsc#1006469). - scsi: bfa: Increase requested firmware version to 3.2.5.1 (bsc#1013273). - scsi_dh_alua: uninitialized variable in alua_rtpg() (bsc#1012910). - scsi: Modify HITACHI OPEN-V blacklist entry (bsc#1006469). - scsi: storvsc: Payload buffer incorrectly sized for 32 bit kernels (fate#320485). - sd: always scan VPD pages if thin provisioning is enabled (bsc#1013792). - serial: 8250_fintek: fix the mismatched IRQ mode (boo#1009546). - serial: 8250: Integrate Fintek into 8250_base (boo#1016979). Update config files to change CONFIG_SERIAL_8250_FINTEK to boolean accordingly, too. Also, the corresponding entry got removed from supported.conf. - ses: Fix SAS device detection in enclosure (bsc#1016403). - sunrpc: Fix reconnection timeouts (bsc#1014410). - sunrpc: fix refcounting problems with auth_gss messages (boo#1011250). - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout (bsc#1014410). - supported.conf: delete xilinx/ll_temac (bsc#1011602) - supported.conf: Support Marvell WiFi/BT SDIO and pinctrl-cherrytrail (bsc#1018813) - target: add XCOPY target/segment desc sense codes (bsc#991273). - target: bounds check XCOPY segment descriptor list (bsc#991273). - target: bounds check XCOPY total descriptor list length (bsc#991273). - target: check for XCOPY parameter truncation (bsc#991273). - target: check XCOPY segment descriptor CSCD IDs (bsc#1017170). - target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense (bsc#991273). - target: simplify XCOPY wwn->se_dev lookup helper (bsc#991273). - target: support XCOPY requests without parameters (bsc#991273). - target: use XCOPY segment descriptor CSCD IDs (bsc#1017170). - target: use XCOPY TOO MANY TARGET DESCRIPTORS sense (bsc#991273). - tools: hv: Enable network manager for bonding scripts on RHEL (fate#320485). - tools: hv: fix a compile warning in snprintf (fate#320485). - Tools: hv: kvp: configurable external scripts path (fate#320485). - Tools: hv: kvp: ensure kvp device fd is closed on exec (fate#320485). - tools: hv: remove unnecessary header files and netlink related code (fate#320485). - tools: hv: remove unnecessary link flag (fate#320485). - tty: n_hdlc, fix lockdep false positive (bnc#1015840). - Update metadata for serial fixes (bsc#1013001) - vmbus: make sysfs names consistent with PCI (fate#320485). - x86/hpet: Reduce HPET counter read contention (bsc#1014710). - x86/hyperv: Handle unknown NMIs on one CPU when unknown_nmi_panic (fate#320485). - x86/MCE: Dump MCE to dmesg if no consumers (bsc#1013994). Important SUSE bug 1000092 SUSE bug 1000619 SUSE bug 1003077 SUSE bug 1003253 SUSE bug 1005918 SUSE bug 1006469 SUSE bug 1006472 SUSE bug 1007729 SUSE bug 1008742 SUSE bug 1009546 SUSE bug 1009674 SUSE bug 1009718 SUSE bug 1009911 SUSE bug 1009969 SUSE bug 1010612 SUSE bug 1010690 SUSE bug 1011176 SUSE bug 1011250 SUSE bug 1011602 SUSE bug 1011660 SUSE bug 1011913 SUSE bug 1012422 SUSE bug 1012829 SUSE bug 1012910 SUSE bug 1013000 SUSE bug 1013001 SUSE bug 1013273 SUSE bug 1013531 SUSE bug 1013540 SUSE bug 1013542 SUSE bug 1013792 SUSE bug 1013994 SUSE bug 1014120 SUSE bug 1014392 SUSE bug 1014410 SUSE bug 1014701 SUSE bug 1014710 SUSE bug 1015038 SUSE bug 1015212 SUSE bug 1015359 SUSE bug 1015367 SUSE bug 1015416 SUSE bug 1015840 SUSE bug 1016250 SUSE bug 1016403 SUSE bug 1016517 SUSE bug 1016884 SUSE bug 1016979 SUSE bug 1017164 SUSE bug 1017170 SUSE bug 1017410 SUSE bug 1017589 SUSE bug 1018100 SUSE bug 1018316 SUSE bug 1018358 SUSE bug 1018385 SUSE bug 1018446 SUSE bug 1018813 SUSE bug 1018913 SUSE bug 1019061 SUSE bug 1019148 SUSE bug 1019260 SUSE bug 1019351 SUSE bug 1019594 SUSE bug 1019630 SUSE bug 1019631 SUSE bug 1019784 SUSE bug 1019851 SUSE bug 1020214 SUSE bug 1020488 SUSE bug 1020602 SUSE bug 1020685 SUSE bug 1020817 SUSE bug 1020945 SUSE bug 1020975 SUSE bug 1021248 SUSE bug 1021251 SUSE bug 1021258 SUSE bug 1021260 SUSE bug 1021294 SUSE bug 1021455 SUSE bug 1021474 SUSE bug 1022304 SUSE bug 1022429 SUSE bug 1022476 SUSE bug 1022547 SUSE bug 1022559 SUSE bug 1022971 SUSE bug 1023101 SUSE bug 1023175 SUSE bug 921494 SUSE bug 959709 SUSE bug 960561 SUSE bug 964944 SUSE bug 966170 SUSE bug 966172 SUSE bug 966186 SUSE bug 966191 SUSE bug 969474 SUSE bug 969475 SUSE bug 969756 SUSE bug 971975 SUSE bug 974215 SUSE bug 979378 SUSE bug 981709 SUSE bug 985561 SUSE bug 987192 SUSE bug 987576 SUSE bug 991273 CVE-2015-8709 CVE-2016-7117 CVE-2016-8645 CVE-2016-9793 CVE-2016-9806 CVE-2016-9919 CVE-2017-2583 CVE-2017-2584 CVE-2017-5551 CVE-2017-5576 CVE-2017-5577 openSUSE Leap 42.2 This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed: - CVE-2016-7055: The x86_64 optimized montgomery multiplication may produce incorrect results (bsc#1009528) - CVE-2017-3731: Truncated packet could crash via OOB read (bsc#1022085) - CVE-2017-3732: BN_mod_exp may produce incorrect results on x86_64 (bsc#1022086) - Degrade the 3DES cipher to MEDIUM in SSLv2 (bsc#1001912) Non-security issues fixed: - fix crash in openssl speed (bsc#1000677) - fix X509_CERT_FILE path (bsc#1022271) - AES XTS key parts must not be identical in FIPS mode (bsc#1019637) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1000677 SUSE bug 1001912 SUSE bug 1009528 SUSE bug 1019637 SUSE bug 1021641 SUSE bug 1022085 SUSE bug 1022086 SUSE bug 1022271 CVE-2016-7055 CVE-2017-3731 CVE-2017-3732 openSUSE Leap 42.2 This mariadb version update to 10.0.29 fixes the following issues: - CVE-2017-3318: unspecified vulnerability affecting Error Handling (bsc#1020896) - CVE-2017-3317: unspecified vulnerability affecting Logging (bsc#1020894) - CVE-2017-3312: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 (bsc#1020873) - CVE-2017-3291: unrestricted mysqld_safe's ledir (bsc#1020884) - CVE-2017-3265: unsafe chmod/chown use in init script (bsc#1020885) - CVE-2017-3258: unspecified vulnerability in the DDL component (bsc#1020875) - CVE-2017-3257: unspecified vulnerability affecting InnoDB (bsc#1020878) - CVE-2017-3244: unspecified vulnerability affecing the DML component (bsc#1020877) - CVE-2017-3243: unspecified vulnerability affecting the Charsets component (bsc#1020891) - CVE-2017-3238: unspecified vulnerability affecting the Optimizer component (bsc#1020882) - CVE-2016-6664: Root Privilege Escalation (bsc#1008253) - Applications using the client library for MySQL (libmysqlclient.so) had a use-after-free issue that could cause the applications to crash (bsc#1022428) - notable changes: * XtraDB updated to 5.6.34-79.1 * TokuDB updated to 5.6.34-79.1 * Innodb updated to 5.6.35 * Performance Schema updated to 5.6.35 Release notes and changelog: * https://kb.askmonty.org/en/mariadb-10029-release-notes * https://kb.askmonty.org/en/mariadb-10029-changelog This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1008253 SUSE bug 1020868 SUSE bug 1020873 SUSE bug 1020875 SUSE bug 1020877 SUSE bug 1020878 SUSE bug 1020882 SUSE bug 1020884 SUSE bug 1020885 SUSE bug 1020891 SUSE bug 1020894 SUSE bug 1020896 SUSE bug 1022428 CVE-2016-6664 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3317 CVE-2017-3318 openSUSE Leap 42.2 This update for guile fixes the following issues: - CVE-2016-8605: Fixed thread-unsafe umask modification (bsc#1004221). This update was imported from the SUSE:SLE-12:Update update project. Low SUSE bug 1004221 CVE-2016-8605 openSUSE Leap 42.2 This update for expat fixes the following security issues: - CVE-2012-6702: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. (bsc#983215) - CVE-2016-5300: The XML parser in Expat did not use sufficient entropy for hash initialization, which allowed context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. (bsc#983216) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 983215 SUSE bug 983216 CVE-2012-6702 CVE-2016-5300 openSUSE Leap 42.2 postfixadmin was updated to 3.0.2 to fix the following issues: - PostfixAdmin 3.0.2: - SECURITY: don't allow to delete protected aliases (CVE-2017-5930, boo#1024211) - fix VacationHandler for PostgreSQL - AliasHandler: restrict mailbox subquery to allowed and specified domains to improve performance on setups with lots of mailboxes - allow switching between dovecot:* password schemes while still accepting passwords hashed using the previous dovecot:* scheme - FetchmailHandler: use a valid date as default for 'date' - fix date formatting in non-english languages when using PostgreSQL - various small fixes - PostfixAdmin 3.0: - add sqlite backend option - add configurable smtp helo (CONF["smtp_client"]) - new translation: ro (Romanian) - language update: tw, cs, de - fix escaping in gen_show_status() (could be used to DOS list-virtual by creating a mail address with special chars) - add CSRF protection for POST requests - list.tpl: base edit/editactive/delete links in list.tpl on $RAW_item to avoid double escaping, and fix some corner cases - fix db_quota_text() for postgresql (concat() vs. ||) - change default date for 'created' and 'updated' columns from 0000-00-00 (which causes problems with MySQL strict mode) to 2000-01-01 - allow punicode even in TLDs - update Smarty to 3.1.29 - add checks to login.php and cli to ensure database layout is up to date - whitelist '-1' as valid value for postfixadmin-cli - don't stripslashes() the password in pacrypt - various small bugfixes Moderate SUSE bug 1024211 CVE-2017-5930 openSUSE Leap 42.2 This update for libgit2 fixes the several issues. These security issues were fixed: - CVE-2016-10128: Additional sanitization prevent some edge cases in the Git Smart Protocol which can lead to reading outside of a buffer (bsc#1019036). - CVE-2016-10129: Additional sanitization prevent some edge cases in the Git Smart Protocol which can lead to reading outside of a buffer (bsc#1019036). - CVE-2016-10130: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted (bsc#1019037). - CVE-2017-5338: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted (bsc#1019037). - CVE-2017-5339: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted (bsc#1019037). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1019036 SUSE bug 1019037 CVE-2016-10128 CVE-2016-10129 CVE-2016-10130 CVE-2017-5338 CVE-2017-5339 openSUSE Leap 42.2 This update for mupdf fixes the following vulnerabilities: - CVE-2017-5627: Integer overflow in the mujs implementation (boo#1022503) - CVE-2017-5628: Integer overflow in the mujs implementation (boo#1022504) - CVE-2017-5896: heap overflow (boo#1023761, boo#1024679) - NULL pointer dereference in dodrawpage (boo#1023760) Moderate SUSE bug 1022503 SUSE bug 1022504 SUSE bug 1023760 SUSE bug 1023761 SUSE bug 1024679 CVE-2017-5627 CVE-2017-5628 CVE-2017-5896 openSUSE Leap 42.2 Google chromium was updated to 56.0.2924.87: * Various small fixes * Disabled option to enable/disable plugins in the chrome://plugins - Changed the build requirement of libavformat to library version 57.41.100, as included in ffmpeg 3.1.1, as only this version properly supports the public AVStream API 'codecpar'. It also contains the version update to 56.0.2924.76 (bsc#1022049): - CVE-2017-5007: Universal XSS in Blink - CVE-2017-5006: Universal XSS in Blink - CVE-2017-5008: Universal XSS in Blink - CVE-2017-5010: Universal XSS in Blink - CVE-2017-5011: Unauthorised file access in Devtools - CVE-2017-5009: Out of bounds memory access in WebRTC - CVE-2017-5012: Heap overflow in V8 - CVE-2017-5013: Address spoofing in Omnibox - CVE-2017-5014: Heap overflow in Skia - CVE-2017-5015: Address spoofing in Omnibox - CVE-2017-5019: Use after free in Renderer - CVE-2017-5016: UI spoofing in Blink - CVE-2017-5017: Uninitialised memory access in webm video - CVE-2017-5018: Universal XSS in chrome://apps - CVE-2017-5020: Universal XSS in chrome://downloads - CVE-2017-5021: Use after free in Extensions - CVE-2017-5022: Bypass of Content Security Policy in Blink - CVE-2017-5023: Type confusion in metrics - CVE-2017-5024: Heap overflow in FFmpeg - CVE-2017-5025: Heap overflow in FFmpeg - CVE-2017-5026: UI spoofing. Credit to Ronni Skansing - Enable VAAPI hardware accelerated video decoding. - Chromium 55.0.2883.87: * various fixes for crashes and specific wesites * update Google pinned certificates Important SUSE bug 1022049 CVE-2017-5006 CVE-2017-5007 CVE-2017-5008 CVE-2017-5009 CVE-2017-5010 CVE-2017-5011 CVE-2017-5012 CVE-2017-5013 CVE-2017-5014 CVE-2017-5015 CVE-2017-5016 CVE-2017-5017 CVE-2017-5018 CVE-2017-5019 CVE-2017-5020 CVE-2017-5021 CVE-2017-5022 CVE-2017-5023 CVE-2017-5024 CVE-2017-5025 CVE-2017-5026 openSUSE Leap 42.2 This update for viewvc to version 1.1.26 fixes the following issues: - vievwc 1.1.26, including one security fix: * CVE-2017-5938 escape nav_data name to avoid XSS attack (boo#1024393) - vievwc 1.1.25: * fix _rev2optrev assertion on long input - license is BSD-2-Clause, package LICENSE text - Update viewvc.conf for Apache 2.4 syntax. - viewvc 1.1.24: * fix minor bug in human_readable boolean calculation * allow hr_funout option to apply to unidiff diffs, too * fix infinite loop in rcsparse * fix iso8601 timezone offset handling * add support for renamed roots * fix minor buglet in viewvc-install error message Moderate SUSE bug 1024393 CVE-2017-5938 openSUSE Leap 42.2 This update for opus fixes the following issues: - CVE-2017-0381: Fixed a remote code execution vulnerability in silk/NLSF_stabilize.c when playing certain media files (bsc#1020102) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1020102 CVE-2017-0381 openSUSE Leap 42.2 This update for java-1_7_0-openjdk fixes the following issues: - Oracle Critical Patch Update of January 2017 to OpenJDK 7u131 (bsc#1020905): * Security Fixes - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution - S8156804, CVE-2017-3241: Better constraint checking - S8158406: Limited Parameter Processing - S8158997: JNDI Protocols Switch - S8159507: RuntimeVisibleAnnotation validation - S8161218: Better bytecode loading - S8161743, CVE-2017-3252: Provide proper login context - S8162577: Standardize logging levels - S8162973: Better component components - S8164143, CVE-2017-3260: Improve components for menu items - S8164147, CVE-2017-3261: Improve streaming socket output - S8165071, CVE-2016-2183: Expand TLS support - S8165344, CVE-2017-3272: Update concurrency support - S8166988, CVE-2017-3253: Improve image processing performance - S8167104, CVE-2017-3289: Additional class construction refinements - S8167223, CVE-2016-5552: URL handling improvements - S8168705, CVE-2016-5547: Better ObjectIdentifier validation - S8168714, CVE-2016-5546: Tighten ECDSA validation - S8168728, CVE-2016-5548: DSA signing improvments - S8168724, CVE-2016-5549: ECDSA signing improvments - S6253144: Long narrowing conversion should describe the algorithm used and implied "risks" - S6328537: Improve javadocs for Socket class by adding references to SocketOptions - S6978886: javadoc shows stacktrace after print error resulting from disk full - S6995421: Eliminate the static dependency to sun.security.ec.ECKeyFactory - S6996372: synchronizing handshaking hash - S7027045: (doc) java/awt/Window.java has several typos in javadoc - S7054969: Null-check-in-finally pattern in java/security documentation - S7072353: JNDI libraries do not build with javac -Xlint:all -Werror - S7075563: Broken link in "javax.swing.SwingWorker" - S7077672: jdk8_tl nightly fail in step-2 build on 8/10/11 - S7088502: Security libraries don't build with javac -Werror - S7092447: Clarify the default locale used in each locale sensitive operation - S7093640: Enable client-side TLS 1.2 by default - S7103570: AtomicIntegerFieldUpdater does not work when SecurityManager is installed - S7117360: Warnings in java.util.concurrent.atomic package - S7117465: Warning cleanup for IMF classes - S7187144: JavaDoc for ScriptEngineFactory.getProgram() contains an error - S8000418: javadoc should used a standard "generated by javadoc" string - S8000666: javadoc should write directly to Writer instead of composing strings - S8000673: remove dead code from HtmlWriter and subtypes - S8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK - S8001669: javadoc internal DocletAbortException should set cause when appropriate - S8008949: javadoc stopped copying doc-files - S8011402: Move blacklisting certificate logic from hard code to data - S8011547: Update XML Signature implementation to Apache Santuario 1.5.4 - S8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo - S8016217: More javadoc warnings - S8017325: Cleanup of the javadoc <code> tag in java.security.cert - S8017326: Cleanup of the javadoc <code> tag in java.security.spec - S8019772: Fix doclint issues in javax.crypto and javax.security subpackages - S8020557: javadoc cleanup in javax.security - S8020688: Broken links in documentation at http://docs.oracle.com/javase/6/docs/api/index. - S8021108: Clean up doclint warnings and errors in java.text package - S8021417: Fix doclint issues in java.util.concurrent - S8021833: javadoc cleanup in java.net - S8022120: JCK test api/javax_xml/crypto/dsig/TransformService/index_ParamMethods fails - S8022175: Fix doclint warnings in javax.print - S8022406: Fix doclint issues in java.beans - S8022746: List of spelling errors in API doc - S8024779: [macosx] SwingNode crashes on exit - S8025085: [javadoc] some errors in javax/swing - S8025218: [javadoc] some errors in java/awt classes - S8025249: [javadoc] fix some javadoc errors in javax/swing/ - S8025409: Fix javadoc comments errors and warning reported by doclint report - S8026021: more fix of javadoc errors and warnings reported by doclint, see the description - S8037099: [macosx] Remove all references to GC from native OBJ-C code - S8038184: XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String - S8038349: Signing XML with DSA throws Exception when key is larger than 1024 bits - S8049244: XML Signature performance issue caused by unbuffered signature data - S8049432: New tests for TLS property jdk.tls.client.protocols - S8050893: (smartcardio) Invert reset argument in tests in sun/security/smartcardio - S8059212: Modify regression tests so that they do not just fail if no cardreader found - S8068279: (typo in the spec) javax.script.ScriptEngineFactory.getLanguageName - S8068491: Update the protocol for references of docs.oracle.com to HTTPS. - S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java needs to be updated for JDK-8061210 - S8076369: Introduce the jdk.tls.client.protocols system property for JDK 7u - S8139565: Restrict certificates with DSA keys less than 1024 bits - S8140422: Add mechanism to allow non default root CAs to be not subject to algorithm restrictions - S8140587: Atomic*FieldUpdaters should use Class.isInstance instead of direct class check - S8143959: Certificates requiring blacklisting - S8145984: [macosx] sun.lwawt.macosx.CAccessible leaks - S8148516: Improve the default strength of EC in JDK - S8149029: Secure validation of XML based digital signature always enabled when checking wrapping attacks - S8151893: Add security property to configure XML Signature secure validation mode - S8155760: Implement Serialization Filtering - S8156802: Better constraint checking - S8161228: URL objects with custom protocol handlers have port changed after deserializing - S8161571: Verifying ECDSA signatures permits trailing bytes - S8163304: jarsigner -verbose -verify should print the algorithms used to sign the jar - S8164908: ReflectionFactory support for IIOP and custom serialization - S8165230: RMIConnection addNotificationListeners failing with specific inputs - S8166393: disabledAlgorithms property should not be strictly parsed - S8166591: [macos 10.12] Trackpad scrolling of text on OS X 10.12 Sierra is very fast (Trackpad, Retina only) - S8166739: Improve extensibility of ObjectInputFilter information passed to the filter - S8166875: (tz) Support tzdata2016g - S8166878: Connection reset during TLS handshake - S8167356: Follow up fix for jdk8 backport of 8164143. Changes for CMenuComponent.m were missed - S8167459: Add debug output for indicating if a chosen ciphersuite was legacy - S8167472: Chrome interop regression with JDK-8148516 - S8167591: Add MD5 to signed JAR restrictions - S8168861: AnchorCertificates uses hardcoded password for cacerts keystore - S8168993: JDK8u121 L10n resource file update - S8169191: (tz) Support tzdata2016i - S8169688: Backout (remove) MD5 from jdk.jar.disabledAlgorithms for January CPU - S8169911: Enhanced tests for jarsigner -verbose -verify after JDK-8163304 - S8170131: Certificates not being blocked by jdk.tls.disabledAlgorithms property - S8170268: 8u121 L10n resource file update - msgdrop 20 - S8173622: Backport of 7180907 is incomplete - S8173849: Fix use of java.util.Base64 in test cases - S8173854: [TEST] Update DHEKeySizing test case following 8076328 & 8081760 - CVE-2017-3259 Vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. * Backports - S7102489, PR3316, RH1390708: RFE: cleanup jlong typedef on __APPLE__and _LLP64 systems. - S8000351, PR3316, RH1390708: Tenuring threshold should be unsigned - S8153711, PR3315, RH1284948: [REDO] GlobalRefs never deleted when processing invokeMethod command - S8170888, PR3316, RH1390708: [linux] support for cgroup memory limits in container (ie Docker) environments * Bug fixes - PR3318: Replace 'infinality' with 'improved font rendering' (--enable-improved-font-rendering) - PR3318: Fix compatibility with vanilla Fontconfig - PR3318: Fix glyph y advance - PR3318: Always round glyph advance in 26.6 space - PR3318: Simplify glyph advance handling - PR3324: Fix NSS_LIBDIR substitution in make_generic_profile.sh broken by PR1989 * AArch64 port - S8165673, PR3320: AArch64: Fix JNI floating point argument handling This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1020905 CVE-2016-2183 CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3259 CVE-2017-3260 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 openSUSE Leap 42.2 This update for firebird fixes the following issues: - security vulnerability fix for bypassing 'Restrict UDF' value of UdfAccess config directive (boo#1023990) Moderate SUSE bug 1023990 openSUSE Leap 42.2 This update for tiff fixes the following issues: - CVE-2017-5225: A crafted TIFF image could cause a crash and potential code execution when processed by the 'tiffcp' utility (bsc#1019611). Also a regression from the version update to 4.0.7 was fixed in handling TIFFTAG_FAXRECVPARAMS. (bsc#1022103) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1019611 SUSE bug 1022103 CVE-2017-5225 openSUSE Leap 42.2 mcabber was updated to 1.0.5 to fix the following issues: * Much better performances with huge rosters. * Fix an issue with carbons (CVE-2017-5589, boo#1024690). * Fix a small memory leak. * contrib/vim: Support reloading filetype detection. Moderate SUSE bug 1024690 CVE-2017-5589 openSUSE Leap 42.2 This update for profanity fixes the following issues: Changes in profanity: - CVE-2017-5592: The incorrect message carbons implementation that could allow user impersonification was fixed (boo#1024696) Moderate SUSE bug 1024696 CVE-2017-5592 openSUSE Leap 42.2 The openSUSE Leap 42.2 kernel was updated to 4.4.49 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5986: A userlevel triggerable BUG_ON on sctp_wait_for_sndbuf was fixed. (bsc#1025235) - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bnc#1024938). - CVE-2017-5897: A potential remote denial of service within the IPv6 GRE protocol was fixed. (bsc#1023762) - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to cause a denial of service (invalid free) or possibly have unspecified other impact via an application that makes an IPV6_RECVPKTINFO setsockopt system call. (bsc#1026024). The following non-security bugs were fixed: - btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls (bsc#1018100). - iwlwifi: Expose the default fallback ucode API to module info (boo#1021082, boo#1023884). - kabi: protect struct tcp_fastopen_cookie (kabi). - md: ensure md devices are freed before module is unloaded (bsc#1022304). - md: Fix a regression reported by bsc#1020048 in patches.fixes/0003-md-lockless-I-O-submission-for-RAID1.patch (bsc#982783,bsc#998106,bsc#1020048). - net: ethtool: Initialize buffer when querying device channel settings (bsc#969479 FATE#320634). - net: implement netif_cond_dbg macro (bsc#1019168). - sfc: reduce severity of PIO buffer alloc failures (bsc#1019168). - sfc: refactor debug-or-warnings printks (bsc#1019168). - xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056). - xfs: do not allow di_size with high bit set (bsc#1024234). - xfs: exclude never-released buffers from buftarg I/O accounting (bsc#1024508). - xfs: fix broken multi-fsb buffer logging (bsc#1024081). - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056). - xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888). - xfs: track and serialize in-flight async buffers against unmount (bsc#1024508). - xfs: track and serialize in-flight async buffers against unmount - kABI (bsc#1024508). Important SUSE bug 1012382 SUSE bug 1018100 SUSE bug 1019168 SUSE bug 1020048 SUSE bug 1021082 SUSE bug 1022181 SUSE bug 1022304 SUSE bug 1023762 SUSE bug 1023884 SUSE bug 1023888 SUSE bug 1024081 SUSE bug 1024234 SUSE bug 1024508 SUSE bug 1024938 SUSE bug 1025235 SUSE bug 1026024 SUSE bug 969479 SUSE bug 982783 SUSE bug 989056 SUSE bug 998106 CVE-2017-5897 CVE-2017-5970 CVE-2017-5986 CVE-2017-6074 openSUSE Leap 42.2 This update for libquicktime fixes the following issues: - CVE-2016-2399: A Integer overflow in the quicktime_read_pascal function in libquicktime allowed remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom [boo#1022805] Moderate SUSE bug 1022805 CVE-2016-2399 openSUSE Leap 42.2 This update for gd fixes the following security issues: - CVE-2016-6906: An out-of-bounds read in TGA decompression was fixed which could have lead to crashes. (bsc#1022553) - CVE-2016-6912: Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) allowed remote attackers to have unspecified impact via large width and height values. (bsc#1022284) - CVE-2016-9317: The gdImageCreate function in the GD Graphics Library (aka libgd) allowed remote attackers to cause a denial of service (system hang) via an oversized image. (bsc#1022283) - CVE-2016-10166: A potential unsigned underflow in gd interpolation functions could lead to memory corruption in the GD Graphics Library (aka libgd) (bsc#1022263) - CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to libgd running out of memory even on small files. (bsc#1022264) - CVE-2016-10168: A signed integer overflow in the GD Graphics Library (aka libgd) could lead to memory corruption (bsc#1022265) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1022263 SUSE bug 1022264 SUSE bug 1022265 SUSE bug 1022283 SUSE bug 1022284 SUSE bug 1022553 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6906 CVE-2016-6912 CVE-2016-9317 openSUSE Leap 42.2 This update for libXpm fixes the following issues: - A heap overflow in XPM handling could be used by attackers supplying XPM files to crash or potentially execute code. (bsc#1021315) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1021315 CVE-2016-10164 openSUSE Leap 42.2 This update for gd fixes the following issues: * CVE-2016-9933 possible stackoverflow on malicious truecolor images [bsc#1015187] This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1015187 CVE-2016-9933 openSUSE Leap 42.2 This updates syncthing to version 0.14.16 and fixes the following issues: The following security issue was fixed: - A remote device that was already accepted by syncthing could perform arbitrary reads and writes outside of the configured directories (boo#1016161) This update also contains a number of upstream improvements in the 0.14.14 version, including: - improved performance - UI improvements - prevention of data inconsistencies syncthing-gtk was updated to 0.9.2.3 to fix reading the configuration with non-ASCII locales. The new version is compatible with syncthing 0.14.x and includes various improvement and fixes. Moderate SUSE bug 1016161 openSUSE Leap 42.2 This update for ImageMagick fixes the following issues: - CVE-2016-10046: Prevent buffer overflow in draw.c caused by an incorrect length calculation (bsc#1017308) - CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped (bsc#1017310) - CVE-2016-10049: Corrupt RLE files could have overflowed a buffer due to a incorrect length calculation (bsc#1017311) - CVE-2016-10050: Corrupt RLE files could have overflowed a heap buffer due to a missing offset check (bsc#1017312) - CVE-2016-10051: Fixed use after free when reading PWP files (bsc#1017313) - CVE-2016-10052: Added bound check to exif parsing of JPEG files (bsc#1017314) - CVE-2016-10059: Unchecked calculation when reading TIFF files could have lead to a buffer overflow (bsc#1017318) - CVE-2016-10060: Improved error handling when writing files to not mask errors (bsc#1017319) - CVE-2016-10061: Improved error handling when writing files to not mask errors (bsc#1017319). - CVE-2016-10062: Improved error handling when writing files to not mask errors (bsc#1017319). - CVE-2016-10063: Check validity of extend during TIFF file reading (bsc#1017320) - CVE-2016-10064: Improved checks for buffer overflow when reading TIFF files (bsc#1017321) - CVE-2016-10065: Unchecked calculations when reading VIFF files could have lead to out of bound reads (bsc#1017322) - CVE-2016-10068: Prevent NULL pointer access when using the MSL interpreter (bsc#1017324) - CVE-2016-10069: Add check for invalid mat file (bsc#1017325). - CVE-2016-10070: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326) - CVE-2016-10071: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326) - CVE-2016-10144: Added a check after allocating memory when parsing IPL files (bsc#1020433) - CVE-2016-10145: Fixed of-by-one in string copy operation when parsing WPG files (bsc#1020435) - CVE-2016-10146: Captions and labels were handled incorrectly, causing a memory leak that could have lead to DoS (bsc#1020443) - CVE-2017-5506: Missing offset check leading to a double-free (bsc#1020436) - CVE-2017-5507: Fixed a memory leak when reading MPC files allowing for DoS (bsc#1020439) - CVE-2017-5508: Increase the amount of memory allocated for TIFF pixels to prevent a heap buffer-overflow (bsc#1020441) - CVE-2017-5510: Prevent out-of-bounds write when reading PSD files (bsc#1020446). - CVE-2017-5511: A missing cast when reading PSD files could have caused memory corruption by a heap overflow (bsc#1020448) This update removes the fix for CVE-2016-9773. ImageMagick-6 was not affected by CVE-2016-9773 and it caused a regression (at least in GraphicsMagick) (bsc#1017421). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1017308 SUSE bug 1017310 SUSE bug 1017311 SUSE bug 1017312 SUSE bug 1017313 SUSE bug 1017314 SUSE bug 1017318 SUSE bug 1017319 SUSE bug 1017320 SUSE bug 1017321 SUSE bug 1017322 SUSE bug 1017324 SUSE bug 1017325 SUSE bug 1017326 SUSE bug 1017421 SUSE bug 1020433 SUSE bug 1020435 SUSE bug 1020436 SUSE bug 1020439 SUSE bug 1020441 SUSE bug 1020443 SUSE bug 1020446 SUSE bug 1020448 CVE-2016-10046 CVE-2016-10048 CVE-2016-10049 CVE-2016-10050 CVE-2016-10051 CVE-2016-10052 CVE-2016-10059 CVE-2016-10060 CVE-2016-10061 CVE-2016-10062 CVE-2016-10063 CVE-2016-10064 CVE-2016-10065 CVE-2016-10068 CVE-2016-10069 CVE-2016-10070 CVE-2016-10071 CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2017-5506 CVE-2017-5507 CVE-2017-5508 CVE-2017-5510 CVE-2017-5511 openSUSE Leap 42.2 This update for php7 fixes the following security issues: - CVE-2016-7480: The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP did not verify that a key is an object, which allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. (bsc#1019568) - CVE-2017-5340: Zend/zend_hash.c in PHP mishandled certain cases that require large array allocations, which allowed remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. (bsc#1019570) - CVE-2016-7479: In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may have lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution. (bsc#1019547) - CVE-2016-7478: Zend/zend_exceptions.c in PHP allowed remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. (bsc#1019550) - CVE-2016-10159: Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. (bsc#1022255) - CVE-2016-10160: Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. (bsc#1022257) - CVE-2016-10161: The object_common1 function in ext/standard/var_unserializer.c in PHP allowed remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. (bsc#1022260) - CVE-2016-10162: The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7 allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. (bsc#1022262) - CVE-2016-10166: A potential unsigned underflow in gd interpolation functions could lead to memory corruption in the PHP gd module (bsc#1022263) - CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to php out of memory even on small files. (bsc#1022264) - CVE-2016-10168: A signed integer overflow in the gd module could lead to memory corruption (bsc#1022265) - CVE-2016-9138: PHP mishandled property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup. (bsc#1008026) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1008026 SUSE bug 1019547 SUSE bug 1019550 SUSE bug 1019568 SUSE bug 1019570 SUSE bug 1022219 SUSE bug 1022255 SUSE bug 1022257 SUSE bug 1022260 SUSE bug 1022262 SUSE bug 1022263 SUSE bug 1022264 SUSE bug 1022265 CVE-2016-10158 CVE-2016-10159 CVE-2016-10160 CVE-2016-10161 CVE-2016-10162 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-7478 CVE-2016-7479 CVE-2016-7480 CVE-2016-9138 CVE-2017-5340 openSUSE Leap 42.2 This update for util-linux fixes the following issues: This security issue was fixed: - CVE-2017-2616: In su with PAM support it was possible for local users to send SIGKILL to selected other processes with root privileges (bsc#1023041). This non-security issues were fixed: - lscpu: Implement WSL detection and work around crash (bsc#1019332) - fstrim: De-duplicate btrfs sub-volumes for "fstrim -a" and bind mounts (bsc#1020077) - Fix regressions in safe loop re-use patch set for libmount (bsc#1012504) - Disable ro checks for mtab (bsc#1012632) - Ensure that the option "users,exec,dev,suid" work as expected on NFS mounts (bsc#1008965) - Fix empty slave detection to prevent 100% CPU load in some cases (bsc#1020985) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1008965 SUSE bug 1012504 SUSE bug 1012632 SUSE bug 1019332 SUSE bug 1020077 SUSE bug 1020985 SUSE bug 1023041 CVE-2017-2616 openSUSE Leap 42.2 This update for php5 fixes the following issues: * CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] * CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] * CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1015187 SUSE bug 1015188 SUSE bug 1015189 CVE-2016-9933 CVE-2016-9934 CVE-2016-9935 openSUSE Leap 42.2 This update for munin fixes the following issues: - An attacker has been able to write arbitrary local files with the permissions of the web server, by using parameter injection (boo#1026539, CVE-2017-6188) - The MySQL plugin has been fixed to work correctly against MySQL 5.5 on Leap 42.1 Important SUSE bug 1026539 CVE-2017-6188 openSUSE Leap 42.2 This update for bind fixes the following issues: - Fixed a possible denial of service vulnerability (affected only configurations using both DNS64 and RPZ, CVE-2017-3135, bsc#1024130) This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1024130 CVE-2017-3135 openSUSE Leap 42.2 mysql-community-server was updated to version 5.6.35 to fix bugs and security issues: * Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-35.html * Fixed CVEs: CVE-2016-8318 [boo#1020872], CVE-2017-3312 [boo#1020873], CVE-2017-3258 [boo#1020875], CVE-2017-3273 [boo#1020876], CVE-2017-3244 [boo#1020877], CVE-2017-3257 [boo#1020878], CVE-2017-3238 [boo#1020882], CVE-2017-3291 [boo#1020884], CVE-2017-3265 [boo#1020885], CVE-2017-3313 [boo#1020890], CVE-2016-8327 [boo#1020893], CVE-2017-3317 [boo#1020894], CVE-2017-3318 [boo#1020896] Important SUSE bug 1020872 SUSE bug 1020873 SUSE bug 1020875 SUSE bug 1020876 SUSE bug 1020877 SUSE bug 1020878 SUSE bug 1020882 SUSE bug 1020884 SUSE bug 1020885 SUSE bug 1020890 SUSE bug 1020893 SUSE bug 1020894 SUSE bug 1020896 CVE-2016-8318 CVE-2016-8327 CVE-2017-3238 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3273 CVE-2017-3291 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 openSUSE Leap 42.2 This update for potrace to version 1.14 fixes the following issues: Security issues fixed: - CVE-2016-8685, CVE-2016-8686: Bugs triggered by malformed BMP files have been fixed (boo#1005026). Bugfixes: - Error reporting has been improved. - The image size is now truncated when the bitmap data ends prematurely. - It is now possible to use negative dy in bitmap data. Moderate SUSE bug 1005026 CVE-2016-8685 CVE-2016-8686 openSUSE Leap 42.2 This update for cacti fixes the following vulnerabilities: - CVE-2014-4000: PHP Object Injection Vulnerabilities (boo#1022564) It also updates cacti to version 1.0.4 to include the latest upstream bugfixes and improvements. Low SUSE bug 1022564 CVE-2014-4000 openSUSE Leap 42.2 This update for Wireshark fixes minor vulnerabilities that could be used to trigger a dissector crash or infinite loops by sending specially crafted packages over the network or into a capture file: - CVE-2017-6467: NetScaler file parser infinite loop (wnpa-sec-2017-11) - CVE-2017-6468: NetScaler file parser crash (wnpa-sec-2017-08) - CVE-2017-6469: LDSS dissector crash (wnpa-sec-2017-03) - CVE-2017-6470: IAX2 dissector infinite loop (wnpa-sec-2017-10) - CVE-2017-6471: WSP dissector infinite loop (wnpa-sec-2017-05) - CVE-2017-6472: RTMTP dissector infinite loop (wnpa-sec-2017-04) - CVE-2017-6473: K12 file parser crash (wnpa-sec-2017-09) - CVE-2017-6474: NetScaler file parser infinite loop (wnpa-sec-2017-07) - wnpa-sec-2017-06: STANAG 4607 file parser infinite loop Low SUSE bug 1027998 CVE-2017-6467 CVE-2017-6468 CVE-2017-6469 CVE-2017-6470 CVE-2017-6471 CVE-2017-6472 CVE-2017-6473 CVE-2017-6474 openSUSE Leap 42.2 This update for perl-Image-Info fixes the following issues: - update to version 1.39 to fix a potential security issue. A crafted SVG file could have caused information disclosure or denial of service by using external entitity expansion (XXE). This is a potentially incompatible change; however usually SVG files do not rely on XXE. (boo#1008647, CVE-2016-9181) Moderate SUSE bug 1008647 CVE-2016-9181 openSUSE Leap 42.2 This update for bitlbee fixes the following security issues: - A file transfer request from a contact not in the contact list could have resulted in a null pointer dereference, causing remote DoS by malicious remote clients (CVE-2016-10189, bnc#1022498). Moderate SUSE bug 1022498 CVE-2016-10189 openSUSE Leap 42.2 This update for xen fixes several issues. These security issues were fixed: - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024834). - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004). - A malicious guest could have, by frequently rebooting over extended periods of time, run the host system out of memory, resulting in a Denial of Service (DoS) (bsc#1022871) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169 These non-security issues were fixed: - bsc#1000195: Prevent panic on CPU0 while booting on SLES 11 SP3 - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd - bsc#1005028: Fixed building Xen RPMs from Sources This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1000195 SUSE bug 1002496 SUSE bug 1005028 SUSE bug 1012651 SUSE bug 1014298 SUSE bug 1014300 SUSE bug 1015169 SUSE bug 1016340 SUSE bug 1022871 SUSE bug 1023004 SUSE bug 1024834 CVE-2016-9921 CVE-2016-9922 CVE-2017-2615 CVE-2017-2620 openSUSE Leap 42.2 This update for lynx fixes the following issues: - CVE-2016-9179: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host. (bsc#1008642) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1008642 CVE-2016-9179 openSUSE Leap 42.2 This update for pax-utils fixes the following issues: - bsc#1026959: out of bounds read in scanelf could have unspecified impact pax-utils was updated to 1.2.2, fixing missing miscellaneous fd and memory leak issues. Moderate SUSE bug 1026959 openSUSE Leap 42.2 This update for kdelibs4, kio fixes the following issues: - CVE-2017-6410: Information Leak when accessing https when using a malicious PAC file (boo#1027520) Moderate SUSE bug 1027520 CVE-2017-6410 openSUSE Leap 42.2 This update for MozillaFirefox and mozilla-nss fixes the following issues: MozillaFirefox was updated to Firefox 52.0 (boo#1028391) * requires NSS >= 3.28.3 * Pages containing insecure password fields now display a warning directly within username and password fields. * Send and open a tab from one device to another with Sync * Removed NPAPI support for plugins other than Flash. Silverlight, Java, Acrobat and the like are no longer supported. * Removed Battery Status API to reduce fingerprinting of users by trackers * MFSA 2017-05 CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP (bmo#1334933) CVE-2017-5401: Memory Corruption when handling ErrorResult (bmo#1328861) CVE-2017-5402: Use-after-free working with events in FontFace objects (bmo#1334876) CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object (bmo#1340186) CVE-2017-5404: Use-after-free working with ranges in selections (bmo#1340138) CVE-2017-5406: Segmentation fault in Skia with canvas operations (bmo#1306890) CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters (bmo#1336622) CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping (bmo#1330687) CVE-2017-5408: Cross-origin reading of video captions in violation of CORS (bmo#1313711) CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323) CVE-2017-5413: Segmentation fault during bidirectional operations (bmo#1337504) CVE-2017-5414: File picker can choose incorrect default directory (bmo#1319370) CVE-2017-5415: Addressbar spoofing through blob URL (bmo#1321719) CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121) CVE-2017-5417: Addressbar spoofing by draging and dropping URLs (bmo#791597) CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running (bmo#1257361) CVE-2017-5427: Non-existent chrome.manifest file loaded during startup (bmo#1295542) CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses (bmo#1338876) CVE-2017-5419: Repeated authentication prompts lead to DOS attack (bmo#1312243) CVE-2017-5420: Javascript: URLs can obfuscate addressbar location (bmo#1284395) CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports (bmo#1336699) CVE-2017-5421: Print preview spoofing (bmo#1301876) CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink (bmo#1295002) CVE-2017-5399: Memory safety bugs fixed in Firefox 52 CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 mozilla-nss was updated to NSS 3.28.3 * This is a patch release to fix binary compatibility issues. NSS version 3.28, 3.28.1 and 3.28.2 contained changes that were in violation with the NSS compatibility promise. ECParams, which is part of the public API of the freebl/softokn parts of NSS, had been changed to include an additional attribute. That size increase caused crashes or malfunctioning with applications that use that data structure directly, or indirectly through ECPublicKey, ECPrivateKey, NSSLOWKEYPublicKey, NSSLOWKEYPrivateKey, or potentially other data structures that reference ECParams. The change has been reverted to the original state in bug bmo#1334108. SECKEYECPublicKey had been extended with a new attribute, named "encoding". If an application passed type SECKEYECPublicKey to NSS (as part of SECKEYPublicKey), the NSS library read the uninitialized attribute. With this NSS release SECKEYECPublicKey.encoding is deprecated. NSS no longer reads the attribute, and will always set it to ECPoint_Undefined. See bug bmo#1340103. - requires NSPR >= 4.13.1 - update to NSS 3.28.2 This is a stability and compatibility release. Below is a summary of the changes. * Fixed a NSS 3.28 regression in the signature scheme flexibility that causes connectivity issues between iOS 8 clients and NSS servers with ECDSA certificates (bmo#1334114) * Fixed a possible crash on some Windows systems (bmo#1323150) * Fixed a compatibility issue with TLS clients that do not provide a list of supported key exchange groups (bmo#1330612) Important SUSE bug 1028391 CVE-2017-5398 CVE-2017-5399 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5403 CVE-2017-5404 CVE-2017-5405 CVE-2017-5406 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410 CVE-2017-5412 CVE-2017-5413 CVE-2017-5414 CVE-2017-5415 CVE-2017-5416 CVE-2017-5417 CVE-2017-5418 CVE-2017-5419 CVE-2017-5420 CVE-2017-5421 CVE-2017-5422 CVE-2017-5426 CVE-2017-5427 openSUSE Leap 42.2 This update to Mozilla Thunderbird 45.8.0 fixes security issues and bugs. The following security issues from advisory MFSA 2017-07 were fixed. (boo#1028391) In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts: - CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP - CVE-2017-5401: Memory Corruption when handling ErrorResult - CVE-2017-5402: Use-after-free working with events in FontFace objects (bmo#1334876) - CVE-2017-5404: Use-after-free working with ranges in selections - CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters - CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping - CVE-2017-5408: Cross-origin reading of video captions in violation of CORS - CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports (bmo#1336699) - CVE-2017-5398: Memory safety bugs fixed in Thunderbird 45.8 The following non-security issues were fixed: - crash when viewing certain IMAP messages Moderate SUSE bug 1028391 CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410 openSUSE Leap 42.2 This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow flaw allowing a privileged user to crash the Qemu process on the host resulting in DoS (bsc#1023907). - CVE-2017-5857: The Virtio GPU Device emulator support was vulnerable to a host memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1023073). - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024972) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1023053) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-10029: The Virtio GPU Device emulator support was vulnerable to an OOB read issue allowing a guest user to crash the Qemu process instance resulting in Dos (bsc#1017081). - CVE-2016-10028: The Virtio GPU Device emulator support was vulnerable to an out of bounds memory access issue allowing a guest user to crash the Qemu process instance on a host, resulting in DoS (bsc#1017084). - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021129) - CVE-2017-5552: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1021195). - CVE-2017-5578: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1021481). - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020589). - CVE-2017-5525: The ac97 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020491). - CVE-2017-5667: The SDHCI device emulation support was vulnerable to an OOB heap access issue allowing a privileged user inside the guest to crash the Qemu process resulting in DoS or potentially execute arbitrary code with privileges of the Qemu process on the host (bsc#1022541). - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow allowing a privileged user inside the guest to crash the Qemu process resulting in DoS (bnc#1023907) These non-security issues were fixed: - Fix name of s390x specific sysctl configuration file to end with .conf (bsc#1026583) - XHCI fixes (bsc#977027) - Fixed rare race during s390x guest reboot - Fixed various inaccuracies in cirrus vga device emulation - Fixed cause of infrequent migration failures from bad virtio device state (bsc#1020928) - Fixed graphical update errors introduced by previous security fix (bsc#1016779) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1014702 SUSE bug 1015169 SUSE bug 1016779 SUSE bug 1017081 SUSE bug 1017084 SUSE bug 1020491 SUSE bug 1020589 SUSE bug 1020928 SUSE bug 1021129 SUSE bug 1021195 SUSE bug 1021481 SUSE bug 1022541 SUSE bug 1023004 SUSE bug 1023053 SUSE bug 1023073 SUSE bug 1023907 SUSE bug 1024972 SUSE bug 1026583 SUSE bug 977027 CVE-2016-10028 CVE-2016-10029 CVE-2016-10155 CVE-2016-9921 CVE-2016-9922 CVE-2017-2615 CVE-2017-2620 CVE-2017-5525 CVE-2017-5526 CVE-2017-5552 CVE-2017-5578 CVE-2017-5667 CVE-2017-5856 CVE-2017-5857 CVE-2017-5898 openSUSE Leap 42.2 This update to irssi 1.0.2 fixes security issues and bugs. The following vulnerabilities were fixed: boo#1029020: Use after free while producing list of netjoins The following non-security changes are included: - Fix in command arg parser to detect missing arguments in tail place - Fix regression that broke incoming DCC file transfers - Fix issue with escaping \ in evaluated strings - improve UTF8 support in GRegex Moderate SUSE bug 1029020 openSUSE Leap 42.2 Chromium was updated to 57.0.2987.98 to fix security issues and bugs. The following vulnerabilities were fixed (bsc#1028848): - CVE-2017-5030: Memory corruption in V8 - CVE-2017-5031: Use after free in ANGLE - CVE-2017-5032: Out of bounds write in PDFium - CVE-2017-5029: Integer overflow in libxslt - CVE-2017-5034: Use after free in PDFium - CVE-2017-5035: Incorrect security UI in Omnibox - CVE-2017-5036: Use after free in PDFium - CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer - CVE-2017-5039: Use after free in PDFium - CVE-2017-5040: Information disclosure in V8 - CVE-2017-5041: Address spoofing in Omnibox - CVE-2017-5033: Bypass of Content Security Policy in Blink - CVE-2017-5042: Incorrect handling of cookies in Cast - CVE-2017-5038: Use after free in GuestView - CVE-2017-5043: Use after free in GuestView - CVE-2017-5044: Heap overflow in Skia - CVE-2017-5045: Information disclosure in XSS Auditor - CVE-2017-5046: Information disclosure in Blink The following non-security changes are included: - Address broken rendering on non-intel cards Important SUSE bug 1028848 CVE-2017-5029 CVE-2017-5030 CVE-2017-5031 CVE-2017-5032 CVE-2017-5033 CVE-2017-5034 CVE-2017-5035 CVE-2017-5036 CVE-2017-5037 CVE-2017-5038 CVE-2017-5039 CVE-2017-5040 CVE-2017-5041 CVE-2017-5042 CVE-2017-5043 CVE-2017-5044 CVE-2017-5045 CVE-2017-5046 openSUSE Leap 42.2 This update to putty 0.68 fixes the following security issue: - CVE-2017-6542: If SSH agent forwarding is enabled, local attackers that are also able to connect to the UNIX domain socket could have overwritten heap data (boo#1029256) Moderate SUSE bug 1029256 CVE-2017-6542 openSUSE Leap 42.2 This update to roundcubemail 1.1.8 fixes security issues and bugs. The following vulnerability was fixed: - CVE-2017-6820: XSS issue in handling of a style tag inside of an svg element (boo#1029035) The following bugs were fixed: * bug where mail content frame couldn't be reset in some corner cases * regression where groups with email address were resolved to its members' addresses * group/addressbook selection is retained on page refresh * signature couldn't be added above the quote in Firefox 51 * microseconds macro (u) in log_date_format works Moderate SUSE bug 1029035 CVE-2017-6820 openSUSE Leap 42.2 Mozilla Firefox was updated to 52.0.1 to fix one security issue: - CVE-2017-5428: integer overflow in createImageBitmap() (boo#1029822, MFSA 2017-08) Important SUSE bug 1029822 CVE-2017-5428 openSUSE Leap 42.2 This update to mbedtls 1.3.19 fixes security issues and bugs. The following vulnerability was fixed: CVE-2017-2784: A remote user could have used a specially crafted certificate to cause mbedtls to free a buffer allocated on the stack when verifying the validity of public key with a secp224k1 curve, which could have allowed remote code execution on some platforms (boo#1029017) The following non-security changes are included: - Add checks to prevent signature forgeries for very large messages while using RSA through the PK module in 64-bit systems. - Fixed potential livelock during the parsing of a CRL in PEM format Important SUSE bug 1029017 CVE-2017-2784 openSUSE Leap 42.2 This update for mxml fixes the following issues: - CVE-2016-4570: Specially crafted XML files could have caused stack exhaustation (bsc#979205) - CVE-2016-4571: Specially crafted XML files could have caused stack exhaustation (bsc#979206) Moderate SUSE bug 979205 SUSE bug 979206 CVE-2016-4570 CVE-2016-4571 openSUSE Leap 42.2 This update to qbittorrent 3.3.11 fixes the security issues and bugs. The following vulnerabilities were fixed: - CVE-2017-6504: WebUI did not set the X-Frame-Options header (bsc#1028073) - CVE-2017-6503: WebUI did not escape many values, allowing for XSS (bsc#1028072) Moderate SUSE bug 1028072 SUSE bug 1028073 CVE-2017-6503 CVE-2017-6504 openSUSE Leap 42.2 This update to xtrabackup 2.3.7 fixes one security issue and bugs. The following security issue was fixed: - innobackupex and xtrabackup scripts were showing the password in the ps output when it was passed as a command line argument (boo#1026729) The following functionality was added: - new --remove-original option for removing the original encrypted and compressed files - now supports -H, -h, -u and -p shortcuts for --hostname, --datadir, --user and --password respectively The following bugs were fixed: - Pick up username from user's configuration file correctly - Incremental backups did not include xtrabackup_binlog_info and xtrabackup_galera_info files - --move-back option did not always restore out-of-datadir tablespaces to their original directories - Incremental backup would fail with a path like ~/backup/inc_1 Moderate SUSE bug 1026729 openSUSE Leap 42.2 This update for dbus-1 fixes the following issues: Security issues fixed: - Symlink attack in nonce-tcp transport. (bsc#1025950) - Symlink attack in unit tests. (bsc#1025951) Bugfixes: - Remove sysvinit script, not used under systemd. (bsc#974092) This update was imported from the SUSE:SLE-12:Update update project. Low SUSE bug 1025950 SUSE bug 1025951 SUSE bug 974092 openSUSE Leap 42.2 This update for open-vm-tools to 10.1.0 stable brings features, fixes bugs and security issues: - New vmware-namespace-cmd command line utility - GTK3 support - Common Agent Framework (CAF) - Guest authentication with xmlsec1 - Sub-command to push updated network information to the host on demand - Fix for quiesced snapshot failure leaving guest file system quiesced (bsc#1006796) - Fix for CVE-2015-5191 (bsc#1007600) - Report SLES for SAP 12 guest OS as SLES 12 (bsc#1013496) - Add udev rule to increase VMware virtual disk timeout values (bsc#994598) - Fix vmtoolsd init script to run vmtoolsd in background (bsc#971031) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1006796 SUSE bug 1007600 SUSE bug 1011057 SUSE bug 1013496 SUSE bug 1024200 SUSE bug 971031 SUSE bug 994598 CVE-2015-5191 openSUSE Leap 42.2 This update for gegl fixes the following issues: Security issue fixed: - Fix CVE-2012-4433: Fix buffer overflow in and add plausibility checks to ppm-load op (bsc#789835). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 789835 CVE-2012-4433 openSUSE Leap 42.2 This update for partclone fixes the following minor security issue: - CVE-2017-6596: A malicious user could have exploited a heap-based buffer overflow vulnerability by supplying a specially crafted image to cause a denial of service (boo#1028904) The following non-security changes are included: - Support for fuse Low SUSE bug 1028904 CVE-2017-6596 openSUSE Leap 42.2 This update for tcpreplay fixes the following issues: - CVE-2017-6429: Buffer overflow in Tcpcapinfo utility triggered by a too large packet (boo#1028234) Low SUSE bug 1028234 CVE-2017-6429 openSUSE Leap 42.2 This update for gstreamer-0_10-plugins-good fixes the following issues: Security issues fixed: - CVE-2016-9634, CVE-2016-9635: add some bounds checking (boo#1012102 boo#1012103). - CVE-2016-9636: fix casting for some comparisons (boo#1012104). - CVE-2016-9807, CVE-2016-9808: rewrite logic using GsgtByteReader/Writer (boo#1013653 boo#1013655). - CVE-2016-9810: don't unref() parent in the chain function (boo#1013663). Moderate SUSE bug 1012102 SUSE bug 1012103 SUSE bug 1012104 SUSE bug 1013653 SUSE bug 1013655 SUSE bug 1013663 CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9810 openSUSE Leap 42.2 This update for php5 fixes the following issues: Security issue fixed: - CVE-2015-8994: code permission/sensitive data protection vulnerability (bsc#1027210). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1027210 CVE-2015-8994 openSUSE Leap 42.2 This update for pidgin fixes the following issues: Feature update: - Update to GNOME 3.20.2 (fate#318572). Security issues fixed: - CVE-2017-2640: Fix an out of bounds memory read in purple_markup_unescape_entity. (boo#1028835) Bugfixes - Correctly remove *.so files for plugins (fixes devel-file-in-non-devel-package). - Remove generation of a plugin list to package, simply add it all in %files with exclusions. - Fix SASL EXTERNAL fingerprint authentication (boo#1009974). Moderate SUSE bug 1009974 SUSE bug 1028835 CVE-2017-2640 openSUSE Leap 42.2 This update for GraphicsMagick fixes the following issues: Security issue fixed: - CVE-2017-6335: Fixed heap out of bounds write issue (boo#1027255). Moderate SUSE bug 1027255 CVE-2017-6335 openSUSE Leap 42.2 This update for wget fixes the following issues: Security issue fixed: - CVE-2017-6508: (url_parse): Reject control characters in host part of URL (bsc#1028301). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1028301 CVE-2017-6508 openSUSE Leap 42.2 This update for virglrenderer fixes the following issues: Security issues fixed: - CVE-2017-6386: memory leakage while in vrend_create_vertex_elements_state (bsc#1027376) - CVE-2017-6355: integer overflow while creating shader object (bsc#1027108) - CVE-2017-6317: fix memory leak in add shader program (bsc#1026922) - CVE-2017-6210: null pointer dereference in vrend_decode_reset (bsc#1026725) - CVE-2017-6209: stack buffer oveflow in parse_identifier (bsc#1026723) - CVE-2017-5994: out-of-bounds access in vrend_create_vertex_elements_state (bsc#1025507) - CVE-2017-5993: host memory leakage when initialising blitter context (bsc#1025505) - CVE-2017-5957: stack overflow in vrend_decode_set_framebuffer_state (bsc#1024993) - CVE-2017-5956: OOB access while in vrend_draw_vbo (bsc#1024992) - CVE-2017-5937: null pointer dereference in vrend_clear (bsc#1024232) - CVE-2017-5580: OOB access while parsing texture instruction (bsc#1021627) - CVE-2016-10214: host memory leak issue in virgl_resource_attach_backing (bsc#1024244) - CVE-2016-10163: host memory leakage when creating decode context (bsc#1021616) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1021616 SUSE bug 1021627 SUSE bug 1024232 SUSE bug 1024244 SUSE bug 1024992 SUSE bug 1024993 SUSE bug 1025505 SUSE bug 1025507 SUSE bug 1026723 SUSE bug 1026725 SUSE bug 1026922 SUSE bug 1027108 SUSE bug 1027376 CVE-2016-10163 CVE-2016-10214 CVE-2017-5580 CVE-2017-5937 CVE-2017-5956 CVE-2017-5957 CVE-2017-5993 CVE-2017-5994 CVE-2017-6209 CVE-2017-6210 CVE-2017-6317 CVE-2017-6355 CVE-2017-6386 openSUSE Leap 42.2 This update for apache2 fixes the following security issues: Security issues fixed: - CVE-2016-0736: Protect mod_session_crypto data with a MAC to prevent padding oracle attacks (bsc#1016712). - CVE-2016-2161: Malicious input to mod_auth_digest could have caused the server to crash, resulting in DoS (bsc#1016714). - CVE-2016-8743: Added new directive "HttpProtocolOptions Strict" to avoid proxy chain misinterpretation (bsc#1016715). Bugfixes: - Add missing copy of hcuri and hcexpr from the worker to the health check worker (bsc#1019380). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1016712 SUSE bug 1016714 SUSE bug 1016715 SUSE bug 1019380 CVE-2016-0736 CVE-2016-2161 CVE-2016-8743 openSUSE Leap 42.2 The openSUSE Leap 42.2 kernel was updated to 4.4.56 fix various security issues and bugs. The following security bugs were fixed: - CVE-2017-7184: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size data after an XFRM_MSG_NEWAE update, which allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52 (bnc#1030573). - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bnc#1027565). - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190). - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189). - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1025235). - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722). - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enables scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697). - CVE-2017-6347: The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel has incorrect expectations about skb data layout, which allowed local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission (bnc#1027179). - CVE-2016-9191: The cgroup offline implementation in the Linux kernel mishandled certain drain operations, which allowed local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity (bnc#1008842). - CVE-2017-2596: The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel improperly emulates the VMXON instruction, which allowed KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references (bnc#1022785). The following non-security bugs were fixed: - ACPI: Do not create a platform_device for IOAPIC/IOxAPIC (bsc#1028819). - ACPI, ioapic: Clear on-stack resource before using it (bsc#1028819). - ACPI: Remove platform devices from a bus on removal (bsc#1028819). - add mainline tag to one hyperv patch - bnx2x: allow adding VLANs while interface is down (bsc#1027273). - btrfs: backref: Fix soft lockup in __merge_refs function (bsc#1017641). - btrfs: incremental send, do not delay rename when parent inode is new (bsc#1028325). - btrfs: incremental send, do not issue invalid rmdir operations (bsc#1028325). - btrfs: qgroup: Move half of the qgroup accounting time out of commit trans (bsc#1017461). - btrfs: send, fix failure to rename top level inode due to name collision (bsc#1028325). - btrfs: serialize subvolume mounts with potentially mismatching rw flags (bsc#951844 bsc#1024015) - crypto: algif_hash - avoid zero-sized array (bnc#1007962). - cxgb4vf: do not offload Rx checksums for IPv6 fragments (bsc#1026692). - drivers: hv: vmbus: Prevent sending data on a rescinded channel (fate#320485, bug#1028217). - drm/i915: Add intel_uncore_suspend / resume functions (bsc#1011913). - drm/i915: Listen for PMIC bus access notifications (bsc#1011913). - drm/mgag200: Added support for the new device G200eH3 (bsc#1007959, fate#322780) - ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986). - Fix kABI breakage of dccp in 4.4.56 (stable-4.4.56). - futex: Add missing error handling to FUTEX_REQUEUE_PI (bsc#969755). - futex: Fix potential use-after-free in FUTEX_REQUEUE_PI (bsc#969755). - i2c: designware-baytrail: Acquire P-Unit access on bus acquire (bsc#1011913). - i2c: designware-baytrail: Call pmic_bus_access_notifier_chain (bsc#1011913). - i2c: designware-baytrail: Fix race when resetting the semaphore (bsc#1011913). - i2c: designware-baytrail: Only check iosf_mbi_available() for shared hosts (bsc#1011913). - i2c: designware: Disable pm for PMIC i2c-bus even if there is no _SEM method (bsc#1011913). - i2c-designware: increase timeout (bsc#1011913). - i2c: designware: Never suspend i2c-busses used for accessing the system PMIC (bsc#1011913). - i2c: designware: Rename accessor_flags to flags (bsc#1011913). - kABI: protect struct iscsi_conn (kabi). - kABI: protect struct se_node_acl (kabi). - kABI: restore can_rx_register parameters (kabi). - kgr/module: make a taint flag module-specific (fate#313296). - kgr: remove all arch-specific kgraft header files (fate#313296). - l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415). - l2tp: fix lookup for sockets not bound to a device in l2tp_ip (bsc#1028415). - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind() (bsc#1028415). - l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv() (bsc#1028415). - l2tp: lock socket before checking flags in connect() (bsc#1028415). - md/raid1: add rcu protection to rdev in fix_read_error (References: bsc#998106,bsc#1020048,bsc#982783). - md/raid1: fix a use-after-free bug (bsc#998106,bsc#1020048,bsc#982783). - md/raid1: handle flush request correctly (bsc#998106,bsc#1020048,bsc#982783). - md/raid1: Refactor raid1_make_request (bsc#998106,bsc#1020048,bsc#982783). - mm: fix set pageblock migratetype in deferred struct page init (bnc#1027195). - mm/page_alloc: Remove useless parameter of __free_pages_boot_core (bnc#1027195). - module: move add_taint_module() to a header file (fate#313296). - net/ena: change condition for host attribute configuration (bsc#1026509). - net/ena: change driver's default timeouts (bsc#1026509). - net: ena: change the return type of ena_set_push_mode() to be void (bsc#1026509). - net: ena: Fix error return code in ena_device_init() (bsc#1026509). - net/ena: fix ethtool RSS flow configuration (bsc#1026509). - net/ena: fix NULL dereference when removing the driver after device reset failed (bsc#1026509). - net/ena: fix potential access to freed memory during device reset (bsc#1026509). - net/ena: fix queues number calculation (bsc#1026509). - net/ena: fix RSS default hash configuration (bsc#1026509). - net/ena: reduce the severity of ena printouts (bsc#1026509). - net/ena: refactor ena_get_stats64 to be atomic context safe (bsc#1026509). - net/ena: remove ntuple filter support from device feature list (bsc#1026509). - net: ena: remove superfluous check in ena_remove() (bsc#1026509). - net: ena: Remove unnecessary pci_set_drvdata() (bsc#1026509). - net/ena: update driver version to 1.1.2 (bsc#1026509). - net/ena: use READ_ONCE to access completion descriptors (bsc#1026509). - net: ena: use setup_timer() and mod_timer() (bsc#1026509). - net/mlx4_core: Avoid command timeouts during VF driver device shutdown (bsc#1028017). - net/mlx4_core: Avoid delays during VF driver device shutdown (bsc#1028017). - net/mlx4_core: Fix racy CQ (Completion Queue) free (bsc#1028017). - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to VGT transitions (bsc#1028017). - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs (bsc#1028017). - net/mlx4_en: Fix bad WQE issue (bsc#1028017). - NFS: do not try to cross a mountpount when there isn't one there (bsc#1028041). - nvme: Do not suspend admin queue that wasn't created (bsc#1026505). - nvme: Suspend all queues before deletion (bsc#1026505). - PCI: hv: Fix wslot_to_devfn() to fix warnings on device removal (fate#320485, bug#1028217). - PCI: hv: Use device serial number as PCI domain (fate#320485, bug#1028217). - powerpc: Blacklist GCC 5.4 6.1 and 6.2 (boo#1028895). - RAID1: a new I/O barrier implementation to remove resync window (bsc#998106,bsc#1020048,bsc#982783). - RAID1: avoid unnecessary spin locks in I/O barrier code (bsc#998106,bsc#1020048,bsc#982783). - Revert "give up on gcc ilog2() constant optimizations" (kabi). - Revert "net: introduce device min_header_len" (kabi). - Revert "net/mlx4_en: Avoid unregister_netdev at shutdown flow" (bsc#1028017). - Revert "nfit, libnvdimm: fix interleave set cookie calculation" (kabi). - Revert "RDMA/core: Fix incorrect structure packing for booleans" (kabi). - Revert "target: Fix NULL dereference during LUN lookup + active I/O shutdown" (kabi). - rtlwifi: rtl_usb: Fix missing entry in USB driver's private data (bsc#1026462). - s390/kmsg: add missing kmsg descriptions (bnc#1025683, LTC#151573). - s390/mm: fix zone calculation in arch_add_memory() (bnc#1025683, LTC#152318). - sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting (bsc#1018419). - scsi_dh_alua: Do not modify the interval value for retries (bsc#1012910). - scsi: do not print 'reservation conflict' for TEST UNIT READY (bsc#1027054). - softirq: Let ksoftirqd do its job (bsc#1019618). - supported.conf: Add tcp_westwood as supported module (fate#322432) - taint/module: Clean up global and module taint flags handling (fate#313296). - Update mainline reference in patches.drivers/drm-ast-Fix-memleaks-in-error-path-in-ast_fb_create.patch See (bsc#1028158) for the context in which this was discovered upstream. - x86/apic/uv: Silence a shift wrapping warning (bsc#1023866). - x86/mce: Do not print MCEs when mcelog is active (bsc#1013994). - x86, mm: fix gup_pte_range() vs DAX mappings (bsc#1026405). - x86/mm/gup: Simplify get_user_pages() PTE bit handling (bsc#1026405). - x86/platform/intel/iosf_mbi: Add a mutex for P-Unit access (bsc#1011913). - x86/platform/intel/iosf_mbi: Add a PMIC bus access notifier (bsc#1011913). - x86/platform: Remove warning message for duplicate NMI handlers (bsc#1029220). - x86/platform/UV: Add basic CPU NMI health check (bsc#1023866). - x86/platform/UV: Add Support for UV4 Hubless NMIs (bsc#1023866). - x86/platform/UV: Add Support for UV4 Hubless systems (bsc#1023866). - x86/platform/UV: Clean up the NMI code to match current coding style (bsc#1023866). - x86/platform/UV: Clean up the UV APIC code (bsc#1023866). - x86/platform/UV: Ensure uv_system_init is called when necessary (bsc#1023866). - x86/platform/UV: Fix 2 socket config problem (bsc#1023866). - x86/platform/UV: Fix panic with missing UVsystab support (bsc#1023866). - x86/platform/UV: Initialize PCH GPP_D_0 NMI Pin to be NMI source (bsc#1023866). - x86/platform/UV: Verify NMI action is valid, default is standard (bsc#1023866). - xen-blkfront: correct maximum segment accounting (bsc#1018263). - xen-blkfront: do not call talk_to_blkback when already connected to blkback. - xen/blkfront: Fix crash if backend does not follow the right states. - xen-blkfront: free resources if xlvbd_alloc_gendisk fails. - xen/netback: set default upper limit of tx/rx queues to 8 (bnc#1019163). - xen/netfront: set default upper limit of tx/rx queues to 8 (bnc#1019163). - xfs: do not take the IOLOCK exclusive for direct I/O page invalidation (bsc#1015609). Important SUSE bug 1007959 SUSE bug 1007962 SUSE bug 1008842 SUSE bug 1011913 SUSE bug 1012910 SUSE bug 1013994 SUSE bug 1015609 SUSE bug 1017461 SUSE bug 1017641 SUSE bug 1018263 SUSE bug 1018419 SUSE bug 1019163 SUSE bug 1019618 SUSE bug 1020048 SUSE bug 1022785 SUSE bug 1023866 SUSE bug 1024015 SUSE bug 1025235 SUSE bug 1025683 SUSE bug 1026405 SUSE bug 1026462 SUSE bug 1026505 SUSE bug 1026509 SUSE bug 1026692 SUSE bug 1026722 SUSE bug 1027054 SUSE bug 1027066 SUSE bug 1027179 SUSE bug 1027189 SUSE bug 1027190 SUSE bug 1027195 SUSE bug 1027273 SUSE bug 1027565 SUSE bug 1027575 SUSE bug 1028017 SUSE bug 1028041 SUSE bug 1028158 SUSE bug 1028217 SUSE bug 1028325 SUSE bug 1028372 SUSE bug 1028415 SUSE bug 1028819 SUSE bug 1028895 SUSE bug 1029220 SUSE bug 1029986 SUSE bug 1030573 SUSE bug 1030575 SUSE bug 951844 SUSE bug 968697 SUSE bug 969755 SUSE bug 982783 SUSE bug 998106 CVE-2016-10200 CVE-2016-2117 CVE-2016-9191 CVE-2017-2596 CVE-2017-2636 CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6347 CVE-2017-6353 CVE-2017-7184 openSUSE Leap 42.2 This update to Chromium 57.0.2987.133 fixes the following issues (boo#1031677): - CVE-2017-5055: Use after free in printing - CVE-2017-5054: Heap buffer overflow in V8 - CVE-2017-5052: Bad cast in Blink - CVE-2017-5056: Use after free in Blink - CVE-2017-5053: Out of bounds memory access in V8 The following packaging changes are included: - No longer claim to provide browser(npapi) Important SUSE bug 1031677 CVE-2017-5052 CVE-2017-5053 CVE-2017-5054 CVE-2017-5055 CVE-2017-5056 openSUSE Leap 42.2 This ceph version update to 10.2.6+git fixes the following issues: Security issues fixed: - CVE-2016-9579: RGW server DoS via request with invalid HTTP Origin header (boo#1014986). Bugfixes: - Update to version 10.2.6+git.1489493035.3ad7a68 - "tools/rados: default to include clone objects when excuting "cache-flush-evict-all" (boo#1003891) - mon,ceph-disk: add lockbox permissions to bootstrap-osd (boo#1008435) - "ceph_volume_client: fix _recover_auth_meta() method" (boo#1008501) - "systemd/ceph-disk: reduce ceph-disk flock contention" (boo#1012100) - "doc: add verbiage to rbdmap manpage" and "Add Install section to systemd rbdmap.service file" (boo#1015748) - ceph-disk: systemd unit must run after local-fs.target (boo#1012100) - build/ops: restart ceph-osd@.service after 20s instead of 100ms (boo#1019616) - doc: add verbiage to rbdmap manpage and mention rbdmap in RBD quick start (boo#1015748) - doc: ceph-deploy man: remove references to mds destroy. Not implemented (boo#970642) Feature enhancements: - FATE#321098: * rpm: deobfuscate SUSE-specific bconds * rpm: consider xio bcond on x86_64 and aarch64 only * rpm: remove s390 from SES ExclusiveArch * rpm: limit lttng/babeltrace to architectures * rpm: limit xio build * rpm: enable build for s390(x) in SLE * rpm: add "without valgrind_devel" configure option Moderate SUSE bug 1003891 SUSE bug 1008435 SUSE bug 1008501 SUSE bug 1012100 SUSE bug 1014986 SUSE bug 1015748 SUSE bug 1019616 SUSE bug 970642 CVE-2016-9579 openSUSE Leap 42.2 This geotiff version update to 1.4.2 fixes the following issues: - Update to 1.4.2 (boo#1029595) * update to EPSG v8.9 database * cleanups and security fixes - Small packaging cleanup - Switched download link to OSGeo server - Fix Group tag. Moderate SUSE bug 1029595 openSUSE Leap 42.2 This update for ruby2.2, ruby2.3 fixes the following issues: Security issues fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new"initialize" (boo#1018808) - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (boo#959495) Detailed ChangeLog: - http://svn.ruby-lang.org/repos/ruby/tags/v2_2_6/ChangeLog - http://svn.ruby-lang.org/repos/ruby/tags/v2_3_3/ChangeLog Important SUSE bug 1018808 SUSE bug 959495 CVE-2015-7551 CVE-2016-2339 openSUSE Leap 42.2 This update for samba fixes the following issues: Security issues fixed: - CVE-2017-2619: Symlink race permits opening files outside share directory (bsc#1027147). Bugfixes: - Force usage of ncurses6-config thru NCURSES_CONFIG env var (bsc#1023847). - Add missing ldb module directory (bsc#1012092). - Don't package man pages for VFS modules that aren't built (bsc#993707). - sync_req: make async_connect_send() "reentrant"; (bso#12105); (bsc#1024416). - Document "winbind: ignore domains" parameter; (bsc#1019416). - Prevent core, make sure response->extra_data.data is always cleared out; (bsc#993692). This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1012092 SUSE bug 1019416 SUSE bug 1023847 SUSE bug 1024416 SUSE bug 1027147 SUSE bug 993692 SUSE bug 993707 CVE-2017-2619 openSUSE Leap 42.2 This update for libpng12 fixes the following issues: Security issues fixed: - CVE-2015-8540: read underflow in libpng (bsc#958791) - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1017646 SUSE bug 958791 CVE-2015-8540 CVE-2016-10087 openSUSE Leap 42.2 This update for nodejs4 fixes the following issues: - New upstream LTS release 4.7.3 The embedded openssl sources were updated to 1.0.2k (CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, bsc#1022085, bsc#1022086, bsc#1009528) - No changes in LTS version 4.7.2 - New upstream LTS release 4.7.1 * build: shared library support is now working for AIX builds * repl: passing options to the repl will no longer overwrite defaults * timers: recanceling a cancelled timers will no longer throw - New upstream LTS version 4.7.0 * build: introduce the configure --shared option for embedders * debugger: make listen address configurable in debugger server * dgram: generalized send queue to handle close, fixing a potential throw when dgram socket is closed in the listening event handler * http: introduce the 451 status code "Unavailable For Legal Reasons" * gtest: the test reporter now outputs tap comments as yamlish * tls: introduce secureContext for tls.connect (useful for caching client certificates, key, and CA certificates) * tls: fix memory leak when writing data to TLSWrap instance during handshake * src: node no longer aborts when c-ares initialization fails * ported and updated system CA store for the new node crypto code - New upstream LTS version 4.6.2 * build: + It is now possible to build the documentation from the release tarball. * buffer: + Buffer.alloc() will no longer incorrectly return a zero filled buffer when an encoding is passed. * deps: + Upgrade npm in LTS to 2.15.11. * repl: + Enable tab completion for global properties. * url: + url.format() will now encode all "#" in search. - Add missing conflicts to base package. It's not possible to have concurrent nodejs installations. - enable usage of system certificate store on SLE11SP4 by requiring openssl1 (bsc#1000036) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1000036 SUSE bug 1009528 SUSE bug 1022085 SUSE bug 1022086 CVE-2016-7055 CVE-2017-3731 CVE-2017-3732 openSUSE Leap 42.2 This update for libpng16 fixes the following issues: Security issues fixed: - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1017646 CVE-2016-10087 openSUSE Leap 42.2 This update for clamav-database refreshes the database. This update was imported from the SUSE:SLE-12:Update update project. Moderate openSUSE Leap 42.2 This update for ffmpeg fixes the following issues: Security issue fixed: - CVE-2016-10190: remote code execution vulnerability [ 1 - libavformat/http.c ] (boo#1022920) Detailed ChangeLog: - 3.1.6: https://github.com/FFmpeg/FFmpeg/blob/e08b1cf2df8cfdb3394aa5ab0320739f8b5a1c4f/Changelog - 3.2.4: https://github.com/FFmpeg/FFmpeg/blob/cbe65ccfa02a9061cead73a6685eef90225c41b5/Changelog Moderate SUSE bug 1022920 CVE-2016-10190 openSUSE Leap 42.2 This update for apparmor fixes the following issues: These security issues were fixed: - CVE-2017-6507: Preserve unknown profiles when reloading apparmor.service (lp#1668892, boo#1029696) - boo#1017260: Migration to apparmor.service accidently disable AppArmor. Note: This will re-enable AppArmor if it was disabled by the last update. You'll need to "rcapparmor reload" to actually load the profiles, and then check aa-status for programs that need to be restarted to apply the profiles. These non-security issues were fixed: - Fixed crash in aa-logprof on specific change_hat events - boo#1016259: Added var.mount dependeny to apparmor.service The aa-remove-unknown utility was added to unload unknown profiles (lp#1668892) Important SUSE bug 1016259 SUSE bug 1017260 SUSE bug 1029696 CVE-2017-6507 openSUSE Leap 42.2 This update for atheme fixes the following issues: - CVE-2017-6384: Memory leak in the login_user function allowing for DoS (boo#1027614) - Use after free that could potentially be used by an attacker already having the privilege to use SASL impersonation to cause a denial of service. This update also contains a number of upstream bug fixes. Moderate SUSE bug 1027614 CVE-2017-6384 openSUSE Leap 42.2 This update for pidgin to version 2.12.0 fixes the following issues: This security issue was fixed: - CVE-2017-2640: Out of bounds memory read in purple_markup_unescape_entity (boo#1028835). These non-security issues were fixed: + libpurple: - Fix the use of uninitialised memory if running non-debug-enabled versions of glib. - Update AIM dev and dist ID's to new ones that were assigned by AOL. - TLS certificate verification now uses SHA-256 checksums. - Fix the SASL external auth for Freenode (boo#1009974). - Remove the MSN protocol plugin. It has been unusable and dormant for some time. - Remove the Mxit protocol plugin. The service was closed at the end ofSeptember 2016. - Remove the MySpaceIM protocol plugin. The service has been defunct for a long time (pidgin.im#15356). - Remove the Yahoo! protocol plugin. Yahoo has completely reimplemented their protocol, so this version is no longer operable as of August 5th, 2016. - Remove the Facebook (XMPP) account option. According to https://developers.facebook.com/docs/chat the XMPP Chat API service ended April 30th, 2015. - Fix gnutls certificate validation errors that mainly affected Google. + General: - Replace instances of d.pidgin.im with developer.pidgin.im and update the urls to use https (pidgin.im#17036). + IRC: - Fix an issue of messages being silently cut off at 500 characters. Large messages are now split into parts and sent one by one (pidgin.im#4753). Important SUSE bug 1009974 SUSE bug 1028835 CVE-2017-2640 openSUSE Leap 42.2 This update for php7 fixes the following issues: Security issue fixed: - CVE-2015-8994: code permission/sensitive data protection vulnerability (bsc#1027210). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1027210 CVE-2015-8994 openSUSE Leap 42.2 This update for slrn contains one security improvement: - CVE-2014-3566: Disable SSLv3 to prevent POODLE attack (boo#1031023) The version 1.0.3 also contains a number of display and message processing improvements. Moderate SUSE bug 1031023 CVE-2014-3566 openSUSE Leap 42.2 This update for zlib fixes the following issues: - CVE-2016-9843: Big-endian out-of-bounds pointer - CVE-2016-9842: Undefined Left Shift of Negative Number (bsc#1003580) - CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c (bsc#1003579) - Incompatible declarations for external linkage function deflate (bsc#1003577) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1003577 SUSE bug 1003579 SUSE bug 1003580 SUSE bug 1013882 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 openSUSE Leap 42.2 This update for gimp fixes the following issues: This security issue was fixed: - CVE-2007-3126: Context-dependent attackers were able to cause a denial of service via an ICO file with an InfoHeader containing a Height of zero (bsc#1032241). These non-security issues were fixed: - bsc#1025717: Prefer lcms2 over lcms1 if both are available - bgo#593576: Preven crash in PDF Import filter when importing large image PDF or specifying high resolution Moderate SUSE bug 1025717 SUSE bug 1032241 CVE-2007-3126 openSUSE Leap 42.2 This update for lxc fixes the following issues: This security issue was fixed: CVE-2017-5985: lxc-user-nic allowed access to network namespace over which the caller did not hold privilege (boo#1028264). Low SUSE bug 1028264 CVE-2017-5985 openSUSE Leap 42.2 This update for phpMyAdmin fixes the following issue: - boo#1032105: The AllowNoPassword configuration option may have been bypassed when running on PHP5, allowing the login of users who have no password set even with AllowNoPassword set to false (PMASA-2017-8) Moderate SUSE bug 1032105 openSUSE Leap 42.2 This update for postgresql93 to version 9.3.14 fixes the several issues. These security issues were fixed: - CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference (bsc#993454). - CVE-2016-5424: Fix client programs' handling of special characters in database and role names (bsc#993453). This non-security issue was fixed: - bsc#973660: Added "Requires: timezone" to Service Pack - bsc#1029547: postgresql: fails to build with timezone 2017a For additional non-security issues please refer to - http://www.postgresql.org/docs/9.3/static/release-9-3-14.html - http://www.postgresql.org/docs/9.3/static/release-9-3-13.html - http://www.postgresql.org/docs/9.4/static/release-9-3-12.html This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1029547 SUSE bug 973660 SUSE bug 993453 SUSE bug 993454 CVE-2016-5423 CVE-2016-5424 openSUSE Leap 42.2 This update for tigervnc provides the several fixes. These security issues were fixed: - CVE-2017-7392, CVE-2017-7396: Client can cause leak in VNC server (bsc#1031886) - CVE-2017-7395: Authenticated VNC client can crash VNC server (bsc#1031877) - CVE-2017-7394: Client can crash or block VNC server (bsc#1031879) - CVE-2017-7393: Authenticated client can cause double free in VNC server (bsc#1031875) - Prevent buffer overflow in VNC client, allowing for crashing the client (bnc#1032880) Moderate SUSE bug 1031875 SUSE bug 1031877 SUSE bug 1031879 SUSE bug 1031886 SUSE bug 1032880 CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396 openSUSE Leap 42.2 This audiofile update fixes the following issue: Security issues fixed: - CVE-2017-6827: heap-based buffer overflow in MSADPCM::initializeCoefficients (MSADPCM.cpp) (bsc#1026979) - CVE-2017-6828: heap-based buffer overflow in readValue (FileHandle.cpp) (bsc#1026980) - CVE-2017-6829: global buffer overflow in decodeSample (IMA.cpp) (bsc#1026981) - CVE-2017-6830: heap-based buffer overflow in alaw2linear_buf (G711.cpp) (bsc#1026982) - CVE-2017-6831: heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp) (bsc#1026983) - CVE-2017-6832: heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp) (bsc#1026984) - CVE-2017-6833: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp) (bsc#1026985) - CVE-2017-6834: heap-based buffer overflow in ulaw2linear_buf (G711.cpp) (bsc#1026986) - CVE-2017-6835: divide-by-zero in BlockCodec::reset1 (BlockCodec.cpp) (bsc#1026988) - CVE-2017-6836: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h) (bsc#1026987) - CVE-2017-6837, CVE-2017-6838, CVE-2017-6839: multiple ubsan crashes (bsc#1026978) This update was imported from the SUSE:SLE-12:Update update project. Low SUSE bug 1026978 SUSE bug 1026979 SUSE bug 1026980 SUSE bug 1026981 SUSE bug 1026982 SUSE bug 1026983 SUSE bug 1026984 SUSE bug 1026985 SUSE bug 1026986 SUSE bug 1026987 SUSE bug 1026988 CVE-2017-6827 CVE-2017-6828 CVE-2017-6829 CVE-2017-6830 CVE-2017-6831 CVE-2017-6832 CVE-2017-6833 CVE-2017-6834 CVE-2017-6835 CVE-2017-6836 CVE-2017-6837 CVE-2017-6838 CVE-2017-6839 openSUSE Leap 42.2 This update for libpng15 fixes the following issues: Security issues fixed: - CVE-2015-8540: read underflow in libpng (bsc#958791) - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646) This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1017646 SUSE bug 958791 CVE-2015-8540 CVE-2016-10087 openSUSE Leap 42.2 This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-9600: Null Pointer Dereference due to missing check for UNKNOWN color space in JP2 encoder (bsc#1018088) - CVE-2016-10251: Use of uninitialized value in jpc_pi_nextcprl (jpc_t2cod.c) (bsc#1029497) - CVE-2017-5498: left-shift undefined behaviour (bsc#1020353) - CVE-2017-6850: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) (bsc#1021868) - CVE-2016-9583: Out of bounds heap read in jpc_pi_nextpcrl() (bsc#1015400) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1015400 SUSE bug 1018088 SUSE bug 1020353 SUSE bug 1021868 SUSE bug 1029497 CVE-2016-10251 CVE-2016-9583 CVE-2016-9600 CVE-2017-5498 CVE-2017-6850 openSUSE Leap 42.2 This update for gstreamer-plugins-bad fixes the following issues: Security issues fixed: - CVE-2017-5843: set stream tags to NULL after unrefing (bsc#1024044). - CVE-2017-5848: rewrite PSM parsing to add bounds checking (bsc#1024068). This update was imported from the SUSE:SLE-12-SP2:Update update project. Low SUSE bug 1024044 SUSE bug 1024068 CVE-2017-5843 CVE-2017-5848 openSUSE Leap 42.2 This update for gstreamer fixes the following security issues: - A crafted AVI file could have caused an invalid memory read, possibly causing DoS or corruption (bsc#1024051, CVE-2017-5838) This update was imported from the SUSE:SLE-12-SP2:Update update project. Low SUSE bug 1024051 CVE-2017-5838 openSUSE Leap 42.2 This update for proftpd to version 1.3.5d fixes the following issues: This security issue was fixed: - CVE-2017-7418: ProFTPD checked only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link (bsc#1032443). These non-security issues were fixed: - Reduce TLS protocols to TLSv1.1 and TLSv1.2 - Disable TLSCACertificateFile - Add TLSCertificateChainFile - All FTP logins are treated as anonymous logins again - SSH rekey during authentication could have caused issues with clients. - Recursive SCP uploads of multiple directories were not handled properly. - LIST returned different results for file, depending on path syntax. - "AuthAliasOnly on" in server config broke anonymous logins. - Fixed memory leak when mod_facl is used. - Fix systemd vs SysVinit inconsistency Moderate SUSE bug 1032443 CVE-2017-7418 openSUSE Leap 42.2 This update for dracut fixes the following issues: Security issues fixed: - CVE-2016-8637: When the early microcode loading was enabled during initrd creation, the initrd would be read-only available for all users, allowing local users to retrieve secrets stored in the initial ramdisk. (bsc#1008340) Non security issues fixed: - Remove zlib module as requirement. (bsc#1020063) - Unlimit TaskMax for xfs_repair in emergency shell. (bsc#1019938) - Resolve symbolic links for -i and -k parameters. (bsc#902375) - Enhance purge-kernels script to handle kgraft patches. (bsc#1017141) - Allow booting from degraded MD arrays with systemd. (bsc#1017695) - Allow booting on s390x with fips=1 on the kernel command line. (bnc#1021687) - Start multipath services before local-fs-pre.target. (bsc#1005410, bsc#1006118, bsc#1007925) - Fix /sbin/installkernel to handle kernel packages built with 'make bin-rpmpkg'. (bsc#1008648) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate CVE-2016-8637 openSUSE Leap 42.2 This update for gstreamer-plugins-good fixes the following issues: - A crafted aac audio file could have caused an invalid read and thus corruption or denial of service (bsc#1024014, CVE-2016-10198) - A crafted mp4 file could have caused an invalid read and thus corruption or denial of service (bsc#1024017, CVE-2016-10199) - A crafted avi file could have caused an invalid read and thus corruption or denial of service (bsc#1024034, CVE-2017-5840) - A crafted AVI file with metadata tag entries (ncdt) could have caused invalid read access and thus corruption or denial of service (bsc#1024030, CVE-2017-5841) - A crafted avi file could have caused an invalid read access resulting in denial of service (bsc#1024062, CVE-2017-5845) This update was imported from the SUSE:SLE-12-SP2:Update update project. Low SUSE bug 1024014 SUSE bug 1024017 SUSE bug 1024030 SUSE bug 1024034 SUSE bug 1024062 CVE-2016-10198 CVE-2016-10199 CVE-2017-5840 CVE-2017-5841 CVE-2017-5845 openSUSE Leap 42.2 This update for bind fixes the following issues: CVE-2017-3137 (bsc#1033467): Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could have been exploited to cause a denial of service of a bind server performing recursion. CVE-2017-3136 (bsc#1033466): An attacker could have constructed a query that would cause a denial of service of servers configured to use DNS64. CVE-2017-3138 (bsc#1033468): An attacker with access to the BIND control channel could have caused the server to stop by triggering an assertion failure. CVE-2016-6170 (bsc#987866): Primary DNS servers could have caused a denial of service of secondary DNS servers via a large AXFR response. IXFR servers could have caused a denial of service of IXFR clients via a large IXFR response. Remote authenticated users could have caused a denial of service of primary DNS servers via a large UPDATE message. CVE-2016-2775 (bsc#989528): When lwresd or the named lwres option were enabled, bind allowed remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. One additional non-security bug was fixed: The default umask was changed to 077. (bsc#1020983) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1020983 SUSE bug 1033466 SUSE bug 1033467 SUSE bug 1033468 SUSE bug 987866 SUSE bug 989528 CVE-2016-2775 CVE-2016-6170 CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 openSUSE Leap 42.2 This update for xen to version 4.7.2 fixes the following issues: These security issues were fixed: - CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442). - XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or driver domain, possibly leading to a Denial of Service (DoS) of the entire host (bsc#1030144). - CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235). These non-security issues were fixed: - bsc#1015348: libvirtd didn't not start during boot - bsc#1014136: kdump couldn't dump a kernel on SLES12-SP2 with Xen hypervisor. - bsc#1026236: Fixed paravirtualized performance - bsc#1022555: Timeout in "execution of /etc/xen/scripts/block add" - bsc#1029827: Forward port xenstored - bsc#1029128: Make xen to really produce xen.efi with gcc48 This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1014136 SUSE bug 1015348 SUSE bug 1022555 SUSE bug 1026236 SUSE bug 1027519 SUSE bug 1028235 SUSE bug 1029128 SUSE bug 1029827 SUSE bug 1030144 SUSE bug 1030442 CVE-2017-6505 CVE-2017-7228 openSUSE Leap 42.2 This update to Wireshark 2.2.6 fixes minor vulnerabilities that could be used to trigger a dissector crash or infinite loops by sending specially crafted packages over the network or into a capture file: * CVE-2017-7700: NetScaler file parser infinite loop (boo#1033936) * CVE-2017-7701: BGP dissector infinite loop (boo#1033937) * CVE-2017-7702: WBMXL dissector infinite loop (boo#1033938) * CVE-2017-7703: IMAP dissector crash (boo#1033939) * CVE-2017-7704: DOF dissector infinite loop (boo#1033940) * CVE-2017-7705: RPCoRDMA dissector infinite loop (boo#1033941) * CVE-2017-7745: SIGCOMP dissector infinite loop (boo#1033942) * CVE-2017-7746: SLSK dissector long loop (boo#1033943) * CVE-2017-7747: PacketBB dissector crash (boo#1033944) * CVE-2017-7748: WSP dissector infinite loop (boo#1033945) Moderate SUSE bug 1033936 SUSE bug 1033937 SUSE bug 1033938 SUSE bug 1033939 SUSE bug 1033940 SUSE bug 1033941 SUSE bug 1033942 SUSE bug 1033943 SUSE bug 1033944 SUSE bug 1033945 CVE-2017-7700 CVE-2017-7701 CVE-2017-7702 CVE-2017-7703 CVE-2017-7704 CVE-2017-7705 CVE-2017-7745 CVE-2017-7746 CVE-2017-7747 CVE-2017-7748 openSUSE Leap 42.2 Mozilla-nss was updated to 3.28.4 to fix the following issues: Security issues: * CVE-2016-9574: Allow use of session tickets when there is no ticket wrapping key (boo#1015499, bmo#1320695) Non security issues: * A rare crash when initializing an SSL socket fails has been fixed (bmo#1342358) * Rare crashes in the base 64 decoder and encoder were fixed (bmo#1344380) * A carry over bug in the RNG was fixed (bmo#1345089) * Fixed hash computation (boo#1030071, bmo#1348767) This update also contains a rebuild of java-1_8_0-openjdk as the java security provider is very closely tied to the mozilla nss API. Moderate SUSE bug 1015499 SUSE bug 1030071 CVE-2016-9574 openSUSE Leap 42.2 This update to Chromium 58.0.3029.81 fixes the following security issues (bsc#1035103): - CVE-2017-5057: Type confusion in PDFium - CVE-2017-5058: Heap use after free in Print Preview - CVE-2017-5059: Type confusion in Blink - CVE-2017-5060: URL spoofing in Omnibox - CVE-2017-5061: URL spoofing in Omnibox - CVE-2017-5062: Use after free in Chrome Apps - CVE-2017-5063: Heap overflow in Skia - CVE-2017-5064: Use after free in Blink - CVE-2017-5065: Incorrect UI in Blink - CVE-2017-5066: Incorrect signature handing in Networking - CVE-2017-5067: URL spoofing in Omnibox - CVE-2017-5069: Cross-origin bypass in Blink Important SUSE bug 1035103 CVE-2017-5057 CVE-2017-5058 CVE-2017-5059 CVE-2017-5060 CVE-2017-5061 CVE-2017-5062 CVE-2017-5063 CVE-2017-5064 CVE-2017-5065 CVE-2017-5066 CVE-2017-5067 CVE-2017-5069 openSUSE Leap 42.2 Mozilla Firefox was updated to Firefox 52.1.0esr. The following vulnerabilities were fixed (bsc#1035082): - CVE-2017-5443: Out-of-bounds write during BinHex decoding - CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - CVE-2017-5465: Out-of-bounds read in ConvolvePixel - CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL - CVE-2017-5467: Memory corruption when drawing Skia content - CVE-2017-5460: Use-after-free in frame selection - CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS - CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor - CVE-2017-5449: Crash during bidirectional unicode manipulation with animation - CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - CVE-2017-5447: Out-of-bounds read during glyph processing - CVE-2017-5444: Buffer overflow while parsing application/http-index-format content The package is now following the ESR 52 branch: - Enable plugin support by default - service workers are disabled by default - push notifications are disabled by default - WebAssembly (wasm) is disabled - Less use of multiprocess architecture Electrolysis (e10s) Important SUSE bug 1035082 CVE-2017-5429 CVE-2017-5443 CVE-2017-5444 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449 CVE-2017-5460 CVE-2017-5461 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 openSUSE Leap 42.2 This ntp update to version 4.2.8p10 fixes serveral issues. This updated enables leap smearing. See /usr/share/doc/packages/ntp/README.leapsmear for details. Security issues fixed (bsc#1030050): - CVE-2017-6464: Denial of Service via Malformed Config - CVE-2017-6462: Buffer Overflow in DPTS Clock - CVE-2017-6463: Authenticated DoS via Malicious Config Option - CVE-2017-6458: Potential Overflows in ctl_put() functions - CVE-2017-6451: Improper use of snprintf() in mx4200_send() - CVE-2017-6460: Buffer Overflow in ntpq when fetching reslist - CVE-2016-9042: 0rigin (zero origin) DoS. - ntpq_stripquotes() returns incorrect Value - ereallocarray()/eallocarray() underused - Copious amounts of Unused Code - Off-by-one in Oncore GPS Receiver - Makefile does not enforce Security Flags Bugfixes: - Remove spurious log messages (bsc#1014172). - clang scan-build findings - Support for openssl-1.1.0 without compatibility modes - Bugfix 3072 breaks multicastclient - forking async worker: interrupted pipe I/O - (...) time_pps_create: Exec format error - Incorrect Logic for Peer Event Limiting - Change the process name of forked DNS worker - Trap Configuration Fail - Nothing happens if minsane < maxclock < minclock - allow -4/-6 on restrict line with mask - out-of-bound pointers in ctl_putsys and decode_bitflags - Move ntp-kod to /var/lib/ntp, because /var/db is not a standard directory and causes problems for transactional updates. This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1014172 SUSE bug 1030050 CVE-2016-9042 CVE-2017-6451 CVE-2017-6458 CVE-2017-6460 CVE-2017-6462 CVE-2017-6463 CVE-2017-6464 openSUSE Leap 42.2 This update for gstreamer-plugins-base fixes the following security issues: - A crafted AVI file could have caused a floating point exception leading to DoS (bsc#1024076, CVE-2017-5837, bsc#1024079, CVE-2017-5844) - A crafted AVI file could have caused a stack overflow leading to DoS (bsc#1024047, CVE-2017-5839) - A crafted SAMI subtitle file could have caused an invalid memory access possibly leading to DoS or corruption (bsc#1024041, CVE-2017-5842) This update was imported from the SUSE:SLE-12-SP2:Update update project. Low SUSE bug 1024041 SUSE bug 1024047 SUSE bug 1024076 SUSE bug 1024079 CVE-2017-5837 CVE-2017-5839 CVE-2017-5842 CVE-2017-5844 openSUSE Leap 42.2 This update for curl fixes the following issues: Security issue fixed: - CVE-2016-9586: libcurl printf floating point buffer overflow (bsc#1015332) - CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which lead to a heap-based buffer over-read (bsc#1032309). With this release new default ciphers are active (SUSE_DEFAULT, bsc#1027712). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1015332 SUSE bug 1027712 SUSE bug 1032309 CVE-2016-9586 CVE-2017-7407 openSUSE Leap 42.2 This update for libsndfile fixes the following security issues: - CVE-2017-7586: A stack-based buffer overflow via a specially crafted FLAC file was fixed (error in the "header_read()" function) (bsc#1033053) - CVE-2017-7585,CVE-2017-7741, CVE-2017-7742: Several stack-based buffer overflows via a specially crafted FLAC file (error in the "flac_buffer_copy()" function) were fixed (bsc#1033054,bsc#1033915,bsc#1033914). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1033053 SUSE bug 1033054 SUSE bug 1033914 SUSE bug 1033915 CVE-2017-7585 CVE-2017-7586 CVE-2017-7741 CVE-2017-7742 openSUSE Leap 42.2 This update for tiff fixes the following issues: Security issues fixed: - CVE-2016-10272: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9 (bsc#1031247). - CVE-2016-10271: tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13 (bsc#1031249). - CVE-2016-10270: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22 (bsc#1031250). - CVE-2016-10269: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 512" and libtiff/tif_unix.c:340:2 (bsc#1031254). - CVE-2016-10268: tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23 (bsc#1031255). - CVE-2016-10267: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8 (bsc#1031262). - CVE-2016-10266: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22. (bsc#1031263). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1031247 SUSE bug 1031249 SUSE bug 1031250 SUSE bug 1031254 SUSE bug 1031255 SUSE bug 1031262 SUSE bug 1031263 CVE-2016-10266 CVE-2016-10267 CVE-2016-10268 CVE-2016-10269 CVE-2016-10270 CVE-2016-10271 CVE-2016-10272 openSUSE Leap 42.2 This update for ffmpeg to version 3.3 fixes several issues. These security issues were fixed: - CVE-2016-10190: Heap-based buffer overflow in libavformat/http.c in FFmpeg allowed remote web servers to execute arbitrary code via a negative chunk size in an HTTP response (boo#1022920) - CVE-2016-10191: Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg allowed remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches (boo#1022921) - CVE-2016-10192: Heap-based buffer overflow in ffserver.c in FFmpeg allowed remote attackers to execute arbitrary code by leveraging failure to check chunk size (boo#1022922) - CVE-2017-7859: FFmpeg had an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c (bsc#1034183). - CVE-2017-7862: FFmpeg had an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c (bsc#1034181). - CVE-2017-7863: FFmpeg had an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c (boo#1034179) - CVE-2017-7865: FFmpeg had an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c (boo#1034177) - CVE-2017-7866: FFmpeg had an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c (boo#1034176) These non-security issues were fixed: - Enable ac3 - Enable mp3 decoding - EBU R128 implementation now within ffmpeg, not relying on external library anymore - New video filters "premultiply", "readeia608", "threshold", "midequalizer" - Support for spherical videos - New decoders: 16.8 and 24.0 floating point PCM, XPM - New demuxers: MIDI Sample Dump Standard, Sample Dump eXchange demuxer - MJPEG encoding uses Optimal Huffman tables now - Native Opus encoder - Support .mov with multiple sample description tables - Removed the legacy X11 screen grabber, use XCB instead - Removed asyncts filter (use af_aresample instead) Moderate SUSE bug 1022920 SUSE bug 1022921 SUSE bug 1022922 SUSE bug 1034176 SUSE bug 1034177 SUSE bug 1034179 SUSE bug 1034181 SUSE bug 1034183 CVE-2016-10190 CVE-2016-10191 CVE-2016-10192 CVE-2017-7859 CVE-2017-7862 CVE-2017-7863 CVE-2017-7865 CVE-2017-7866 openSUSE Leap 42.2 This update for backintime to version 1.1.20 fixes several issues. These security issues were fixed: - CVE-2017-7572: The _checkPolkitPrivilege function in serviceHelper.py in backintime used a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use) (bsc#1032717). - Don't store passwords given to polkit helper - boo#1007723: General security hardening measures These non-security issues were fixed: - Delete udev configuration files on uninstall - Merge doc subpackage into main package Moderate SUSE bug 1007723 SUSE bug 1032717 CVE-2017-7572 openSUSE Leap 42.2 This update for libosip2 fixes the following issues: Changes in libosip2: - CVE-2017-7853: In libosip2 in GNU 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS. (boo#1034570) - CVE-2016-10326: In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS. (boo#1034571) - CVE-2016-10325: In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS. (boo#1034572) - CVE-2016-10324: In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c. (boo#1034574) Important SUSE bug 1034570 SUSE bug 1034571 SUSE bug 1034572 SUSE bug 1034574 CVE-2016-10324 CVE-2016-10325 CVE-2016-10326 CVE-2017-7853 openSUSE Leap 42.2 This ruby2.1 update to version 2.1.9 fixes the following issues: Security issues fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new"initialize" (bsc#1018808) - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495) - CVE-2015-3900: hostname validation does not work when fetching gems or making API requests (bsc#936032) - CVE-2015-1855: Ruby'a OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames (bsc#926974) - CVE-2014-4975: off-by-one stack-based buffer overflow in the encodes() function (bsc#887877) Bugfixes: - SUSEconnect doesn't handle domain wildcards in no_proxy environment variable properly (bsc#1014863) - Segmentation fault after pack & ioctl & unpack (bsc#909695) - Ruby:HTTP Header injection in 'net/http' (bsc#986630) ChangeLog: - http://svn.ruby-lang.org/repos/ruby/tags/v2_1_9/ChangeLog This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1014863 SUSE bug 1018808 SUSE bug 887877 SUSE bug 909695 SUSE bug 926974 SUSE bug 936032 SUSE bug 959495 SUSE bug 986630 CVE-2014-4975 CVE-2015-1855 CVE-2015-3900 CVE-2015-7551 CVE-2016-2339 openSUSE Leap 42.2 The tiff library and tools were updated to version 4.0.7 fixing various bug and security issues. - CVE-2014-8127: out-of-bounds read with malformed TIFF image in multiple tools [bnc#914890] - CVE-2016-9297: tif_dirread.c read outside buffer in _TIFFPrintField() [bnc#1010161] - CVE-2016-3658: Illegal read in TIFFWriteDirectoryTagLongLong8Array function in tiffset / tif_dirwrite.c [bnc#974840] - CVE-2016-9273: heap overflow [bnc#1010163] - CVE-2016-3622: divide By Zero in the tiff2rgba tool [bnc#974449] - CVE-2016-5652: tiff2pdf JPEG Compression Tables Heap Buffer Overflow [bnc#1007280] - CVE-2016-9453: out-of-bounds Write memcpy and less bound check in tiff2pdf [bnc#1011107] - CVE-2016-5875: heap-based buffer overflow when using the PixarLog compressionformat [bnc#987351] - CVE-2016-9448: regression introduced by fixing CVE-2016-9297 [bnc#1011103] - CVE-2016-5321: out-of-bounds read in tiffcrop / DumpModeDecode() function [bnc#984813] - CVE-2016-5323: Divide-by-zero in _TIFFFax3fillruns() function (null ptr dereference?) [bnc#984815] This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1007280 SUSE bug 1010161 SUSE bug 1010163 SUSE bug 1011103 SUSE bug 1011107 SUSE bug 914890 SUSE bug 974449 SUSE bug 974840 SUSE bug 984813 SUSE bug 984815 SUSE bug 987351 CVE-2014-8127 CVE-2016-3622 CVE-2016-3658 CVE-2016-5321 CVE-2016-5323 CVE-2016-5652 CVE-2016-5875 CVE-2016-9273 CVE-2016-9297 CVE-2016-9448 CVE-2016-9453 openSUSE Leap 42.2 This update for feh on Leap 42.1 fixes this security issue: - CVE-2017-7875: In wallpaper.c in feh if a malicious client pretended to be the E17 window manager, it was possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free (bsc#1034567). This update for feh on Leap 42.2 to version 2.18.3 fixes several issues. This security issue was fixed on Leap 42.2: - CVE-2017-7875: In wallpaper.c in feh if a malicious client pretended to be the E17 window manager, it was possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free (bsc#1034567). These non-security issue was fixed on Leap 42.2: - boo#955576: added jpegexiforient - Fixed image-specific format specifiers not being updated correctly in thumbnail mode window titles - Fixed memory leak when closing images opened from thumbnail mode - Fixed a possible out of bounds read caused by an unterminated string when using --output to save images in long paths - Fixed out of bounds read/write when handling empty or broken caption files. - Fixed memory leak when saving a filelist or image whose target filename already exists. - Fixed image-specific format specifiers not being updated correctly - New key binding: ! - zoom_fill (zoom to fill window, may cut off image parts - Disable EXIF-based auto rotation by default - Added --auto-rotate option to enable auto rotation - Added feh-makefile_app.patch -- fix install location of icons - Install feh icon (both 48x48 and scalable SVG) to /usr/share/icons when running "make install app=1" - Fixed --sort not being respected after the first reload when used in conjunction with --reload - All key actions can now also be bound to a button by specifying them in .config/feh/buttons. However, note that button actions can not be bound to keys. - Rename "menu" key action to "toggle_menu", "prev" to "prev_img" and "next" to "next_img". The old names are still supported, but no longer documented. - feh now also sets the X11 _NET_WM_PID and WM_CLIENT_MACHINE window properties - Fixed compilation on systems where HOST_NAME_MAX is not defined - Also support in-place editing for images loaded via libcurl or imagemagick. Results will not be written back to disk in this case. - Fixed crash when trying to rotate a JPEG image without having jpegtran / jpegexiforient installed - Handle failing fork() calls gracefully - Fixed invalid key/button definitions mis-assigning keys/buttons to other actions - Added sort mode --sort dirname to sort images by directory instead of by name. - Added navigation keys next_dir (]) and prev_dir ([) to jump to the first image of the nex/previous directory - Fixed toggle_filenames key displaying wrong file numbers in multiwindow mode - Rescale image when resizing a window and --scale-down or --geometry is active. - Fixed --keep-zoom-vp not keeping the viewport x/y offsets - Fixed w (size_to_image) key not updating window size when --scale-down or --geometry is active - Added --insecure option to disable HTTPS certificate checks - Added --no-recursive option to disable recursive directory expansion. - Improve --scale-down in tiling environments. - --action and --action[1..9] now support action titles - -f / --filelist: Do not print useless error message when a correct filelist file is specified - -f / --filelist: Fix bug in "-" / "/dev/stdin" handling affecting feh running in ksh and possibly other environments - Add --xinerama-index option for background setting - When removing the last image in slidsehow mode, stay on the last (previously second-to-last) image - Allow --sort and --randomize to override each other (most recently specified option wins) instead of always preferring --sort - Thumbnail mode: Mark image as processed when executing an action (--action) by clicking on an image - It is now possible to override feh's idea of the active xinerama screen using the --xinerama-index option - Removed (undocumented) feature allowing to override feh's idea of the active xinerama screen by setting the XINERAMA_SCREEN environment variable - Removed obsolete gpg macro Moderate SUSE bug 1034567 SUSE bug 955576 CVE-2017-7875 openSUSE Leap 42.2 The openSUSE Leap 42.2 kernel was updated to 4.4.62 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-7618: crypto/ahash.c in the Linux kernel allowed attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue (bnc#1033340). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362). - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bnc#986365). - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bnc#1033336). - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003). - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440). - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052). - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213). - CVE-2017-7374: Use-after-free vulnerability in fs/crypto/ in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely (bnc#1032006). The following non-security bugs were fixed: - acpi, nfit: fix acpi_nfit_flush_probe() crash (bsc#1031717). - acpi, nfit: fix extended status translations for ACPI DSMs (bsc#1031717). - arm64: hugetlb: fix the wrong address for several functions (bsc#1032681). - arm64: hugetlb: fix the wrong return value for huge_ptep_set_access_flags (bsc#1032681). - arm64: hugetlb: remove the wrong pmd check in find_num_contig() (bsc#1032681). - arm64: Use full path in KBUILD_IMAGE definition (bsc#1010032). - arm: Use full path in KBUILD_IMAGE definition (bsc#1010032). - blacklist.conf: 73667e31a153 x86/hyperv: Hide unused label - blacklist.conf: Add ed10858 ("scsi: smartpqi: fix time handling") to blacklist - blacklist.conf: blacklist 9770404a which was subsequently reverted - blacklist.conf: Blacklist f2fs fix - blacklist.conf: Blacklist unneeded commit, because of a partial backport. - blacklist.conf: Split SP2 and SP3 entries to ease merging - blacklist: Fix blacklisting of 0c313cb20732 - block: copy NOMERGE flag from bio to request (bsc#1030070). - bonding: fix 802.3ad aggregator reselection (bsc#1029514). - btrfs: add transaction space reservation tracepoints (bsc#1012452). - btrfs: allow unlink to exceed subvolume quota (bsc#1019614). - btrfs: avoid uninitialized variable warning (bsc#1012452). - btrfs: __btrfs_buffered_write: Reserve/release extents aligned to block size (bsc#1012452). - btrfs: btrfs_ioctl_clone: Truncate complete page after performing clone operation (bsc#1012452). - btrfs: btrfs_page_mkwrite: Reserve space in sectorsized units (bsc#1012452). - btrfs: btrfs_submit_direct_hook: Handle map_length < bio vector length (bsc#1012452). - btrfs: change how we update the global block rsv (bsc#1012452). - btrfs: Change qgroup_meta_rsv to 64bit (bsc#1019614). - btrfs: check reserved when deciding to background flush (bsc#1012452). - btrfs: Clean pte corresponding to page straddling i_size (bsc#1012452). - btrfs: Compute and look up csums based on sectorsized blocks (bsc#1012452). - btrfs: csum_tree_block: return proper errno value (bsc#1012452). - btrfs: device add and remove: use GFP_KERNEL (bsc#1012452). - btrfs: Direct I/O read: Work on sectorsized blocks (bsc#1012452). - btrfs: do not write corrupted metadata blocks to disk (bsc#1012452). - btrfs: extent same: use GFP_KERNEL for page array allocations (bsc#1012452). - btrfs: fallback to vmalloc in btrfs_compare_tree (bsc#1012452). - btrfs: fallocate: use GFP_KERNEL (bsc#1012452). - btrfs: fallocate: Work with sectorsized blocks (bsc#1012452). - btrfs: Fix block size returned to user space (bsc#1012452). - btrfs: fix build warning (bsc#1012452). - btrfs: fix delalloc accounting after copy_from_user faults (bsc#1012452). - btrfs: fix extent_same allowing destination offset beyond i_size (bsc#1012452). - btrfs: fix handling of faults from btrfs_copy_from_user (bsc#1012452). - btrfs: fix invalid reference in replace_path (bsc#1012452). - btrfs: fix listxattrs not listing all xattrs packed in the same item (bsc#1012452). - btrfs: fix lockdep deadlock warning due to dev_replace (bsc#1012452). - btrfs: fix truncate_space_check (bsc#1012452). - btrfs: Improve FL_KEEP_SIZE handling in fallocate (bsc#1012452). - btrfs: let callers of btrfs_alloc_root pass gfp flags (bsc#1012452). - btrfs: Limit inline extents to root->sectorsize (bsc#1012452). - btrfs: make sure we stay inside the bvec during __btrfs_lookup_bio_sums (bsc#1012452). - btrfs: Output more info for enospc_debug mount option (bsc#1012452). - btrfs: Print Warning only if ENOSPC_DEBUG is enabled (bsc#1012452). - btrfs: qgroups: Retry after commit on getting EDQUOT (bsc#1019614). - btrfs: reada: add all reachable mirrors into reada device list (bsc#1012452). - btrfs: reada: Add missed segment checking in reada_find_zone (bsc#1012452). - btrfs: reada: Avoid many times of empty loop (bsc#1012452). - btrfs: reada: avoid undone reada extents in btrfs_reada_wait (bsc#1012452). - btrfs: reada: bypass adding extent when all zone failed (bsc#1012452). - btrfs: reada: Fix a debug code typo (bsc#1012452). - btrfs: reada: Fix in-segment calculation for reada (bsc#1012452). - btrfs: reada: ignore creating reada_extent for a non-existent device (bsc#1012452). - btrfs: reada: Jump into cleanup in direct way for __readahead_hook() (bsc#1012452). - btrfs: reada: limit max works count (bsc#1012452). - btrfs: reada: Move is_need_to_readahead contition earlier (bsc#1012452). - btrfs: reada: move reada_extent_put to place after __readahead_hook() (bsc#1012452). - btrfs: reada: Pass reada_extent into __readahead_hook directly (bsc#1012452). - btrfs: reada: reduce additional fs_info->reada_lock in reada_find_zone (bsc#1012452). - btrfs: reada: Remove level argument in severial functions (bsc#1012452). - btrfs: reada: simplify dev->reada_in_flight processing (bsc#1012452). - btrfs: reada: Use fs_info instead of root in __readahead_hook's argument (bsc#1012452). - btrfs: reada: use GFP_KERNEL everywhere (bsc#1012452). - btrfs: readdir: use GFP_KERNEL (bsc#1012452). - btrfs: remove redundant error check (bsc#1012452). - btrfs: Reset IO error counters before start of device replacing (bsc#1012452). - btrfs: scrub: use GFP_KERNEL on the submission path (bsc#1012452). - btrfs: Search for all ordered extents that could span across a page (bsc#1012452). - btrfs: send: use GFP_KERNEL everywhere (bsc#1012452). - btrfs: switch to kcalloc in btrfs_cmp_data_prepare (bsc#1012452). - btrfs: Use (eb->start, seq) as search key for tree modification log (bsc#1012452). - btrfs: use proper type for failrec in extent_state (bsc#1012452). - ceph: fix recursively call between ceph_set_acl and __ceph_setattr (bsc#1034902). - cgroup/pids: remove spurious suspicious RCU usage warning (bnc#1031831). - cxgb4: Add control net_device for configuring PCIe VF (bsc#1021424). - cxgb4: Add llseek operation for flash debugfs entry (bsc#1021424). - cxgb4: add new routine to get adapter info (bsc#1021424). - cxgb4: Add PCI device ID for new adapter (bsc#1021424). - cxgb4: Add port description for new cards (bsc#1021424). - cxgb4: Add support to enable logging of firmware mailbox commands (bsc#1021424). - cxgb4: Check for firmware errors in the mailbox command loop (bsc#1021424). - cxgb4: correct device ID of T6 adapter (bsc#1021424). - cxgb4/cxgb4vf: Add set VF mac address support (bsc#1021424). - cxgb4/cxgb4vf: Allocate more queues for 25G and 100G adapter (bsc#1021424). - cxgb4/cxgb4vf: Assign netdev->dev_port with port ID (bsc#1021424). - cxgb4/cxgb4vf: Display 25G and 100G link speed (bsc#1021424). - cxgb4/cxgb4vf: Remove deprecated module parameters (bsc#1021424). - cxgb4: DCB message handler needs to use correct portid to netdev mapping (bsc#1021424). - cxgb4: Decode link down reason code obtained from firmware (bsc#1021424). - cxgb4: Do not assume FW_PORT_CMD reply is always port info msg (bsc#1021424). - cxgb4: do not call napi_hash_del() (bsc#1021424). - cxgb4: Do not sleep when mbox cmd is issued from interrupt context (bsc#1021424). - cxgb4: Enable SR-IOV configuration via PCI sysfs interface (bsc#1021424). - cxgb4: Fix issue while re-registering VF mgmt netdev (bsc#1021424). - cxgb4: MU requested by Chelsio (bsc#1021424). - cxgb4: Properly decode port module type (bsc#1021424). - cxgb4: Refactor t4_port_init function (bsc#1021424). - cxgb4: Reset dcb state machine and tx queue prio only if dcb is enabled (bsc#1021424). - cxgb4: Support compressed error vector for T6 (bsc#1021424). - cxgb4: Synchronize access to mailbox (bsc#1021424). - cxgb4: update latest firmware version supported (bsc#1021424). - device-dax: fix private mapping restriction, permit read-only (bsc#1031717). - drivers: hv: util: do not forget to init host_ts.lock (bsc#1031206). - drivers: hv: vmbus: Raise retry/wait limits in vmbus_post_msg() (fate#320485, bsc#1023287, bsc#1028217). - drm/i915: Fix crash after S3 resume with DP MST mode change (bsc#1029634). - drm/i915: Introduce Kabypoint PCH for Kabylake H/DT (bsc#1032581). - drm/i915: Only enable hotplug interrupts if the display interrupts are enabled (bsc#1031717). - ext4: fix use-after-iput when fscrypt contexts are inconsistent (bsc#1012829). - hid: usbhid: Quirk a AMI virtual mouse and keyboard with ALWAYS_POLL (bsc#1022340). - hv: export current Hyper-V clocksource (bsc#1031206). - hv_utils: implement Hyper-V PTP source (bsc#1031206). - ibmvnic: Allocate number of rx/tx buffers agreed on by firmware (fate#322021, bsc#1031512). - ibmvnic: Call napi_disable instead of napi_enable in failure path (fate#322021, bsc#1031512). - ibmvnic: Correct ibmvnic handling of device open/close (fate#322021, bsc#1031512). - ibmvnic: Fix endian errors in error reporting output (fate#322021, bsc#1031512). - ibmvnic: Fix endian error when requesting device capabilities (fate#322021, bsc#1031512). - ibmvnic: Fix initial MTU settings (bsc#1031512). - ibmvnic: Fix overflowing firmware/hardware TX queue (fate#322021, bsc#1031512). - ibmvnic: Free tx/rx scrq pointer array when releasing sub-crqs (fate#322021, bsc#1031512). - ibmvnic: Handle processing of CRQ messages in a tasklet (fate#322021, bsc#1031512). - ibmvnic: Initialize completion variables before starting work (fate#322021, bsc#1031512). - ibmvnic: Make CRQ interrupt tasklet wait for all capabilities crqs (fate#322021, bsc#1031512). - ibmvnic: Move ibmvnic adapter intialization to its own routine (fate#322021, bsc#1031512). - ibmvnic: Move login and queue negotiation into ibmvnic_open (fate#322021, bsc#1031512). - ibmvnic: Move login to its own routine (fate#322021, bsc#1031512). - ibmvnic: Use common counter for capabilities checks (fate#322021, bsc#1031512). - ibmvnic: use max_mtu instead of req_mtu for MTU range check (bsc#1031512). - iommu/vt-d: Make sure IOMMUs are off when intel_iommu=off (bsc#1031208). - iscsi-target: Return error if unable to add network portal (bsc#1032803). - kABI: restore ttm_ref_object_add parameters (kabi). - kgr: Mark eeh_event_handler() kthread safe using a timeout (bsc#1031662). - kvm: svm: add support for RDTSCP (bsc#1033117). - l2tp: hold tunnel socket when handling control frames in l2tp_ip and l2tp_ip6 (bsc#1028415). - libcxgb: add library module for Chelsio drivers (bsc#1021424). - libnvdimm, pfn: fix memmap reservation size versus 4K alignment (bsc#1031717). - locking/semaphore: Add down_interruptible_timeout() (bsc#1031662). - md: handle read-only member devices better (bsc#1033281). - mem-hotplug: fix node spanned pages when we have a movable node (bnc#1034671). - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp (bnc#1030118). - mm/memblock.c: fix memblock_next_valid_pfn() (bnc#1031200). - mm: page_alloc: skip over regions of invalid pfns where possible (bnc#1031200). - netfilter: allow logging from non-init namespaces (bsc#970083). - net: ibmvnic: Remove unused net_stats member from struct ibmvnic_adapter (fate#322021, bsc#1031512). - nfs: flush out dirty data on file fput() (bsc#1021762). - nvme: Delete created IO queues on reset (bsc#1031717). - overlayfs: compat, fix incorrect dentry use in ovl_rename2 (bsc#1032400). - overlayfs: compat, use correct dentry to detect compat mode in ovl_compat_is_whiteout (bsc#1032400). - ping: implement proper locking (bsc#1031003). - powerpc/fadump: Reserve memory at an offset closer to bottom of RAM (bsc#1032141). - powerpc/fadump: Update fadump documentation (bsc#1032141). - Revert "btrfs: qgroup: Move half of the qgroup accounting time out of" (bsc#1017461 bsc#1033885). - Revert "btrfs: qgroup: Move half of the qgroup accounting time out of" This reverts commit f69c1d0f6254c73529a48fd2f87815d047ad7288. - Revert "Revert "btrfs: qgroup: Move half of the qgroup accounting time" This reverts commit 8567943ca56d937acfc417947cba917de653b09c. - sbp-target: Fix second argument of percpu_ida_alloc() (bsc#1032803). - scsi: cxgb4i: libcxgbi: cxgb4: add T6 iSCSI completion feature (bsc#1021424). - scsi_error: count medium access timeout only once per EH run (bsc#993832, bsc#1032345). - scsi: ipr: do not set DID_PASSTHROUGH on CHECK CONDITION (bsc#1034419). - scsi: ipr: Driver version 2.6.4 (bsc#1031555, fate#321595). - scsi: ipr: Error path locking fixes (bsc#1031555, fate#321595). - scsi: ipr: Fix abort path race condition (bsc#1031555, fate#321595). - scsi: ipr: Fix missed EH wakeup (bsc#1031555, fate#321595). - scsi: ipr: Fix SATA EH hang (bsc#1031555, fate#321595). - scsi: ipr: Remove redundant initialization (bsc#1031555, fate#321595). - scsi_transport_fc: do not call queue_work under lock (bsc#1013887). - scsi_transport_fc: fixup race condition in fc_rport_final_delete() (bsc#1013887). - scsi_transport_fc: return -EBUSY for deleted vport (bsc#1013887). - sysfs: be careful of error returns from ops->show() (bsc#1028883). - thp: fix MADV_DONTNEED vs. numa balancing race (bnc#1027974). - thp: reduce indentation level in change_huge_pmd() (bnc#1027974). - tpm: fix checks for policy digest existence in tpm2_seal_trusted() (bsc#1034048, Pending fixes 2017-04-10). - tpm: fix RC value check in tpm2_seal_trusted (bsc#1034048, Pending fixes 2017-04-10). - tpm: fix: set continueSession attribute for the unseal operation (bsc#1034048, Pending fixes 2017-04-10). - vmxnet3: segCnt can be 1 for LRO packets (bsc#988065). - x86/CPU/AMD: Fix Zen SMT topology (bsc#1027512). - x86/ioapic: Change prototype of acpi_ioapic_add() (bsc#1027153, bsc#1027616). - x86/ioapic: Fix incorrect pointers in ioapic_setup_resources() (bsc#1027153, bsc#1027616). - x86/ioapic: Fix IOAPIC failing to request resource (bsc#1027153, bsc#1027616). - x86/ioapic: fix kABI (hide added include) (bsc#1027153, bsc#1027616). - x86/ioapic: Fix lost IOAPIC resource after hot-removal and hotadd (bsc#1027153, bsc#1027616). - x86/ioapic: Fix setup_res() failing to get resource (bsc#1027153, bsc#1027616). - x86/ioapic: Ignore root bridges without a companion ACPI device (bsc#1027153, bsc#1027616). - x86/ioapic: Simplify ioapic_setup_resources() (bsc#1027153, bsc#1027616). - x86/ioapic: Support hot-removal of IOAPICs present during boot (bsc#1027153, bsc#1027616). - x86/mce: Fix copy/paste error in exception table entries (fate#319858). - x86/platform/uv: Fix calculation of Global Physical Address (bsc#1031147). - x86/ras/therm_throt: Do not log a fake MCE for thermal events (bsc#1028027). - xen: Use machine addresses in /sys/kernel/vmcoreinfo when PV (bsc#1014136) - xgene_enet: remove bogus forward declarations (bsc#1032673). Important SUSE bug 1010032 SUSE bug 1012452 SUSE bug 1012829 SUSE bug 1013887 SUSE bug 1014136 SUSE bug 1017461 SUSE bug 1019614 SUSE bug 1021424 SUSE bug 1021762 SUSE bug 1022340 SUSE bug 1023287 SUSE bug 1027153 SUSE bug 1027512 SUSE bug 1027616 SUSE bug 1027974 SUSE bug 1028027 SUSE bug 1028217 SUSE bug 1028415 SUSE bug 1028883 SUSE bug 1029514 SUSE bug 1029634 SUSE bug 1030070 SUSE bug 1030118 SUSE bug 1030213 SUSE bug 1031003 SUSE bug 1031052 SUSE bug 1031147 SUSE bug 1031200 SUSE bug 1031206 SUSE bug 1031208 SUSE bug 1031440 SUSE bug 1031512 SUSE bug 1031555 SUSE bug 1031579 SUSE bug 1031662 SUSE bug 1031717 SUSE bug 1031831 SUSE bug 1032006 SUSE bug 1032141 SUSE bug 1032345 SUSE bug 1032400 SUSE bug 1032581 SUSE bug 1032673 SUSE bug 1032681 SUSE bug 1032803 SUSE bug 1033117 SUSE bug 1033281 SUSE bug 1033336 SUSE bug 1033340 SUSE bug 1033885 SUSE bug 1034048 SUSE bug 1034419 SUSE bug 1034671 SUSE bug 1034902 SUSE bug 970083 SUSE bug 986362 SUSE bug 986365 SUSE bug 988065 SUSE bug 993832 CVE-2016-4997 CVE-2017-2671 CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7308 CVE-2017-7374 CVE-2017-7616 CVE-2017-7618 openSUSE Leap 42.2 This update for virtualbox to version 5.1.22 fixes the following issues: These security issues were fixed (bsc#1034854): - CVE-2017-3561: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. - CVE-2017-3563: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. - CVE-2017-3576: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. - CVE-2017-3587: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. - CVE-2017-3575: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. - CVE-2017-3538: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. - CVE-2017-3513: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. - CVE-2017-3558: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. - CVE-2017-3559: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. These non-security issues were fixed: - GUI: don't check if the Extension Pack is up-to-date if the user is about to install a new Extension Pack - GUI: fixed a possible crash when switching a multi-monitor VM into full-screen or seamless mode - GUI: several mini-toolbar fixes in full-screen / seamless mode - GUI: don't crash on restoring defaults in the appliance import dialog - ICH9: fix for Windows guests with a huge amount (more than 64G) of guest memory - BIOS: fixed El Torito hard disk emulation geometry calculation - VMM: fixed VERR_IEM_INSTR_NOT_IMPLEMENTED Guru Meditation under certain conditions - Storage: fixed a potential hang under rare circumstances - Storage: fixed a potential crash under rare circumstances (asynchronous I/O disabled or during maintenance file operations like merging snapshots) - Linux hosts: make the ALSA backend work again as well as loading the GL libraries on certain hosts - Linux Additions: fixed mount.vboxsf symlink problem Important SUSE bug 1034854 CVE-2017-3513 CVE-2017-3538 CVE-2017-3558 CVE-2017-3559 CVE-2017-3561 CVE-2017-3563 CVE-2017-3575 CVE-2017-3576 CVE-2017-3587 openSUSE Leap 42.2 This update for weechat fixes one security issues: - CVE-2017-8073: WeeChat allowed a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow (bsc#1036467). Moderate SUSE bug 1036467 CVE-2017-8073 openSUSE Leap 42.2 This update to Chromium 58.0.3029.96 fixes one security issue: - CVE-2017-5068: race condition in WebRTC (bsc#1037594) Important SUSE bug 1037594 CVE-2017-5068 openSUSE Leap 42.2 This update to MozillaThunderbird 51.1.0 fixes security issues and bugs. In general, these flaws cannot be exploited through email because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. The following vulnerabilities were fixed: boo#1035082, MFSA 2017-13, boo#1028391, MFSA 2017-09) - CVE-2017-5443: Out-of-bounds write during BinHex decoding - CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - CVE-2017-5465: Out-of-bounds read in ConvolvePixel - CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL - CVE-2017-5467: Memory corruption when drawing Skia content - CVE-2017-5460: Use-after-free in frame selection - CVE-2017-5449: Crash during bidirectional unicode manipulation with animation - CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - CVE-2017-5447: Out-of-bounds read during glyph processing - CVE-2017-5444: Buffer overflow while parsing application/http-index-format content - CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content - CVE-2017-5442: Use-after-free during style changes - CVE-2017-5469: Potential Buffer overflow in flex-generated code - CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing - CVE-2017-5441: Use-after-free with selection during scroll events - CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing - CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing - CVE-2017-5437: Vulnerabilities in Libevent library - CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 - CVE-2017-5435: Use-after-free during transaction processing in the editor - CVE-2017-5434: Use-after-free during focus handling - CVE-2017-5433: Use-after-free in SMIL animation functions - CVE-2017-5432: Use-after-free in text input selection - CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 - CVE-2017-5459: Buffer overflow in WebGL - CVE-2017-5454; Sandbox escape allowing file system read access through file picker - CVE-2017-5451: Addressbar spoofing with onblur event - CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP - CVE-2017-5401: Memory Corruption when handling ErrorResult - CVE-2017-5402: Use-after-free working with events in FontFace objects - CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object - CVE-2017-5404: Use-after-free working with ranges in selections - CVE-2017-5406: Segmentation fault in Skia with canvas operations - CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters - CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping - CVE-2017-5408: Cross-origin reading of video captions in violation of CORS - CVE-2017-5412: Buffer overflow read in SVG filters - CVE-2017-5413: Segmentation fault during bidirectional operations - CVE-2017-5414: File picker can choose incorrect default directory - CVE-2017-5416: Null dereference crash in HttpChannel - CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running - CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses - CVE-2017-5419: Repeated authentication prompts lead to DOS attack - CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports - CVE-2017-5421: Print preview spoofing - CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink - CVE-2017-5399: Memory safety bugs fixed in Thunderbird 52 - CVE-2017-5398: Memory safety bugs fixed in Thunderbird 52 and Thunderbird 45.8 The following non-security changes are included: - Background images not working and other issues related to embedded images when composing email have been fixed - Google Oauth setup can sometimes not progress to the next step - Clicking on a link in an email may not open this link in the external browser - addon blocklist updates - enable ALSA for systems without PulseAudio - Optionally remove corresponding data files when removing an account - Possibility to copy message filter - Calendar: Event can now be created and edited in a tab - Calendar: Processing of received invitation counter proposals - Chat: Support Twitter Direct Messages - Chat: Liking and favoriting in Twitter - Chat: Removed Yahoo! Messenger support Moderate SUSE bug 1028391 SUSE bug 1035082 CVE-2017-5398 CVE-2017-5399 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5403 CVE-2017-5404 CVE-2017-5405 CVE-2017-5406 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410 CVE-2017-5412 CVE-2017-5413 CVE-2017-5414 CVE-2017-5416 CVE-2017-5418 CVE-2017-5419 CVE-2017-5421 CVE-2017-5422 CVE-2017-5426 CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469 openSUSE Leap 42.2 This update for quagga to version 1.1.1 fixes the following issues: This security issue was fixed: - CVE-2017-5495: Quagga was vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication (bsc#1021669). These non-security issues were fixed: - Disabled passwords in default zebra.conf config file, causing to disable vty telnet interface by default. The vty interface is available via "vtysh" utility using pam authentication to permit management access for root without password (boo#1021669). - Changed owner of /etc/quagga to quagga:quagga to permit to manage quagga via vty interface. - Added quagga.log and create and su statemets to logrotate config, changed default zebra log file name from quagga.log to zebra.log. - Added libfpm_pb0 and libquagga_pb0 shared library sub-packages, adjusted libzebra0 sub-package name to libzebra1. - Do not enable zebra's tcp interface (port 2600) to use default unix socket for communication between the daemons A digest of the other changes by the version upgrade: - isisd: Fix size of malloc - isisd: check for the existance of the correct list - ospf6d: fix off-by-one on display of spf reasons - ospf6d: don't access nexthops out of bounds - bgpd: fix off-by-one in attribute flags handling - bgpd: Fix buffer overflow error in bgp_dump_routes_func Please http://mirror.easyname.at/nongnu/quagga/quagga-1.1.1.changelog.txt and the changelog for a complete list of changes. Moderate SUSE bug 1021669 CVE-2017-5495 openSUSE Leap 42.2 This update for zziplib fixes the following issues: Secuirty issues fixed: - CVE-2017-5974: heap-based buffer overflow in __zzip_get32 (fetch.c) (bsc#1024517) - CVE-2017-5975: heap-based buffer overflow in __zzip_get64 (fetch.c) (bsc#1024528) - CVE-2017-5976: heap-based buffer overflow in zzip_mem_entry_extra_block (memdisk.c) (bsc#1024531) - CVE-2017-5977: invalid memory read in zzip_mem_entry_extra_block (memdisk.c) (bsc#1024534) - CVE-2017-5978: out of bounds read in zzip_mem_entry_new (memdisk.c) (bsc#1024533) - CVE-2017-5979: NULL pointer dereference in prescan_entry (fseeko.c) (bsc#1024535) - CVE-2017-5980: NULL pointer dereference in zzip_mem_entry_new (memdisk.c) (bsc#1024536) - CVE-2017-5981: assertion failure in seeko.c (bsc#1024539) - NULL pointer dereference in main (unzzipcat-mem.c) (bsc#1024532) - NULL pointer dereference in main (unzzipcat.c) (bsc#1024537) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1024517 SUSE bug 1024528 SUSE bug 1024531 SUSE bug 1024532 SUSE bug 1024533 SUSE bug 1024534 SUSE bug 1024535 SUSE bug 1024536 SUSE bug 1024537 SUSE bug 1024539 CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5977 CVE-2017-5978 CVE-2017-5979 CVE-2017-5980 CVE-2017-5981 openSUSE Leap 42.2 This update for mysql-community-server to version 5.6.36 fixes the following issues: These security issues were fixed: - CVE-2016-5483: Mysqldump failed to properly quote certain identifiers in SQL statements written to the dump output, allowing for execution of arbitrary commands (bsc#1029014) - CVE-2017-3305: MySQL client sent authentication request unencrypted even if SSL was required (aka Ridddle) (bsc#1029396). - CVE-2017-3308: Unspecified vulnerability in Server: DML (boo#1034850) - CVE-2017-3309: Unspecified vulnerability in Server: Optimizer (boo#1034850) - CVE-2017-3329: Unspecified vulnerability in Server: Thread (boo#1034850) - CVE-2017-3453: Unspecified vulnerability in Server: Optimizer (boo#1034850) - CVE-2017-3456: Unspecified vulnerability in Server: DML (boo#1034850) - CVE-2017-3461: Unspecified vulnerability in Server: Security (boo#1034850) - CVE-2017-3462: Unspecified vulnerability in Server: Security (boo#1034850) - CVE-2017-3463: Unspecified vulnerability in Server: Security (boo#1034850) - CVE-2017-3464: Unspecified vulnerability in Server: DDL (boo#1034850) - CVE-2017-3302: Crash in libmysqlclient.so (bsc#1022428). - CVE-2017-3450: Unspecified vulnerability Server: Memcached - CVE-2017-3452: Unspecified vulnerability Server: Optimizer - CVE-2017-3599: Unspecified vulnerability Server: Pluggable Auth - CVE-2017-3600: Unspecified vulnerability in Client: mysqldump (boo#1034850) - '--ssl-mode=REQUIRED' can be specified to require a secure connection (it fails if a secure connection cannot be obtained) These non-security issues were fixed: - Set the default umask to 077 in mysql-systemd-helper (boo#1020976) - Change permissions of the configuration dir/files to 755/644. Please note that storing the password in the /etc/my.cnf file is not safe. Use for example an option file that is accessible only by yourself (boo#889126) For more information please see http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-36.html Important SUSE bug 1020976 SUSE bug 1022428 SUSE bug 1029014 SUSE bug 1029396 SUSE bug 1034850 SUSE bug 889126 CVE-2016-5483 CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309 CVE-2017-3329 CVE-2017-3450 CVE-2017-3452 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3599 CVE-2017-3600 openSUSE Leap 42.2 This update for tcpdump to version 4.9.0 and libpcap to version 1.8.1 fixes the several issues. These security issues were fixed in tcpdump: - CVE-2016-7922: The AH parser in tcpdump had a buffer overflow in print-ah.c:ah_print() (bsc#1020940). - CVE-2016-7923: The ARP parser in tcpdump had a buffer overflow in print-arp.c:arp_print() (bsc#1020940). - CVE-2016-7924: The ATM parser in tcpdump had a buffer overflow in print-atm.c:oam_print() (bsc#1020940). - CVE-2016-7925: The compressed SLIP parser in tcpdump had a buffer overflow in print-sl.c:sl_if_print() (bsc#1020940). - CVE-2016-7926: The Ethernet parser in tcpdump had a buffer overflow in print-ether.c:ethertype_print() (bsc#1020940). - CVE-2016-7927: The IEEE 802.11 parser in tcpdump had a buffer overflow in print-802_11.c:ieee802_11_radio_print() (bsc#1020940). - CVE-2016-7928: The IPComp parser in tcpdump had a buffer overflow in print-ipcomp.c:ipcomp_print() (bsc#1020940). - CVE-2016-7929: The Juniper PPPoE ATM parser in tcpdump had a buffer overflow in print-juniper.c:juniper_parse_header() (bsc#1020940). - CVE-2016-7930: The LLC/SNAP parser in tcpdump had a buffer overflow in print-llc.c:llc_print() (bsc#1020940). - CVE-2016-7931: The MPLS parser in tcpdump had a buffer overflow in print-mpls.c:mpls_print() (bsc#1020940). - CVE-2016-7932: The PIM parser in tcpdump had a buffer overflow in print-pim.c:pimv2_check_checksum() (bsc#1020940). - CVE-2016-7933: The PPP parser in tcpdump had a buffer overflow in print-ppp.c:ppp_hdlc_if_print() (bsc#1020940). - CVE-2016-7934: The RTCP parser in tcpdump had a buffer overflow in print-udp.c:rtcp_print() (bsc#1020940). - CVE-2016-7935: The RTP parser in tcpdump had a buffer overflow in print-udp.c:rtp_print() (bsc#1020940). - CVE-2016-7936: The UDP parser in tcpdump had a buffer overflow in print-udp.c:udp_print() (bsc#1020940). - CVE-2016-7937: The VAT parser in tcpdump had a buffer overflow in print-udp.c:vat_print() (bsc#1020940). - CVE-2016-7938: The ZeroMQ parser in tcpdump had an integer overflow in print-zeromq.c:zmtp1_print_frame() (bsc#1020940). - CVE-2016-7939: The GRE parser in tcpdump had a buffer overflow in print-gre.c, multiple functions (bsc#1020940). - CVE-2016-7940: The STP parser in tcpdump had a buffer overflow in print-stp.c, multiple functions (bsc#1020940). - CVE-2016-7973: The AppleTalk parser in tcpdump had a buffer overflow in print-atalk.c, multiple functions (bsc#1020940). - CVE-2016-7974: The IP parser in tcpdump had a buffer overflow in print-ip.c, multiple functions (bsc#1020940). - CVE-2016-7975: The TCP parser in tcpdump had a buffer overflow in print-tcp.c:tcp_print() (bsc#1020940). - CVE-2016-7983: The BOOTP parser in tcpdump had a buffer overflow in print-bootp.c:bootp_print() (bsc#1020940). - CVE-2016-7984: The TFTP parser in tcpdump had a buffer overflow in print-tftp.c:tftp_print() (bsc#1020940). - CVE-2016-7985: The CALM FAST parser in tcpdump had a buffer overflow in print-calm-fast.c:calm_fast_print() (bsc#1020940). - CVE-2016-7986: The GeoNetworking parser in tcpdump had a buffer overflow in print-geonet.c, multiple functions (bsc#1020940). - CVE-2016-7992: The Classical IP over ATM parser in tcpdump had a buffer overflow in print-cip.c:cip_if_print() (bsc#1020940). - CVE-2016-7993: A bug in util-print.c:relts_print() in tcpdump could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM) (bsc#1020940). - CVE-2016-8574: The FRF.15 parser in tcpdump had a buffer overflow in print-fr.c:frf15_print() (bsc#1020940). - CVE-2016-8575: The Q.933 parser in tcpdump had a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482 (bsc#1020940). - CVE-2017-5202: The ISO CLNS parser in tcpdump had a buffer overflow in print-isoclns.c:clnp_print() (bsc#1020940). - CVE-2017-5203: The BOOTP parser in tcpdump had a buffer overflow in print-bootp.c:bootp_print() (bsc#1020940). - CVE-2017-5204: The IPv6 parser in tcpdump had a buffer overflow in print-ip6.c:ip6_print() (bsc#1020940). - CVE-2017-5205: The ISAKMP parser in tcpdump had a buffer overflow in print-isakmp.c:ikev2_e_print() (bsc#1020940). - CVE-2017-5341: The OTV parser in tcpdump had a buffer overflow in print-otv.c:otv_print() (bsc#1020940). - CVE-2017-5342: In tcpdump a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print() (bsc#1020940). - CVE-2017-5482: The Q.933 parser in tcpdump had a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575 (bsc#1020940). - CVE-2017-5483: The SNMP parser in tcpdump had a buffer overflow in print-snmp.c:asn1_parse() (bsc#1020940). - CVE-2017-5484: The ATM parser in tcpdump had a buffer overflow in print-atm.c:sig_print() (bsc#1020940). - CVE-2017-5485: The ISO CLNS parser in tcpdump had a buffer overflow in addrtoname.c:lookup_nsap() (bsc#1020940). - CVE-2017-5486: The ISO CLNS parser in tcpdump had a buffer overflow in print-isoclns.c:clnp_print() (bsc#1020940). - CVE-2015-3138: Fixed potential denial of service in print-wb.c (bsc#927637). - CVE-2015-0261: Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump allowed remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value (bsc#922220). - CVE-2015-2153: The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump allowed remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU) (bsc#922221). - CVE-2015-2154: The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump allowed remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value (bsc#922222). - CVE-2015-2155: The force printer in tcpdump allowed remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors (bsc#922223). - CVE-2014-8767: Integer underflow in the olsr_print function in tcpdump 3.9.6 when in verbose mode, allowed remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame (bsc#905870). - CVE-2014-8768: Multiple Integer underflows in the geonet_print function in tcpdump when run in verbose mode, allowed remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame (bsc#905871). - CVE-2014-8769: tcpdump might have allowed remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access (bsc#905872). These non-security issues were fixed in tcpdump: - PPKI to Router Protocol: Fix Segmentation Faults and other problems - RPKI to Router Protocol: print strings with fn_printn() - Added a short option '#', same as long option '--number' - nflog, mobile, forces, pptp, AODV, AHCP, IPv6, OSPFv4, RPL, DHCPv6 enhancements/fixes - M3UA decode added. - Added bittok2str(). - A number of unaligned access faults fixed - The -A flag does not consider CR to be printable anymore - fx.lebail took over coverity baby sitting - Default snapshot size increased to 256K for accomodate USB captures These non-security issues were fixed in libpcap: - Provide a -devel-static subpackage that contains the static libraries and all the extra dependencies which are not needed for dynamic linking. - Fix handling of packet count in the TPACKET_V3 inner loop - Filter out duplicate looped back CAN frames. - Fix the handling of loopback filters for IPv6 packets. - Add a link-layer header type for RDS (IEC 62106) groups. - Handle all CAN captures with pcap-linux.c, in cooked mode. - Removes the need for the "host-endian" link-layer header type. - Have separate DLTs for big-endian and host-endian SocketCAN headers. - Properly check for sock_recv() errors. - Re-impose some of Winsock's limitations on sock_recv(). - Replace sprintf() with pcap_snprintf(). - Fix signature of pcap_stats_ex_remote(). - Have rpcap_remoteact_getsock() return a SOCKET and supply an "is active" flag. - Clean up {DAG, Septel, Myricom SNF}-only builds. - pcap_create_interface() needs the interface name on Linux. - Clean up hardware time stamp support: the "any" device does not support any time stamp types. - Recognize 802.1ad nested VLAN tag in vlan filter. - Support for filtering Geneve encapsulated packets. - Fix handling of zones for BPF on Solaris - Added bpf_filter1() with extensions - EBUSY can now be returned by SNFv3 code. - Don't crash on filters testing a non-existent link-layer type field. - Fix sending in non-blocking mode on Linux with memory-mapped capture. - Fix timestamps when reading pcap-ng files on big-endian machines. - Fixes for byte order issues with NFLOG captures - Handle using cooked mode for DLT_NETLINK in activate_new(). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1020940 SUSE bug 1035686 SUSE bug 905870 SUSE bug 905871 SUSE bug 905872 SUSE bug 922220 SUSE bug 922221 SUSE bug 922222 SUSE bug 922223 SUSE bug 927637 CVE-2014-8767 CVE-2014-8768 CVE-2014-8769 CVE-2015-0261 CVE-2015-2153 CVE-2015-2154 CVE-2015-2155 CVE-2015-3138 CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973 CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7985 CVE-2016-7986 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2016-8575 CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5205 CVE-2017-5341 CVE-2017-5342 CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 CVE-2017-5486 openSUSE Leap 42.2 This update for ghostscript fixes the following security vulnerabilities: CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) CVE-2016-9601: An integer overflow in the bundled jbig2dec library could have been misused to cause a Denial-of-Service. (bsc#1018128) CVE-2016-10220: A NULL pointer dereference in the PDF Transparency module allowed remote attackers to cause a Denial-of-Service. (bsc#1032120) CVE-2017-5951: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1032114) CVE-2017-7207: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1030263) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1018128 SUSE bug 1030263 SUSE bug 1032114 SUSE bug 1032120 SUSE bug 1036453 CVE-2016-10220 CVE-2016-9601 CVE-2017-5951 CVE-2017-7207 CVE-2017-8291 openSUSE Leap 42.2 This update for libressl to version 2.5.1 fixes the following issues: These security issues were fixed: - CVE-2016-0702: Prevent side channel attack on modular exponentiation (boo#968050). - CVE-2016-7056: Avoid a side-channel cache-timing attack that can leak the ECDSA private keys when signing (boo#1019334). These non-security issues were fixed: - Detect zero-length encrypted session data early - Curve25519 Key Exchange support. - Support for alternate chains for certificate verification. - Added EVP interface for MD5+SHA1 hashes - Fixed DTLS client failures when the server sends a certificate request. - Corrected handling of padding when upgrading an SSLv2 challenge into an SSLv3/TLS connection. - Allowed protocols and ciphers to be set on a TLS config object in libtls. For additional changes please refer to the changelog. Moderate SUSE bug 1019334 SUSE bug 968050 CVE-2016-0702 CVE-2016-7056 openSUSE Leap 42.2 This update for xen fixes several issues. These security issues were fixed: - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843) - A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via GNTTABOP_transfer (XSA-214, bsc#1034844). - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034994). - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655) These non-security issues were fixed: - bsc#1029827: Additional xenstore patch - bsc#1036146: Xen VM dumped core to wrong path - bsc#1022703: Prevent Xen HVM guest with OVMF to hang with unattached CDRom This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1022703 SUSE bug 1028655 SUSE bug 1029827 SUSE bug 1030144 SUSE bug 1034843 SUSE bug 1034844 SUSE bug 1034994 SUSE bug 1036146 CVE-2016-9603 CVE-2017-7718 openSUSE Leap 42.2 This update for swftools fixes the following issues: - CVE-2017-8400: out-of-bound write of heap data issue (bsc#1037050) - CVE-2017-8401: out-of-bound read of heap data issue (bsc#1037051) Moderate SUSE bug 1037050 SUSE bug 1037051 CVE-2017-8400 CVE-2017-8401 openSUSE Leap 42.2 This update for graphite2 fixes one issue. This security issues was fixed: - CVE-2017-5436: An out-of-bounds write triggered with a maliciously crafted Graphite font could lead to a crash or potentially code execution (bsc#1035204). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1035204 CVE-2017-5436 openSUSE Leap 42.2 This update for rzip fixes the following issues: - CVE-2017-8364: heap-based buffer overflow in read_buf function via crafted archive file could lead to crash (boo#1036941) Low SUSE bug 1036941 CVE-2017-8364 openSUSE Leap 42.2 This update for kauth and kdelibs4 fixes the following issues: - CVE-2017-8422: logic flaw in the KAuth framework allowed privilege escalation (boo#1036244). Important SUSE bug 1036244 CVE-2017-8422 openSUSE Leap 42.2 This update for libcares2 fixes the following issues: - Add patch to fix single byte out of buffer write (CVE-2016-5180, bsc#1007728) This update was imported from the SUSE:SLE-12:Update update project. Low SUSE bug 1007728 CVE-2016-5180 openSUSE Leap 42.2 This update for roundcubemail fixes one security issues and two bugs. The following vulnerability was fixed: - CVE-2017-8114: Authenticated users may have reset arbitrary passwords (boo#1036955) The following upstream bugs were fixed: - Fix regression in LDAP fuzzy search where it always used prefix search instead - Fix bug where base_dn setting was ignored inside group_filters Moderate SUSE bug 1036955 CVE-2017-8114 openSUSE Leap 42.2 This update for tomcat fixes the following issues: - CVE-2017-5647 Pipelined requests could lead to information disclosure (bsc#1033448) - CVE-2017-5648 Untrusted application could retain listener leading to information disclosure (bsc#1033447) - CVE-2016-8745 shared Processor on Connector code could lead to information disclosure (bsc#1015119) This update was imported from the SUSE:SLE-12-SP1:Update and SUSE:SLE-12-SP2:Update update projects. Important SUSE bug 1015119 SUSE bug 1033447 SUSE bug 1033448 CVE-2016-8745 CVE-2017-5647 CVE-2017-5648 openSUSE Leap 42.2 This update for smb4k fixes the following issues: - Disabled dbus service and polkit rules, because this version of smb4k has a local root exploit issue (boo#1036245, CVE-2017-8849). Automatic mounting will no longer be possible to work around this security issue. Important SUSE bug 1036245 CVE-2017-8849 openSUSE Leap 42.2 This update provides version 3.0.5 of GNU Health including several fixes and improvements. - Update to ICD10 version 2016. - Fix error when printing prescription using review dates. - Fix error on summary report when no date of birth is assigned to the person. Additionally the following dependencies have been updated: tryton: - Update to 3.8.12. - Sanitize path in file open. (boo#1016886, CVE-2016-1242) - Prevent read of user password hash. (boo#1016885, CVE-2016-1241) trytond: - Update to 3.8.9. - Sanitize path in file open. (boo#1016886, CVE-2016-1242) - Prevent read of user password hash. (boo#1016885, CVE-2016-1241) trytond_account: - Update to 3.8.5. trytond_account_invoice: - Update to 3.8.4. trytond_stock: - Update to 3.8.4. trytond_stock_lot: - Update to 3.8.1. porteus: - Update to 3.8.5. Moderate SUSE bug 1016817 SUSE bug 1016885 SUSE bug 1016886 CVE-2016-1241 CVE-2016-1242 openSUSE Leap 42.2 This update for libtirpc fixes the following issues: - CVE-2017-8779: crafted UDP packaged could lead rpcbind to denial-of-service (bsc#1037559) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1037559 CVE-2017-8779 openSUSE Leap 42.2 This update for libxslt fixes the following security issues: - CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page (bsc#1035905). - CVE-2016-4738: Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator could cause a heap overread. This can be exploited to leak a couple of bytes after the buffer that holds the pattern string (bsc#1005591). - CVE-2015-9019: Properly initialize random generator (bsc#934119). - CVE-2015-7995: Vulnerability in function xsltStylePreCompute" in preproc.c could cause a type confusion leading to DoS. (bsc#952474) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1005591 SUSE bug 1035905 SUSE bug 934119 SUSE bug 952474 CVE-2015-7995 CVE-2015-9019 CVE-2016-4738 CVE-2017-5029 openSUSE Leap 42.2 This update for php7 fixes the following issues: * CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] * CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] * CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] * CVE-2016-9936 Use After free in the function serialize() could lead to crash [bsc#1015191] This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1015187 SUSE bug 1015188 SUSE bug 1015189 SUSE bug 1015191 CVE-2016-9933 CVE-2016-9934 CVE-2016-9935 CVE-2016-9936 openSUSE Leap 42.2 This update for samba fixes the following issue: - An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as 'root'. [CVE-2017-7494, bso#12780, bsc#1038231] This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1038231 CVE-2017-7494 openSUSE Leap 42.2 This update for bash fixes an issue that could lead to syntax errors when parsing scripts that use expr(1) inside loops. Additionally, the popd build-in now ensures that the normalized stack offset is within bounds before trying to free that stack entry. This fixes a segmentation fault. This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1010845 SUSE bug 1035371 CVE-2016-9401 openSUSE Leap 42.2 This update for rpcbind fixes the following issues: - CVE-2017-8779: A crafted UDP package could lead rcpbind to remote denial-of-service (bsc#1037559) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1037559 CVE-2017-8779 openSUSE Leap 42.2 This update for GraphicsMagick fixes the following issues: - CVE-2017-8350: denial of service via crafted PNG file (boo#1036985) - CVE-2017-8351: denial of service via crafted PCD file (boo#1036986) - CVE-2017-8353: denial of service via crafted PICT file (boo#1036988) - CVE-2017-8355: denial of service via crafted MTV file (boo#1036990) Moderate SUSE bug 1036985 SUSE bug 1036986 SUSE bug 1036988 SUSE bug 1036990 CVE-2017-8350 CVE-2017-8351 CVE-2017-8353 CVE-2017-8355 openSUSE Leap 42.2 This update for php5 fixes the following issues: * CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] * CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] * CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1015187 SUSE bug 1015188 SUSE bug 1015189 CVE-2016-9933 CVE-2016-9934 CVE-2016-9935 openSUSE Leap 42.2 This update for git fixes the following issues: - git 2.12.3: * CVE-2017-8386: Fix git-shell not to escape with the starting dash name (bsc#1038395) * Fix for potential segv introduced in v2.11.0 and later * Misc fixes and cleanups. - git 2.12.2: * CLI output fixes * "Dump http" transport fixes * various fixes for internal code paths * Trailer "Cc:" RFC fix - git 2.12.1: * Reduce authentication round-trip over HTTP when the server supports just a single authentication method. * "git add -i" patch subcommand fixed to have a path selection * various path verification fixes * fix "git log -L..." buffer overrun This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1038395 CVE-2017-8386 openSUSE Leap 42.2 This update for libsndfile fixes the following issues: - CVE-2017-8361: Global buffer overflow in flac_buffer_copy. (bsc#1036946) - CVE-2017-8362: Invalid memory read in flac_buffer_copy. (bsc#1036943) - CVE-2017-8363: Heap-based buffer overflow in flac_buffer_copy. (bsc#1036945) - CVE-2017-7585, CVE-2017-7741, CVE-2017-7742: Stack-based buffer overflows via specially crafted FLAC files. (bsc#1033054) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1033054 SUSE bug 1033914 SUSE bug 1033915 SUSE bug 1036943 SUSE bug 1036944 SUSE bug 1036945 SUSE bug 1036946 SUSE bug 1038856 CVE-2017-7585 CVE-2017-7741 CVE-2017-7742 CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365 openSUSE Leap 42.2 This update for libplist fixes the following issues: - CVE-2017-5209: The base64decode function in libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data (bsc#1019531). - CVE-2017-5545: The main function in plistutil.c in libimobiledevice libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short. (bsc#1021610). - CVE-2017-5836: A type inconsistency in bplist.c was fixed. (bsc#1023807) - CVE-2017-5835: A memory allocation error leading to DoS was fixed. (bsc#1023822) - CVE-2017-5834: A heap-buffer overflow in parse_dict_node was fixed. (bsc#1023848) - CVE-2017-6440: Ensure that sanity checks work on 32-bit platforms. (bsc#1029631) - CVE-2017-7982: Add some safety checks, backported from upstream (bsc#1035312). - CVE-2017-5836: A maliciously crafted file could cause the application to crash. (bsc#1023807). - CVE-2017-5835: Malicious crafted file could cause libplist to allocate large amounts of memory and consume lots of CPU (bsc#1023822) - CVE-2017-5834: Maliciou crafted file could cause a heap buffer overflow or segmentation fault (bsc#1023848) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1019531 SUSE bug 1021610 SUSE bug 1023807 SUSE bug 1023822 SUSE bug 1023848 SUSE bug 1029631 SUSE bug 1035312 CVE-2017-5209 CVE-2017-5545 CVE-2017-5834 CVE-2017-5835 CVE-2017-5836 CVE-2017-6440 CVE-2017-7982 openSUSE Leap 42.2 This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.10 - OpenJDK 7u141 (bsc#1034849) * Security fixes - S8163520, CVE-2017-3509: Reuse cache entries - S8163528, CVE-2017-3511: Better library loading - S8165626, CVE-2017-3512: Improved window framing - S8167110, CVE-2017-3514: Windows peering issue - S8169011, CVE-2017-3526: Resizing XML parse trees - S8170222, CVE-2017-3533: Better transfers of files - S8171121, CVE-2017-3539: Enhancing jar checking - S8171533, CVE-2017-3544: Better email transfer - S8172299: Improve class processing * New features - PR3347: jstack.stp should support AArch64 * Import of OpenJDK 7 u141 build 0 - S4717864: setFont() does not update Fonts of Menus already on screen - S6474807: (smartcardio) CardTerminal.connect() throws CardException instead of CardNotPresentException - S6518907: cleanup IA64 specific code in Hotspot - S6869327: Add new C2 flag to keep safepoints in counted loops. - S7112912: Message "Error occurred during initialization of VM" on boxes with lots of RAM - S7124213: [macosx] pack() does ignore size of a component; doesn't on the other platforms - S7124219: [macosx] Unable to draw images to fullscreen - S7124552: [macosx] NullPointerException in getBufferStrategy() - S7148275: [macosx] setIconImages() not working correctly (distorted icon when minimized) - S7154841: [macosx] Popups appear behind taskbar - S7155957: closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.java hangs on win 64 bit with jdk8 - S7160627: [macosx] TextArea has wrong initial size - S7167293: FtpURLConnection connection leak on FileNotFoundException - S7168851: [macosx] Netbeans crashes in CImage.nativeCreateNSImageFromArray - S7197203: sun/misc/URLClassPath/ClassnameCharTest.sh failed, compile error - S8005255: [macosx] Cleanup warnings in sun.lwawt - S8006088: Incompatible heap size flags accepted by VM - S8007295: Reduce number of warnings in awt classes - S8010722: assert: failed: heap size is too big for compressed oops - S8011059: [macosx] Support automatic @2x images loading on Mac OS X - S8014058: Regression tests for 8006088 - S8014489: tests/gc/arguments/Test(Serial|CMS|Parallel|G1)HeapSizeFlags jtreg tests invoke wrong class - S8016302: Change type of the number of GC workers to unsigned int (2) - S8024662: gc/arguments/TestUseCompressedOopsErgo.java does not compile. - S8024669: Native OOME when allocating after changes to maximum heap supporting Coops sizing on sparcv9 - S8024926: [macosx] AquaIcon HiDPI support - S8025974: l10n for policytool - S8027025: [macosx] getLocationOnScreen returns 0 if parent invisible - S8028212: Custom cursor HiDPI support - S8028471: PPC64 (part 215): opto: Extend ImplicitNullCheck optimization. - S8031573: [macosx] Checkmarks of JCheckBoxMenuItems aren't rendered in high resolution on Retina - S8033534: [macosx] Get MultiResolution image from native system - S8033786: White flashing when opening Dialogs and Menus using Nimbus with dark background - S8035568: [macosx] Cursor management unification - S8041734: JFrame in full screen mode leaves empty workspace after close - S8059803: Update use of GetVersionEx to get correct Windows version in hs_err files - S8066504: GetVersionEx in java.base/windows/native/libjava/java_props_md.c might not get correct Windows version 0 - S8079595: Resizing dialog which is JWindow parent makes JVM crash - S8080729: [macosx] java 7 and 8 JDialogs on multiscreen jump to parent frame on focus - S8130769: The new menu can't be shown on the menubar after clicking the "Add" button. - S8133357: 8u65 l10n resource file translation update - S8146602: jdk/test/sun/misc/URLClassPath/ClassnameCharTest.java test fails with NullPointerException - S8147842: IME Composition Window is displayed at incorrect location - S8147910: Cache initial active_processor_count - S8150490: Update OS detection code to recognize Windows Server 2016 - S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints is enabled - S8161195: Regression: closed/javax/swing/text/FlowView/LayoutTest.java - S8161993: G1 crashes if active_processor_count changes during startup - S8162603: Unrecognized VM option 'UseCountedLoopSafepoints' - S8162876: [TEST_BUG] sun/net/www/protocol/http/HttpInputStream.java fails intermittently - S8164533: sun/security/ssl/SSLSocketImpl/CloseSocket.java failed with "Error while cleaning up threads after test" - S8167179: Make XSL generated namespace prefixes local to transformation process - S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections - S8169589: [macosx] Activating a JDialog puts to back another dialog - S8170307: Stack size option -Xss is ignored - S8170316: (tz) Support tzdata2016j - S8170814: Reuse cache entries (part II) - S8171388: Update JNDI Thread contexts - S8171949: [macosx] AWT_ZoomFrame Automated tests fail with error: The bitwise mask Frame.ICONIFIED is not setwhen the frame is in ICONIFIED state - S8171952: [macosx] AWT_Modality/Automated/ModalExclusion/NoExclusion/ModelessDialog test fails as DummyButton on Dialog did not gain focus when clicked. - S8173931: 8u131 L10n resource file update - S8174844: Incorrect GPL header causes RE script to miss swap to commercial header for licensee source bundle - S8175087: [bsd] Fix build after "8024900: PPC64: Enable new build on AIX (jdk part)" - S8175163: [bsd] Fix build after "8005629: javac warnings compiling java.awt.EventDispatchThread..." - S8176044: (tz) Support tzdata2017a * Import of OpenJDK 7 u141 build 1 - S8043723: max_heap_for_compressed_oops() declared with size_t, but defined with uintx * Import of OpenJDK 7 u141 build 2 - S8011123: serialVersionUID of java.awt.dnd.InvalidDnDOperationException changed in JDK8-b82 * Backports - S6515172, PR3362: Runtime.availableProcessors() ignores Linux taskset command - S8022284, PR3209: Hide internal data structure in PhaseCFG - S8023003, PR3209: Cleanup the public interface to PhaseCFG - S8023691, PR3209: Create interface for nodes in class Block - S8023988, PR3209: Move local scheduling of nodes to the CFG creation and code motion phase (PhaseCFG) - S8043780, PR3369: Use open(O_CLOEXEC) instead of fcntl(FD_CLOEXEC) - S8157306, PR3209: Random infrequent null pointer exceptions in javac - S8173783, PR3329: IllegalArgumentException: jdk.tls.namedGroups - S8173941, PR3330: SA does not work if executable is DSO - S8174729, PR3361: Race Condition in java.lang.reflect.WeakCache * Bug fixes - PR3349: Architectures unsupported by SystemTap tapsets throw a parse error - PR3370: Disable ARM32 JIT by default in jdk_generic_profile.sh - PR3379: Perl should be mandatory - PR3390: javac.in and javah.in should use @PERL@ rather than a hardcoded path * CACAO - PR2732: Raise javadoc memory limits for CACAO again! * AArch64 port - S8177661, PR3367: Correct ad rule output register types from iRegX to iRegXNoSp - Get ecj.jar path from gcj, use the gcc variant that provides Java to build C code to make sure jni.h is available. - S8167104, CVE-2017-3289: Additional class construction - S6253144: Long narrowing conversion should describe the - S6328537: Improve javadocs for Socket class by adding - S6978886: javadoc shows stacktrace after print error - S6995421: Eliminate the static dependency to - S7027045: (doc) java/awt/Window.java has several typos in - S7054969: Null-check-in-finally pattern in java/security - S7072353: JNDI libraries do not build with javac -Xlint:all - S7092447: Clarify the default locale used in each locale - S7103570: AtomicIntegerFieldUpdater does not work when - S7187144: JavaDoc for ScriptEngineFactory.getProgram() - S8000418: javadoc should used a standard "generated by - S8000666: javadoc should write directly to Writer instead of - S8000970: break out auxiliary classes that will prevent - S8001669: javadoc internal DocletAbortException should set - S8011402: Move blacklisting certificate logic from hard code - S8011547: Update XML Signature implementation to Apache - S8012288: XML DSig API allows wrong tag names and extra - S8017325: Cleanup of the javadoc <code> tag in - S8017326: Cleanup of the javadoc <code> tag in - S8019772: Fix doclint issues in javax.crypto and - S8020688: Broken links in documentation at - S8021108: Clean up doclint warnings and errors in java.text - S8022120: JCK test api/javax_xml/crypto/dsig/TransformService/index_ParamMethods - S8025409: Fix javadoc comments errors and warning reported by - S8026021: more fix of javadoc errors and warnings reported by - S8037099: [macosx] Remove all references to GC from native - S8038184: XMLSignature throws StringIndexOutOfBoundsException - S8038349: Signing XML with DSA throws Exception when key is - S8049244: XML Signature performance issue caused by - S8050893: (smartcardio) Invert reset argument in tests in - S8059212: Modify sun/security/smartcardio manual regression - S8068279: (typo in the spec) - S8068491: Update the protocol for references of - S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java needs - S8076369: Introduce the jdk.tls.client.protocols system - S8139565: Restrict certificates with DSA keys less than 1024 - S8140422: Add mechanism to allow non default root CAs to be - S8140587: Atomic*FieldUpdaters should use Class.isInstance - S8149029: Secure validation of XML based digital signature - S8151893: Add security property to configure XML Signature - S8161228: URL objects with custom protocol handlers have port - S8163304: jarsigner -verbose -verify should print the - S8164908: ReflectionFactory support for IIOP and custom - S8165230: RMIConnection addNotificationListeners failing with - S8166393: disabledAlgorithms property should not be strictly - S8166591: [macos 10.12] Trackpad scrolling of text on OS X - S8166739: Improve extensibility of ObjectInputFilter - S8167356: Follow up fix for jdk8 backport of 8164143. Changes - S8167459: Add debug output for indicating if a chosen - S8168861: AnchorCertificates uses hardcoded password for - S8169688: Backout (remove) MD5 from - S8169911: Enhanced tests for jarsigner -verbose -verify after - S8170131: Certificates not being blocked by - S8173854: [TEST] Update DHEKeySizing test case following - S7102489, PR3316, RH1390708: RFE: cleanup jlong typedef on - S8000351, PR3316, RH1390708: Tenuring threshold should be - S8153711, PR3315, RH1284948: [REDO] JDWP: Memory Leak: - S8170888, PR3316, RH1390708: [linux] Experimental support for - PR3318: Replace 'infinality' with 'improved font rendering' - PR3324: Fix NSS_LIBDIR substitution in - S8165673, PR3320: AArch64: Fix JNI floating point argument + S6604109, PR3162: - Add -fno-delete-null-pointer-checks -fno-lifetime-dse to try to directory to be specified versions of IcedTea This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1034849 CVE-2017-3289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3512 CVE-2017-3514 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 openSUSE Leap 42.2 This update for gstreamer-plugins-bad fixes the following security issues, which would allow attackers able to submit media files for indexing to cause code execution or crashes: - Check an integer overflow (CVE-2016-9445) and initialize a buffer (CVE-2016-9446) in vmncdec. (bsc#1010829) - CVE-2016-9809: Ensure codec_data has the right size when reading number of SPS (bsc#1013659). - CVE-2016-9812: Add more section size checks (bsc#1013678). - CVE-2016-9813: fix PAT parsing (bsc#1013680). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1010829 SUSE bug 1013659 SUSE bug 1013678 SUSE bug 1013680 CVE-2016-9445 CVE-2016-9446 CVE-2016-9809 CVE-2016-9812 CVE-2016-9813 openSUSE Leap 42.2 This update for ffmpeg2 fixes security issues, bugs, and enables AC3 and MP3 decoding. The following vulnerabilities were fixed: - CVE-2017-7863: heap-based buffer overflow (bsc#1034179) - CVE-2017-7865: heap-based buffer overflow (bsc#1034177) - CVE-2017-7866: stack-based buffer overflow (bsc#1034176) - CVE-2016-10191: remote code execution (bsc#1022921) - CVE-2016-10190: remote code execution (bsc#1022920) - CVE-2016-10192: remote code execution (bsc#1022922) - CVE-2016-9561: Huge amount memory allocated, resulting in DoS of ffmpeg (bsc#1015120) The following functionality was added: - Enable AC3 and MP3 decoding ffmpeg was updated to 2.8.11, containing a number of upstream improvements and fixes. Moderate SUSE bug 1015120 SUSE bug 1022920 SUSE bug 1022921 SUSE bug 1022922 SUSE bug 1034176 SUSE bug 1034177 SUSE bug 1034179 CVE-2016-10190 CVE-2016-10191 CVE-2016-10192 CVE-2016-9561 CVE-2017-7863 CVE-2017-7865 CVE-2017-7866 openSUSE Leap 42.2 This update for sudo fixes the following issues: CVE-2017-1000367: - Due to incorrect assumptions in /proc/[pid]/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. [bsc#1039361] - Fix FQDN for hostname. [bsc#1024145] - Filter netgroups, they aren't handled by SSSD. [bsc#1015351] - Fix problems related to "krb5_ccname" option [bsc#981124] This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1015351 SUSE bug 1024145 SUSE bug 1039361 SUSE bug 981124 CVE-2017-1000367 openSUSE Leap 42.2 This update for miniupnpc fixes the following issues: - CVE-2017-8798: Integer signedness error in miniupnpc allows remote attackers to cause a denial of service condition via specially crafted HTTP response (boo#1038601) Moderate SUSE bug 1038601 CVE-2017-8798 openSUSE Leap 42.2 This update for gstreamer-0_10-plugins-bad fixes the following issues: - CVE-2016-9445, CVE-2016-9446: Protection against buffer overflows (bsc#1010829) - CVE-2016-9447: Disable the nsf plugin (bsc#1010514) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1010514 SUSE bug 1010829 CVE-2016-9445 CVE-2016-9446 CVE-2016-9447 openSUSE Leap 42.2 This update for libraw fixes the following issues: * CVE-2017-6890: A boundary error within the "foveon_load_camf()" function was fixed. [boo#1039209] * CVE-2017-6889: An integer overflow error within the "foveon_load_camf()" function was fixed. [boo#1039210] * CVE-2017-6887: A memory corruption via e.g. a specially crafted KDC file parse_tiff_ifd() was fixed. [boo#1039379] * CVE-2017-6886: A memory corruption in parse_tiff_ifd() function was fixed. [boo#1039380] Moderate SUSE bug 1039209 SUSE bug 1039210 SUSE bug 1039379 SUSE bug 1039380 CVE-2017-6886 CVE-2017-6887 CVE-2017-6889 CVE-2017-6890 openSUSE Leap 42.2 This update for mariadb fixes the following issues: - update to MariaDB 10.0.30 GA * notable changes: * XtraDB updated to 5.6.35-80.0 * TokuDB updated to 5.6.35-80.0 * PCRE updated to 8.40 * MDEV-11027: better InnoDB crash recovery progress reporting * MDEV-11520: improvements to how InnoDB data files are extended * Improvements to InnoDB startup/shutdown to make it more robust * MDEV-11233: fix for FULLTEXT index crash * MDEV-6143: MariaDB Linux binary tarballs will now always untar to directories that match their filename * release notes and changelog: * https://kb.askmonty.org/en/mariadb-10030-release-notes * https://kb.askmonty.org/en/mariadb-10030-changelog * fixes the following CVEs: CVE-2017-3313: unspecified vulnerability affecting the MyISAM component [bsc#1020890] CVE-2017-3302: Use after free in libmysqlclient.so [bsc#1022428] - set the default umask to 077 in mysql-systemd-helper [bsc#1020976] - [bsc#1034911] - tracker bug * fixes also [bsc#1020868] This update for mariadb fixes permissions for /var/run/mysql in mysql-systemd-helper that were incorrectly set to 700 instead of 755 due to umask. This prevented non-root users from connecting to the database. This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1020868 SUSE bug 1020890 SUSE bug 1020976 SUSE bug 1022428 SUSE bug 1034911 SUSE bug 1038740 SUSE bug 996821 CVE-2017-3302 CVE-2017-3313 openSUSE Leap 42.2 This update for gstreamer-plugins-good fixes the following security issues: - CVE-2016-9807: Flic decoder invalid read could lead to crash. (bsc#1013655) - CVE-2016-9634: Flic out-of-bounds write could lead to code execution. (bsc#1012102) - CVE-2016-9635: Flic out-of-bounds write could lead to code execution. (bsc#1012103) - CVE-2016-9635: Flic out-of-bounds write could lead to code execution. (bsc#1012104) - CVE-2016-9808: A maliciously crafted flic file can still cause invalid memory accesses. (bsc#1013653) - CVE-2016-9810: A maliciously crafted flic file can still cause invalid memory accesses. (bsc#1013663) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1012102 SUSE bug 1012103 SUSE bug 1012104 SUSE bug 1013653 SUSE bug 1013655 SUSE bug 1013663 CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9810 openSUSE Leap 42.2 This update to libupnp 1.6.21 fixes the following security issues: - various string handling issues (bsc#898167) - CVE-2016-8863: out-of-bounds access (bsc#1006256) - CVE-2016-6255: fix for file write via POST (bsc#989948) Moderate SUSE bug 1006256 SUSE bug 898167 SUSE bug 989948 CVE-2016-6255 CVE-2016-8863 openSUSE Leap 42.2 This update for deluge fixes two security issues: - CVE-2017-9031: A remote attacker may have used a directory traversal vulnerability in the web interface (bsc#1039815) - CVE-2017-7178: A remote attacher could have exploited a CSRF vulnerability to trick a logged-in user to perform actions in the WebUI (bsc#1039958) In addition, deluge was updated to 1.3.15 with the following fixes and changes: - Core: Fix issues with displaying libtorrent-rasterbar single proxy. - Core: Fix libtorrent-rasterbar 1.2 trackers crashing Deluge UIs. - Core: Fix an error in torrent priorities causing file priority mismatch in UIs. - GtkUI: Fix column sort state not saved in Thinclient mode. - GtkUI: Fix a connection manager error with malformed ip. - GtkUI: Rename SystemTray/Indicator "Pause/Resume All" to "Pause/Resume Session". - GtkUI: Workaround libtorrent-rasterbar single proxy by greying out unused proxy types. - Notification Plugin: Fix webui passing string for int port value. - AutoAdd Plugin: Add WebUI preferences page detailing lack of configuration via WebUI. - Label Plugin: Add WebUI preferences page detailing how to configure plugin. - Core: Fix 'Too many files open' errors. - Core: Add support for python-GeoIP for use with libtorrent 1.1. - Core: Fix a single proxy entry being overwritten resulting in no proxy set. - UI: Add the tracker_status translation to UIs. - GtkUI: Strip whitespace from infohash before checks. - GtkUI: Add a missed feature autofill infohash entry from clipboard. - WebUI: Backport bind interface option for server. - ConsoleUI: Fix a decode error comparing non-ascii (str) torrent names. - AutoAdd Plugin: Fixes for splitting magnets from file. - Remove the duplicate magnet extension when splitting. - Remove deluge-libtorrent-1.1-geoip.patch: fixed upstream. Important SUSE bug 1039815 SUSE bug 1039958 CVE-2017-7178 CVE-2017-9031 openSUSE Leap 42.2 This update for postgresql93 fixes the following issues: The PostgreSQL package was updated to 9.3.17, bringing various bug and security fixes. Security fixes: - CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1037624) - CVE-2017-7485: Recognize PGREQUIRESSL variable again. (bsc#1038293) - CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603) More details can be found in the PostgreSQL release announcements: - https://www.postgresql.org/docs/9.3/static/release-9-3-17.html - https://www.postgresql.org/docs/9.3/static/release-9-3-16.html - https://www.postgresql.org/docs/9.3/static/release-9-3-15.html This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1037603 SUSE bug 1037624 SUSE bug 1038293 CVE-2017-7484 CVE-2017-7485 CVE-2017-7486 openSUSE Leap 42.2 This update to Chromium 59.0.3071.86 fixes the following security issues: - CVE-2017-5070: Type confusion in V8 - CVE-2017-5071: Out of bounds read in V8 - CVE-2017-5072: Address spoofing in Omnibox - CVE-2017-5073: Use after free in print preview - CVE-2017-5074: Use after free in Apps Bluetooth - CVE-2017-5075: Information leak in CSP reporting - CVE-2017-5086: Address spoofing in Omnibox - CVE-2017-5076: Address spoofing in Omnibox - CVE-2017-5077: Heap buffer overflow in Skia - CVE-2017-5078: Possible command injection in mailto handling - CVE-2017-5079: UI spoofing in Blink - CVE-2017-5080: Use after free in credit card autofill - CVE-2017-5081: Extension verification bypass - CVE-2017-5082: Insufficient hardening in credit card editor - CVE-2017-5083: UI spoofing in Blink - CVE-2017-5085: Inappropriate javascript execution on WebUI pages Important SUSE bug 1042833 CVE-2017-5070 CVE-2017-5071 CVE-2017-5072 CVE-2017-5073 CVE-2017-5074 CVE-2017-5075 CVE-2017-5076 CVE-2017-5077 CVE-2017-5078 CVE-2017-5079 CVE-2017-5080 CVE-2017-5081 CVE-2017-5082 CVE-2017-5083 CVE-2017-5085 CVE-2017-5086 openSUSE Leap 42.2 This update for java-1_8_0-openjdk fixes the following issues: - Upgrade to version jdk8u131 (icedtea 3.4.0) - bsc#1034849 * Security fixes - S8163520, CVE-2017-3509: Reuse cache entries - S8163528, CVE-2017-3511: Better library loading - S8165626, CVE-2017-3512: Improved window framing - S8167110, CVE-2017-3514: Windows peering issue - S8168699: Validate special case invocations - S8169011, CVE-2017-3526: Resizing XML parse trees - S8170222, CVE-2017-3533: Better transfers of files - S8171121, CVE-2017-3539: Enhancing jar checking - S8171533, CVE-2017-3544: Better email transfer - S8172299: Improve class processing * New features - PR1969: Add AArch32 JIT port - PR3297: Allow Shenandoah to be used on AArch64 - PR3340: jstack.stp should support AArch64 * Import of OpenJDK 8 u131 build 11 - S6474807: (smartcardio) CardTerminal.connect() throws CardException instead of CardNotPresentException - S6515172, PR3346: Runtime.availableProcessors() ignores Linux taskset command - S7155957: closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.java hangs on win 64 bit with jdk8 - S7167293: FtpURLConnection connection leak on FileNotFoundException - S8035568: [macosx] Cursor management unification - S8079595: Resizing dialog which is JWindow parent makes JVM crash - S8130769: The new menu can't be shown on the menubar after clicking the "Add" button. - S8146602: jdk/test/sun/misc/URLClassPath/ClassnameCharTest.java test fails with NullPointerException - S8147842: IME Composition Window is displayed at incorrect location - S8147910, PR3346: Cache initial active_processor_count - S8150490: Update OS detection code to recognize Windows Server 2016 - S8160951: [TEST_BUG] javax/xml/bind/marshal/8134111/UnmarshalTest.java should be added into :needs_jre group - S8160958: [TEST_BUG] java/net/SetFactoryPermission/SetFactoryPermission.java should be added into :needs_compact2 group - S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints is enabled - S8161195: Regression: closed/javax/swing/text/FlowView/LayoutTest.java - S8161993, PR3346: G1 crashes if active_processor_count changes during startup - S8162876: [TEST_BUG] sun/net/www/protocol/http/HttpInputStream.java fails intermittently - S8162916: Test sun/security/krb5/auto/UnboundSSL.java fails - S8164533: sun/security/ssl/SSLSocketImpl/CloseSocket.java failed with "Error while cleaning up threads after test" - S8167179: Make XSL generated namespace prefixes local to transformation process - S8168774: Polymorhic signature method check crashes javac - S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections - S8169589: [macosx] Activating a JDialog puts to back another dialog - S8170307: Stack size option -Xss is ignored - S8170316: (tz) Support tzdata2016j - S8170814: Reuse cache entries (part II) - S8170888, PR3314, RH1284948: [linux] Experimental support for cgroup memory limits in container (ie Docker) environments - S8171388: Update JNDI Thread contexts - S8171949: [macosx] AWT_ZoomFrame Automated tests fail with error: The bitwise mask Frame.ICONIFIED is not setwhen the frame is in ICONIFIED state - S8171952: [macosx] AWT_Modality/Automated/ModalExclusion/NoExclusion/ModelessDialog test fails as DummyButton on Dialog did not gain focus when clicked. - S8173030: Temporary backout fix #8035568 from 8u131-b03 - S8173031: Temporary backout fix #8171952 from 8u131-b03 - S8173783, PR3328: IllegalArgumentException: jdk.tls.namedGroups - S8173931: 8u131 L10n resource file update - S8174844: Incorrect GPL header causes RE script to miss swap to commercial header for licensee source bundle - S8174985: NTLM authentication doesn't work with IIS if NTLM cache is disabled - S8176044: (tz) Support tzdata2017a * Backports - S6457406, PR3335: javadoc doesn't handle <a href='http://...'> properly in producing index pages - S8030245, PR3335: Update langtools to use try-with-resources and multi-catch - S8030253, PR3335: Update langtools to use strings-in-switch - S8030262, PR3335: Update langtools to use foreach loops - S8031113, PR3337: TEST_BUG: java/nio/channels/AsynchronousChannelGroup/Basic.java fails intermittently - S8031625, PR3335: javadoc problems referencing inner class constructors - S8031649, PR3335: Clean up javadoc tests - S8031670, PR3335: Remove unneeded -source options in javadoc tests - S8032066, PR3335: Serialized form has broken links to non private inner classes of package private - S8034174, PR2290: Remove use of JVM_* functions from java.net code - S8034182, PR2290: Misc. warnings in java.net code - S8035876, PR2290: AIX build issues after '8034174: Remove use of JVM_* functions from java.net code' - S8038730, PR3335: Clean up the way JavadocTester is invoked, and checks for errors. - S8040903, PR3335: Clean up use of BUG_ID in javadoc tests - S8040904, PR3335: Ensure javadoc tests do not overwrite results within tests - S8040908, PR3335: javadoc test TestDocEncoding should use -notimestamp - S8041150, PR3335: Avoid silly use of static methods in JavadocTester - S8041253, PR3335: Avoid redundant synonyms of NO_TEST - S8043780, PR3368: Use open(O_CLOEXEC) instead of fcntl(FD_CLOEXEC) - S8061305, PR3335: Javadoc crashes when method name ends with "Property" - S8072452, PR3337: Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits - S8075565, PR3337: Define @intermittent jtreg keyword and mark intermittently failing jdk tests - S8075670, PR3337: Remove intermittent keyword from some tests - S8078334, PR3337: Mark regression tests using randomness - S8078880, PR3337: Mark a few more intermittently failuring security-libs - S8133318, PR3337: Exclude intermittent failing PKCS11 tests on Solaris SPARC 11.1 and earlier - S8144539, PR3337: Update PKCS11 tests to run with security manager - S8144566, PR3352: Custom HostnameVerifier disables SNI extension - S8153711, PR3313, RH1284948: [REDO] JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command - S8155049, PR3352: New tests from 8144566 fail with "No expected Server Name Indication" - S8173941, PR3326: SA does not work if executable is DSO - S8174164, PR3334, RH1417266: SafePointNode::_replaced_nodes breaks with irreducible loops - S8174729, PR3336, RH1420518: Race Condition in java.lang.reflect.WeakCache - S8175097, PR3334, RH1417266: [TESTBUG] 8174164 fix missed the test * Bug fixes - PR3348: Architectures unsupported by SystemTap tapsets throw a parse error - PR3378: Perl should be mandatory - PR3389: javac.in and javah.in should use @PERL@ rather than a hardcoded path * AArch64 port - S8168699, PR3372: Validate special case invocations [AArch64 support] - S8170100, PR3372: AArch64: Crash in C1-compiled code accessing References - S8172881, PR3372: AArch64: assertion failure: the int pressure is incorrect - S8173472, PR3372: AArch64: C1 comparisons with null only use 32-bit instructions - S8177661, PR3372: Correct ad rule output register types from iRegX to iRegXNoSp * AArch32 port - PR3380: Zero should not be enabled by default on arm with the AArch32 HotSpot build - PR3384, S8139303, S8167584: Add support for AArch32 architecture to configure and jdk makefiles - PR3385: aarch32 does not support -Xshare:dump - PR3386, S8164652: AArch32 jvm.cfg wrong for C1 build - PR3387: Installation fails on arm with AArch32 port as INSTALL_ARCH_DIR is arm, not aarch32 - PR3388: Wrong path for jvm.cfg being used on arm with AArch32 build * Shenandoah - Fix Shenandoah argument checking on 32bit builds. - Import from Shenandoah tag aarch64-shenandoah-jdk8u101-b14-shenandoah-merge-2016-07-25 - Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-02-20 - Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-06 - Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-09 - Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-23 This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1034849 CVE-2017-3509 CVE-2017-3511 CVE-2017-3512 CVE-2017-3514 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 openSUSE Leap 42.2 This update for libxml2 fixes the following issues: - CVE-2017-9047, CVE-2017-9048: The function xmlSnprintfElementContent in valid.c was vulnerable to a stack buffer overflow (bsc#1039063, bsc#1039064) - CVE-2017-9049: The function xmlDictComputeFastKey in dict.c was vulnerable to a heap-based buffer over-read. (bsc#1039066) - CVE-2017-9050: The function xmlDictAddString was vulnerable to a heap-based buffer over-read (bsc#1039661) - CVE-2016-1839: heap-based buffer overflow (xmlDictAddString func) (bnc#1039069) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1039063 SUSE bug 1039064 SUSE bug 1039066 SUSE bug 1039069 SUSE bug 1039661 SUSE bug 981114 CVE-2016-1839 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 openSUSE Leap 42.2 This update for GraphicsMagick fixes the following issues: - CVE-2017-9142: missing checks in theReadOneJNGImage function in coders/png.c could trigger an assertion failure (boo#1040304) Moderate SUSE bug 1040304 CVE-2017-9142 openSUSE Leap 42.2 This update for gajim fixes the following issues: - CVE-2016-10376: XEP-0146 extension can be abused by malicious XMPP servers (boo#1041163). - Update to version 0.16.7: * Better compatibility with XEP-0191: Blocking Command. * Gajim now depends on python-gnupg for PGP encryption. * Remove usage of demandimport. * Many minor bugfixes. - Move python-farstream-0_1 to Suggests. - Correct the licence to GPL-3.0. Moderate SUSE bug 1041163 CVE-2016-10376 openSUSE Leap 42.2 The openSUSE Leap 42.2 kernel was updated to 4.4.70 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885). - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069). - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883). - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls (bnc#1039882). - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface (bnc#1038879). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bnc#1038544). - CVE-2017-9150: The do_check function in kernel/bpf/verifier.c in the Linux kernel did not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allowed local users to obtain sensitive address information via crafted bpf system calls (bnc#1040279). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. (bsc#1034670) The following non-security bugs were fixed: - 9p: fix a potential acl leak (4.4.68 stable queue). - acpi / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal (bsc#1031717). - acpi / scan: Drop support for force_remove (bnc#1029607). - ahci: disable correct irq for dummy ports (bsc#1040125). - alsa: hda - Fix deadlock of controller device lock at unbinding (4.4.68 stable queue). - arm: 8452/3: PJ4: make coprocessor access sequences buildable in Thumb2 mode (4.4.68 stable queue). - arm: OMAP5 / DRA7: Fix HYP mode boot for thumb2 build (4.4.68 stable queue). - asoc: rt5640: use msleep() for long delays (bsc#1031717). - asoc: sti: Fix error handling if of_clk_get() fails (bsc#1031717). - blacklist 61e8a0d5a027 powerpc/pci: Fix endian bug in fixed PHB numbering (bsc#989311) - block: get rid of blk_integrity_revalidate() (4.4.68 stable queue). - bna: avoid writing uninitialized data into hw registers (bsc#966321 FATE#320156). - bnxt_en: allocate enough space for ->ntp_fltr_bmap (bsc#1020412 FATE#321671). - bpf, arm64: fix jit branch offset related to ldimm64 (4.4.68 stable queue). - brcmfmac: Ensure pointer correctly set if skb data location changes (4.4.68 stable queue). - brcmfmac: Make skb header writable before use (4.4.68 stable queue). - brcmfmac: restore stopping netdev queue when bus clogs up (bsc#1031717). - btrfs: add a flags field to btrfs_fs_info (bsc#1012452). - btrfs: add ASSERT for block group's memory leak (bsc#1012452). - btrfs: add btrfs_trans_handle->fs_info pointer (bsc#1012452). - btrfs: add bytes_readonly to the spaceinfo at once (bsc#1012452). - btrfs: add check to sysfs handler of label (bsc#1012452). - btrfs: add dynamic debug support (bsc#1012452). - btrfs: add error handling for extent buffer in print tree (bsc#1012452). - btrfs: add missing bytes_readonly attribute file in sysfs (bsc#1012452). - btrfs: add missing check for writeback errors on fsync (bsc#1012452). - btrfs: add more validation checks for superblock (bsc#1012452). - btrfs: Add ratelimit to btrfs printing (bsc#1012452). - btrfs: add read-only check to sysfs handler of features (bsc#1012452). - btrfs: add semaphore to synchronize direct IO writes with fsync (bsc#1012452). - btrfs: add tracepoint for adding block groups (bsc#1012452). - btrfs: add tracepoints for flush events (bsc#1012452). - btrfs: add validadtion checks for chunk loading (bsc#1012452). - btrfs: add write protection to SET_FEATURES ioctl (bsc#1012452). - btrfs: allow balancing to dup with multi-device (bsc#1012452). - btrfs: always reserve metadata for delalloc extents (bsc#1012452). - btrfs: always use trans->block_rsv for orphans (bsc#1012452). - btrfs: avoid blocking open_ctree from cleaner_kthread (bsc#1012452). - btrfs: avoid deadlocks during reservations in btrfs_truncate_block (bsc#1012452). - btrfs: avoid overflowing f_bfree (bsc#1012452). - btrfs: btrfs_abort_transaction, drop root parameter (bsc#1012452). - btrfs: __btrfs_buffered_write: Pass valid file offset when releasing delalloc space (bsc#1012452). - btrfs: btrfs_check_super_valid: Allow 4096 as stripesize (bsc#1012452). - btrfs: btrfs_debug should consume fs_info when DEBUG is not defined (bsc#1012452). - btrfs: btrfs_relocate_chunk pass extent_root to btrfs_end_transaction (bsc#1012452). - btrfs: build fixup for qgroup_account_snapshot (bsc#1012452). - btrfs: change BUG_ON()'s to ASSERT()'s in backref_cache_cleanup() (bsc#1012452). - btrfs: change delayed reservation fallback behavior (bsc#1012452). - btrfs: change how we calculate the global block rsv (bsc#1012452). - btrfs: check btree node's nritems (bsc#1012452). - btrfs: check if extent buffer is aligned to sectorsize (bsc#1012452). - btrfs: check inconsistence between chunk and block group (bsc#1012452). - btrfs: clarify do_chunk_alloc()'s return value (bsc#1012452). - btrfs: clean the old superblocks before freeing the device (bsc#1012452). - btrfs: clean up and optimize __check_raid_min_device() (bsc#1012452). - btrfs: cleanup assigning next active device with a check (bsc#1012452). - btrfs: cleanup BUG_ON in merge_bio (bsc#1012452). - btrfs: Cleanup compress_file_range() (bsc#1012452). - btrfs: cleanup error handling in extent_write_cached_pages (bsc#1012452). - btrfs: clear uptodate flags of pages in sys_array eb (bsc#1012452). - btrfs: clone: use vmalloc only as fallback for nodesize bufer (bsc#1012452). - btrfs: convert nodesize macros to static inlines (bsc#1012452). - btrfs: convert printk(KERN_* to use pr_* calls (bsc#1012452). - btrfs: convert pr_* to btrfs_* where possible (bsc#1012452). - btrfs: convert send's verbose_printk to btrfs_debug (bsc#1012452). - btrfs: copy_to_sk drop unused root parameter (bsc#1012452). - btrfs: create a helper function to read the disk super (bsc#1012452). - btrfs: create example debugfs file only in debugging build (bsc#1012452). - btrfs: create helper btrfs_find_device_by_user_input() (bsc#1012452). - btrfs: create helper function __check_raid_min_devices() (bsc#1012452). - btrfs: detect corruption when non-root leaf has zero item (bsc#1012452). - btrfs: divide btrfs_update_reserved_bytes() into two functions (bsc#1012452). - btrfs: do not background blkdev_put() (bsc#1012452). - btrfs: do not bother kicking async if there's nothing to reclaim (bsc#1012452). - btrfs: do not BUG_ON() in btrfs_orphan_add (bsc#1012452). - btrfs: do not create empty block group if we have allocated data (bsc#1012452). - btrfs: do not decrease bytes_may_use when replaying extents (bsc#1012452). - btrfs: do not do nocow check unless we have to (bsc#1012452). - btrfs: do not do unnecessary delalloc flushes when relocating (bsc#1012452). - btrfs: do not force mounts to wait for cleaner_kthread to delete one or more subvolumes (bsc#1012452). - btrfs: do not wait for unrelated IO to finish before relocation (bsc#1012452). - btrfs: do not WARN() in btrfs_transaction_abort() for IO errors (bsc#1035866). - btrfs: end transaction if we abort when creating uuid root (bsc#1012452). - btrfs: enhance btrfs_find_device_by_user_input() to check device path (bsc#1012452). - btrfs: error out if generic_bin_search get invalid arguments (bsc#1012452). - btrfs: expand cow_file_range() to support in-band dedup and subpage-blocksize (bsc#1012452). - btrfs: extend btrfs_set_extent_delalloc and its friends to support in-band dedupe and subpage size patchset (bsc#1012452). - btrfs: fill relocation block rsv after allocation (bsc#1012452). - btrfs: fix an integer overflow check (bsc#1012452). - btrfs: fix a possible umount deadlock (bsc#1012452). - btrfs: fix btrfs_no_printk stub helper (bsc#1012452). - btrfs: Fix BUG_ON condition in scrub_setup_recheck_block() (bsc#1012452). - btrfs: fix BUG_ON in btrfs_mark_buffer_dirty (bsc#1012452). - btrfs: fix BUG_ON in btrfs_submit_compressed_write (bsc#1012452). - btrfs: fix callers of btrfs_block_rsv_migrate (bsc#1012452). - btrfs: fix check_direct_IO() for non-iovec iterators (bsc#1012452). - btrfs: fix check_shared for fiemap ioctl (bsc#1037177). - btrfs: fix crash when tracepoint arguments are freed by wq callbacks (bsc#1012452). - btrfs: fix data loss after truncate when using the no-holes feature (bsc#1036214). - btrfs: fix deadlock in delayed_ref_async_start (bsc#1012452). - btrfs: fix delalloc reservation amount tracepoint (bsc#1012452). - btrfs: fix disk_i_size update bug when fallocate() fails (bsc#1012452). - btrfs: fix divide error upon chunk's stripe_len (bsc#1012452). - btrfs: fix double free of fs root (bsc#1012452). - btrfs: fix eb memory leak due to readpage failure (bsc#1012452). - btrfs: fix em leak in find_first_block_group (bsc#1012452). - btrfs: fix emptiness check for dirtied extent buffers at check_leaf() (bsc#1012452). - btrfs: fix error handling in map_private_extent_buffer (bsc#1012452). - btrfs: fix error return code in btrfs_init_test_fs() (bsc#1012452). - btrfs: fix free space calculation in dump_space_info() (bsc#1012452). - btrfs: fix fsfreeze hang caused by delayed iputs deal (bsc#1012452). - btrfs: fix fspath error deallocation (bsc#1012452). - btrfs: fix int32 overflow in shrink_delalloc() (bsc#1012452). - btrfs: Fix integer overflow when calculating bytes_per_bitmap (bsc#1012452). - btrfs: fix invalid dereference in btrfs_retry_endio (bsc#1040395). - btrfs: fix lock dep warning, move scratch dev out of device_list_mutex and uuid_mutex (bsc#1012452). - btrfs: fix lock dep warning move scratch super outside of chunk_mutex (bsc#1012452). - btrfs: fix __MAX_CSUM_ITEMS (bsc#1012452). - btrfs: fix memory leak during RAID 5/6 device replacement (bsc#1012452). - btrfs: fix memory leak of block group cache (bsc#1012452). - btrfs: fix memory leak of reloc_root (bsc#1012452). - btrfs: fix mixed block count of available space (bsc#1012452). - btrfs: fix one bug that process may endlessly wait for ticket in wait_reserve_ticket() (bsc#1012452). - btrfs: fix panic in balance due to EIO (bsc#1012452). - btrfs: fix race between block group relocation and nocow writes (bsc#1012452). - btrfs: fix race between device replace and block group removal (bsc#1012452). - btrfs: fix race between device replace and chunk allocation (bsc#1012452). - btrfs: fix race between device replace and discard (bsc#1012452). - btrfs: fix race between device replace and read repair (bsc#1012452). - btrfs: fix race between fsync and direct IO writes for prealloc extents (bsc#1012452). - btrfs: fix race between readahead and device replace/removal (bsc#1012452). - btrfs: fix race setting block group back to RW mode during device replace (bsc#1012452). - btrfs: fix race setting block group readonly during device replace (bsc#1012452). - btrfs: fix read_node_slot to return errors (bsc#1012452). - btrfs: fix release reserved extents trace points (bsc#1012452). - btrfs: fix segmentation fault when doing dio read (bsc#1040425). - btrfs: Fix slab accounting flags (bsc#1012452). - btrfs: fix unexpected return value of fiemap (bsc#1012452). - btrfs: fix unprotected assignment of the left cursor for device replace (bsc#1012452). - btrfs: fix WARNING in btrfs_select_ref_head() (bsc#1012452). - btrfs: flush_space: treat return value of do_chunk_alloc properly (bsc#1012452). - btrfs: Force stripesize to the value of sectorsize (bsc#1012452). - btrfs: free sys_array eb as soon as possible (bsc#1012452). - btrfs: GFP_NOFS does not GFP_HIGHMEM (bsc#1012452). - btrfs: Handle uninitialised inode eviction (bsc#1012452). - btrfs: hide test-only member under ifdef (bsc#1012452). - btrfs: improve check_node to avoid reading corrupted nodes (bsc#1012452). - btrfs: introduce BTRFS_MAX_ITEM_SIZE (bsc#1012452). - btrfs: introduce device delete by devid (bsc#1012452). - btrfs: introduce raid-type to error-code table, for minimum device constraint (bsc#1012452). - btrfs: introduce ticketed enospc infrastructure (bsc#1012452). - btrfs: introduce tickets_id to determine whether asynchronous metadata reclaim work makes progress (bsc#1012452). - btrfs: ioctl: reorder exclusive op check in RM_DEV (bsc#1012452). - btrfs: kill BUG_ON in do_relocation (bsc#1012452). - btrfs: kill BUG_ON in run_delayed_tree_ref (bsc#1012452). - btrfs: kill BUG_ON()'s in btrfs_mark_extent_written (bsc#1012452). - btrfs: kill invalid ASSERT() in process_all_refs() (bsc#1012452). - btrfs: kill the start argument to read_extent_buffer_pages (bsc#1012452). - btrfs: kill unused writepage_io_hook callback (bsc#1012452). - btrfs: make find_workspace always succeed (bsc#1012452). - btrfs: make find_workspace warn if there are no workspaces (bsc#1012452). - btrfs: make mapping->writeback_index point to the last written page (bsc#1012452). - btrfs: make state preallocation more speculative in __set_extent_bit (bsc#1012452). - btrfs: make sure device is synced before return (bsc#1012452). - btrfs: make use of btrfs_find_device_by_user_input() (bsc#1012452). - btrfs: make use of btrfs_scratch_superblocks() in btrfs_rm_device() (bsc#1012452). - btrfs: memset to avoid stale content in btree leaf (bsc#1012452). - btrfs: memset to avoid stale content in btree node block (bsc#1012452). - btrfs: move error handling code together in ctree.h (bsc#1012452). - btrfs: optimize check for stale device (bsc#1012452). - btrfs: parent_start initialization cleanup (bsc#1012452). - btrfs: pass correct args to btrfs_async_run_delayed_refs() (bsc#1012452). - btrfs: pass number of devices to btrfs_check_raid_min_devices (bsc#1012452). - btrfs: pass the right error code to the btrfs_std_error (bsc#1012452). - btrfs: preallocate compression workspaces (bsc#1012452). - btrfs: Ratelimit "no csum found" info message (bsc#1012452). - btrfs: refactor btrfs_dev_replace_start for reuse (bsc#1012452). - btrfs: Refactor btrfs_lock_cluster() to kill compiler warning (bsc#1012452). - btrfs: remove BUG() in raid56 (bsc#1012452). - btrfs: remove BUG_ON in start_transaction (bsc#1012452). - btrfs: remove BUG_ON()'s in btrfs_map_block (bsc#1012452). - btrfs: remove build fixup for qgroup_account_snapshot (bsc#1012452). - btrfs: remove save_error_info() (bsc#1012452). - btrfs: remove unnecessary btrfs_mark_buffer_dirty in split_leaf (bsc#1012452). - btrfs: remove unused function btrfs_assert() (bsc#1012452). - btrfs: rename and document compression workspace members (bsc#1012452). - btrfs: rename btrfs_find_device_by_user_input (bsc#1012452). - btrfs: rename btrfs_std_error to btrfs_handle_fs_error (bsc#1012452). - btrfs: rename __check_raid_min_devices (bsc#1012452). - btrfs: rename flags for vol args v2 (bsc#1012452). - btrfs: reorg btrfs_close_one_device() (bsc#1012452). - btrfs: Replace -ENOENT by -ERANGE in btrfs_get_acl() (bsc#1012452). - btrfs: reuse existing variable in scrub_stripe, reduce stack usage (bsc#1012452). - btrfs: s_bdev is not null after missing replace (bsc#1012452). - btrfs: scrub: Set bbio to NULL before calling btrfs_map_block (bsc#1012452). - btrfs: send: silence an integer overflow warning (bsc#1012452). - btrfs: send: use temporary variable to store allocation size (bsc#1012452). - btrfs: send: use vmalloc only as fallback for clone_roots (bsc#1012452). - btrfs: send: use vmalloc only as fallback for clone_sources_tmp (bsc#1012452). - btrfs: send: use vmalloc only as fallback for read_buf (bsc#1012452). - btrfs: send: use vmalloc only as fallback for send_buf (bsc#1012452). - btrfs: Simplify conditions about compress while mapping btrfs flags to inode flags (bsc#1012452). - btrfs: sink gfp parameter to clear_extent_bits (bsc#1012452). - btrfs: sink gfp parameter to clear_extent_dirty (bsc#1012452). - btrfs: sink gfp parameter to clear_record_extent_bits (bsc#1012452). - btrfs: sink gfp parameter to convert_extent_bit (bsc#1012452). - btrfs: sink gfp parameter to set_extent_bits (bsc#1012452). - btrfs: sink gfp parameter to set_extent_defrag (bsc#1012452). - btrfs: sink gfp parameter to set_extent_delalloc (bsc#1012452). - btrfs: sink gfp parameter to set_extent_new (bsc#1012452). - btrfs: sink gfp parameter to set_record_extent_bits (bsc#1012452). - btrfs: skip commit transaction if we do not have enough pinned bytes (bsc#1037186). - btrfs: subpage-blocksize: Rate limit scrub error message (bsc#1012452). - btrfs: switch to common message helpers in open_ctree, adjust messages (bsc#1012452). - btrfs: sysfs: protect reading label by lock (bsc#1012452). - btrfs: trace pinned extents (bsc#1012452). - btrfs: track transid for delayed ref flushing (bsc#1012452). - btrfs: uapi/linux/btrfs.h migration, document subvol flags (bsc#1012452). - btrfs: uapi/linux/btrfs.h migration, move balance flags (bsc#1012452). - btrfs: uapi/linux/btrfs.h migration, move BTRFS_LABEL_SIZE (bsc#1012452). - btrfs: uapi/linux/btrfs.h migration, move feature flags (bsc#1012452). - btrfs: uapi/linux/btrfs.h migration, move struct btrfs_ioctl_defrag_range_args (bsc#1012452). - btrfs: uapi/linux/btrfs.h migration, qgroup limit flags (bsc#1012452). - btrfs: uapi/linux/btrfs_tree.h migration, item types and defines (bsc#1012452). - btrfs: uapi/linux/btrfs_tree.h, use __u8 and __u64 (bsc#1012452). - btrfs: unsplit printed strings (bsc#1012452). - btrfs: untangle gotos a bit in __clear_extent_bit (bsc#1012452). - btrfs: untangle gotos a bit in convert_extent_bit (bsc#1012452). - btrfs: untangle gotos a bit in __set_extent_bit (bsc#1012452). - btrfs: update btrfs_space_info's bytes_may_use timely (bsc#1012452). - btrfs: Use correct format specifier (bsc#1012452). - btrfs: use correct offset for reloc_inode in prealloc_file_extent_cluster() (bsc#1012452). - btrfs: use dynamic allocation for root item in create_subvol (bsc#1012452). - btrfs: use existing device constraints table btrfs_raid_array (bsc#1012452). - btrfs: use FLUSH_LIMIT for relocation in reserve_metadata_bytes (bsc#1012452). - btrfs: use fs_info directly (bsc#1012452). - btrfs: use new error message helper in qgroup_account_snapshot (bsc#1012452). - btrfs: use root when checking need_async_flush (bsc#1012452). - btrfs: use the correct struct for BTRFS_IOC_LOGICAL_INO (bsc#1012452). - btrfs: Use __u64 in exported linux/btrfs.h (bsc#1012452). - btrfs: warn_on for unaccounted spaces (bsc#1012452). - ceph: check i_nlink while converting a file handle to dentry (bsc#1039864). - ceph: Check that the new inode size is within limits in ceph_fallocate() (bsc#1037969). - ceph: Correctly return NXIO errors from ceph_llseek (git-fixes). - ceph: fix file open flags on ppc64 (bsc#1022266). - ceph: fix memory leak in __ceph_setxattr() (bsc#1036763). - cifs: backport prepath matching fix (bsc#799133). - clk: Make x86/ conditional on CONFIG_COMMON_CLK (4.4.68 stable queue). - cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores (4.4.68 stable queue). - crypto: algif_aead - Require setkey before accept(2) (bsc#1031717). - crypto: sha-mb - Fix load failure (bsc#1037384). - dell-laptop: Adds support for keyboard backlight timeout AC settings (bsc#1013561). - Disable CONFIG_POWER_SUPPLY_DEBUG in debug kernel (bsc#1031500). - dmaengine: dw: fix typo in Kconfig (bsc#1031717). - dm: fix dm_target_io leak if clone_bio() returns an error (bsc#1040125). - dm-mpath: fix race window in do_end_io() (bsc#1011044). - dm round robin: do not use this_cpu_ptr() without having preemption disabled (bsc#1040125). - dm verity fec: fix block calculation (bsc#1040125). - dm verity fec: fix bufio leaks (bsc#1040125). - dm verity fec: limit error correction recursion (bsc#1040125). - drivers: base: dma-mapping: Fix typo in dmam_alloc_non_coherent comments (bsc#1031717). - drivers/tty: 8250: only call fintek_8250_probe when doing port I/O (bsc#1031717). - drm/i915: Disable tv output on i9x5gm (bsc#1039700). - drm/i915: Do not touch NULL sg on i915_gem_object_get_pages_gtt() error (bsc#1031717). - drm/i915: Fix mismatched INIT power domain disabling during suspend (bsc#1031717). - drm/i915: Nuke debug messages from the pipe update critical section (bsc#1031717). - drm/i915: Program iboost settings for HDMI/DVI on SKL (bsc#1031717). - drm/i915: relax uncritical udelay_range() (bsc#1031717). - drm/i915: relax uncritical udelay_range() settings (bsc#1031717). - drm/i915: Use pagecache write to prepopulate shmemfs from pwrite-ioctl (bsc#1040463). - drm/ttm: fix use-after-free races in vm fault handling (4.4.68 stable queue). - e1000e: Do not return uninitialized stats (bug#1034635). - enic: set skb->hash type properly (bsc#922871 fate#318754). - f2fs: fix bad prefetchw of NULL page (bsc#1012829). - f2fs: sanity check segment count (4.4.68 stable queue). - fnic: Return 'DID_IMM_RETRY' if rport is not ready (bsc#1035920). - fs/block_dev: always invalidate cleancache in invalidate_bdev() (git-fixes). - fs: fix data invalidation in the cleancache during direct IO (git-fixes). - fs/xattr.c: zero out memory copied to userspace in getxattr (git-fixes). - ftrace: Make ftrace_location_range() global (FATE#322421). - ibmvnic: Add set_link_state routine for setting adapter link state (fate#322021, bsc#1031512). - ibmvnic: Allocate zero-filled memory for sub crqs (fate#322021, bsc#1031512). - ibmvnic: Check for driver reset first in ibmvnic_xmit (fate#322021, bsc#1038297). - ibmvnic: Cleanup failure path in ibmvnic_open (fate#322021, bsc#1031512). - ibmvnic: Clean up tx pools when closing (fate#322021, bsc#1038297). - ibmvnic: Continue skb processing after skb completion error (fate#322021, bsc#1038297). - ibmvnic: Correct crq and resource releasing (fate#322021, bsc#1031512). - ibmvnic: Create init and release routines for the bounce buffer (fate#322021, bsc#1031512). - ibmvnic: Create init and release routines for the rx pool (fate#322021, bsc#1031512). - ibmvnic: Create init and release routines for the tx pool (fate#322021, bsc#1031512). - ibmvnic: Create init/release routines for stats token (fate#322021, bsc#1031512). - ibmvnic: Delete napi's when releasing driver resources (fate#322021, bsc#1038297). - ibmvnic: Disable irq prior to close (fate#322021, bsc#1031512). - ibmvnic: Do not disable IRQ after scheduling tasklet (fate#322021, bsc#1031512). - ibmvnic: Fix ibmvnic_change_mac_addr struct format (fate#322021, bsc#1031512). - ibmvnic: fix missing unlock on error in __ibmvnic_reset() (fate#322021, bsc#1038297, Fixes: ed651a10875f). - ibmvnic: Fixup atomic API usage (fate#322021, bsc#1031512). - ibmvnic: Free skb's in cases of failure in transmit (fate#322021, bsc#1031512). - ibmvnic: Insert header on VLAN tagged received frame (fate#322021, bsc#1031512). - ibmvnic: Merge the two release_sub_crq_queue routines (fate#322021, bsc#1031512). - ibmvnic: Move initialization of sub crqs to ibmvnic_init (fate#322021, bsc#1031512). - ibmvnic: Move initialization of the stats token to ibmvnic_open (fate#322021, bsc#1031512). - ibmvnic: Move queue restarting in ibmvnic_tx_complete (fate#322021, bsc#1038297). - ibmvnic: Move resource initialization to its own routine (fate#322021, bsc#1038297). - ibmvnic: Only retrieve error info if present (fate#322021, bsc#1031512). - ibmvnic: Record SKB RX queue during poll (fate#322021, bsc#1038297). - ibmvnic: Remove debugfs support (fate#322021, bsc#1031512). - ibmvnic: Remove inflight list (fate#322021, bsc#1031512). - ibmvnic: Remove unused bouce buffer (fate#322021, bsc#1031512). - ibmvnic: Replace is_closed with state field (fate#322021, bsc#1038297). - ibmvnic: Report errors when failing to release sub-crqs (fate#322021, bsc#1031512). - ibmvnic: Set real number of rx queues (fate#322021, bsc#1031512). - ibmvnic: Split initialization of scrqs to its own routine (fate#322021, bsc#1031512). - ibmvnic: Unmap longer term buffer before free (fate#322021, bsc#1031512). - ibmvnic: Updated reset handling (fate#322021, bsc#1038297). - ibmvnic: Update main crq initialization and release (fate#322021, bsc#1031512). - ibmvnic: Validate napi exist before disabling them (fate#322021, bsc#1031512). - ibmvnic: Wait for any pending scrqs entries at driver close (fate#322021, bsc#1038297). - ibmvnic: Whitespace correction in release_rx_pools (fate#322021, bsc#1038297). - iio: hid-sensor: Store restore poll and hysteresis on S3 (bsc#1031717). - iio: Workaround for kABI breakage by 4.4.67 iio hid-sensor changes (stable-4.4.67). - infiniband: avoid dereferencing uninitialized dst on error path (git-fixes). - iommu/arm-smmu: Disable stalling faults for all endpoints (bsc#1038843). - iommu/dma: Respect IOMMU aperture when allocating (bsc#1038842). - iommu/exynos: Block SYSMMU while invalidating FLPD cache (bsc#1038848). - iommu: Handle default domain attach failure (bsc#1038846). - iommu/vt-d: Do not over-free page table directories (bsc#1038847). - ipv4, ipv6: ensure raw socket message is big enough to hold an IP header (4.4.68 stable queue). - ipv6: initialize route null entry in addrconf_init() (4.4.68 stable queue). - ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf (4.4.68 stable queue). - isa: Call isa_bus_init before dependent ISA bus drivers register (bsc#1031717). - iw_cxgb4: Guard against null cm_id in dump_ep/qp (bsc#1026570). - KABI: Hide new include in arch/powerpc/kernel/process.c (fate#322421). - kABI: move and hide new cxgbi device owner field (bsc#1018885). - kABI: protect cgroup include in kernel/kthread (kabi). - kABI: protect struct mnt_namespace (kabi). - kABI: protect struct snd_fw_async_midi_port (kabi). - kprobes/x86: Fix kernel panic when certain exception-handling addresses are probed (4.4.68 stable queue). - kvm: better MWAIT emulation for guests (bsc#1031142). - kvm: nVMX: do not leak PML full vmexit to L1 (4.4.68 stable queue). - kvm: nVMX: initialize PML fields in vmcs02 (4.4.68 stable queue). - leds: ktd2692: avoid harmless maybe-uninitialized warning (4.4.68 stable queue). - libata-scsi: Fixup ata_gen_passthru_sense() (bsc#1040125). - lib/mpi: mpi_read_raw_data(): fix nbits calculation (bsc#1003581). - lib/mpi: mpi_read_raw_data(): purge redundant clearing of nbits (bsc#1003581). - lib/mpi: mpi_read_raw_from_sgl(): do not include leading zero SGEs in nbytes (bsc#1003581). - lib/mpi: mpi_read_raw_from_sgl(): fix nbits calculation (bsc#1003581). - lib/mpi: mpi_read_raw_from_sgl(): fix out-of-bounds buffer access (bsc#1003581). - lib/mpi: mpi_read_raw_from_sgl(): purge redundant clearing of nbits (bsc#1003581). - lib/mpi: mpi_read_raw_from_sgl(): replace len argument by nbytes (bsc#1003581). - lib/mpi: mpi_read_raw_from_sgl(): sanitize meaning of indices (bsc#1003581). - libnvdimm, pfn: fix 'npfns' vs section alignment (bsc#1040125). - livepatch: Allow architectures to specify an alternate ftrace location (FATE#322421). - locking/ww_mutex: Fix compilation of __WW_MUTEX_INITIALIZER (bsc#1031717). - lpfc: remove incorrect lockdep assertion (bsc#1040125). - md.c:didn't unlock the mddev before return EINVAL in array_size_store (bsc#1038143). - md-cluster: fix potential lock issue in add_new_disk (bsc#1041087). - md: MD_CLOSING needs to be cleared after called md_set_readonly or do_md_stop (bsc#1038142). - md/raid1: avoid reusing a resync bio after error handling (Fate#311379). - media: am437x-vpfe: fix an uninitialized variable bug (bsc#1031717). - media: b2c2: use IS_REACHABLE() instead of open-coding it (bsc#1031717). - media: c8sectpfe: Rework firmware loading mechanism (bsc#1031717). - media: cx231xx-audio: fix NULL-deref at probe (bsc#1031717). - media: cx231xx-cards: fix NULL-deref at probe (bsc#1031717). - media: cx23885: uninitialized variable in cx23885_av_work_handler() (bsc#1031717). - media: DaVinci-VPBE: Check return value of a setup_if_config() call in vpbe_set_output() (bsc#1031717). - media: DaVinci-VPFE-Capture: fix error handling (bsc#1031717). - media: dib0700: fix NULL-deref at probe (bsc#1031717). - media: dvb-usb: avoid link error with dib3000m{b,c| (bsc#1031717). - media: exynos4-is: fix a format string bug (bsc#1031717). - media: gspca: konica: add missing endpoint sanity check (bsc#1031717). - media: lirc_imon: do not leave imon_probe() with mutex held (bsc#1031717). - media: pvrusb2: reduce stack usage pvr2_eeprom_analyze() (bsc#1031717). - media: rc: allow rc modules to be loaded if rc-main is not a module (bsc#1031717). - media: s5p-mfc: Fix unbalanced call to clock management (bsc#1031717). - media: sh-vou: clarify videobuf2 dependency (bsc#1031717). - media: staging: media: davinci_vpfe: unlock on error in vpfe_reqbufs() (bsc#1031717). - media: usbvision: fix NULL-deref at probe (bsc#1031717). - media: uvcvideo: Fix empty packet statistic (bsc#1031717). - mips: R2-on-R6 MULTU/MADDU/MSUBU emulation bugfix (4.4.68 stable queue). - mmc: debugfs: correct wrong voltage value (bsc#1031717). - mm,compaction: serialize waitqueue_active() checks (bsc#971975). - mmc: sdhci-pxav3: fix higher speed mode capabilities (bsc#1031717). - mmc: sdhci: restore behavior when setting VDD via external regulator (bsc#1031717). - mm: fix <linux/pagemap.h> stray kernel-doc notation (bnc#971975 VM -- git fixes). - mwifiex: Avoid skipping WEP key deletion for AP (4.4.68 stable queue). - mwifiex: debugfs: Fix (sometimes) off-by-1 SSID print (4.4.68 stable queue). - mwifiex: pcie: fix cmd_buf use-after-free in remove/reset (bsc#1031717). - mwifiex: Removed unused 'pkt_type' variable (bsc#1031717). - mwifiex: remove redundant dma padding in AMSDU (4.4.68 stable queue). - mwifiex: Remove unused 'bcd_usb' variable (bsc#1031717). - mwifiex: Remove unused 'chan_num' variable (bsc#1031717). - mwifiex: Remove unused 'pm_flag' variable (bsc#1031717). - mwifiex: Remove unused 'sta_ptr' variable (bsc#1031717). - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670). - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670). - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670). - nfs: Fix inode corruption in nfs_prime_dcache() (git-fixes). - nfs: Fix missing pg_cleanup after nfs_pageio_cond_complete() (git-fixes). - nfs: Use GFP_NOIO for two allocations in writeback (git-fixes). - nfsv4.1: Fix Oopsable condition in server callback races (git-fixes). - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (bsc#1004003). - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (bsc#1004003). - pci: pciehp: Prioritize data-link event over presence detect (bsc#1031040,bsc#1037483). - pci: Reverse standard ACS vs device-specific ACS enabling (bsc#1030057). - pci: Work around Intel Sunrise Point PCH incorrect ACS capability (bsc#1030057). - perf/x86/intel/uncore: Remove SBOX support for Broadwell server (bsc#1035887). - phy: qcom-usb-hs: Add depends on EXTCON (4.4.68 stable queue). - pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes (bnc#1012985). - PKCS#7: fix missing break on OID_sha224 case (bsc#1031717). - platform/x86: fujitsu-laptop: use brightness_set_blocking for LED-setting callbacks (bsc#1031717). - PM / wakeirq: Enable dedicated wakeirq for suspend (bsc#1031717). - PM / wakeirq: Fix spurious wake-up events for dedicated wakeirqs (bsc#1031717). - PM / wakeirq: report a wakeup_event on dedicated wekup irq (bsc#1031717). - power: bq27xxx: fix register numbers of bq27500 (bsc#1031717). - powerpc: Create a helper for getting the kernel toc value (FATE#322421). - powerpc/ftrace: Add Kconfig & Make glue for mprofile-kernel (FATE#322421). - powerpc/ftrace: Add support for -mprofile-kernel ftrace ABI (FATE#322421). - powerpc/ftrace: Use $(CC_FLAGS_FTRACE) when disabling ftrace (FATE#322421). - powerpc/ftrace: Use generic ftrace_modify_all_code() (FATE#322421). - powerpc: introduce TIF_KGR_IN_PROGRESS thread flag (FATE#322421). - powerpc/livepatch: Add livepatch header (FATE#322421). - powerpc/livepatch: Add live patching support on ppc64le (FATE#322421). - powerpc/livepatch: Add livepatch stack to struct thread_info (FATE#322421). - powerpc/module: Create a special stub for ftrace_caller() (FATE#322421). - powerpc/module: Mark module stubs with a magic value (FATE#322421). - powerpc/module: Only try to generate the ftrace_caller() stub once (FATE#322421). - powerpc/modules: Never restore r2 for a mprofile-kernel style mcount() call (FATE#322421). - powerpc/powernv: Fix opal_exit tracepoint opcode (4.4.68 stable queue). - power: supply: bq24190_charger: Call power_supply_changed() for relevant component (4.4.68 stable queue). - power: supply: bq24190_charger: Call set_mode_host() on pm_resume() (4.4.68 stable queue). - power: supply: bq24190_charger: Do not read fault register outside irq_handle_thread() (4.4.68 stable queue). - power: supply: bq24190_charger: Fix irq trigger to IRQF_TRIGGER_FALLING (4.4.68 stable queue). - power: supply: bq24190_charger: Handle fault before status on interrupt (4.4.68 stable queue). - power: supply: bq24190_charger: Install irq_handler_thread() at end of probe() (4.4.68 stable queue). - ppc64le: Update ppc64le config files to use KGRAFT. - printk: Switch to the sync mode when an emergency message is printed (bsc#1034995). - RDMA/iw_cxgb4: Add missing error codes for act open cmd (bsc#1026570). - RDMA/iw_cxgb4: Low resource fixes for Completion queue (bsc#1026570). - RDMA/iw_cxgb4: only read markers_enabled mod param once (bsc#1026570). - regulator: isl9305: fix array size (bsc#1031717). - Revert "acpi, nfit, libnvdimm: fix interleave set cookie calculation (64-bit comparison)" (kabi). - Revert "KVM: nested VMX: disable perf cpuid reporting" (4.4.68 stable queue). - Revert "l2tp: take reference on sessions being dumped" (kabi). - Revert "mac80211: pass block ack session timeout to to driver" (kabi). - Revert "mac80211: RX BA support for sta max_rx_aggregation_subframes" (kabi). - Revert "wlcore: Add RX_BA_WIN_SIZE_CHANGE_EVENT event" (kabi). - rpm/SLES-UEFI-SIGN-Certificate-2048.crt: Update the certificate (bsc#1035922) - rtnetlink: NUL-terminate IFLA_PHYS_PORT_NAME string (4.4.68 stable queue). - s390/dasd: check if query host access feature is supported (bsc#1037871). - scsi: be2iscsi: Add FUNCTION_RESET during driver unload (bsc#1038458). - scsi: be2iscsi: Add IOCTL to check UER supported (bsc#1038458). - scsi: be2iscsi: Add TPE recovery feature (bsc#1038458). - scsi: be2iscsi: Add V1 of EPFW cleanup IOCTL (bsc#1038458). - scsi: be2iscsi: allocate enough memory in beiscsi_boot_get_sinfo() (bsc#1038458). - scsi: be2iscsi: Check all zeroes IP before issuing IOCTL (bsc#1038458). - scsi: be2iscsi: Fail the sessions immediately after TPE (bsc#1038458). - scsi: be2iscsi: Fix async PDU handling path (bsc#1038458). - scsi: be2iscsi: Fix bad WRB index error (bsc#1038458). - scsi: be2iscsi: Fix checks for HBA in error state (bsc#1038458). - scsi: be2iscsi: Fix gateway APIs to support IPv4 & IPv6 (bsc#1038458). - scsi: be2iscsi: Fix POST check and reset sequence (bsc#1038458). - scsi: be2iscsi: Fix queue and connection parameters (bsc#1038458). - scsi: be2iscsi: Fix release of DHCP IP in static mode (bsc#1038458). - scsi: be2iscsi: Fix to add timer for UE detection (bsc#1038458). - scsi: be2iscsi: Fix to make boot discovery non-blocking (bsc#1038458). - scsi: be2iscsi: Fix to use correct configuration values (bsc#1038458). - scsi: be2iscsi: Handle only NET_PARAM in iface_get_param (bsc#1038458). - scsi: be2iscsi: Move functions to right files (bsc#1038458). - scsi: be2iscsi: Move VLAN code to common iface_set_param (bsc#1038458). - scsi: be2iscsi: Reduce driver load/unload time (bsc#1038458). - scsi: be2iscsi: Remove alloc_mcc_tag & beiscsi_pci_soft_reset (bsc#1038458). - scsi: be2iscsi: Remove isr_lock and dead code (bsc#1038458). - scsi: be2iscsi: Rename iface get/set/create/destroy APIs (bsc#1038458). - scsi: be2iscsi: Replace _bh version for mcc_lock spinlock (bsc#1038458). - scsi: be2iscsi: Set and return right iface v4/v6 states (bsc#1038458). - scsi: be2iscsi: Update copyright information (bsc#1038458). - scsi: be2iscsi: Update iface handle before any set param (bsc#1038458). - scsi: be2iscsi: Update the driver version (bsc#1038458). - scsi: cxgb4i: libcxgbi: add missing module_put() (bsc#1018885). - scsi: cxlflash: Remove the device cleanly in the system shutdown path (bsc#1028310, fate#321597, bsc#1034762). cherry-pick from SP3 - scsi_dh_alua: do not call BUG_ON when updating port group (bsc#1028340). - scsi_dh_alua: Do not retry for unmapped device (bsc#1012910). - scsi: fnic: Correcting rport check location in fnic_queuecommand_lck (bsc#1035920). - scsi: mac_scsi: Fix MAC_SCSI=m option when SCSI=m (4.4.68 stable queue). - scsi: scsi_dh_alua: Check scsi_device_get() return value (bsc#1040125). - scsi: scsi_dh_emc: return success in clariion_std_inquiry() (4.4.68 stable queue). - serial: 8250_omap: Fix probe and remove for PM runtime (4.4.68 stable queue). - staging: emxx_udc: remove incorrect __init annotations (4.4.68 stable queue). - staging: rtl8188eu: prevent an underflow in rtw_check_beacon_data() (bsc#1031717). - staging: wlan-ng: add missing byte order conversion (4.4.68 stable queue). - sunrpc: Allow xprt->ops->timer method to sleep (git-fixes). - sunrpc: fix UDP memory accounting (git-fixes). - tcp: do not inherit fastopen_req from parent (4.4.68 stable queue). - tcp: do not underestimate skb->truesize in tcp_trim_head() (4.4.68 stable queue). - tcp: fix wraparound issue in tcp_lp (4.4.68 stable queue). - tracing/kprobes: Enforce kprobes teardown after testing (bnc#1012985). - usb: chipidea: Handle extcon events properly (4.4.68 stable queue). - usb: chipidea: Only read/write OTGSC from one place (4.4.68 stable queue). - usb: host: ehci-exynos: Decrese node refcount on exynos_ehci_get_phy() error paths (4.4.68 stable queue). - usb: host: ohci-exynos: Decrese node refcount on exynos_ehci_get_phy() error paths (4.4.68 stable queue). - usb: musb: ux500: Fix NULL pointer dereference at system PM (bsc#1038033). - usb: serial: ark3116: fix open error handling (bnc#1038043). - usb: serial: ch341: add register and USB request definitions (bnc#1038043). - usb: serial: ch341: add support for parity, frame length, stop bits (bnc#1038043). - usb: serial: ch341: fix baud rate and line-control handling (bnc#1038043). - usb: serial: ch341: fix line settings after reset-resume (bnc#1038043). - usb: serial: ch341: fix modem-status handling (bnc#1038043). - usb: serial: ch341: reinitialize chip on reconfiguration (bnc#1038043). - usb: serial: digi_acceleport: fix incomplete rx sanity check (4.4.68 stable queue). - usb: serial: fix compare_const_fl.cocci warnings (bnc#1038043). - usb: serial: ftdi_sio: fix latency-timer error handling (4.4.68 stable queue). - usb: serial: io_edgeport: fix descriptor error handling (4.4.68 stable queue). - usb: serial: io_edgeport: fix epic-descriptor handling (bnc#1038043). - usb: serial: keyspan_pda: fix receive sanity checks (4.4.68 stable queue). - usb: serial: mct_u232: fix modem-status error handling (4.4.68 stable queue). - usb: serial: quatech2: fix control-message error handling (bnc#1038043). - usb: serial: sierra: fix bogus alternate-setting assumption (bnc#1038043). - usb: serial: ssu100: fix control-message error handling (bnc#1038043). - usb: serial: ti_usb_3410_5052: fix control-message error handling (4.4.68 stable queue). - Use make --output-sync feature when available (bsc#1012422). The mesages in make output can interleave making it impossible to extract warnings reliably. Since version 4 GNU Make supports --output-sync flag that prints output of each sub-command atomically preventing this issue. Detect the flag and use it if available. - Use up spare in struct module for livepatch (FATE#322421). - vsock: Detach QP check should filter out non matching QPs (bsc#1036752). - x86/ioapic: Restore IO-APIC irq_chip retrigger callback (4.4.68 stable queue). - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression >= 0 (4.4.68 stable queue). - x86/platform/intel-mid: Correct MSI IRQ line for watchdog device (4.4.68 stable queue). - x86/platform/uv/BAU: Add generic function pointers (bsc#1035024). - x86/platform/uv/BAU: Add payload descriptor qualifier (bsc#1035024). - x86/platform/uv/BAU: Add status mmr location fields to bau_control (bsc#1035024). - x86/platform/uv/BAU: Add UV4-specific functions (bsc#1035024). - x86/platform/uv/BAU: Add uv_bau_version enumerated constants (bsc#1035024). - x86/platform/uv/BAU: Add wait_completion to bau_operations (bsc#1035024). - x86/platform/uv/BAU: Clean up and update printks (bsc#1035024). - x86/platform/uv/BAU: Cleanup bau_operations declaration and instances (bsc#1035024). - x86/platform/uv/BAU: Clean up pq_init() (bsc#1035024). - x86/platform/uv/BAU: Clean up vertical alignment (bsc#1035024). - x86/platform/uv/BAU: Convert uv_physnodeaddr() use to uv_gpa_to_offset() (bsc#1035024). - x86/platform/uv/BAU: Disable software timeout on UV4 hardware (bsc#1035024). - x86/platform/uv/BAU: Fix HUB errors by remove initial write to sw-ack register (bsc#1035024). - x86/platform/uv/BAU: Fix payload queue setup on UV4 hardware (bsc#1035024). - x86/platform/uv/BAU: Implement uv4_wait_completion with read_status (bsc#1035024). - x86/platform/uv/BAU: Populate ->uvhub_version with UV4 version information (bsc#1035024). - x86/platform/uv/BAU: Use generic function pointers (bsc#1035024). - xen: adjust early dom0 p2m handling to xen hypervisor behavior (bnc#1031470). - xfs: do not assert fail on non-async buffers on ioacct decrement (bsc#1041160). - xfs: fix eofblocks race with file extending async dio writes (bsc#1040929). - xfs: Fix missed holes in SEEK_HOLE implementation (bsc#1041168). - xfs: fix off-by-one on max nr_pages in xfs_find_get_desired_pgoff() (bsc#1041168). - xfs: in _attrlist_by_handle, copy the cursor back to userspace (bsc#1041242). - xfs: only return -errno or success from attr ->put_listent (bsc#1041242). - xfs: Split default quota limits by quota type (bsc#1040941). - xfs: use ->b_state to fix buffer I/O accounting release race (bsc#1041160). Important SUSE bug 1003581 SUSE bug 1004003 SUSE bug 1011044 SUSE bug 1012422 SUSE bug 1012452 SUSE bug 1012829 SUSE bug 1012910 SUSE bug 1012985 SUSE bug 1013561 SUSE bug 1018885 SUSE bug 1020412 SUSE bug 1022266 SUSE bug 1026570 SUSE bug 1028310 SUSE bug 1028340 SUSE bug 1029607 SUSE bug 1030057 SUSE bug 1031040 SUSE bug 1031142 SUSE bug 1031470 SUSE bug 1031500 SUSE bug 1031512 SUSE bug 1031717 SUSE bug 1034635 SUSE bug 1034670 SUSE bug 1034762 SUSE bug 1034995 SUSE bug 1035024 SUSE bug 1035866 SUSE bug 1035887 SUSE bug 1035920 SUSE bug 1035922 SUSE bug 1036214 SUSE bug 1036752 SUSE bug 1036763 SUSE bug 1037177 SUSE bug 1037186 SUSE bug 1037384 SUSE bug 1037483 SUSE bug 1037871 SUSE bug 1037969 SUSE bug 1038033 SUSE bug 1038043 SUSE bug 1038142 SUSE bug 1038143 SUSE bug 1038297 SUSE bug 1038458 SUSE bug 1038544 SUSE bug 1038842 SUSE bug 1038843 SUSE bug 1038846 SUSE bug 1038847 SUSE bug 1038848 SUSE bug 1038879 SUSE bug 1039700 SUSE bug 1039864 SUSE bug 1039882 SUSE bug 1039883 SUSE bug 1039885 SUSE bug 1040069 SUSE bug 1040125 SUSE bug 1040279 SUSE bug 1040395 SUSE bug 1040425 SUSE bug 1040463 SUSE bug 1040929 SUSE bug 1040941 SUSE bug 1041087 SUSE bug 1041160 SUSE bug 1041168 SUSE bug 1041242 SUSE bug 799133 SUSE bug 922871 SUSE bug 966321 SUSE bug 971975 SUSE bug 989311 CVE-2017-7487 CVE-2017-7645 CVE-2017-8890 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9150 openSUSE Leap 42.2 This update for yodl fixes the following issues: - CVE-2016-10375 invalid memory read in queue_push could lead to Denial of service (boo#1040917) Moderate SUSE bug 1040917 CVE-2016-10375 openSUSE Leap 42.2 This update to irssi 1.0.3 fixes the following vulnerabilities: - CVE-2017-9469: irssi: dcc crash with incorrect quoting (bsc#1043052) - CVE-2017-9468: irssi: dcc message crash without nick/host (bsc#1043051) Moderate SUSE bug 1043051 SUSE bug 1043052 CVE-2017-9468 CVE-2017-9469 openSUSE Leap 42.2 catdoc was updated to version 0.95 to fix the following issues: * Fix various issues found during fuzzing which may lead to an application crash or have unspecified further impact when the user is tricked into opening specially crafted files (boo#919228) * Replace charset tables with new ones, published by Unicode Consortium with more permissive license * Fix lot of segfaults on incorrect or corrupted data Moderate SUSE bug 919228 openSUSE Leap 42.2 irssi was updated to fix four vulnerabilities that could result in denial of service (remote crash) when connecting to malicious servers or receiving specially crafted data. (boo#1018357) - CVE-2017-5193: NULL pointer dereference in the nickcmp function - CVE-2017-5194: out of bounds read in certain incomplete control codes - CVE-2017-5195: out of bounds read in certain incomplete character sequences - CVE-2017-5196: Correct an error when receiving invalid nick message Moderate SUSE bug 1018357 CVE-2017-5193 CVE-2017-5194 CVE-2017-5195 CVE-2017-5196 openSUSE Leap 42.2 This update for rxvt-unicode fixes the following issue: While urxvt is not directly affected by CVE-2017-7483 we have added a patch to harden urxvt to avoid similar bugs in the future. (boo#1036456) Moderate SUSE bug 1036456 CVE-2017-7483 openSUSE Leap 42.2 This update for mysql-connector-cpp and mysql-workbench fixes the following issues: Mysql-connector-cpp was updated to version 1.1.8: * See the news files on https://dev.mysql.com/doc/relnotes/connector-cpp/en/ Mysql-workbench was updated to version 6.3.9: * https://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-3-8.html * https://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-3-9.html * resolves CVE-2017-3469 (boo#1035195) Moderate SUSE bug 1035195 CVE-2017-3469 openSUSE Leap 42.2 This update for wireshark fixes minor vulnerabilities that could be used to trigger dissector crashes, infinite loops, or cause excessive use of CPU resources by making Wireshark read specially crafted packages from the network or a capture file: - CVE-2017-9352: Bazaar dissector infinite loop (boo#1042304) - CVE-2017-9348: DOF dissector read overflow (boo#1042303) - CVE-2017-9351: DHCP dissector read overflow (boo#1042302) - CVE-2017-9346: SoulSeek dissector infinite loop (boo#1042301) - CVE-2017-9345: DNS dissector infinite loop (boo#1042300) - CVE-2017-9349: DICOM dissector infinite loop (boo#1042305) - CVE-2017-9350: openSAFETY dissector memory exhaustion (boo#1042299) - CVE-2017-9344: BT L2CAP dissector divide by zero (boo#1042298) - CVE-2017-9343: MSNIP dissector crash (boo#1042309) - CVE-2017-9347: ROS dissector crash (boo#1042308) - CVE-2017-9354: RGMP dissector crash (boo#1042307) - CVE-2017-9353: IPv6 dissector crash (boo#1042306) Low SUSE bug 1042298 SUSE bug 1042299 SUSE bug 1042300 SUSE bug 1042301 SUSE bug 1042302 SUSE bug 1042303 SUSE bug 1042304 SUSE bug 1042305 SUSE bug 1042306 SUSE bug 1042307 SUSE bug 1042308 SUSE bug 1042309 SUSE bug 1042330 CVE-2017-9343 CVE-2017-9344 CVE-2017-9345 CVE-2017-9346 CVE-2017-9347 CVE-2017-9348 CVE-2017-9349 CVE-2017-9350 CVE-2017-9351 CVE-2017-9352 CVE-2017-9353 CVE-2017-9354 openSUSE Leap 42.2 This update for libnettle fixes the following issues: - CVE-2016-6489: * Reject invalid RSA keys with even modulo. * Check for invalid keys, with even p, in dsa_sign(). * Use function mpz_powm_sec() instead of mpz_powm() (bsc#991464). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 991464 CVE-2016-6489 openSUSE Leap 42.2 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2017-6502: Possible file-descriptor leak in libmagickcore that could be triggered via a specially crafted webp file (bsc#1028075). - CVE-2017-7943: The ReadSVGImage function in svg.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034870). Note that this only impacts the built-in SVG implementation. As we use the librsgv implementation, we are not affected. - CVE-2017-7942: The ReadAVSImage function in avs.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034872). - CVE-2017-7941: The ReadSGIImage function in sgi.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034876). - CVE-2017-8351: ImageMagick, GraphicsMagick: denial of service (memory leak) via a crafted file (ReadPCDImage func in pcd.c) (bsc#1036986). - CVE-2017-8352: denial of service (memory leak) via a crafted file (ReadXWDImage func in xwd.c) (bsc#1036987) - CVE-2017-8349: denial of service (memory leak) via a crafted file (ReadSFWImage func in sfw.c) (bsc#1036984) - CVE-2017-8350: denial of service (memory leak) via a crafted file (ReadJNGImage function in png.c) (bsc#1036985) - CVE-2017-8347: denial of service (memory leak) via a crafted file (ReadEXRImage func in exr.c) (bsc#1036982) - CVE-2017-8348: denial of service (memory leak) via a crafted file (ReadMATImage func in mat.c) (bsc#1036983) - CVE-2017-8345: denial of service (memory leak) via a crafted file (ReadMNGImage func in png.c) (bsc#1036980) - CVE-2017-8346: denial of service (memory leak) via a crafted file (ReadDCMImage func in dcm.c) (bsc#1036981) - CVE-2017-8353: denial of service (memory leak) via a crafted file (ReadPICTImage func in pict.c) (bsc#1036988) - CVE-2017-8354: denial of service (memory leak) via a crafted file (ReadBMPImage func in bmp.c) (bsc#1036989) - CVE-2017-8830: denial of service (memory leak) via a crafted file (ReadBMPImage func in bmp.c:1379) (bsc#1038000) - CVE-2017-7606: denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033091) - CVE-2017-8765: memory leak vulnerability via a crafted ICON file (ReadICONImage in coders\icon.c) (bsc#1037527) - CVE-2017-8356: denial of service (memory leak) via a crafted file (ReadSUNImage function in sun.c) (bsc#1036991) - CVE-2017-8355: denial of service (memory leak) via a crafted file (ReadMTVImage func in mtv.c) (bsc#1036990) - CVE-2017-8344: denial of service (memory leak) via a crafted file (ReadPCXImage func in pcx.c) (bsc#1036978) - CVE-2017-8343: denial of service (memory leak) via a crafted file (ReadAAIImage func in aai.c) (bsc#1036977) - CVE-2017-8357: denial of service (memory leak) via a crafted file (ReadEPTImage func in ept.c) (bsc#1036976) - CVE-2017-9098: uninitialized memory usage in the ReadRLEImage RLE decoder function coders/rle.c (bsc#1040025) - CVE-2017-9141: Missing checks in the ReadDDSImage function in coders/dds.c could lead to a denial of service (assertion) (bsc#1040303) - CVE-2017-9142: Missing checks in theReadOneJNGImage function in coders/png.c could lead to denial of service (assertion) (bsc#1040304) - CVE-2017-9143: A possible denial of service attack via crafted .art file in ReadARTImage function in coders/art.c (bsc#1040306) - CVE-2017-9144: A crafted RLE image can trigger a crash in coders/rle.c could lead to a denial of service (crash) (bsc#1040332) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1028075 SUSE bug 1033091 SUSE bug 1034870 SUSE bug 1034872 SUSE bug 1034876 SUSE bug 1036976 SUSE bug 1036977 SUSE bug 1036978 SUSE bug 1036980 SUSE bug 1036981 SUSE bug 1036982 SUSE bug 1036983 SUSE bug 1036984 SUSE bug 1036985 SUSE bug 1036986 SUSE bug 1036987 SUSE bug 1036988 SUSE bug 1036989 SUSE bug 1036990 SUSE bug 1036991 SUSE bug 1037527 SUSE bug 1038000 SUSE bug 1040025 SUSE bug 1040303 SUSE bug 1040304 SUSE bug 1040306 SUSE bug 1040332 CVE-2017-6502 CVE-2017-7606 CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8343 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8347 CVE-2017-8348 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8354 CVE-2017-8355 CVE-2017-8356 CVE-2017-8357 CVE-2017-8765 CVE-2017-8830 CVE-2017-9098 CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 openSUSE Leap 42.2 This update for mercurial fixes the following issues: - CVE-2017-9462: Fix the arbitrary code exec by remote users via "hg serve --stdio" (boo#1043063) Important SUSE bug 1043063 SUSE bug 1043502 CVE-2017-9462 openSUSE Leap 42.2 This update to tor 0.2.9.11 fixes the following vulnerabilities: - CVE-2017-0375: remotely triggerable assertion failure when a hidden service handles a malformed BEGIN cell (bsc#1043455) - CVE-2017-0376: remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit (bsc#1043456) Moderate SUSE bug 1043455 SUSE bug 1043456 CVE-2017-0375 CVE-2017-0376 openSUSE Leap 42.2 This update for otrs fixes the following issues: - CVE-2017-9324: Incorrect Access Control in OTRS - Improved SecureMode detection in Installer (OSA-2017-03, bsc#1043086) - bsc#1043244: Reflected cross-site scripting in OTRS, customer search should not return results for internal (OSA-2017-02) In addition, OTRS was updated to 3.3.17 with the following fixes: - Function "SystemDataGroupGet" has problems with empty values in oracle - Base64 encoded image does not display in article - Chrome could not display attached PDF files Moderate SUSE bug 1043086 SUSE bug 1043244 CVE-2017-9324 openSUSE Leap 42.2 This update for jasper fixes the following issues: - CVE-2016-8654: Heap-based buffer overflow in QMFB code in JPC codec. (bsc#1012530) - CVE-2016-9395: Invalid jasper files could lead to abort of the library caused by attacker provided image. (bsc#1010977) - CVE-2016-9398: Invalid jasper files could lead to abort of the library caused by attacker provided image. (bsc#1010979) - CVE-2016-9560: Stack-based buffer overflow in jpc_tsfb_getbands2. (bsc#1011830) - CVE-2016-9591: Use-after-free on heap in jas_matrix_destroy. (bsc#1015993) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1010977 SUSE bug 1010979 SUSE bug 1011830 SUSE bug 1012530 SUSE bug 1015993 CVE-2016-8654 CVE-2016-9395 CVE-2016-9398 CVE-2016-9560 CVE-2016-9591 openSUSE Leap 42.2 This update to Chromium 59.0.3071.104 fixes the following security issues: * CVE-2017-5087: Sandbox Escape in IndexedDB * CVE-2017-5088: Out of bounds read in V8 * CVE-2017-5089: Domain spoofing in Omnibox * Various fixes from internal audits, fuzzing and other initiatives The following tracked packaging changes are included: * In about dialog, refer to the build as "openSUSE build" (boo#1043420) Moderate SUSE bug 1043420 SUSE bug 1044690 CVE-2017-5087 CVE-2017-5088 CVE-2017-5089 openSUSE Leap 42.2 This update for lynis fixes the following issues: Lynis 2.5.1: * Improved detection of SSL certificate files * Minor changes to improve logging and results * Firewall tests: Determine if CSF is in testing mode The Update also includes changes from Lynis 2.5.0: * CVE-2017-8108: symlink attack may have allowed arbitrary file overwrite or privilege escalation (boo#1043463) * Deleted unused tests from database file * Additional sysctls are tested * Extended test with Symantec components * Snort detection * Snort configuration file The update also includes Lynis 2.4.8 (Changelog from 2.4.1) * More PHP paths added * Minor changes to text * Show atomic test in report * Added FileInstalledByPackage function (dpkg and rpm supported) * Mark Arch Linux version as rolling release (instead of unknown) * Support for Manjaro Linux * Escape files when testing if they are readable * Code cleanups * Allow host alias to be specified in profile * Code readability enhancements * Solaris support has been improved * Fix for upload function to be used from profile * Reduce screen output for mail section, unless --verbose is used * Code cleanups and removed 'update release' command * Colored output can now be tuned with profile (colors=yes/no) * Allow data upload to be set as a profile option * Properly detect SSH daemon version * Generic code improvements * Improved the update check and display * Finish, Portuguese, and Turkish translation * Extended support and tests for DragonFlyBSD * Option to configure hostid and hostid2 in profile * Support for Trend Micro and Cylance (macOS) * Remove comments at end of nginx configuration * Used machine ID to create host ID when no SSH keys are available * Added detection of iptables-save to binaries And Lynis 2.4.0 * Mainly improved support for macOS users * Support for CoreOS * Support for clamconf utility * Support for chinese translation * More sysctl values in the default profile * New commands: "upload-only", "show hostids", "show environment", "show os" Moderate SUSE bug 1043463 CVE-2017-8108 openSUSE Leap 42.2 This update for freeradius-server fixes the following issues: - CVE-2017-9148: Disable OpenSSL's internal session cache to mitigate authentication bypass. (boo#1041445) Moderate SUSE bug 1041445 CVE-2017-9148 openSUSE Leap 42.2 This update for xorg-x11-server fixes the following security issues: - CVE-2017-2624: Prevent timing attack against MIT cookie. (boo#1025029) - Use arc4random to generate cookies with more randomness. (boo#1025084) - Remove unused function with use-after-free issue. (boo#1025035) Moderate SUSE bug 1025029 SUSE bug 1025035 SUSE bug 1025084 CVE-2017-2624 openSUSE Leap 42.2 This update for libxml2 fixes the following security issues: * CVE-2017-9050: A heap-based buffer over-read in xmlDictAddString (bsc#1039069, bsc#1039661) * CVE-2017-9049: A heap-based buffer overflow in xmlDictComputeFastKey (bsc#1039066) * CVE-2017-9048: A stack overflow vulnerability in xmlSnprintfElementContent (bsc#1039063) * CVE-2017-9047: A stack overflow vulnerability in xmlSnprintfElementContent (bsc#1039064) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1039063 SUSE bug 1039064 SUSE bug 1039066 SUSE bug 1039069 SUSE bug 1039661 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 openSUSE Leap 42.2 This update for Mozilla Firefox, Thunderbird, and NSS fixes the following issues: Mozilla Firefox was updated to 52.2esr (boo#1043960) MFSA 2017-16: * CVE-2017-5472 (bmo#1365602) Use-after-free using destroyed node when regenerating trees * CVE-2017-7749 (bmo#1355039) Use-after-free during docshell reloading * CVE-2017-7750 (bmo#1356558) Use-after-free with track elements * CVE-2017-7751 (bmo#1363396) Use-after-free with content viewer listeners * CVE-2017-7752 (bmo#1359547) Use-after-free with IME input * CVE-2017-7754 (bmo#1357090) Out-of-bounds read in WebGL with ImageInfo object * CVE-2017-7755 (bmo#1361326) Privilege escalation through Firefox Installer with same directory DLL files (Windows only) * CVE-2017-7756 (bmo#1366595) Use-after-free and use-after-scope logging XHR header errors * CVE-2017-7757 (bmo#1356824) Use-after-free in IndexedDB * CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777 Vulnerabilities in the Graphite 2 library * CVE-2017-7758 (bmo#1368490) Out-of-bounds read in Opus encoder * CVE-2017-7760 (bmo#1348645) File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service (Windows only) * CVE-2017-7761 (bmo#1215648) File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application (Windows only) * CVE-2017-7764 (bmo#1364283) Domain spoofing with combination of Canadian Syllabics and other unicode blocks * CVE-2017-7765 (bmo#1273265) Mark of the Web bypass when saving executable files (Windows only) * CVE-2017-7766 (bmo#1342742) File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service (Windows only) * CVE-2017-7767 (bmo#1336964) Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service (Windows only) * CVE-2017-7768 (bmo#1336979) 32 byte arbitrary file read through Mozilla Maintenance Service (Windows only) * CVE-2017-5470 Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 - remove -fno-inline-small-functions and explicitely optimize with -O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105) Mozilla NSS was updated to NSS 3.28.5 * Implemented domain name constraints for CA: TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1. (bmo#1350859) * March 2017 batch of root CA changes (bmo#1350859) (version 2.14) CA certificates removed: O = Japanese Government, OU = ApplicationCA CN = WellsSecure Public Root Certificate Authority CN = TURKTRUST Elektronik Sertifika Hizmet H6 CN = Microsec e-Szigno Root CA certificates added: CN = D-TRUST Root CA 3 2013 CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 java-1_8_0-openjdk was rebuild against NSS 3.28.5 to satisfy a runtime dependency. Important SUSE bug 1040105 SUSE bug 1043960 CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7755 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7760 CVE-2017-7761 CVE-2017-7764 CVE-2017-7765 CVE-2017-7766 CVE-2017-7767 CVE-2017-7768 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 openSUSE Leap 42.2 This update for exim fixes the following issues: - CVE-2017-1000369: Fixed a memory leak in exim commandline handling, which could be used to exhaust memory and make "stack crash" attacks likely. (boo#1044692) Important SUSE bug 1044692 CVE-2017-1000369 openSUSE Leap 42.2 This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] - A bug in glibc that could result in deadlocks between malloc() and fork() has been fixed. [bsc#1040043] This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1039357 SUSE bug 1040043 CVE-2017-1000366 openSUSE Leap 42.2 The openSUSE Leap 42.2 kernel was updated to 4.4.72 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010) (bnc#1039348). - CVE-2017-1000380: sound/core/timer.c in the Linux kernel is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time (bnc#1044125). - CVE-2017-7346: The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate certain levels data, which allowed local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031796). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bnc#1041431). The following non-security bugs were fixed: - ASoC: Intel: Skylake: Uninitialized variable in probe_codec() (bsc#1043231). - IB/core: Fix kernel crash during fail to initialize device (bsc#1022595 FATE#322350). - IB/core: For multicast functions, verify that LIDs are multicast LIDs (bsc#1022595 FATE#322350). - IB/core: If the MGID/MLID pair is not on the list return an error (bsc#1022595 FATE#322350). - IB/ipoib: Fix deadlock between ipoib_stop and mcast join flow (bsc#1022595 FATE#322350). - Make __xfs_xattr_put_listen preperly report errors (bsc#1041242). - NFS: Fix an LOCK/OPEN race when unlinking an open file (git-fixes). - NFSv4: Fix the underestimation of delegation XDR space reservation (git-fixes). - NFSv4: fix a reference leak caused WARNING messages (git-fixes). - PM / QoS: Fix memory leak on resume_latency.notifiers (bsc#1043231). - SUNRPC: Silence WARN_ON when NFSv4.1 over RDMA is in use (git-fixes). - SUNRPC: ensure correct error is reported by xs_tcp_setup_socket() (git-fixes). - Update patches.fixes/xen-silence-efi-error-messge.patch (bnc#1039900). - [media] vb2: Fix an off by one error in 'vb2_plane_vaddr' (bsc#1043231). - bcache: fix calling ida_simple_remove() with incorrect minor (bsc#1038085). - bna: add missing per queue ethtool stat (bsc#966321 FATE#320156). - bna: integer overflow bug in debugfs (bsc#966321 FATE#320156). - bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal (bsc#1042286). - bonding: do not use stale speed and duplex information (bsc#1042286). - bonding: prevent out of bound accesses (bsc#1042286). - brcmfmac: add fallback for devices that do not report per-chain values (bsc#1043231). - brcmfmac: avoid writing channel out of allocated array (bsc#1043231). - ceph: fix potential use-after-free (bsc#1043371). - ceph: memory leak in ceph_direct_read_write callback (bsc#1041810). - cfq-iosched: fix the delay of cfq_group's vdisktime under iops mode (bsc#1012829). - cgroup: remove redundant cleanup in css_create (bsc#1012829). - cifs: small underflow in cnvrtDosUnixTm() (bnc#1043935). - drm/mgag200: Fix to always set HiPri for G200e4 (bsc#1015452, bsc#995542). - drm/nouveau/tmr: fully separate alarm execution/pending lists (bsc#1043467). - efi: Do not issue error message when booted under Xen (bnc#1036638). - ext4: fix data corruption for mmap writes (bsc#1012829). - ext4: fix data corruption with EXT4_GET_BLOCKS_ZERO (bsc#1012829). - fuse: fix clearing suid, sgid for chown() (bsc#1012829). - ibmvnic: Check adapter state during ibmvnic_poll (fate#322021, bsc#1040855). - ibmvnic: Deactivate RX pool buffer replenishment on H_CLOSED (fate#322021, bsc#1040855). - ibmvnic: Fix cleanup of SKB's on driver close (fate#322021, bsc#1040855). - ibmvnic: Halt TX and report carrier off on H_CLOSED return code (fate#322021, bsc#1040855). - ibmvnic: Handle failover after failed init crq (fate#322021, bsc#1040855). - ibmvnic: Non-fatal error handling (fate#322021, bsc#1040855). - ibmvnic: Reset sub-crqs during driver reset (fate#322021, bsc#1040855). - ibmvnic: Reset the CRQ queue during driver reset (fate#322021, bsc#1040855). - ibmvnic: Reset tx/rx pools on driver reset (fate#322021, bsc#1040855). - ibmvnic: Return failure on attempted mtu change (bsc#1043236). - ibmvnic: Send gratuitous arp on reset (fate#322021, bsc#1040855). - ibmvnic: Track state of adapter napis (fate#322021, bsc#1040855). - ipv6: Do not use ufo handling on later transformed packets (bsc#1042286). - ipv6: fix endianness error in icmpv6_err (bsc#1042286). - kABI: protect struct fib_info (kabi). - kABI: protect struct pglist_data (kabi). - kABI: protect struct xlog (bsc#1043598). - kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422) - l2tp: fix race in l2tp_recv_common() (bsc#1042286). - libceph: NULL deref on crush_decode() error path (bsc#1044015). - md: allow creation of mdNNN arrays via md_mod/parameters/new_array (bsc#1032339). - md: support disabling of create-on-open semantics (bsc#1032339). - mm/hugetlb: check for reserved hugepages during memory offline (bnc#971975 VM -- git fixes). - mm/hugetlb: fix incorrect hugepages count during mem hotplug (bnc#971975 VM -- git fixes). - mmc: Downgrade error level (bsc#1042536). - module: fix memory leak on early load_module() failures (bsc#1043014). - net: bridge: start hello timer only if device is up (bnc#1012382). - net: fix compile error in skb_orphan_partial() (bnc#1012382). - net: ipv6: set route type for anycast routes (bsc#1042286). - netfilter: nf_conntrack_sip: extend request line validation (bsc#1042286). - netfilter: nf_ct_expect: remove the redundant slash when policy name is empty (bsc#1042286). - netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags (bsc#1042286). - netfilter: nf_nat_snmp: Fix panic when snmp_trap_helper fails to register (bsc#1042286). - netfilter: nfnetlink_queue: reject verdict request from different portid (bsc#1042286). - netfilter: restart search if moved to other chain (bsc#1042286). - netfilter: use fwmark_reflect in nf_send_reset (bsc#1042286). - netxen_nic: set rcode to the return status from the call to netxen_issue_cmd (bsc#966339 FATE#320150). - nfs: Fix "Do not increment lock sequence ID after NFS4ERR_MOVED" (git-fixes). - nsfs: mark dentry with DCACHE_RCUACCESS (bsc#1012829). - nvme: submit nvme_admin_activate_fw to admin queue (bsc#1044532). - percpu: remove unused chunk_alloc parameter from pcpu_get_pages() (bnc#971975 VM -- git fixes). - perf/x86/intel/rapl: Make Knights Landings support functional (bsc#1042517). - powerpc/64: Fix flush_(d|i)cache_range() called from modules (bnc#863764 fate#315275, LTC#103998). - quota: fill in Q_XGETQSTAT inode information for inactive quotas (bsc#1042356). - radix-tree: fix radix_tree_iter_retry() for tagged iterators (bsc#1012829). - rpm/kernel-binary.spec: remove superfluous flags This should make build logs more readable and people adding more flags should have easier time finding a place to add them in the spec file. - rpm/kernel-spec-macros: Fix the check if there is no rebuild counter (bsc#1012060) - rtnl: reset calcit fptr in rtnl_unregister() (bsc#1042286). - series.conf: remove silly comment - tcp: account for ts offset only if tsecr not zero (bsc#1042286). - tcp: fastopen: accept data/FIN present in SYNACK message (bsc#1042286). - tcp: fastopen: avoid negative sk_forward_alloc (bsc#1042286). - tcp: fastopen: call tcp_fin() if FIN present in SYNACK (bsc#1042286). - tcp: fastopen: fix rcv_wup initialization for TFO server on SYN/data (bsc#1042286). - tpm: Downgrade error level (bsc#1042535). - udp: avoid ufo handling on IP payload compression packets (bsc#1042286). - udplite: call proper backlog handlers (bsc#1042286). - x86/PCI: Mark Broadwell-EP Home Agent 1 as having non-compliant BARs (bsc#9048891). - xen/mce: do not issue error message for failed /dev/mcelog registration (bnc#1036638). - xen: add sysfs node for guest type (bnc#1037840). - xfrm: Fix memory leak of aead algorithm name (bsc#1042286). - xfs: add missing include dependencies to xfs_dir2.h (bsc#1042421). - xfs: do not warn on buffers not being recovered due to LSN (bsc#1043598). - xfs: fix xfs_mode_to_ftype() prototype (bsc#1043598). - xfs: log recovery tracepoints to track current lsn and buffer submission (bsc#1043598). - xfs: pass current lsn to log recovery buffer validation (bsc#1043598). - xfs: refactor log record unpack and data processing (bsc#1043598). - xfs: replace xfs_mode_to_ftype table with switch statement (bsc#1042421). - xfs: rework log recovery to submit buffers on LSN boundaries (bsc#1043598). - xfs: rework the inline directory verifiers (bsc#1042421). - xfs: sanity check directory inode di_size (bsc#1042421). - xfs: sanity check inode di_mode (bsc#1042421). - xfs: update metadata LSN in buffers during log recovery (bsc#1043598). - xfs: verify inline directory data forks (bsc#1042421). - zswap: do not param_set_charp while holding spinlock (VM Functionality, bsc#1042886). Important SUSE bug 1012060 SUSE bug 1012382 SUSE bug 1012422 SUSE bug 1012829 SUSE bug 1015452 SUSE bug 1022595 SUSE bug 1031796 SUSE bug 1032339 SUSE bug 1036638 SUSE bug 1037840 SUSE bug 1038085 SUSE bug 1039348 SUSE bug 1039900 SUSE bug 1040855 SUSE bug 1041242 SUSE bug 1041431 SUSE bug 1041810 SUSE bug 1042286 SUSE bug 1042356 SUSE bug 1042421 SUSE bug 1042517 SUSE bug 1042535 SUSE bug 1042536 SUSE bug 1042886 SUSE bug 1043014 SUSE bug 1043231 SUSE bug 1043236 SUSE bug 1043371 SUSE bug 1043467 SUSE bug 1043598 SUSE bug 1043935 SUSE bug 1044015 SUSE bug 1044125 SUSE bug 1044532 SUSE bug 863764 SUSE bug 966321 SUSE bug 966339 SUSE bug 971975 SUSE bug 995542 CVE-2017-1000364 CVE-2017-1000380 CVE-2017-7346 CVE-2017-9242 openSUSE Leap 42.2 This update for openvpn fixes the following issues: - CVE-2016-6329: Show which ciphers should no longer be used in openvpn --show-ciphers (bsc#995374) - CVE-2017-7478: openvpn: Authenticated user can DoS server by using a big payload in P_CONTROL (bsc#1038709) - CVE-2017-7479: openvpn: Denial of Service due to Exhaustion of Packet-ID counter (bsc#1038711) - Hardening measures found by internal audit (bsc#1038713) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1038709 SUSE bug 1038711 SUSE bug 1038713 SUSE bug 995374 CVE-2016-6329 CVE-2017-7478 CVE-2017-7479 openSUSE Leap 42.2 This update for go fixes the following issues: - CVE-2017-8932: Add patch to fix carry bug in x86-64 P-256 implementation (boo#1040618) Please note that go applications will need to be rebuilt to get this fix, as all go applications are statically linked. As we are regulary releasing updates to our distribution go applications they are not specifically included here. Moderate SUSE bug 1040618 CVE-2017-8932 openSUSE Leap 42.2 NonFree This update for unrar to version 5.5 fixes the following issues: Version 5.5.5 * CVE-2012-6706: fixes VMSF_DELTA memory corruption (boo#1045315) see https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&can=1&q=unrar&desc=2 Version 5.5.1 * Based on RAR 5.50 beta1 * Added extraction support for .LZ archives created by Lzip compressor. * Modern TAR tools can store high precision file times, lengthy file names and large file sizes in special PAX extended headers inside of TAR archive. Now WinRAR supports such PAX headers and uses them when extracting TAR archives. * unrar no longer fails to unpack files in ZIP archives compressed with XZ algorithm and encrypted with AES Version 5.4.5. * Based on final RAR 5.40. * If RAR recovery volumes (.rev files) are present in the same folder as usual RAR volumes, archive test command verifies .rev contents after completing testing .rar files. If you wish to test only .rev files without checking .rar volumes, you can run: `unrar t arcname.part1.rev`. * If -p switch is used without optional <pwd> parameter, a password can be also set with file redirection or pipe. * unrar treats 'arcname.partN' as 'arcname.partN.rar' if 'arcname.partN' does not exist and 'arcname.part#.rar' exists. For example, it is allowed to run: `unrar x arcname.part01` to start extraction from 'arcname.part01.rar'. Moderate SUSE bug 1045315 CVE-2012-6706 openSUSE Leap 42.2 This update for libmicrohttpd fixes the following issues: - CVE-2013-7038: The MHD_http_unescape function in libmicrohttpd might have allowed remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read. (bsc#854443) - CVE-2013-7039: Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header. (bsc#854443) - Fixed various bugs found during a 2017 audit, which are more hardening measures and not security issues. (bsc#1041216) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1041216 SUSE bug 854443 CVE-2013-7038 CVE-2013-7039 openSUSE Leap 42.2 This update for openvpn fixes the following issues: - Some parts of the certificate-parsing code did not always clear all allocated memory. This would have allowed clients to leak a few bytes of memory for each connection attempt, thereby facilitating a (quite inefficient) DoS attack on the server. [bsc#1044947, CVE-2017-7521] - The ASN1 parsing code contained a bug that could have resulted in some buffers being free()d twice, and this issue could have potentially been triggered remotely by a VPN peer. [bsc#1044947, CVE-2017-7521] - If clients used a HTTP proxy with NTLM authentication, a man-in-the-middle attacker between client and proxy could cause the client to crash or disclose at most 96 bytes of stack memory. The disclosed stack memory was likely to contain the proxy password. If the proxy password had not been reused, this was unlikely to compromise the security of the OpenVPN tunnel itself. Clients who did not use the --http-proxy option with ntlm2 authentication were not affected. [bsc#1044947, CVE-2017-7520] - It was possible to trigger an assertion by sending a malformed IPv6 packet. That issue could have been abused to remotely shutdown an openvpn server or client, if IPv6 and --mssfix were enabled and if the IPv6 networks used inside the VPN were known. [bsc#1044947, CVE-2017-7508] This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1044947 CVE-2017-7508 CVE-2017-7520 CVE-2017-7521 openSUSE Leap 42.2 This update for libqt5-qtbase and libqt5-qtdeclarative fixes the following issues: This security issue was fixed: - Prevent potential information leak due to race condition in QSaveFile (bsc#1034005). These non-security issues were fixed: - Fixed crash in QPlainTextEdit - Fixed Burmese rendering issue - Fixed reuse of C++-owned QObjects by different QML engines that could lead to crashes in kwin (bsc#1034402) - Make libqt5-qtquickcontrols available in SUSE Linux Enterprise. This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1013095 SUSE bug 1034005 SUSE bug 1034402 openSUSE Leap 42.2 This update for python-tablib fixes the following issues: - CVE-2017-2810: The Databook loading functionality allowed command execution when important malicious data (boo#1044329) Moderate SUSE bug 1044329 CVE-2017-2810 openSUSE Leap 42.2 The openSUSE Leap 42.2 kernel was updated to 4.4.73 to receive security and bugfixes. The following security bugs were fixed: - CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010) (bnc#1039348). The previous fix caused some Java applications to crash and has been replaced by the upstream fix. The following non-security bugs were fixed: - md: fix a null dereference (bsc#1040351). - net/mlx5e: Fix timestamping capabilities reporting (bsc#966170, bsc#1015342) - reiserfs: don't preallocate blocks for extended attributes (bsc#990682) - ibmvnic: Fix error handling when registering long-term-mapped buffers (bsc#1045568). - Fix kabi after adding new field to struct mddev (bsc#1040351). - Fix soft lockup in svc_rdma_send (bsc#729329). - IB/addr: Fix setting source address in addr6_resolve() (bsc#1044082). - IB/ipoib: Fix memory leak in create child syscall (bsc#1022595 FATE#322350). - IB/mlx5: Assign DSCP for R-RoCE QPs Address Path (bsc#966170 bsc#966172 bsc#966191). - IB/mlx5: Check supported flow table size (bsc#966170 bsc#966172 bsc#966191). - IB/mlx5: Enlarge autogroup flow table (bsc#966170 bsc#966172 bsc#966191). - IB/mlx5: Fix kernel to user leak prevention logic (bsc#966170 bsc#966172 bsc#966191). - NFSv4: do not let hanging mounts block other mounts (bsc#1040364). - [v2, 2/3] powerpc/fadump: avoid holes in boot memory area when fadump is registered (bsc#1037669). - [v2,1/3] powerpc/fadump: avoid duplicates in crash memory ranges (bsc#1037669). - [v2,3/3] powerpc/fadump: provide a helpful error message (bsc#1037669). - dm: remove dummy dm_table definition (bsc#1045307) - ibmvnic: Activate disabled RX buffer pools on reset (bsc#1044767). - ibmvnic: Client-initiated failover (bsc#1043990). - ibmvnic: Correct return code checking for ibmvnic_init during probe (bsc#1045286). - ibmvnic: Ensure that TX queues are disabled in __ibmvnic_close (bsc#1044767). - ibmvnic: Exit polling routine correctly during adapter reset (bsc#1044767). - ibmvnic: Fix incorrectly defined ibmvnic_request_map_rsp structure (bsc#1045568). - ibmvnic: Remove VNIC_CLOSING check from pending_scrq (bsc#1044767). - ibmvnic: Remove module author mailing address (bsc#1045467). - ibmvnic: Remove netdev notify for failover resets (bsc#1044120). - ibmvnic: Return from ibmvnic_resume if not in VNIC_OPEN state (bsc#1045235). - ibmvnic: Sanitize entire SCRQ buffer on reset (bsc#1044767). - ibmvnic: driver initialization for kdump/kexec (bsc#1044772). - ipv6: release dst on error in ip6_dst_lookup_tail (git-fixes). - jump label: fix passing kbuild_cflags when checking for asm goto support (git-fixes). - kabi workaround for net: ipv6: Fix processing of RAs in presence of VRF (bsc#1042286). - lan78xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - loop: Add PF_LESS_THROTTLE to block/loop device thread (bsc#1027101). - md: use a separate bio_set for synchronous IO (bsc#1040351). - mlx4: Fix memory leak after mlx4_en_update_priv() (bsc#966170 bsc#966172 bsc#966191). - mm: fix new crash in unmapped_area_topdown() (bnc#1039348). - net/mlx5: Do not unlock fte while still using it (bsc#966170 bsc#966172 bsc#966191). - net/mlx5: Fix create autogroup prev initializer (bsc#966170 bsc#966172 bsc#966191). - net/mlx5: Prevent setting multicast macs for VFs (bsc#966170 bsc#966172 bsc#966191). - net/mlx5: Release FTE lock in error flow (bsc#966170 bsc#966172 bsc#966191). - net/mlx5e: Modify TIRs hash only when it's needed (bsc#966170 bsc#966172 bsc#966191). - net: icmp_route_lookup should use rt dev to determine L3 domain (bsc#1042286). - net: ipv6: Fix processing of RAs in presence of VRF (bsc#1042286). - net: l3mdev: Add master device lookup by index (bsc#1042286). - net: make netdev_for_each_lower_dev safe for device removal (bsc#1042286). - net: vrf: Create FIB tables on link create (bsc#1042286). - net: vrf: Fix crash when IPv6 is disabled at boot time (bsc#1042286). - net: vrf: Fix dev refcnt leak due to IPv6 prefix route (bsc#1042286). - net: vrf: Fix dst reference counting (bsc#1042286). - net: vrf: Switch dst dev to loopback on device delete (bsc#1042286). - net: vrf: protect changes to private data with rcu (bsc#1042286). - powerpc/fadump: add reschedule point while releasing memory (bsc#1040609). - powerpc/fadump: return error when fadump registration fails (bsc#1040567). - ravb: Fix use-after-free on `ifconfig eth0 down` (git-fixes). - sctp: check af before verify address in sctp_addr_id2transport (git-fixes). - vrf: remove slave queue and private slave struct (bsc#1042286). - xen-blkback: do not leak stack data via response ring (bsc#1042863 XSA-216). - xfrm: Only add l3mdev oif to dst lookups (bsc#1042286). Important SUSE bug 1015342 SUSE bug 1022595 SUSE bug 1027101 SUSE bug 1037669 SUSE bug 1039214 SUSE bug 1039348 SUSE bug 1040351 SUSE bug 1040364 SUSE bug 1040567 SUSE bug 1040609 SUSE bug 1042286 SUSE bug 1042863 SUSE bug 1043990 SUSE bug 1044082 SUSE bug 1044120 SUSE bug 1044767 SUSE bug 1044772 SUSE bug 1044880 SUSE bug 1045154 SUSE bug 1045235 SUSE bug 1045286 SUSE bug 1045307 SUSE bug 1045467 SUSE bug 1045568 SUSE bug 966170 SUSE bug 966172 SUSE bug 966191 SUSE bug 990682 CVE-2017-1000364 openSUSE Leap 42.2 This update for netpbm fixes the following issues: Security bugs: * CVE-2017-2586: A NULL pointer dereference in stringToUint function could lead to a denial of service (abort) problem when processing malformed images. [bsc#1024292] * CVE-2017-2581: A out-of-bounds write in writeRasterPbm() could be used by attackers to crash the decoder or potentially execute code. [bsc#1024287] * CVE-2017-2587: A insufficient size check of memory allocation in createCanvas() function could be used for a denial of service attack (memory exhaustion) [bsc#1024294] This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1024287 SUSE bug 1024292 SUSE bug 1024294 CVE-2017-2581 CVE-2017-2586 CVE-2017-2587 openSUSE Leap 42.2 This update for libgcrypt fixes the following issues: - CVE-2017-9526: Store the session key in secure memory to ensure that constant time point operations are used in the MPI library. (bsc#1042326) - Don't require secure memory for the fips selftests, this prevents the "Oops, secure memory pool already initialized" warning. (bsc#931932) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1042326 SUSE bug 931932 CVE-2017-9526 openSUSE Leap 42.2 This update for sudo fixes the following security issue: - CVE-2017-1000368: A follow-up fix to CVE-2017-1000367, the Linux process name could also contain a newline, which could be used to trick sudo to read/write to an arbitrary open terminal. (bsc#1042146) Also the following non security bug was fixed: - Link the "system_group" plugin with sudo_util library to resolve the missing sudo_dso_findsym symbol (bsc#1034560) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1034560 SUSE bug 1042146 CVE-2017-1000368 openSUSE Leap 42.2 This update for libxml2 fixes the following issues: Security issues fixed: * CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID (bsc#1044337) * CVE-2017-5969: Fixed a NULL pointer deref in xmlDumpElementContent (bsc#1024989) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1024989 SUSE bug 1044337 CVE-2017-0663 CVE-2017-5969 openSUSE Leap 42.2 This update for kdepim4 fixes the following issues: - CVE-2017-9604: The kmail "send later" function does not have "sign/encryption" action ensured. (boo#1044210) The package kdepim-addons was updated to conflict with 4.x based akonadi package to prevent file conflicts. (boo#1045936) Moderate SUSE bug 1044210 SUSE bug 1045936 CVE-2017-9604 openSUSE Leap 42.2 This update for kdepim and messagelib fixes the following issues: - CVE-2017-9604: The kmail "send later" function does not have "sign/encryption" action ensured. (boo#1044210) Moderate SUSE bug 1044210 CVE-2017-9604 openSUSE Leap 42.2 This update for php5 fixes the following security issues: - CVE-2016-6294: The locale_accept_from_http function in ext/intl/locale/locale_methods.c did not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument (bsc#1035111). - CVE-2017-9227: A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. (bsc#1040883) - CVE-2017-9226: A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. (bsc#1040889) - CVE-2017-9224: A stack out-of-bounds read occurs in match_at() during regular expression searching. (bsc#1040891) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1035111 SUSE bug 1040883 SUSE bug 1040889 SUSE bug 1040891 CVE-2016-6294 CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 openSUSE Leap 42.2 This update for postgresql94 to 9.4.12 fixes the following issues: Upstream changelogs: - https://www.postgresql.org/docs/9.4/static/release-9-4-12.html - https://www.postgresql.org/docs/9.4/static/release-9-4-11.html - https://www.postgresql.org/docs/9.4/static/release-9-4-10.html Security issues fixed: * CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1037624) Please note that manual action is needed to fix this in existing databases See the upstream release notes for details. * CVE-2017-7485: recognize PGREQUIRESSL variable again. (bsc#1038293) * CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603) Changes in version 9.4.12: * Build corruption with CREATE INDEX CONCURRENTLY * Fixes for visibility and write-ahead-log stability Changes in version 9.4.10: * Fix WAL-logging of truncation of relation free space maps and visibility maps * Fix incorrect creation of GIN index WAL records on big-endian machines * Fix SELECT FOR UPDATE/SHARE to correctly lock tuples that have been updated by a subsequently-aborted transaction * Fix EvalPlanQual rechecks involving CTE scans * Fix improper repetition of previous results from hashed aggregation in a subquery The libraries libpq and libecpg are now supplied by postgresql 9.6. This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1037603 SUSE bug 1037624 SUSE bug 1038293 CVE-2017-7484 CVE-2017-7485 CVE-2017-7486 openSUSE Leap 42.2 This update for clamav fixes the following security issue: - CVE-2012-6706: Fixed an arbitrary memory write in VMSF_DELTA filter in libclamunrar (bsc#1045490) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1045490 CVE-2012-6706 openSUSE Leap 42.2 This update for cairo fixes the following issues: - CVE-2017-7475: Fixed a segfault in get_bitmap_surface due to malformed font (bsc#1036789). - CVE-2016-9082: fix a segfault when using >4GB images since int values were used for pointer operations (bsc#1007255). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1007255 SUSE bug 1036789 CVE-2016-9082 CVE-2017-7475 openSUSE Leap 42.2 This update for GraphicsMagick fixes the following issues: - CVE-2017-8350: an additional fix for a denial of service memory leak in the JNG decoder was done. [boo#1036985 c13-c21] Moderate SUSE bug 1036985 CVE-2017-8350 openSUSE Leap 42.2 This update for bind fixes the following issues: - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into (1) providing an AXFR of a zone to an unauthorized recipient and (2) accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142] - An attacker who with the ability to send and receive messages to an authoritative DNS server and who had knowledge of a valid TSIG key name for the zone and service being targeted was able to manipulate BIND into accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143] This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1046554 SUSE bug 1046555 CVE-2017-3142 CVE-2017-3143 openSUSE Leap 42.2 This update for libICE fixes the following issues: - CVE-2017-2626: Creation of the ICE auth session cookies used insufficient randomness, making these cookies predictable. A more random generation method has been implemented. (boo#1025068) Moderate SUSE bug 1025068 CVE-2017-2626 openSUSE Leap 42.2 This update for libquicktime fixes the following issues: * CVE-2017-9122: A DoS in quicktime_read_moov function in moov.c via acrafted mp4 file was fixed. (boo#1044077) * CVE-2017-9123: An invalid memory read in lqt_frame_duration via a crafted mp4 file was fixed. (boo#1044009) * CVE-2017-9124: A NULL pointer dereference in quicktime_match_32 via a crafted mp4 file was fixed. (boo#1044008) * CVE-2017-9125: A DoS in lqt_frame_duration function in lqt_quicktime.c via crafted mp4 file was fixed. (boo#1044122) * CVE-2017-9126: A heap-based buffer overflow in quicktime_read_dref_table via a crafted mp4 file was fixed. (boo#1044006) * CVE-2017-9127: A heap-based buffer overflow in quicktime_user_atoms_read_atom via a crafted mp4 file was fixed. (boo#1044002) * CVE-2017-9128: A heap-based buffer over-read in quicktime_video_width via a crafted mp4 file was fixed. (boo#1044000) Moderate SUSE bug 1044000 SUSE bug 1044002 SUSE bug 1044006 SUSE bug 1044008 SUSE bug 1044009 SUSE bug 1044077 SUSE bug 1044122 CVE-2017-9122 CVE-2017-9123 CVE-2017-9124 CVE-2017-9125 CVE-2017-9126 CVE-2017-9127 CVE-2017-9128 openSUSE Leap 42.2 This update for apache2 provides the following fixes: Security issues fixed: - CVE-2017-3167: In Apache use of httpd ap_get_basic_auth_pw() outside of the authentication phase could lead to authentication requirements bypass (bsc#1045065) - CVE-2017-3169: In mod_ssl may have a dereference NULL pointer issue which could lead to denial of service (bsc#1045062) - CVE-2017-7679: In mod_mime can buffer over-read by 1 byte, potentially leading to a crash or information disclosure (bsc#1045060) Non-Security issues fixed: - Remove /usr/bin/http2 symlink only during apache2 package uninstall, not upgrade. (bsc#1041830) - In gensslcert, use hostname when fqdn is too long. (bsc#1035829) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1035829 SUSE bug 1041830 SUSE bug 1045060 SUSE bug 1045062 SUSE bug 1045065 CVE-2017-3167 CVE-2017-3169 CVE-2017-7679 openSUSE Leap 42.2 This update for dovecot22 to version 2.2.30.2 fixes the following issues: This security issue was fixed: - CVE-2017-2669: Don't double-expand %variables in keys. If dict was used as the authentication passdb, using specially crafted %variables in the username could be used to cause DoS (bsc#1032248) Additionally stronger SSL default ciphers are now used. This non-security issue was fixed: - Remove all references /etc/ssl/certs/. It should not be used anymore (bsc#932386) The version 2.2.30.2 also includes many fixes and enhancements: - Multiple failed authentications within short time caused crashes. - Use timing safe comparisons for everything related to passwords. - Master process now sends SIGQUIT to all running children at shutdown, which instructs them to close all the socket listeners immediately. Restarting Dovecot should no longer fail due to some processes keeping the listeners open for a long time. - Add passdb { mechanisms=none } to match separate passdb lookup. - Add passdb { username_filter } to use passdb only if user matches the filter. - Add dsync_commit_msgs_interval setting. It attempts to commit the transaction after saving this many new messages. - Support imapc_features=search without ESEARCH extension. - Add imapc_features=fetch-bodystructure to pass through remote server's FETCH BODY and BODYSTRUCTURE. - Add quota=imapc backend to use GETQUOTA/GETQUOTAROOT on the remote server. - Add allow_invalid_cert and ssl_ca_file parameters. - If dovecot.index.cache corruption is detected, reset only the one corrupted mail instead of the whole file. - Add "firstsaved" field to doveadm mailbox status. - Add old host's up/down and vhost count as parameters to director_flush_socket. - More fixes to automatically fix corruption in dovecot.list.index. - Fix support for dsync_features=empty-header-workaround. - IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't enabled modseq tracking via CONDSTORE/QRESYNC. - Fix fts-lucene it to work again with mbox format. - Some internal error messages may have contained garbage in v2.2.29. - Re-encrypt when copying/moving mails and per-mailbox keys are used, otherwise the copied mails can't be opened. This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1032248 SUSE bug 854512 SUSE bug 932386 CVE-2017-2669 openSUSE Leap 42.2 This update for vim fixes the following issues: Security issues fixed: - CVE-2017-5953: Fixed a possible overflow with corrupted spell file (bsc#1024724) - CVE-2017-6350: Fixed a possible overflow when reading a corrupted undo file (bsc#1027053) - CVE-2017-6349: Fixed a possible overflow when reading a corrupted undo file (bsc#1027057) Non security issues fixed: - Speed up YAML syntax highlighting (bsc#1018870) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1018870 SUSE bug 1024724 SUSE bug 1027053 SUSE bug 1027057 CVE-2017-5953 CVE-2017-6349 CVE-2017-6350 openSUSE Leap 42.2 This update for libXdmcp fixes the following issues: - CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable (boo#1025046) Moderate SUSE bug 1025046 CVE-2017-2625 openSUSE Leap 42.2 This update for php7 fixes the following security issues: - CVE-2017-9224: stack out-of-bounds read occurs in match_at() could lead to Denial of service (bsc#1040891) - CVE-2017-9226: heap out-of-bounds write orread occurs in next_state_val() could lead to Denial of service(bsc#1040889) - CVE-2017-9227: stack out-of-bounds read in mbc_enc_len() could lead to Denial of service (bsc#1040883) - CVE-2017-6441: The _zval_get_long_func_ex in Zend/zend_operators.c in PHP allowed attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script (bsc#1032155). - CVE-2016-6294: The locale_accept_from_http function in ext/intl/locale/locale_methods.c did not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument (bsc#1035111). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1032155 SUSE bug 1035111 SUSE bug 1040883 SUSE bug 1040889 SUSE bug 1040891 CVE-2016-6294 CVE-2017-6441 CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 openSUSE Leap 42.2 This update for libxml2 fixes the following issues: Security issues fixed: * CVE-2017-7376: Increase buffer space for port in HTTP redirect support (bsc#1044887) * CVE-2017-7375: Prevent unwanted external entity reference (bsc#1044894) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1044887 SUSE bug 1044894 CVE-2017-7375 CVE-2017-7376 openSUSE Leap 42.2 This update for libgcrypt fixes the following issues: - CVE-2017-7526: Hardening against a local side-channel attack in RSA key handling has been added (bsc#1046607) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1046607 CVE-2017-7526 openSUSE Leap 42.2 This update for irssi to version fixes the following issues: - CVE-2017-10965: A malicious server could cause irssi to crash by providing an invalid timestamp - CVE-2017-10966: Undefined behavior may be triggered when irssi updates the internal nick list A number of minor upstream bug fixes are also included. Moderate SUSE bug 1047709 CVE-2017-10965 CVE-2017-10966 openSUSE Leap 42.2 The openSUSE Leap 42.2 kernel was updated to 4.4.74 to receive various security and bugfixes. This update fixes some long standing btrfs issues. The following security bugs were fixed: - CVE-2017-7518: A KVM debug exception in the syscall handling was fixed which might have been used for local privilege escalation. (bnc#1045922). - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation. (bnc#1039354). The following non-security bugs were fixed: - bluetooth: hidp: fix possible might sleep error in hidp_session_thread (bsc#1031784). - btrfs: disable possible cause of premature ENOSPC (bsc#1040182) - btrfs: Manually implement device_total_bytes getter/setter (bsc#1043912). - btrfs: Round down values which are written for total_bytes_size (bsc#1043912). - drm/i915: Serialize GTT/Aperture accesses on BXT (bsc#1046821). - Fix kABI breakage by KVM CVE fix (bsc#1045922). - hpsa: limit transfer length to 1MB (bsc#1025461). - hwpoison, memcg: forcibly uncharge LRU pages (bnc#1046105). - ibmvnic: Fix assignment of RX/TX IRQ's (bsc#1046589). - iw_cxgb4: Fix error return code in c4iw_rdev_open() (bsc#1026570). - iwlwifi: 8000: fix MODULE_FIRMWARE input (FATE#321353, FATE#323335). - iwlwifi: 9000: increase the number of queues (FATE#321353, FATE#323335). - iwlwifi: add device ID for 8265 (FATE#321353, FATE#323335). - iwlwifi: add device IDs for the 8265 device (FATE#321353, FATE#323335). - iwlwifi: add disable_11ac module param (FATE#321353, FATE#323335). - iwlwifi: add new 3168 series devices support (FATE#321353, FATE#323335). - iwlwifi: add new 8260 PCI IDs (FATE#321353, FATE#323335). - iwlwifi: add new 8265 (FATE#321353, FATE#323335). - iwlwifi: add new 8265 series PCI ID (FATE#321353, FATE#323335). - iwlwifi: Add new PCI IDs for 9260 and 5165 series (FATE#321353, FATE#323335). - iwlwifi: Add PCI IDs for the new 3168 series (FATE#321353, FATE#323335). - iwlwifi: Add PCI IDs for the new series 8165 (FATE#321353, FATE#323335). - iwlwifi: add support for 12K Receive Buffers (FATE#321353, FATE#323335). - iwlwifi: add support for getting HW address from CSR (FATE#321353, FATE#323335). - iwlwifi: avoid d0i3 commands when no/init ucode is loaded (FATE#321353, FATE#323335). - iwlwifi: bail out in case of bad trans state (FATE#321353, FATE#323335). - iwlwifi: block the queues when we send ADD_STA for uAPSD (FATE#321353, FATE#323335). - iwlwifi: change the Intel Wireless email address (FATE#321353, FATE#323335). - iwlwifi: change the Intel Wireless email address (FATE#321353, FATE#323335). - iwlwifi: check for valid ethernet address provided by OEM (FATE#321353, FATE#323335). - iwlwifi: clean up transport debugfs handling (FATE#321353, FATE#323335). - iwlwifi: clear ieee80211_tx_info->driver_data in the op_mode (FATE#321353, FATE#323335). - iwlwifi: Document missing module options (FATE#321353, FATE#323335). - iwlwifi: dump prph registers in a common place for all transports (FATE#321353, FATE#323335). - iwlwifi: dvm: advertise NETIF_F_SG (FATE#321353, FATE#323335). - iwlwifi: dvm: fix compare_const_fl.cocci warnings (FATE#321353, FATE#323335). - iwlwifi: dvm: handle zero brightness for wifi LED (FATE#321353, FATE#323335). - iwlwifi: dvm: remove a wrong dependency on m (FATE#321353, FATE#323335). - iwlwifi: dvm: remove Kconfig default (FATE#321353, FATE#323335). - iwlwifi: dvm: remove stray debug code (FATE#321353, FATE#323335). - iwlwifi: export the _no_grab version of PRPH IO functions (FATE#321353, FATE#323335). - iwlwifi: expose fw usniffer mode to more utilities (FATE#321353, FATE#323335). - iwlwifi: fix double hyphen in MODULE_FIRMWARE for 8000 (FATE#321353, FATE#323335). - iwlwifi: Fix firmware name maximum length definition (FATE#321353, FATE#323335). - iwlwifi: fix name of ucode loaded for 8265 series (FATE#321353, FATE#323335). - iwlwifi: fix printf specifier (FATE#321353, FATE#323335). - iwlwifi: generalize d0i3_entry_timeout module parameter (FATE#321353, FATE#323335). - iwlwifi: mvm: adapt the firmware assert log to new firmware (FATE#321353, FATE#323335). - iwlwifi: mvm: add 9000-series RX API (FATE#321353, FATE#323335). - iwlwifi: mvm: add 9000 series RX processing (FATE#321353, FATE#323335). - iwlwifi: mvm: add a non-trigger window to fw dbg triggers (FATE#321353, FATE#323335). - iwlwifi: mvm: add an option to start rs from HT/VHT rates (FATE#321353, FATE#323335). - iwlwifi: mvm: Add a station in monitor mode (FATE#321353, FATE#323335). - iwlwifi: mvm: add bt rrc and ttc to debugfs (FATE#321353, FATE#323335). - iwlwifi: mvm: add bt settings to debugfs (FATE#321353, FATE#323335). - iwlwifi: mvm: add ctdp operations to debugfs (FATE#321353, FATE#323335). - iwlwifi: mvm: add CT-KILL notification (FATE#321353, FATE#323335). - iwlwifi: mvm: add debug print if scan config is ignored (FATE#321353, FATE#323335). - iwlwifi: mvm: add extended dwell time (FATE#321353, FATE#323335). - iwlwifi: mvm: add new ADD_STA command version (FATE#321353, FATE#323335). - iwlwifi: mvm: Add P2P client snoozing (FATE#321353, FATE#323335). - iwlwifi: mvm: add registration to cooling device (FATE#321353, FATE#323335). - iwlwifi: mvm: add registration to thermal zone (FATE#321353, FATE#323335). - iwlwifi: mvm: add support for negative temperatures (FATE#321353, FATE#323335). - iwlwifi: mvm: add tlv for multi queue rx support (FATE#321353, FATE#323335). - iwlwifi: mvm: add trigger for firmware dump upon TDLS events (FATE#321353, FATE#323335). - iwlwifi: mvm: add trigger for firmware dump upon TX response status (FATE#321353, FATE#323335). - iwlwifi: mvm: advertise NETIF_F_SG (FATE#321353, FATE#323335). - iwlwifi: mvm: Align bt-coex priority with requirements (FATE#321353, FATE#323335). - iwlwifi: mvm: allow to disable beacon filtering for AP/GO interface (FATE#321353, FATE#323335). - iwlwifi: mvm: avoid harmless -Wmaybe-uninialized warning (FATE#321353, FATE#323335). - iwlwifi: mvm: avoid panics with thermal device usage (FATE#321353, FATE#323335). - iwlwifi: mvm: avoid to WARN about gscan capabilities (FATE#321353, FATE#323335). - iwlwifi: mvm: bail out if CTDP start operation fails (FATE#321353, FATE#323335). - iwlwifi: mvm: bump firmware API to 21 (FATE#321353, FATE#323335). - iwlwifi: mvm: bump max API to 20 (FATE#321353, FATE#323335). - iwlwifi: mvm: change access to ieee80211_hdr (FATE#321353, FATE#323335). - iwlwifi: mvm: change iwl_mvm_get_key_sta_id() to return the station (FATE#321353, FATE#323335). - iwlwifi: mvm: change mcc update API (FATE#321353, FATE#323335). - iwlwifi: mvm: change name of iwl_mvm_d3_update_gtk (FATE#321353, FATE#323335). - iwlwifi: mvm: Change number of associated stations when station becomes associated (FATE#321353, FATE#323335). - iwlwifi: mvm: change protocol offload flows (FATE#321353, FATE#323335). - iwlwifi: mvm: change the check for ADD_STA status (FATE#321353, FATE#323335). - iwlwifi: mvm: check FW's response for nvm access write cmd (FATE#321353, FATE#323335). - iwlwifi: mvm: check iwl_mvm_wowlan_config_key_params() return value (FATE#321353, FATE#323335). - iwlwifi: mvm: check minimum temperature notification length (FATE#321353, FATE#323335). - iwlwifi: mvm: cleanup roc te on restart cleanup (FATE#321353, FATE#323335). - iwlwifi: mvm: Configure fragmented scan for scheduled scan (FATE#321353, FATE#323335). - iwlwifi: mvm: configure scheduled scan according to traffic conditions (FATE#321353, FATE#323335). - iwlwifi: mvm: constify the parameters of a few functions in fw-dbg.c (FATE#321353, FATE#323335). - iwlwifi: mvm: Disable beacon storing in D3 when WOWLAN configured (FATE#321353, FATE#323335). - iwlwifi: mvm: disable DQA support (FATE#321353, FATE#323335). - iwlwifi: mvm: do not ask beacons when P2P GO vif and no assoc sta (FATE#321353, FATE#323335). - iwlwifi: mvm: do not keep an mvm ref when the interface is down (FATE#321353, FATE#323335). - iwlwifi: mvm: do not let NDPs mess the packet tracking (FATE#321353, FATE#323335). - iwlwifi: mvm: do not restart HW if suspend fails with unified image (FATE#321353, FATE#323335). - iwlwifi: mvm: Do not switch to D3 image on suspend (FATE#321353, FATE#323335). - iwlwifi: mvm: do not try to offload AES-CMAC in AP/IBSS modes (FATE#321353, FATE#323335). - iwlwifi: mvm: drop low_latency_agg_frame_cnt_limit (FATE#321353, FATE#323335). - iwlwifi: mvm: dump more registers upon error (FATE#321353, FATE#323335). - iwlwifi: mvm: dump the radio registers when the firmware crashes (FATE#321353, FATE#323335). - iwlwifi: mvm: enable L3 filtering (FATE#321353, FATE#323335). - iwlwifi: mvm: Enable MPLUT only on supported hw (FATE#321353, FATE#323335). - iwlwifi: mvm: enable VHT MU-MIMO for supported hardware (FATE#321353, FATE#323335). - iwlwifi: mvm: extend time event duration (FATE#321353, FATE#323335). - iwlwifi: mvm: fix accessing Null pointer during fw dump collection (FATE#321353, FATE#323335). - iwlwifi: mvm: fix d3_test with unified D0/D3 images (FATE#321353, FATE#323335). - iwlwifi: mvm: fix debugfs signedness warning (FATE#321353, FATE#323335). - iwlwifi: mvm: fix extended dwell time (FATE#321353, FATE#323335). - iwlwifi: mvm: fix incorrect fallthrough in iwl_mvm_check_running_scans() (FATE#321353, FATE#323335). - iwlwifi: mvm: fix memory leaks in error paths upon fw error dump (FATE#321353, FATE#323335). - iwlwifi: mvm: fix netdetect starting/stopping for unified images (FATE#321353, FATE#323335). - iwlwifi: mvm: fix RSS key sizing (FATE#321353, FATE#323335). - iwlwifi: mvm: fix unregistration of thermal in some error flows (FATE#321353, FATE#323335). - iwlwifi: mvm: flush all used TX queues before suspending (FATE#321353, FATE#323335). - iwlwifi: mvm: forbid U-APSD for P2P Client if the firmware does not support it (FATE#321353, FATE#323335). - iwlwifi: mvm: handle pass all scan reporting (FATE#321353, FATE#323335). - iwlwifi: mvm: ignore LMAC scan notifications when running UMAC scans (FATE#321353, FATE#323335). - iwlwifi: mvm: infrastructure for frame-release message (FATE#321353, FATE#323335). - iwlwifi: mvm: kill iwl_mvm_enable_agg_txq (FATE#321353, FATE#323335). - iwlwifi: mvm: let the firmware choose the antenna for beacons (FATE#321353, FATE#323335). - iwlwifi: mvm: make collecting fw debug data optional (FATE#321353, FATE#323335). - iwlwifi: mvm: move fw-dbg code to separate file (FATE#321353, FATE#323335). - iwlwifi: mvm: only release the trans ref if d0i3 is supported in fw (FATE#321353, FATE#323335). - iwlwifi: mvm: prepare the code towards TSO implementation (FATE#321353, FATE#323335). - iwlwifi: mvm: refactor d3 key update functions (FATE#321353, FATE#323335). - iwlwifi: mvm: refactor the way fw_key_table is handled (FATE#321353, FATE#323335). - iwlwifi: mvm: remove an extra tab (FATE#321353, FATE#323335). - iwlwifi: mvm: Remove bf_vif from iwl_power_vifs (FATE#321353, FATE#323335). - iwlwifi: mvm: Remove iwl_mvm_update_beacon_abort (FATE#321353, FATE#323335). - iwlwifi: mvm: remove redundant d0i3 flag from the config struct (FATE#321353, FATE#323335). - iwlwifi: mvm: remove shadowing variable (FATE#321353, FATE#323335). - iwlwifi: mvm: remove stray nd_config element (FATE#321353, FATE#323335). - iwlwifi: mvm: remove the vif parameter of iwl_mvm_configure_bcast_filter() (FATE#321353, FATE#323335). - iwlwifi: mvm: remove unnecessary check in iwl_mvm_is_d0i3_supported() (FATE#321353, FATE#323335). - iwlwifi: mvm: remove useless WARN_ON and rely on cfg80211's combination (FATE#321353, FATE#323335). - iwlwifi: mvm: report wakeup for wowlan (FATE#321353, FATE#323335). - iwlwifi: mvm: reset mvm->scan_type when firmware is started (FATE#321353, FATE#323335). - iwlwifi: mvm: return the cooling state index instead of the budget (FATE#321353, FATE#323335). - iwlwifi: mvm: ROC: cleanup time event info on FW failure (FATE#321353, FATE#323335). - iwlwifi: mvm: ROC: Extend the ROC max delay duration & limit ROC duration (FATE#321353, FATE#323335). - iwlwifi: mvm: rs: fix a potential out of bounds access (FATE#321353, FATE#323335). - iwlwifi: mvm: rs: fix a theoretical access to uninitialized array elements (FATE#321353, FATE#323335). - iwlwifi: mvm: rs: fix a warning message (FATE#321353, FATE#323335). - iwlwifi: mvm: rs: fix TPC action decision algorithm (FATE#321353, FATE#323335). - iwlwifi: mvm: rs: fix TPC statistics handling (FATE#321353, FATE#323335). - iwlwifi: mvm: Send power command on BSS_CHANGED_BEACON_INFO if needed (FATE#321353, FATE#323335). - iwlwifi: mvm: set default new STA as non-aggregated (FATE#321353, FATE#323335). - iwlwifi: mvm: set the correct amsdu enum values (FATE#321353, FATE#323335). - iwlwifi: mvm: set the correct descriptor size for tracing (FATE#321353, FATE#323335). - iwlwifi: mvm: small update in the firmware API (FATE#321353, FATE#323335). - iwlwifi: mvm: support A-MSDU in A-MPDU (FATE#321353, FATE#323335). - iwlwifi: mvm: support beacon storing (FATE#321353, FATE#323335). - iwlwifi: mvm: support description for user triggered fw dbg collection (FATE#321353, FATE#323335). - iwlwifi: mvm: support rss queues configuration command (FATE#321353, FATE#323335). - iwlwifi: mvm: Support setting continuous recording debug mode (FATE#321353, FATE#323335). - iwlwifi: mvm: support setting minimum quota from debugfs (FATE#321353, FATE#323335). - iwlwifi: mvm: support sw queue start/stop from mvm (FATE#321353, FATE#323335). - iwlwifi: mvm: take care of padded packets (FATE#321353, FATE#323335). - iwlwifi: mvm: take the transport ref back when leaving (FATE#321353, FATE#323335). - iwlwifi: mvm: track low-latency sources separately (FATE#321353, FATE#323335). - iwlwifi: mvm: update GSCAN capabilities (FATE#321353, FATE#323335). - iwlwifi: mvm: update ucode status before stopping device (FATE#321353, FATE#323335). - iwlwifi: mvm: use build-time assertion for fw trigger ID (FATE#321353, FATE#323335). - iwlwifi: mvm: use firmware station lookup, combine code (FATE#321353, FATE#323335). - iwlwifi: mvm: various trivial cleanups (FATE#321353, FATE#323335). - iwlwifi: mvm: writing zero bytes to debugfs causes a crash (FATE#321353, FATE#323335). - iwlwifi: nvm: fix loading default NVM file (FATE#321353, FATE#323335). - iwlwifi: nvm: fix up phy section when reading it (FATE#321353, FATE#323335). - iwlwifi: pcie: add 9000 series multi queue rx DMA support (FATE#321353, FATE#323335). - iwlwifi: pcie: add infrastructure for multi-queue rx (FATE#321353, FATE#323335). - iwlwifi: pcie: add initial RTPM support for PCI (FATE#321353, FATE#323335). - iwlwifi: pcie: Add new configuration to enable MSIX (FATE#321353, FATE#323335). - iwlwifi: pcie: add pm_prepare and pm_complete ops (FATE#321353, FATE#323335). - iwlwifi: pcie: add RTPM support when wifi is enabled (FATE#321353, FATE#323335). - iwlwifi: pcie: aggregate Flow Handler configuration writes (FATE#321353, FATE#323335). - iwlwifi: pcie: allow the op_mode to block the tx queues (FATE#321353, FATE#323335). - iwlwifi: pcie: allow to pretend to have Tx CSUM for debug (FATE#321353, FATE#323335). - iwlwifi: pcie: avoid restocks inside rx loop if not emergency (FATE#321353, FATE#323335). - iwlwifi: pcie: buffer packets to avoid overflowing Tx queues (FATE#321353, FATE#323335). - iwlwifi: pcie: build an A-MSDU using TSO core (FATE#321353, FATE#323335). - iwlwifi: pcie: configure more RFH settings (FATE#321353, FATE#323335). - iwlwifi: pcie: detect and workaround invalid write ptr behavior (FATE#321353, FATE#323335). - iwlwifi: pcie: do not increment / decrement a bool (FATE#321353, FATE#323335). - iwlwifi: pcie: enable interrupts before releasing the NIC's CPU (FATE#321353, FATE#323335). - iwlwifi: pcie: enable multi-queue rx path (FATE#321353, FATE#323335). - iwlwifi: pcie: extend device reset delay (FATE#321353, FATE#323335). - iwlwifi: pcie: fine tune number of rxbs (FATE#321353, FATE#323335). - iwlwifi: pcie: fix a race in firmware loading flow (FATE#321353, FATE#323335). - iwlwifi: pcie: fix erroneous return value (FATE#321353, FATE#323335). - iwlwifi: pcie: fix global table size (FATE#321353, FATE#323335). - iwlwifi: pcie: fix identation in trans.c (FATE#321353, FATE#323335). - iwlwifi: pcie: fix RF-Kill vs. firmware load race (FATE#321353, FATE#323335). - iwlwifi: pcie: forbid RTPM on device removal (FATE#321353, FATE#323335). - iwlwifi: pcie: mark command queue lock with separate lockdep class (FATE#321353, FATE#323335). - iwlwifi: pcie: prevent skbs shadowing in iwl_trans_pcie_reclaim (FATE#321353, FATE#323335). - iwlwifi: pcie: refactor RXBs reclaiming code (FATE#321353, FATE#323335). - iwlwifi: pcie: remove ICT allocation message (FATE#321353, FATE#323335). - iwlwifi: pcie: remove pointer from debug message (FATE#321353, FATE#323335). - iwlwifi: pcie: re-organize code towards TSO (FATE#321353, FATE#323335). - iwlwifi: pcie: set RB chunk size back to 64 (FATE#321353, FATE#323335). - iwlwifi: pcie: update iwl_mpdu_desc fields (FATE#321353, FATE#323335). - iwlwifi: print index in api/capa flags parsing message (FATE#321353, FATE#323335). - iwlwifi: refactor the code that reads the MAC address from the NVM (FATE#321353, FATE#323335). - iwlwifi: remove IWL_DL_LED (FATE#321353, FATE#323335). - iwlwifi: remove unused parameter from grab_nic_access (FATE#321353, FATE#323335). - iwlwifi: replace d0i3_mode and wowlan_d0i3 with more generic variables (FATE#321353, FATE#323335). - iwlwifi: set max firmware version of 7265 to 17 (FATE#321353, FATE#323335). - iwlwifi: support ucode with d0 unified image - regular and usniffer (FATE#321353, FATE#323335). - iwlwifi: trans: make various conversion macros inlines (FATE#321353, FATE#323335). - iwlwifi: trans: support a callback for ASYNC commands (FATE#321353, FATE#323335). - iwlwifi: treat iwl_parse_nvm_data() MAC addr as little endian (FATE#321353, FATE#323335). - iwlwifi: tt: move ucode_loaded check under mutex (FATE#321353, FATE#323335). - iwlwifi: uninline iwl_trans_send_cmd (FATE#321353, FATE#323335). - iwlwifi: update host command messages to new format (FATE#321353, FATE#323335). - iwlwifi: Update PCI IDs for 8000 and 9000 series (FATE#321353, FATE#323335). - iwlwifi: update support for 3168 series firmware and NVM (FATE#321353, FATE#323335). - iwlwifi: various comments and code cleanups (FATE#321353, FATE#323335). - kabi: ignore fs_info parameter for tracepoints that didn't have it (bsc#1044912). - kabi/severities: ignore kABi changes in iwlwifi stuff itself - powerpc/ftrace: Pass the correct stack pointer for DYNAMIC_FTRACE_WITH_REGS (FATE#322421). - printk: Correctly handle preemption in console_unlock() (bsc#1046434). - printk/xen: Force printk sync mode when migrating Xen guest (bsc#1043347). - RDMA/iw_cxgb4: Always wake up waiter in c4iw_peer_abort_intr() (bsc#1026570). - smartpqi: limit transfer length to 1MB (bsc#1025461). - tty: Destroy ldisc instance on hangup (bnc#1043488). - tty: Fix ldisc crash on reopened tty (bnc#1043488). - tty: Handle NULL tty->ldisc (bnc#1043488). - tty: Move tty_ldisc_kill() (bnc#1043488). - tty: Prepare for destroying line discipline on hangup (bnc#1043488). - tty: Refactor tty_ldisc_reinit() for reuse (bnc#1043488). - tty: Reset c_line from driver's init_termios (bnc#1043488). - tty: Simplify tty_set_ldisc() exit handling (bnc#1043488). - tty: Use 'disc' for line discipline index name (bnc#1043488). - Update config files: add CONFIG_IWLWIFI_PCIE_RTPM=y (FATE#323335) - Update patches.fixes/nfs-svc-rdma.fix (bsc#1044854). Fix bsc reference - Update patches.fixes/xfs-split-default-quota-limits-by-quota-type.patch (bsc#1040941). Fix the bug nr used. Important SUSE bug 1025461 SUSE bug 1026570 SUSE bug 1031784 SUSE bug 1039354 SUSE bug 1040182 SUSE bug 1040941 SUSE bug 1043347 SUSE bug 1043488 SUSE bug 1043912 SUSE bug 1044854 SUSE bug 1044912 SUSE bug 1045922 SUSE bug 1046105 SUSE bug 1046434 SUSE bug 1046589 SUSE bug 1046821 CVE-2017-1000365 CVE-2017-7518 openSUSE Leap 42.2 This update for xen fixes several issues. These security issues were fixed: - CVE-2017-10912: Page transfer might have allowed PV guest to elevate privilege (XSA-217, bsc#1042882) - CVE-2017-10913 CVE-2017-10914: Races in the grant table unmap code allowed for informations leaks and potentially privilege escalation (XSA-218, bsc#1042893) - CVE-2017-10915: Insufficient reference counts during shadow emulation allowed a malicious pair of guest to elevate their privileges to the privileges that XEN runs under (XSA-219, bsc#1042915) - CVE-2017-10917: Missing NULL pointer check in event channel poll allows guests to DoS the host (XSA-221, bsc#1042924) - CVE-2017-10918: Stale P2M mappings due to insufficient error checking allowed malicious guest to leak information or elevate privileges (XSA-222, bsc#1042931) - CVE-2017-10920, CVE-2017-10921, CVE-2017-10922: Grant table operations mishandled reference counts allowing malicious guests to escape (XSA-224, bsc#1042938) - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042160) - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037243) - PKRU and BND* leakage between vCPU-s might have leaked information to other guests (XSA-220, bsc#1042923) These non-security issues were fixed: - bsc#1027519: Included various upstream patches - bsc#1035642: Ensure that rpmbuild works This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1027519 SUSE bug 1035642 SUSE bug 1037243 SUSE bug 1042160 SUSE bug 1042882 SUSE bug 1042893 SUSE bug 1042915 SUSE bug 1042923 SUSE bug 1042924 SUSE bug 1042931 SUSE bug 1042938 CVE-2017-10912 CVE-2017-10913 CVE-2017-10914 CVE-2017-10915 CVE-2017-10917 CVE-2017-10918 CVE-2017-10920 CVE-2017-10921 CVE-2017-10922 CVE-2017-8309 CVE-2017-9330 openSUSE Leap 42.2 This update for spice fixes the following issues: - CVE-2017-7506: A possible buffer overflow via invalid monitor configurations (bsc#1046779) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1046779 CVE-2017-7506 openSUSE Leap 42.2 This update for systemd fixes the following issues: Security issue fixed: - CVE-2017-9217: resolved: Fix null pointer p->question dereferencing that could lead to resolved aborting (bsc#1040614) The update also fixed several non-security bugs: - core/mount: Use the "-c" flag to not canonicalize paths when calling /bin/umount - automount: Handle expire_tokens when the mount unit changes its state (bsc#1040942) - automount: Rework propagation between automount and mount units - build: Make sure tmpfiles.d/systemd-remote.conf get installed when necessary - build: Fix systemd-journal-upload installation - basic: Detect XEN Dom0 as no virtualization (bsc#1036873) - virt: Make sure some errors are not ignored - fstab-generator: Do not skip Before= ordering for noauto mountpoints - fstab-gen: Do not convert device timeout into seconds when initializing JobTimeoutSec - core/device: Use JobRunningTimeoutSec= for device units (bsc#1004995) - fstab-generator: Apply the _netdev option also to device units (bsc#1004995) - job: Add JobRunningTimeoutSec for JOB_RUNNING state (bsc#1004995) - job: Ensure JobRunningTimeoutSec= survives serialization (bsc#1004995) - rules: Export NVMe WWID udev attribute (bsc#1038865) - rules: Introduce disk/by-id (model_serial) symbolic links for NVMe drives - rules: Add rules for NVMe devices - sysusers: Make group shadow support configurable (bsc#1029516) - core: When deserializing a unit, fully restore its cgroup state (bsc#1029102) - core: Introduce cg_mask_from_string()/cg_mask_to_string() - core:execute: Fix handling failures of calling fork() in exec_spawn() (bsc#1040258) - Fix systemd-sysv-convert when a package starts shipping service units (bsc#982303) The database might be missing when upgrading a package which was shipping no sysv init scripts nor unit files (at the time --save was called) but the new version start shipping unit files. - Disable group shadow support (bsc#1029516) - Only check signature job error if signature job exists (bsc#1043758) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1004995 SUSE bug 1029102 SUSE bug 1029516 SUSE bug 1036873 SUSE bug 1038865 SUSE bug 1040258 SUSE bug 1040614 SUSE bug 1040942 SUSE bug 1043758 SUSE bug 982303 CVE-2017-9217 openSUSE Leap 42.2 LibreOffice was updated to version 5.3.3.2, bringing new features and enhancements: Writer: - New "Go to Page" dialog for quickly jumping to another page. - Support for "Table Styles". - New drawing tools were added. - Improvements in the toolbar. - Borderless padding is displayed. Calc: - New drawing tools were added. - In new installations the default setting for new documents is now "Enable wildcards in formulas" instead of regular expressions. - Improved compatibility with ODF 1.2 Impress: - Images inserted via "Photo Album" can now be linked instead of embedded in the document. - When launching Impress, a Template Selector allows you to choose a Template to start with. - Two new default templates: Vivid and Pencil. - All existing templates have been improved. Draw: - New arrow endings, including Crow's foot notation's ones. Base: - Firebird has been upgraded to version 3.0.0. It is unable to read back Firebird 2.5 data, so embedded Firebird odb files created in LibreOffice version up to 5.2 cannot be opened with LibreOffice 5.3. Some security issues have also been fixed: - CVE-2017-7870: An out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function. - CVE-2017-7882: An out-of-bounds write related to the HWPFile::TagsRead function. - CVE-2017-8358: an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function. - CVE-2016-10327: An out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function. - CVE-2017-9433: An out-of-bounds write caused by a heap-based buffer overflow related to the MsWrd1Parser::readFootnoteCorrespondance function in libmwaw. A comprehensive list of new features and changes in this release is available at: https://wiki.documentfoundation.org/ReleaseNotes/5.3 This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1015115 SUSE bug 1015118 SUSE bug 1015360 SUSE bug 1017925 SUSE bug 1021369 SUSE bug 1021373 SUSE bug 1028817 SUSE bug 1034192 SUSE bug 1034329 SUSE bug 1034568 SUSE bug 1035087 SUSE bug 1036975 SUSE bug 1042828 SUSE bug 948058 SUSE bug 959926 SUSE bug 962777 SUSE bug 972777 SUSE bug 975283 SUSE bug 976831 CVE-2016-10327 CVE-2017-7870 CVE-2017-7882 CVE-2017-8358 CVE-2017-9433 openSUSE Leap 42.2 This update for libcares2 fixes the following issues: - CVE-2017-1000381: A NAPTR parser out of bounds access was fixed that could lead to crashes. (bsc#1044946) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1044946 CVE-2017-1000381 openSUSE Leap 42.2 This update for encfs fixes the following issues: - A new option --require-macs was added to address CVE-2014-3462 (boo#878257) This will now trigger a warning if MAC headers were disabled via configuration. In addition, encfs was updated to 1.8.1 including all upstream improvements and fixes. Moderate SUSE bug 878257 CVE-2014-3462 openSUSE Leap 42.2 This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042159). - CVE-2017-8379: Memory leak in the keyboard input event handlers support allowed local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events (bsc#1037334). - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037242). - CVE-2017-7493: The VirtFS, host directory sharing via Plan 9 File System(9pfs) support, was vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could have used this flaw to escalate their privileges inside guest (bsc#1039495). - CVE-2017-7377: The v9fs_create and v9fs_lcreate functions in hw/9pfs/9p.c allowed local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid (bsc#1032075). - CVE-2017-8086: A memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c allowed local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable (bsc#1035950). - CVE-2017-5973: A infinite loop while doing control transfer in xhci_kick_epctx allowed privileged user inside the guest to crash the host process resulting in DoS (bsc#1025109) - CVE-2017-5987: The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c allowed local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer (bsc#1025311). - CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028184) - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028656) - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034908) - CVE-2017-7980: An out-of-bounds r/w access issues in the Cirrus CLGD 54xx VGA Emulator support allowed privileged user inside guest to use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code on a host with privileges of Qemu process on the host (bsc#1035406) - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count (bsc#1036211). - CVE-2017-9375: The USB xHCI controller emulator support was vulnerable to an infinite recursive call loop issue, which allowed a privileged user inside guest to crash the Qemu process resulting in DoS (bsc#1042800). - CVE-2017-9374: Missing free of 's->ipacket', causes a host memory leak, allowing for DoS (bsc#1043073). - CVE-2017-9373: The IDE AHCI Emulation support was vulnerable to a host memory leakage issue, which allowed a privileged user inside guest to leak host memory resulting in DoS (bsc#1042801). - CVE-2017-8380: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to an out-of-bounds read access issue which allowed a privileged user inside guest to read host memory resulting in DoS (bsc#1037336). - CVE-2016-9602: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper link following issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1020427). - CVE-2017-7471: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper access control issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1034866). - Fix privilege escalation in TCG mode of QEMU. This is not considered a security issue by the upstream project, but is included as additional hardening (bsc#1030624) - Fix potential DoS in virtfs - CVE-2016-10028: The Virtio GPU Device emulator support was vulnerable to an out of bounds memory access issue allowing a guest user to crash the Qemu process instance on a host, resulting in DoS (bsc#1017084, bsc#1016503) - CVE-2016-10029: The Virtio GPU Device emulator support was vulnerable to an OOB read issue allowing a guest user to crash the Qemu process instance resulting in Dos (bsc#1017081, bsc#1016504) - CVE-2017-5579: The 16550A UART serial device emulation support was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021741) - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a null pointer dereference issue which allowed a privileged user inside guest to crash the Qemu process on the host resulting in DoS (bsc#1043296). This non-security issue was fixed: - Enable MONITOR/MWAIT support for guests (bsc#1031142) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1016503 SUSE bug 1016504 SUSE bug 1017081 SUSE bug 1017084 SUSE bug 1020427 SUSE bug 1021741 SUSE bug 1025109 SUSE bug 1025311 SUSE bug 1028184 SUSE bug 1028656 SUSE bug 1030624 SUSE bug 1031142 SUSE bug 1032075 SUSE bug 1034866 SUSE bug 1034908 SUSE bug 1035406 SUSE bug 1035950 SUSE bug 1036211 SUSE bug 1037242 SUSE bug 1037334 SUSE bug 1037336 SUSE bug 1039495 SUSE bug 1042159 SUSE bug 1042800 SUSE bug 1042801 SUSE bug 1043073 SUSE bug 1043296 CVE-2016-10028 CVE-2016-10029 CVE-2016-9602 CVE-2016-9603 CVE-2017-5579 CVE-2017-5973 CVE-2017-5987 CVE-2017-6505 CVE-2017-7377 CVE-2017-7471 CVE-2017-7493 CVE-2017-7718 CVE-2017-7980 CVE-2017-8086 CVE-2017-8112 CVE-2017-8309 CVE-2017-8379 CVE-2017-8380 CVE-2017-9330 CVE-2017-9373 CVE-2017-9374 CVE-2017-9375 CVE-2017-9503 openSUSE Leap 42.2 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-10684: Possible RCE via stack-based buffer overflow in the fmt_entry function. (bsc#1046858) - CVE-2017-10685: Possible RCE with format string vulnerability in the fmt_entry function. (bsc#1046853) Bugfixes: - Drop patch ncurses-5.9-environment.dif as YaST2 ncurses GUI does not need it anymore and as well as it causes bug bsc#1000662 This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1000662 SUSE bug 1046853 SUSE bug 1046858 CVE-2017-10684 CVE-2017-10685 openSUSE Leap 42.2 This update for gnutls fixes the following issues: - GNUTLS-SA-2017-4 / CVE-2017-7507: Fix crash in status response TLS extension decoding (bsc#1043398) - GNUTLS-SA-2017-3 / CVE-2017-7869: Fix out-of-bounds write in OpenPGP certificate decoding (bsc#1034173) - Address read of 4 bytes past the end of buffer in OpenPGP certificate parsing (bsc#1038337) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1034173 SUSE bug 1038337 SUSE bug 1043398 CVE-2017-7507 CVE-2017-7869 openSUSE Leap 42.2 This update for xorg-x11-server fixes the following issues: - CVE-2017-10971: Fix endianess handling of GenericEvent to prevent a stack overflow by clients. (bnc#1035283) - Make sure the type of all events to be sent by ProcXSendExtensionEvent are in the allowed range. - CVE-2017-10972: Initialize the xEvent eventT with zeros to avoid information leakage. - Improve retrieval of entropy for generating random authentication cookies (boo#1025084) Important SUSE bug 1025084 SUSE bug 1035283 CVE-2017-10971 CVE-2017-10972 openSUSE Leap 42.2 This update for catdoc fixes the following issues: - CVE-2017-11110: Attackers may have used specially crafted files to cause a denial of service through a heap-based buffer under-flow and application crash, or have unspecified other impact (boo#1047877) Moderate SUSE bug 1047877 CVE-2017-11110 openSUSE Leap 42.2 This update for evince fixes the following issues: - CVE-2017-1000083: Remote attackers could have used the comicbook mode of evince to inject shell code. (bsc#1046856, bgo#784630) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1046856 CVE-2017-1000083 openSUSE Leap 42.2 This update for rubygem-puppet fixes the following issues: - CVE-2017-2295: A remote attacker could have forced unsafe YAML deserialization which could have led to code execution (bsc#1040151) Important SUSE bug 1040151 CVE-2017-2295 openSUSE Leap 42.2 This update to Wireshark 2.2.8 fixes some minor vulnerabilities could be used to trigger dissector crashes, infinite loops, or cause excessive use of memory resources by making Wireshark read specially crafted packages from the network or a capture file: - CVE-2017-7702,CVE-2017-11410: WBMXL dissector infinite loop (wnpa-sec-2017-13) - CVE-2017-9350,CVE-2017-11411: openSAFETY dissector memory exhaustion (wnpa-sec-2017-28) - CVE-2017-11408: AMQP dissector crash (wnpa-sec-2017-34) - CVE-2017-11407: MQ dissector crash (wnpa-sec-2017-35) - CVE-2017-11406: DOCSIS infinite loop (wnpa-sec-2017-36) Moderate SUSE bug 1049255 SUSE bug 1049621 CVE-2017-11406 CVE-2017-11407 CVE-2017-11408 CVE-2017-11410 CVE-2017-11411 CVE-2017-7702 CVE-2017-9350 openSUSE Leap 42.2 This update for gsoap fixes the following security issue: - CVE-2017-9765: A remote attacker may have triggered a buffer overflow to cause a server crash (denial of service) after sending 2GB of a specially crafted XML message, or possibly have unspecified futher impact. (bsc#1049348) Moderate SUSE bug 1049348 CVE-2017-9765 openSUSE Leap 42.2 This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-9262: Multiple integer overflows in the jas_realloc function in base/jas_malloc.c and mem_resize function in base/jas_stream.c allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities. (bsc#1009994) - CVE-2016-9388: The ras_getcmap function in ras_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010975) - CVE-2016-9389: The jpc_irct and jpc_iict functions in jpc_mct.c allow remote attackers to cause a denial of service (assertion failure). (bsc#1010968) - CVE-2016-9390: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010774) - CVE-2016-9391: The jpc_bitstream_getbits function in jpc_bs.c allows remote attackers to cause a denial of service (assertion failure) via a very large integer. (bsc#1010782) - CVE-2017-1000050: The jp2_encode function in jp2_enc.c allows remote attackers to cause a denial of service. (bsc#1047958) CVEs already fixed with previous update: - CVE-2016-9392: The calcstepsizes function in jpc_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010757) - CVE-2016-9393: The jpc_pi_nextrpcl function in jpc_t2cod.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010766) - CVE-2016-9394: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010756) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1009994 SUSE bug 1010756 SUSE bug 1010757 SUSE bug 1010766 SUSE bug 1010774 SUSE bug 1010782 SUSE bug 1010968 SUSE bug 1010975 SUSE bug 1047958 CVE-2016-9262 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2017-1000050 openSUSE Leap 42.2 This update for the_silver_searcher to version 2.0.0 fixes a minor security issue and includes various improvements. New and updated functionality: - New and updated support for various file types - Performance improvements, including faster substring search - Add --print-all-files options to print all files searched - Add support for inverting ignore rules (e.g. !blah.txt) - Add zsh completion function The following functionality has changed: - No longer read from .agignore, .ignore is used The following potential security issue was fixed: - Heap buffer overflow when searching an absolute path (boo#1050057) The following bug fixes are included: - Fix context line printing when reading from a pipe - Ignore local-domain socket just like named pipes - Fix --word-regexp not applying to alternates Moderate SUSE bug 1050057 openSUSE Leap 42.2 This update for GraphicsMagick fixes the following issue: - CVE-2017-11403: A specially crafted PNG file may have have triggerd a use-after-free flaw (boo#1049072) Moderate SUSE bug 1049072 CVE-2017-11403 openSUSE Leap 42.2 This update Chromium to version 60.0.3112.78 fixes security issue and bugs. The following security issues were fixed: * CVE-2017-5091: Use after free in IndexedDB * CVE-2017-5092: Use after free in PPAPI * CVE-2017-5093: UI spoofing in Blink * CVE-2017-5094: Type confusion in extensions * CVE-2017-5095: Out-of-bounds write in PDFium * CVE-2017-5096: User information leak via Android intents * CVE-2017-5097: Out-of-bounds read in Skia * CVE-2017-5098: Use after free in V8 * CVE-2017-5099: Out-of-bounds write in PPAPI * CVE-2017-5100: Use after free in Chrome Apps * CVE-2017-5101: URL spoofing in OmniBox * CVE-2017-5102: Uninitialized use in Skia * CVE-2017-5103: Uninitialized use in Skia * CVE-2017-5104: UI spoofing in browser * CVE-2017-7000: Pointer disclosure in SQLite * CVE-2017-5105: URL spoofing in OmniBox * CVE-2017-5106: URL spoofing in OmniBox * CVE-2017-5107: User information leak via SVG * CVE-2017-5108: Type confusion in PDFium * CVE-2017-5109: UI spoofing in browser * CVE-2017-5110: UI spoofing in payments dialog * Various fixes from internal audits, fuzzing and other initiatives A number of upstream bugfixes are also included in this release. Important SUSE bug 1050537 CVE-2017-5091 CVE-2017-5092 CVE-2017-5093 CVE-2017-5094 CVE-2017-5095 CVE-2017-5096 CVE-2017-5097 CVE-2017-5098 CVE-2017-5099 CVE-2017-5100 CVE-2017-5101 CVE-2017-5102 CVE-2017-5103 CVE-2017-5104 CVE-2017-5105 CVE-2017-5106 CVE-2017-5107 CVE-2017-5108 CVE-2017-5109 CVE-2017-5110 CVE-2017-7000 openSUSE Leap 42.2 This update for python-pycrypto fixes the following issues: - A heap buffer overflow in the AES module was fixed that could have lead to remote code execution, if the mode of operation can be specified from the outside (CVE-2013-7459, boo#1017420). Important SUSE bug 1017420 CVE-2013-7459 openSUSE Leap 42.2 This update for apache2 fixes the following issues: Security issue fixed: - CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest. (bsc#1048576) Bug fixes: - Include individual sysconfig.d files instead of the whole sysconfig.d directory. - Include sysconfig.d/include.conf after httpd.conf is processed. (bsc#1023616, bsc#1043055) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1023616 SUSE bug 1043055 SUSE bug 1048576 CVE-2017-9788 openSUSE Leap 42.2 This update for mysql-community-server to version 5.6.37 fixes security issues and bugs. The following vulnerabilities were fixed: - CVE-2017-3633: Memcached unspecified vulnerability (boo#1049394) - CVE-2017-3634: DML unspecified vulnerability (boo#1049396) - CVE-2017-3635: C API unspecified vulnerability (boo#1049398) - CVE-2017-3636: Client programs unspecified vulnerability (boo#1049399) - CVE-2017-3641: DML unspecified vulnerability (boo#1049404) - CVE-2017-3647: Replication unspecified vulnerability (boo#1049410) - CVE-2017-3648: Charsets unspecified vulnerability (boo#1049411) - CVE-2017-3649: Replication unspecified vulnerability (boo#1049412) - CVE-2017-3651: Client mysqldump unspecified vulnerability (boo#1049415) - CVE-2017-3652: DDL unspecified vulnerability (boo#1049416) - CVE-2017-3653: DDL unspecified vulnerability (boo#1049417) - CVE-2017-3732: Security, Encryption unspecified vulnerability (boo#1049421) The following general changes are included: - switch systemd unit file from 'Restart=on-failure' to 'Restart=on-abort' - update file lists for new man-pages and tools (for mariadb) For a list of upstream changes in this release, see: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-37.html Moderate SUSE bug 1049394 SUSE bug 1049396 SUSE bug 1049398 SUSE bug 1049399 SUSE bug 1049404 SUSE bug 1049410 SUSE bug 1049411 SUSE bug 1049412 SUSE bug 1049415 SUSE bug 1049416 SUSE bug 1049417 SUSE bug 1049421 SUSE bug 1049422 CVE-2017-3633 CVE-2017-3634 CVE-2017-3635 CVE-2017-3636 CVE-2017-3641 CVE-2017-3647 CVE-2017-3648 CVE-2017-3649 CVE-2017-3651 CVE-2017-3652 CVE-2017-3653 CVE-2017-3732 openSUSE Leap 42.2 This update for nginx fixes the following issues: - CVE-2017-7529: A remote attacker could have used specially crafted requests to trigger an integer overflow the nginx range filter module to leak potentially sensitive information (boo#1048265) Moderate SUSE bug 1048265 CVE-2017-7529 openSUSE Leap 42.2 This update for libical fixes the following issues: Security issues fixed: - CVE-2016-5824: libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. (bsc#986639) - CVE-2016-5827: The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted string to the icalparser_parse_string function. (bsc#986631) - CVE-2016-9584: libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file. (bsc#1015964) Bug fixes: - libical crashes while parsing timezones (bsc#1044995) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1015964 SUSE bug 1044995 SUSE bug 986631 SUSE bug 986639 CVE-2016-5824 CVE-2016-5827 CVE-2016-9584 openSUSE Leap 42.2 This update for icoutils fixes the following issues: - CVE-2017-6009: Buffer Overflows in wrestool (bsc#1025703) - CVE-2017-6010, CVE-2017-6011: out-of-bounds read leading to a buffer overflow in the "simple_vec" function (bsc#1025700) Moderate SUSE bug 1025700 SUSE bug 1025703 CVE-2017-6009 CVE-2017-6010 CVE-2017-6011 openSUSE Leap 42.2 This update for poppler fixes the following issues: Security issues fixed: - CVE-2017-9775: DoS stack buffer overflow in GfxState.cc in pdftocairo via a crafted PDF document (bsc#1045719) - CVE-2017-9776: DoS integer overflow leading to heap buffer overflow in JBIG2Stream.cc via a crafted PDF document (bsc#1045721) - CVE-2017-7515: Stack exhaustion due to infinite recursive call in pdfunite (bsc#1043088) - CVE-2017-7511: Null pointer dereference in pdfunite via crafted documents (bsc#1041783) - CVE-2017-9406: Memory leak in the gmalloc function in gmem.cc (bsc#1042803) - CVE-2017-9408: Memory leak in the Object::initArray function (bsc#1042802) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1041783 SUSE bug 1042802 SUSE bug 1042803 SUSE bug 1043088 SUSE bug 1045719 SUSE bug 1045721 CVE-2017-7511 CVE-2017-7515 CVE-2017-9406 CVE-2017-9408 CVE-2017-9775 CVE-2017-9776 openSUSE Leap 42.2 This update for cacti, cacti-spine fixes the following issues: - CVE-2017-12065: Possible code execution via avgnan, outlier-start, or outlier-end parameter (bsc#1051633) - CVE-2017-11691: XSS in auth_profile.php allows remote attackers to inject arbitrary JS via specially crafted HTTP Referer headers (bsc#1050950) - CVE-2017-10970: XSS Issue in link.php bsc#1047512 - CVE-2017-11163: XSS Issue in lib/html_form.php bsc#1048102 In addition, cacti and cacti-spine were updated to the current stable release 1.1.16, containing all upstream improvements and bugfixes. Moderate SUSE bug 1047512 SUSE bug 1048102 SUSE bug 1050950 SUSE bug 1051633 CVE-2017-10970 CVE-2017-11163 CVE-2017-11691 CVE-2017-12065 openSUSE Leap 42.2 The openSUSE Leap 42.2 kernel was updated to 4.4.79 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bnc#1049882). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bnc#1049483). - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet (bnc#1049645). - CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering object-initialization failures (bnc#1047277). The following non-security bugs were fixed: - acpi / processor: Avoid reserving IO regions too early (bsc#1051478). - af_key: Add lock to key dump (bsc#1047653). - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354). - alsa: fm801: Initialize chip after IRQ handler is registered (bsc#1031717). - alsa: hda - Fix endless loop of codec configure (bsc#1031717). - alsa: hda - set input_path bitmap to zero after moving it to new place (bsc#1031717). - b43: Add missing MODULE_FIRMWARE() (bsc#1037344). - bcache: force trigger gc (bsc#1038078). - bcache: only recovery I/O error for writethrough mode (bsc#1043652). - bdi: Fix use-after-free in wb_congested_put() (bsc#1040307). - blacklist 2400fd822f46 powerpc/asm: Mark cr0 as clobbered in mftb() - blacklist.conf: - blacklist.conf: 1151f838cb62 is high-risk and we're not aware of any systems that might need it in SP2. - blacklist.conf: 8b8642af15ed not a supported driver - blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061) - blacklist.conf: add inapplicable commits for wifi (bsc#1031717) - blacklist.conf: add unapplicable/cosmetic iwlwifi fixes (bsc#1031717). - blacklist.conf: add unapplicable drm fixes (bsc#1031717). - blacklist.conf: Blacklist 4e201566402c ('genirq/msi: Drop artificial PCI dependency') (bsc#1051478) This commit just removes an include and does not fix a real issue. - blacklist.conf: blacklist 7b73305160f1, unneeded cleanup - blacklist.conf: Blacklist aa2369f11ff7 ('mm/gup.c: fix access_ok() argument type') (bsc#1051478) Fixes only a compile-warning. - blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix timeout test in test_nmi_ipi()') It only fixes a self-test (bsc#1051478). - blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog: Fix Kconfig help text file path reference to lockup watchdog documentation') Updates only kconfig help-text (bsc#1051478). - blacklist.conf: Blacklist e80e7edc55ba ('PCI/MSI: Initialize MSI capability for all architectures') This only fixes machines not supported by our kernels. - blacklist.conf: build time cleanup our kernel compiles. No need to shut up warnings nobody looks at - blacklist.conf: cleanup, no bugs fixed - blacklist.conf: cxgb4 commit does not fit for SP2 - blacklist.conf: da0510c47519fe0999cffe316e1d370e29f952be # FRV not applicable to SLE - blacklist.conf: Do not need 55d728a40d36, we do it differently in SLE - blacklist.conf: kABI breakage This touches struct device. - blacklist.conf: lp8788 is not compiled - blacklist.conf: unneeded Fixing debug statements on BE systems for IrDA - blkfront: add uevent for size change (bnc#1036632). - block: Allow bdi re-registration (bsc#1040307). - block: Fix front merge check (bsc#1051239). - block: Make del_gendisk() safer for disks without queues (bsc#1040307). - block: Move bdi_unregister() to del_gendisk() (bsc#1040307). - brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain (bsc#1031717). - btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286). - btrfs: Add WARN_ON for qgroup reserved underflow (bsc#1031515). - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - btrfs: fix lockup in find_free_extent with read-only block groups (bsc#1046682). - btrfs: incremental send, fix invalid path for link commands (bsc#1051479). - btrfs: incremental send, fix invalid path for unlink commands (bsc#1051479). - btrfs: resume qgroup rescan on rw remount (bsc#1047152). - btrfs: send, fix invalid path after renaming and linking file (bsc#1051479). - cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476). - crypto: s5p-sss - fix incorrect usage of scatterlists api (bsc#1048317). - cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc# 1045154). - cxl: Unlock on error in probe (bsc#1034762, Pending SUSE Kernel Fixes). - dentry name snapshots (bsc#1049483). - dm: fix second blk_delay_queue() parameter to be in msec units not (bsc#1047670). - drivers: hv: Fix the bug in generating the guest ID (fate#320485). - drivers: hv: util: Fix a typo (fate#320485). - drivers: hv: vmbus: Get the current time from the current clocksource (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693). - drivers: hv: vmbus: Increase the time between retries in vmbus_post_msg() (fate#320485, bnc#1044112). - drivers: hv: vmbus: Move the code to signal end of message (fate#320485). - drivers: hv: vmbus: Move the definition of generate_guest_id() (fate#320485). - drivers: hv: vmbus: Move the definition of hv_x64_msr_hypercall_contents (fate#320485). - drivers: hv: vmbus: Restructure the clockevents code (fate#320485). - drm/amdgpu: Fix overflow of watermark calcs at > 4k resolutions (bsc#1031717). - drm/bochs: Implement nomodeset (bsc#1047096). - drm/i915/fbdev: Stop repeating tile configuration on stagnation (bsc#1031717). - drm/i915: Fix scaler init during CRTC HW state readout (bsc#1031717). - drm/virtio: do not leak bo on drm_gem_object_init failure (bsc#1047277). - drm/vmwgfx: Fix large topology crash (bsc#1048155). - drm/vmwgfx: Support topology greater than texture size (bsc#1048155). - drop patches; obsoleted by 'scsi: Add STARGET_CREATE_REMOVE state' - efi/libstub: Skip GOP with PIXEL_BLT_ONLY format (bnc#974215). - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: avoid unnecessary stalls in ext4_evict_inode() (bsc#1049486). - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors (bsc#1012829). - Fix kABI breakage by KVM CVE fix (bsc#1045922). - fs/fcntl: f_setown, avoid undefined behaviour (bnc#1006180). - gcov: add support for gcc version >= 6 (bsc#1051663). - gcov: support GCC 7.1 (bsc#1051663). - gfs2: fix flock panic issue (bsc#1012829). - hrtimer: Catch invalid clockids again (bsc#1047651). - hrtimer: Revert CLOCK_MONOTONIC_RAW support (bsc#1047651). - hv_utils: drop .getcrosststamp() support from PTP driver (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693). - hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693). - hv_util: switch to using timespec64 (fate#320485). - i2c: designware-baytrail: fix potential null pointer dereference on dev (bsc#1011913). - i40e: add hw struct local variable (bsc#1039915). - i40e: add private flag to control source pruning (bsc#1034075). - i40e: add VSI info to macaddr messages (bsc#1039915). - i40e: avoid looping to check whether we're in VLAN mode (bsc#1039915). - i40e: avoid O(n^2) loop when deleting all filters (bsc#1039915). - i40e: delete filter after adding its replacement when converting (bsc#1039915). - i40e: do not add broadcast filter for VFs (bsc#1039915). - i40e: do not allow i40e_vsi_(add|kill)_vlan to operate when VID<1 (bsc#1039915). - i40e: drop is_vf and is_netdev fields in struct i40e_mac_filter (bsc#1039915). - i40e: enable VSI broadcast promiscuous mode instead of adding broadcast filter (bsc#1039915). - i40e: factor out addition/deletion of VLAN per each MAC address (bsc#1039915). - i40e: fix MAC filters when removing VLANs (bsc#1039915). - i40e: fold the i40e_is_vsi_in_vlan check into i40e_put_mac_in_vlan (bsc#1039915). - i40e: implement __i40e_del_filter and use where applicable (bsc#1039915). - i40e: make use of __dev_uc_sync and __dev_mc_sync (bsc#1039915). - i40e: move all updates for VLAN mode into i40e_sync_vsi_filters (bsc#1039915). - i40e: move i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (bsc#1039915). - i40e: no need to check is_vsi_in_vlan before calling i40e_del_mac_all_vlan (bsc#1039915). - i40e: properly cleanup on allocation failure in i40e_sync_vsi_filters (bsc#1039915). - i40e: recalculate vsi->active_filters from hash contents (bsc#1039915). - i40e: refactor i40e_put_mac_in_vlan to avoid changing f->vlan (bsc#1039915). - i40e: refactor i40e_update_filter_state to avoid passing aq_err (bsc#1039915). - i40e: refactor Rx filter handling (bsc#1039915). - i40e: Removal of workaround for simple MAC address filter deletion (bsc#1039915). - i40e: remove code to handle dev_addr specially (bsc#1039915). - i40e: removed unreachable code (bsc#1039915). - i40e: remove duplicate add/delete adminq command code for filters (bsc#1039915). - i40e: remove second check of VLAN_N_VID in i40e_vlan_rx_add_vid (bsc#1039915). - i40e: rename i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (bsc#1039915). - i40e: restore workaround for removing default MAC filter (bsc#1039915). - i40e: set broadcast promiscuous mode for each active VLAN (bsc#1039915). - i40e: store MAC/VLAN filters in a hash with the MAC Address as key (bsc#1039915). - i40e: use (add|rm)_vlan_all_mac helper functions when changing PVID (bsc#1039915). - i40e: when adding or removing MAC filters, correctly handle VLANs (bsc#1039915). - i40e: When searching all MAC/VLAN filters, ignore removed filters (bsc#1039915). - i40e: write HENA for VFs (bsc#1039915). - iio: hid-sensor: fix return of -EINVAL on invalid values in ret or value (bsc#1031717). - Input: gpio-keys - fix check for disabling unsupported keys (bsc#1031717). - introduce the walk_process_tree() helper (bnc#1022476). - ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output (bsc#1041958). - ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output (bsc#1041958). - iwlwifi: mvm: compare full command ID (FATE#321353, FATE#323335). - iwlwifi: mvm: reset the fw_dump_desc pointer after ASSERT (bsc#1031717). - iwlwifi: mvm: synchronize firmware DMA paging memory (FATE#321353, FATE#323335). - iwlwifi: mvm: unconditionally stop device after init (bsc#1031717). - iwlwifi: mvm: unmap the paging memory before freeing it (FATE#321353, FATE#323335). - iwlwifi: pcie: fix command completion name debug (bsc#1031717). - kABI-fix for "x86/panic: replace smp_send_stop() with kdump friendly version in panic path" (bsc#1051478). - kABI: protect lwtunnel include in ip6_route.h (kabi). - kABI: protect struct iscsi_tpg_attrib (kabi). - kABI: protect struct tpm_chip (kabi). - kABI: protect struct xfrm_dst (kabi). - kABI: protect struct xfrm_dst (kabi). - kvm: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC (bsc#1051478). - kvm: nVMX: Fix nested_vmx_check_msr_bitmap_controls (bsc#1051478). - kvm: nVMX: Fix nested VPID vmx exec control (bsc#1051478). - kvm: x86: avoid simultaneous queueing of both IRQ and SMI (bsc#1051478). - mac80211_hwsim: Replace bogus hrtimer clockid (bsc#1047651). - md: fix sleep in atomic (bsc#1040351). - mm: adaptive hash table scaling (bnc#1036303). - mm-adaptive-hash-table-scaling-v5 (bnc#1036303). - mm: call page_ext_init() after all struct pages are initialized (VM Debugging Functionality, bsc#1047048). - mm: drop HASH_ADAPT (bnc#1036303). - mm: fix classzone_idx underflow in shrink_zones() (VM Functionality, bsc#1042314). - mm: make PR_SET_THP_DISABLE immediately active (bnc#1048891). - More Git-commit header fixups No functional change intended. - mwifiex: do not update MCS set from hostapd (bsc#1031717). - net: account for current skb length when deciding about UFO (bsc#1041958). - net: ena: add hardware hints capability to the driver (bsc#1047121). - net: ena: add missing return when ena_com_get_io_handlers() fails (bsc#1047121). - net: ena: add missing unmap bars on device removal (bsc#1047121). - net: ena: add reset reason for each device FLR (bsc#1047121). - net: ena: add support for out of order rx buffers refill (bsc#1047121). - net: ena: allow the driver to work with small number of msix vectors (bsc#1047121). - net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121). - net: ena: change return value for unsupported features unsupported return value (bsc#1047121). - net: ena: change sizeof() argument to be the type pointer (bsc#1047121). - net: ena: disable admin msix while working in polling mode (bsc#1047121). - net: ena: fix bug that might cause hang after consecutive open/close interface (bsc#1047121). - net: ena: fix race condition between submit and completion admin command (bsc#1047121). - net: ena: fix rare uncompleted admin command false alarm (bsc#1047121). - net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121). - net: ena: separate skb allocation to dedicated function (bsc#1047121). - net: ena: update driver's rx drop statistics (bsc#1047121). - net: ena: update ena driver to version 1.1.7 (bsc#1047121). - net: ena: update ena driver to version 1.2.0 (bsc#1047121). - net: ena: use lower_32_bits()/upper_32_bits() to split dma address (bsc#1047121). - net: ena: use napi_schedule_irqoff when possible (bsc#1047121). - net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish() (bsc#1042286). - net/mlx5: Fix driver load error flow when firmware is stuck (git-fixes). - net: phy: Do not perform software reset for Generic PHY (bsc#1042286). - nfs: Cache aggressively when file is open for writing (bsc#1033587). - nfs: Do not flush caches for a getattr that races with writeback (bsc#1033587). - nfs: invalidate file size when taking a lock (git-fixes). - nfs: only invalidate dentrys that are clearly invalid (bsc#1047118). - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ocfs2: fix deadlock caused by recursive locking in xattr (bsc#1012829). - ocfs2: Make ocfs2_set_acl() static (bsc#1030552). - pci: Add Mellanox device IDs (bsc#1051478). - pci: Convert Mellanox broken INTx quirks to be for listed devices only (bsc#1051478). - pci: Correct PCI_STD_RESOURCE_END usage (bsc#1051478). - pci: dwc: dra7xx: Use RW1C for IRQSTATUS_MSI and IRQSTATUS_MAIN (bsc#1051478). - pci: dwc: Fix uninitialized variable in dw_handle_msi_irq() (bsc#1051478). - pci: Enable ECRC only if device supports it (bsc#1051478). - PCI / PM: Fix native PME handling during system suspend/resume (bsc#1051478). - pci: Support INTx masking on ConnectX-4 with firmware x.14.1100+ (bsc#1051478). - perf/x86: Fix spurious NMI with PEBS Load Latency event (bsc#1051478). - perf/x86/intel: Cure bogus unwind from PEBS entries (bsc#1051478). - perf/x86/intel: Fix PEBSv3 record drain (bsc#1051478). - platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB to no_hw_rfkill dmi list (bsc#1051022). - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add Y520-15IKBN to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add Y700 15-ACZ to no_hw_rfkill DMI list (bsc#1051022). - platform/x86: ideapad-laptop: Add Y720-15IKBN to no_hw_rfkill (bsc#1051022). - Pm / Hibernate: Fix scheduling while atomic during hibernation (bsc#1051059). - prctl: propagate has_child_subreaper flag to every descendant (bnc#1022476). - README.BRANCH: Add Oliver as openSUSE-42.2 branch co-maintainer - Refresh patches.kabi/Fix-kABI-breakage-by-KVM-CVE-fix.patch. Fix a stupid bug where the VCPU_REGS_TF shift was used as a mask. - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6" (bsc#1031717). - Revert "Add "shutdown" to "struct class"." (kabi). - Revert "kvm: x86: fix emulation of RSM and IRET instructions" (kabi). - Revert "mm/list_lru.c: fix list_lru_count_node() to be race free" (kabi). - Revert "powerpc/numa: Fix percpu allocations to be NUMA aware" (bsc#1048914). - Revert "tpm: Issue a TPM2_Shutdown for TPM2 devices." (kabi). - rpm/kernel-binary.spec.in: find-debuginfo.sh should not touch build-id This needs rpm-4.14+ (bsc#964063). - sched/core: Allow __sched_setscheduler() in interrupts when PI is not used (bnc#1022476). - sched/debug: Print the scheduler topology group mask (bnc#1022476). - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1022476). - sched/fair: Fix O(nr_cgroups) in load balance path (bnc#1022476). - sched/fair: Use task_groups instead of leaf_cfs_rq_list to walk all cfs_rqs (bnc#1022476). - sched/topology: Add sched_group_capacity debugging (bnc#1022476). - sched/topology: Fix building of overlapping sched-groups (bnc#1022476). - sched/topology: Fix overlapping sched_group_capacity (bnc#1022476). - sched/topology: Move comment about asymmetric node setups (bnc#1022476). - sched/topology: Refactor function build_overlap_sched_groups() (bnc#1022476). - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1022476). - sched/topology: Simplify build_overlap_sched_groups() (bnc#1022476). - sched/topology: Small cleanup (bnc#1022476). - sched/topology: Verify the first group matches the child domain (bnc#1022476). - scsi: Add STARGET_CREATE_REMOVE state to scsi_target_state (bsc#1013887). - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221). - scsi: kABI fix for new state STARGET_CREATED_REMOVE (bsc#1013887). - scsi: storvsc: Workaround for virtual DVD SCSI version (fate#320485, bnc#1044636). - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - sr9700: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - sysctl: do not print negative flag for proc_douintvec (bnc#1046985). - timers: Plug locking race vs. timer migration (bnc#1022476). - udf: Fix deadlock between writeback and udf_setsize() (bsc#1012829). - udf: Fix races with i_size changes during readpage (bsc#1012829). - x86/LDT: Print the real LDT base address (bsc#1051478). - x86/mce: Make timer handling more robust (bsc#1042422). - x86/panic: replace smp_send_stop() with kdump friendly version in panic path (bsc#1051478). - xen: allocate page for shared info page from low memory (bnc#1038616). - xen/balloon: do not online new memory initially (bnc#1028173). - xen: hold lock_device_hotplug throughout vcpu hotplug operations (bsc#1042422). - xen-netfront: Rework the fix for Rx stall during OOM and network stress (git-fixes). - xen/pvh*: Support > 32 VCPUs at domain restore (bnc#1045563). - xfrm: NULL dereference on allocation failure (bsc#1047343). - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653). - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1050188). - xfs: Do not clear SGID when inheriting ACLs (bsc#1030552). Important SUSE bug 1006180 SUSE bug 1011913 SUSE bug 1012829 SUSE bug 1013887 SUSE bug 1022476 SUSE bug 1028173 SUSE bug 1028286 SUSE bug 1029693 SUSE bug 1030552 SUSE bug 1031515 SUSE bug 1031717 SUSE bug 1033587 SUSE bug 1034075 SUSE bug 1034762 SUSE bug 1036303 SUSE bug 1036632 SUSE bug 1037344 SUSE bug 1038078 SUSE bug 1038616 SUSE bug 1039915 SUSE bug 1040307 SUSE bug 1040351 SUSE bug 1041958 SUSE bug 1042286 SUSE bug 1042314 SUSE bug 1042422 SUSE bug 1042778 SUSE bug 1043652 SUSE bug 1044112 SUSE bug 1044636 SUSE bug 1045154 SUSE bug 1045563 SUSE bug 1045922 SUSE bug 1046682 SUSE bug 1046985 SUSE bug 1047048 SUSE bug 1047096 SUSE bug 1047118 SUSE bug 1047121 SUSE bug 1047152 SUSE bug 1047277 SUSE bug 1047343 SUSE bug 1047354 SUSE bug 1047651 SUSE bug 1047653 SUSE bug 1047670 SUSE bug 1048155 SUSE bug 1048221 SUSE bug 1048317 SUSE bug 1048891 SUSE bug 1048914 SUSE bug 1049483 SUSE bug 1049486 SUSE bug 1049603 SUSE bug 1049645 SUSE bug 1049882 SUSE bug 1050061 SUSE bug 1050188 SUSE bug 1051022 SUSE bug 1051059 SUSE bug 1051239 SUSE bug 1051478 SUSE bug 1051479 SUSE bug 1051663 SUSE bug 964063 SUSE bug 974215 CVE-2017-10810 CVE-2017-11473 CVE-2017-7533 CVE-2017-7541 CVE-2017-7542 openSUSE Leap 42.2 The Software Update Stack was updated to receive fixes and enhancements. libzypp: Security issues fixed: - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned repositories and packages. (bsc#1045735, bsc#1038984) Bug fixes: - Re-probe on refresh if the repository type changes. (bsc#1048315) - Propagate proper error code to DownloadProgressReport. (bsc#1047785) - Allow to trigger an appdata refresh unconditionally. (bsc#1009745) - Support custom repo variables defined in /etc/zypp/vars.d. - Adapt loop mounting of ISO images. (bsc#1038132, bsc#1033236) - Fix potential crash if repository has no baseurl. (bsc#1043218) zypper: - Adapt download callback to report and handle unsigned packages. (bsc#1038984) - Report missing/optional files as 'not found' rather than 'error'. (bsc#1047785) - Document support for custom repository variables defined in /etc/zypp/vars.d. - Emphasize that it depends on how fast PackageKit will respond to a 'quit' request sent if PK blocks package management. This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1009745 SUSE bug 1031756 SUSE bug 1033236 SUSE bug 1038132 SUSE bug 1038984 SUSE bug 1043218 SUSE bug 1045735 SUSE bug 1047785 SUSE bug 1048315 CVE-2017-7435 CVE-2017-7436 CVE-2017-9269 openSUSE Leap 42.2 This update for pspp fixes the following issues: CVE-2017-10792: Crafted input could have allowed a denial of service attack via a NULL pointer dereference in ll_insert (boo#1046997) CVE-2017-10791: Crafted input could have allowed a denial of service attack via an integer overflow in the hash_int library (boo#1046998) Moderate SUSE bug 1046997 SUSE bug 1046998 CVE-2017-10791 CVE-2017-10792 openSUSE Leap 42.2 This update for wget fixes the following issues: Security issues fixed: - CVE-2016-7098: Fixed a potential race condition by creating files with .tmp ext and making them accessible to the current user only. (bsc#995964) Non security issues fixed: - bsc#1005091: Don't call xfree() on string returned by usr_error() - bsc#1012677: Add support for enforcing TLSv1.1 and TLSv1.2 (TLS 1.2 support was already present, but it was not enforcable). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1005091 SUSE bug 1012677 SUSE bug 995964 CVE-2016-7098 openSUSE Leap 42.2 This update for rubygem-rubyzip fixes the following issues: - CVE-2017-5946: A directory traversal vulnerability could lead to access and overwrite files that are outside of the restricted directory (boo#1027050) Moderate SUSE bug 1027050 CVE-2017-5946 openSUSE Leap 42.2 This update for nasm fixes the following issues: Security issues fixed: - CVE-2017-10686: Multiple heap use after free vulnerabilities. (bsc#1047936) - CVE-2017-11111: Heap-based buffer overflow and application crash. (bsc#1047925) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1047925 SUSE bug 1047936 CVE-2017-10686 CVE-2017-11111 openSUSE Leap 42.2 This MariaDB update to version 10.0.31 GA fixes the following issues: Security issues fixed: - CVE-2017-3308: Subcomponent: Server: DML: Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) - CVE-2017-3309: Subcomponent: Server: Optimizer: Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) - CVE-2017-3453: Subcomponent: Server: Optimizer: Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) - CVE-2017-3456: Subcomponent: Server: DML: Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) - CVE-2017-3464: Subcomponent: Server: DDL: Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) Bug fixes: - switch from 'Restart=on-failure' to 'Restart=on-abort' in mysql.service in order to follow the upstream. It also fixes hanging mysql-systemd-helper when mariadb fails (e.g. because of the misconfiguration) (bsc#963041) - XtraDB updated to 5.6.36-82.0 - TokuDB updated to 5.6.36-82.0 - Innodb updated to 5.6.36 - Performance Schema updated to 5.6.36 Release notes and changelog: - https://kb.askmonty.org/en/mariadb-10031-release-notes - https://kb.askmonty.org/en/mariadb-10031-changelog This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1048715 SUSE bug 963041 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 openSUSE Leap 42.2 This update for libsoup fixes the following issues: - A bug in the HTTP Chunked Encoding code has been fixed that could have been exploited by attackers to cause a stack-based buffer overflow in client or server code running libsoup (bsc#1052916, CVE-2017-2885). This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1052916 CVE-2017-2885 openSUSE Leap 42.2 This update librsvg to version 2.40.18 fixes the following issues: Security issue fixed: - CVE-2017-11464: A SIGFPE is raised in the function box_blur_line of rsvg-filter.c. (bsc#1049607) This update was imported from the SUSE:SLE-12-SP2:Update update project. Low SUSE bug 1049607 CVE-2017-11464 openSUSE Leap 42.2 This update for ark fixes the following issues: - CVE-2017-5330: ark could run executable scripts when clicking on them (boo#1018648) Low SUSE bug 1018648 CVE-2017-5330 openSUSE Leap 42.2 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-11112: Illegal address access in append_acs. (bsc#1047964) - CVE-2017-11113: Dereferencing NULL pointer in _nc_parse_entry. (bsc#1047965) - CVE-2017-10684, CVE-2017-10685: Add modified upstream fix from ncurses 6.0 to avoid broken termcap format (bsc#1046853, bsc#1046858, bsc#1049344) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1046853 SUSE bug 1046858 SUSE bug 1047964 SUSE bug 1047965 SUSE bug 1049344 CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113 openSUSE Leap 42.2 This update to Mozilla Firefox 52.3esr fixes a number of security issues. The following vulnerabilities were advised upstream under MFSA 2017-19 (boo#1052829): - CVE-2017-7798: XUL injection in the style editor in devtools - CVE-2017-7800: Use-after-free in WebSockets during disconnection - CVE-2017-7801: Use-after-free with marquee during window resizing - CVE-2017-7784: Use-after-free with image observers - CVE-2017-7802: Use-after-free resizing image elements - CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM - CVE-2017-7786: Buffer overflow while painting non-displayable SVG - CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements# - CVE-2017-7787: Same-origin policy bypass with iframes through page reloads - CVE-2017-7807: Domain hijacking through AppCache fallback - CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID - CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher - CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts - CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections - CVE-2017-7803: CSP containing 'sandbox' improperly applied - CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 Important SUSE bug 1052829 CVE-2017-7753 CVE-2017-7779 CVE-2017-7782 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7804 CVE-2017-7807 openSUSE Leap 42.2 The openSUSE Leap 42.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000111: Fixed a race condition in net-packet code that could be exploited to cause out-of-bounds memory access (bsc#1052365). - CVE-2017-1000112: Fixed a race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311). - CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability (bnc#1037994). The following non-security bugs were fixed: - IB/hfi1: Wait for QSFP modules to initialize (bsc#1019151). - bcache: force trigger gc (bsc#1038078). - bcache: only recovery I/O error for writethrough mode (bsc#1043652). - block: do not allow updates through sysfs until registration completes (bsc#1047027). - ibmvnic: Check for transport event on driver resume (bsc#1051556, bsc#1052709). - ibmvnic: Initialize SCRQ's during login renegotiation (bsc#1052223). - ibmvnic: Report rx buffer return codes as netdev_dbg (bsc#1052794). - iommu/amd: Fix schedule-while-atomic BUG in initialization code (bsc1052533). - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1023175). - libnvdimm: fix badblock range handling of ARS range (bsc#1023175). - qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773, LTC#157374). - scsi_devinfo: fixup string compare (bsc#1037404). - scsi_dh_alua: suppress errors from unsupported devices (bsc#1038792). - vfs: fix missing inode_get_dev sites (bsc#1052049). - x86/dmi: Switch dmi_remap() from ioremap() to ioremap_cache() (bsc#1051399). Important SUSE bug 1019151 SUSE bug 1023175 SUSE bug 1037404 SUSE bug 1037994 SUSE bug 1038078 SUSE bug 1038792 SUSE bug 1043652 SUSE bug 1047027 SUSE bug 1051399 SUSE bug 1051556 SUSE bug 1052049 SUSE bug 1052223 SUSE bug 1052311 SUSE bug 1052365 SUSE bug 1052533 SUSE bug 1052709 SUSE bug 1052773 SUSE bug 1052794 CVE-2017-1000111 CVE-2017-1000112 CVE-2017-8831 openSUSE Leap 42.2 This update for potrace fixes the following security issues: - CVE-2017-12067: potential buffer overflows and arithmetic overflows (bsc#1051634) The update also fixes various bugs, including a bug triggered by very large bitmaps. Moderate SUSE bug 1051634 CVE-2017-12067 openSUSE Leap 42.2 This update for libheimdal fixes the following issues: - Fix CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation. This is a critical vulnerability. In _krb5_extract_ticket() the KDC-REP service name must be obtained from encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unecrypted version provides an opportunity for successful server impersonation and other attacks. Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams. See https://www.orpheus-lyre.info/ for more details. (bsc#1048278) - Fix CVE-2017-6594: transit path validation inadvertently caused the previous hop realm to not be added to the transit path of issued tickets. This may, in some cases, enable bypass of capath policy in Heimdal versions 1.5 through 7.2. Note, this may break sites that rely on the bug. With the bug some incomplete [capaths] worked, that should not have. These may now break authentication in some cross-realm configurations. Moderate SUSE bug 1048278 CVE-2017-11103 CVE-2017-6594 openSUSE Leap 42.2 This update for taglib fixes the following issues: - CVE-2017-12678: Denial of service vulnerability via specially crafted ID3v2 data (boo#1052699) Moderate SUSE bug 1052699 CVE-2017-12678 openSUSE Leap 42.2 This update for subversion to 1.9.7 fixes security issues and bugs. The following vulnerabilities were fixed: - CVE-2017-9800: A remote attacker could have caused svn clients to execute arbitrary code via specially crafted URLs in svn:externals and svn:sync-from-url properties. (boo#1051362) - CVE-2005-4900: SHA-1 collisions may cause repository inconsistencies (boo#1026936) The following bugfix changes are included: - Add instructions for running svnserve as a user different from "svn", and remove sysconfig variables that are no longer effective with the systemd unit. (boo#1049448) Important SUSE bug 1026936 SUSE bug 1049448 SUSE bug 1051362 CVE-2017-9800 openSUSE Leap 42.2 This update for mercurial fixes the following issues: Mercurial was updated to 4.2.3, a security fix update for - CVE-2017-1000115: Incomplete symlink auditing allowed writing to files outside of the repository (boo#1053344) - CVE-2017-1000116: Client-side code execution via argument injection in SSH URLs (boo#1052696) Important SUSE bug 1052696 SUSE bug 1053344 CVE-2017-1000115 CVE-2017-1000116 openSUSE Leap 42.2 This update for libxml2 fixes the following security issue: - CVE-2017-8872: Out-of-bounds read in htmlParseTryOrFinish. (bsc#1038444) This update was imported from the SUSE:SLE-12-SP2:Update update project. Low SUSE bug 1038444 CVE-2017-8872 openSUSE Leap 42.2 This update for openjpeg2 fixes the following issues: - CVE 2016-7163: Integer Overflow could lead to remote code execution (bsc#997857) - CVE 2015-8871: Use-after-free in opj_j2k_write_mco function could lead to denial of service (bsc#979907) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 979907 SUSE bug 997857 CVE-2015-8871 CVE-2016-7163 openSUSE Leap 42.2 This update for minicom fixes the following issue: This security issue was fixed: - CVE-2017-7467: Invalid cursor coordinates and scroll regions could lead to code execution (bsc#1033783). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1033783 CVE-2017-7467 openSUSE Leap 42.2 This update for nodejs4 and nodejs6 fixes the following issues: Security issues fixed: - CVE-2017-1000381: The c-ares function ares_parse_naptr_reply() could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. (bsc#1044946) - CVE-2017-11499: Disable V8 snapshots. The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found. (bsc#1048299) Non-security fixes: - GCC 7 compilation fixes for v8 backported and add missing ICU59 headers (bsc#1041282) - New upstream LTS release 6.11.1 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.11.1 - New upstream LTS release 6.11.0 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.11.0 - New upstream LTS release 6.10.3 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.3 - New upstream LTS release 6.10.2 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.2 - New upstream LTS release 6.10.1 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.1 - New upstream LTS release 6.10.0 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.0 - New upstream LTS release 4.8.4 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.4 - New upstream LTS release 4.8.3 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.3 - New upstream LTS release 4.8.2 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.2 - New upstream LTS release 4.8.1 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.1 - New upstream LTS release 4.8.0 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.0 This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1041282 SUSE bug 1041283 SUSE bug 1044946 SUSE bug 1048299 CVE-2017-1000381 CVE-2017-11499 openSUSE Leap 42.2 This update for curl fixes the following issues: - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a denial of service (bsc#1051644) - CVE-2017-1000101: URL globbing out of bounds read could lead to a denial of service (bsc#1051643) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1051643 SUSE bug 1051644 CVE-2017-1000100 CVE-2017-1000101 openSUSE Leap 42.2 This update for shutter fixes one security issue: - CVE-2016-10081: Remote attackers could trick users into assisting them in executing arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action (boo#1017571) Moderate SUSE bug 1017571 CVE-2016-10081 openSUSE Leap 42.2 This update for libplist fixes the following issues: Security issues fixed: - CVE-2017-6439: Heap-based buffer overflow in the parse_string_node function. (bsc#1029638) - CVE-2017-6438: Heap-based buffer overflow in the parse_unicode_node function. (bsc#1029706) - CVE-2017-6437: The base64encode function in base64.c allows local users to cause denial of service (out-of-bounds read) via a crafted plist file. (bsc#1029707) - CVE-2017-6436: Integer overflow in parse_string_node. (bsc#1029751) - CVE-2017-6435: Crafted plist file could lead to Heap-buffer overflow. (bsc#1029639) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1029638 SUSE bug 1029639 SUSE bug 1029706 SUSE bug 1029707 SUSE bug 1029751 CVE-2017-6435 CVE-2017-6436 CVE-2017-6437 CVE-2017-6438 CVE-2017-6439 openSUSE Leap 42.2 This java-1_8_0-openjdk update to version jdk8u141 (icedtea 3.5.0) fixes the following issues: Security issues fixed: - CVE-2017-10053: Improved image post-processing steps (bsc#1049305) - CVE-2017-10067: Additional jar validation steps (bsc#1049306) - CVE-2017-10074: Image conversion improvements (bsc#1049307) - CVE-2017-10078: Better script accessibility for JavaScript (bsc#1049308) - CVE-2017-10081: Right parenthesis issue (bsc#1049309) - CVE-2017-10086: Unspecified vulnerability in subcomponent JavaFX (bsc#1049310) - CVE-2017-10087: Better Thread Pool execution (bsc#1049311) - CVE-2017-10089: Service Registration Lifecycle (bsc#1049312) - CVE-2017-10090: Better handling of channel groups (bsc#1049313) - CVE-2017-10096: Transform Transformer Exceptions (bsc#1049314) - CVE-2017-10101: Better reading of text catalogs (bsc#1049315) - CVE-2017-10102: Improved garbage collection (bsc#1049316) - CVE-2017-10105: Unspecified vulnerability in subcomponent deployment (bsc#1049317) - CVE-2017-10107: Less Active Activations (bsc#1049318) - CVE-2017-10108: Better naming attribution (bsc#1049319) - CVE-2017-10109: Better sourcing of code (bsc#1049320) - CVE-2017-10110: Better image fetching (bsc#1049321) - CVE-2017-10111: Rearrange MethodHandle arrangements (bsc#1049322) - CVE-2017-10114: Unspecified vulnerability in subcomponent JavaFX (bsc#1049323) - CVE-2017-10115: Higher quality DSA operations (bsc#1049324) - CVE-2017-10116: Proper directory lookup processing (bsc#1049325) - CVE-2017-10118: Higher quality ECDSA operations (bsc#1049326) - CVE-2017-10125: Unspecified vulnerability in subcomponent deployment (bsc#1049327) - CVE-2017-10135: Better handling of PKCS8 material (bsc#1049328) - CVE-2017-10176: Additional elliptic curve support (bsc#1049329) - CVE-2017-10193: Improve algorithm constraints implementation (bsc#1049330) - CVE-2017-10198: Clear certificate chain connections (bsc#1049331) - CVE-2017-10243: Unspecified vulnerability in subcomponent JAX-WS (bsc#1049332) Bug fixes: - Check registry registration location - Improved certificate processing - JMX diagnostic improvements - Update to libpng 1.6.28 - Import of OpenJDK 8 u141 build 15 (bsc#1049302) New features: - Support using RSAandMGF1 with the SHA hash algorithms in the PKCS11 provider This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1049302 SUSE bug 1049305 SUSE bug 1049306 SUSE bug 1049307 SUSE bug 1049308 SUSE bug 1049309 SUSE bug 1049310 SUSE bug 1049311 SUSE bug 1049312 SUSE bug 1049313 SUSE bug 1049314 SUSE bug 1049315 SUSE bug 1049316 SUSE bug 1049317 SUSE bug 1049318 SUSE bug 1049319 SUSE bug 1049320 SUSE bug 1049321 SUSE bug 1049322 SUSE bug 1049323 SUSE bug 1049324 SUSE bug 1049325 SUSE bug 1049326 SUSE bug 1049327 SUSE bug 1049328 SUSE bug 1049329 SUSE bug 1049330 SUSE bug 1049331 SUSE bug 1049332 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10078 CVE-2017-10081 CVE-2017-10086 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10114 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10125 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243 openSUSE Leap 42.2 This update for MozillaThunderbird to version 52.3 fixes security issues and bugs. The following vulnerabilities were fixed: - CVE-2017-7798: XUL injection in the style editor in devtools - CVE-2017-7800: Use-after-free in WebSockets during disconnection - CVE-2017-7801: Use-after-free with marquee during window resizing - CVE-2017-7784: Use-after-free with image observers - CVE-2017-7802: Use-after-free resizing image elements - CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM - CVE-2017-7786: Buffer overflow while painting non-displayable SVG - CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements# - CVE-2017-7787: Same-origin policy bypass with iframes through page reloads - CVE-2017-7807: Domain hijacking through AppCache fallback - CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID - CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher - CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts - CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections - CVE-2017-7803: CSP containing 'sandbox' improperly applied - CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 The following bugs were fixed: - Unwanted inline images shown in rogue SPAM messages - Deleting message from the POP3 server not working when maildir storage was used - Message disposition flag (replied / forwarded) lost when reply or forwarded message was stored as draft and draft was sent later - Inline images not scaled to fit when printing - Selected text from another message sometimes included in a reply - No authorisation prompt displayed when inserting image into email body although image URL requires authentication - Large attachments taking a long time to open under some circumstances Important SUSE bug 1052829 CVE-2017-7753 CVE-2017-7779 CVE-2017-7782 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7804 CVE-2017-7807 openSUSE Leap 42.2 This update for GraphicsMagick fixes the following issues: - CVE-2017-11643: Heap overflow in WriteRGBImage() in coders/rgb.c could lead to denial of service [boo#1050611] - CVE-2017-11636: Heap overflow in WriteCMYKImage()function in coders/cmyk.c could lead to denial of service [boo#1050674] Moderate SUSE bug 1050611 SUSE bug 1050674 CVE-2017-11636 CVE-2017-11643 openSUSE Leap 42.2 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2017-9439: A memory leak was found in the function ReadPDBImage incoders/pdb.c (bsc#1042826) - CVE-2017-9440: A memory leak was found in the function ReadPSDChannelin coders/psd.c (bsc#1042812) - CVE-2017-9501: An assertion failure could cause a denial of service via a crafted file (bsc#1043289) - CVE-2017-11403: ReadMNGImage function in coders/png.c has an out-of-order CloseBlob call, resulting in a use-after-free via acrafted file (bsc#1049072) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1042812 SUSE bug 1042826 SUSE bug 1043289 SUSE bug 1049072 CVE-2017-11403 CVE-2017-9439 CVE-2017-9440 CVE-2017-9501 openSUSE Leap 42.2 This update for gnome-shell provides the following fixes: - Fix not intuitive login screen for root user (bsc#1047262) - Disable session selection button when it's hidden in user switch dialog (bsc#1034584, bsc#1034827) - Fix app windows overlay app list in overview screen (bsc#1008539) - Properly handle failures when loading extensions (bsc#1036494, CVE-2017-8288) This update was imported from the SUSE:SLE-12-SP2:Update update project. Low SUSE bug 1008539 SUSE bug 1034584 SUSE bug 1034827 SUSE bug 1036494 SUSE bug 1047262 CVE-2017-8288 openSUSE Leap 42.2 This update for exim fixes the following issues: Changes in exim: - specify users with ref:mail, to make them dynamic. (boo#1046971) - CVE-2017-1000369: Fixed memory leaks that could be exploited to "stack crash" local privilege escalation (boo#1044692) - Require user(mail) group(mail) to meet new users handling in TW. - Prerequire permissions (fixes rpmlint). - conditionally disable DANE on SuSE versions with OpenSSL < 1.0 - CVE-2016-1531: when installed setuid root, allows local users to gain privileges via the perl_startup argument. - CVE-2016-9963: DKIM information leakage (boo#1015930) - Makefile tuning: + add sqlite support + disable WITH_OLD_DEMIME + enable AUTH_CYRUS_SASL + enable AUTH_TLS + enable SYSLOG_LONG_LINES + enable SUPPORT_PAM + MAX_NAMED_LIST=64 + enable EXPERIMENTAL_DMARC + enable EXPERIMENTAL_EVENT + enable EXPERIMENTAL_PROXY + enable EXPERIMENTAL_CERTNAMES + enable EXPERIMENTAL_DSN + enable EXPERIMENTAL_DANE + enable EXPERIMENTAL_SOCKS + enable EXPERIMENTAL_INTERNATIONAL Important SUSE bug 1015930 SUSE bug 1044692 SUSE bug 1046971 CVE-2016-1531 CVE-2016-9963 CVE-2017-1000369 openSUSE Leap 42.2 Postgresql93 was updated to 9.3.18 to fix the following issues: * CVE-2017-7547: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1051685) * CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. (bsc#1051684) * CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259) The changelog for the release is here: https://www.postgresql.org/docs/9.3/static/release-9-3-18.html This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1051684 SUSE bug 1051685 SUSE bug 1053259 CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 openSUSE Leap 42.2 This update for git-annex fixes the following issues: - CVE-2017-12976: Disallow hostname starting with a dash, which would get passed to ssh and be treated an option. This could be used by an attacker who provides a crafted repository url to cause the victim to execute arbitrary code via -oProxyCommand. (boo#1054653). Moderate SUSE bug 1054653 CVE-2017-12976 openSUSE Leap 42.2 This update for git fixes the following issues: - CVE-2017-1000117: A client side code execution via shell injection when receiving special submodule strings from a malicious server was fixed (bsc#1052481) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1052481 CVE-2017-1000117 openSUSE Leap 42.2 This update for freerdp fixes the following issues: - CVE-2017-2834: Out-of-bounds write in license_recv() (bsc#1050714) - CVE-2017-2835: Out-of-bounds write in rdp_recv_tpkt_pdu (bsc#1050712) - CVE-2017-2836: Rdp Client Read Server Proprietary Certificate Denial of Service (bsc#1050699) - CVE-2017-2837: Client GCC Read Server Security Data DoS (bsc#1050704) - CVE-2017-2838: Client License Read Product Info Denial of Service Vulnerability (bsc#1050708) - CVE-2017-2839: Client License Read Challenge Packet Denial of Service (bsc#1050711) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1050699 SUSE bug 1050704 SUSE bug 1050708 SUSE bug 1050711 SUSE bug 1050712 SUSE bug 1050714 CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 openSUSE Leap 42.2 This update for expat fixes the following issues: - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse leading to unexpected behaviour (bsc#1047240) - CVE-2017-9233: External Entity Vulnerability could lead to denial of service (bsc#1047236) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1047236 SUSE bug 1047240 CVE-2016-9063 CVE-2017-9233 openSUSE Leap 42.2 This update for php7 fixes the following issues: - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454) - CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of service attack by injectinglong form variables, related to main/php_variables. (bsc#1048100) - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096) - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak. (bsc#1048112) - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111) - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information. (bsc#1048094) - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could lead to denial of service (bsc#1050726) - CVE-2017-7890: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241) - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow could lead to denial of service or code execution (bsc#986386) Other fixes: - Soap Request with References (bsc#1053645) - php7-pear should explicitly require php7-pear-Archive_Tar otherwise this dependency must be declared in every php7-pear-* package explicitly. [bnc#1052389] This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1047454 SUSE bug 1048094 SUSE bug 1048096 SUSE bug 1048100 SUSE bug 1048111 SUSE bug 1048112 SUSE bug 1050241 SUSE bug 1050726 SUSE bug 1052389 SUSE bug 1053645 SUSE bug 986386 CVE-2016-10397 CVE-2016-5766 CVE-2017-11142 CVE-2017-11144 CVE-2017-11145 CVE-2017-11146 CVE-2017-11147 CVE-2017-11628 CVE-2017-7890 openSUSE Leap 42.2 This update for wireshark to version 2.2.9 fixes the following issues: Minor vulnerabilities that could be used to trigger dissector crashes, infinite loops, or cause excessive use of memory resources by making Wireshark read specially crafted packages from the network or a capture file: * CVE-2017-13767: MSDP dissector infinite loop (boo#1056248) * CVE-2017-13766: Profinet I/O buffer overrun (boo#1056249) * CVE-2017-13765: IrCOMM dissector buffer overrun (boo#1056251) * Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.9.html Moderate SUSE bug 1056248 SUSE bug 1056249 SUSE bug 1056251 CVE-2017-13765 CVE-2017-13766 CVE-2017-13767 openSUSE Leap 42.2 This update for pspp fixes the following issues: - CVE-2017-12958: Illegal address access in function output_hex() could lead to denial of service or unexpected state (boo#1054585) - CVE-2017-12959: Assertion in function dict_add_mrset() could lead to denial of service (boo#1054588) - CVE-2017-12960: Assertion in function dict_rename_var() could lead to denial of service (boo#1054587) - CVE-2017-12961: Assertion in function parse_attributes() could lead to denial of service (boo#1054586) Moderate SUSE bug 1054585 SUSE bug 1054586 SUSE bug 1054587 SUSE bug 1054588 CVE-2017-10791 CVE-2017-10792 CVE-2017-12958 CVE-2017-12959 CVE-2017-12960 CVE-2017-12961 openSUSE Leap 42.2 This update for clamav-database refreshes the database. This update was imported from the SUSE:SLE-12:Update update project. Moderate openSUSE Leap 42.2 This update for cacti and cacti-spine fixes security issues and bugs. The following vulnerabilities were fixed: * CVE-2017-12927: Cross-site scripting vulnerability in methodparameter (bsc#1054390) * CVE-2017-12978:Cross-site scripting vulnerability via the title field (bsc#1054742) It also contains all upstream bug fixes and improvements in the 1.1.18 release: * Sort devices by polling time to allow long running d * Allow user to hide Graphs from disabled Devices * Create a separate Realm for Realtime Graphs * Fix various JavaScript errors * updated translations * Can now export Device table results to CSV * Allow Log Rotation to be other than Daily, and other log rotation improvements Moderate SUSE bug 1054390 SUSE bug 1054742 CVE-2017-12927 CVE-2017-12978 openSUSE Leap 42.2 This update for gimp fixes the following issues: - Don't build gimp with webkit1 support, as it is no longer maintained and has plenty of security bugs. This disables the GIMP's built-in help browser; it will use an external browser when configured this way. This works around a number of security vulnerabilities in Webkit1. This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1050469 openSUSE Leap 42.2 This update for java-1_7_0-openjdk fixes the following issues: Security issues fixed: - CVE-2017-10356: Fix issue inside subcomponent Security (bsc#1064084). - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO (bsc#1064071). - CVE-2017-10281: Fix issue inside subcomponent Serialization (bsc#1064072). - CVE-2017-10285: Fix issue inside subcomponent RMI (bsc#1064073). - CVE-2017-10295: Fix issue inside subcomponent Networking (bsc#1064075). - CVE-2017-10388: Fix issue inside subcomponent Libraries (bsc#1064086). - CVE-2017-10346: Fix issue inside subcomponent Hotspot (bsc#1064078). - CVE-2017-10350: Fix issue inside subcomponent JAX-WS (bsc#1064082). - CVE-2017-10347: Fix issue inside subcomponent Serialization (bsc#1064079). - CVE-2017-10349: Fix issue inside subcomponent JAXP (bsc#1064081). - CVE-2017-10345: Fix issue inside subcomponent Serialization (bsc#1064077). - CVE-2017-10348: Fix issue inside subcomponent Libraries (bsc#1064080). - CVE-2017-10357: Fix issue inside subcomponent Serialization (bsc#1064085). - CVE-2017-10355: Fix issue inside subcomponent Networking (bsc#1064083). - CVE-2017-10102: Fix incorrect handling of references in DGC (bsc#1049316). - CVE-2017-10053: Fix reading of unprocessed image data in JPEGImageReader (bsc#1049305). - CVE-2017-10067: Fix JAR verifier incorrect handling of missing digest (bsc#1049306). - CVE-2017-10081: Fix incorrect bracket processing in function signature handling (bsc#1049309). - CVE-2017-10087: Fix insufficient access control checks in ThreadPoolExecutor (bsc#1049311). - CVE-2017-10089: Fix insufficient access control checks in ServiceRegistry (bsc#1049312). - CVE-2017-10090: Fix insufficient access control checks in AsynchronousChannelGroupImpl (bsc#1049313). - CVE-2017-10096: Fix insufficient access control checks in XML transformations (bsc#1049314). - CVE-2017-10101: Fix unrestricted access to com.sun.org.apache.xml.internal.resolver (bsc#1049315). - CVE-2017-10107: Fix insufficient access control checks in ActivationID (bsc#1049318). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10110: Fix insufficient access control checks in ImageWatched (bsc#1049321). - CVE-2017-10108: Fix unbounded memory allocation in BasicAttribute deserialization (bsc#1049319). - CVE-2017-10109: Fix unbounded memory allocation in CodeSource deserialization (bsc#1049320). - CVE-2017-10115: Fix unspecified vulnerability in subcomponent JCE (bsc#1049324). - CVE-2017-10118: Fix ECDSA implementation timing attack (bsc#1049326). - CVE-2017-10116: Fix LDAPCertStore following referrals to non-LDAP URL (bsc#1049325). - CVE-2017-10135: Fix PKCS#8 implementation timing attack (bsc#1049328). - CVE-2017-10176: Fix incorrect handling of certain EC points (bsc#1049329). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10111: Fix checks in LambdaFormEditor (bsc#1049322). - CVE-2017-10243: Fix unspecified vulnerability in subcomponent JAX-WS (bsc#1049332). - CVE-2017-10125: Fix unspecified vulnerability in subcomponent deployment (bsc#1049327). - CVE-2017-10114: Fix unspecified vulnerability in subcomponent JavaFX (bsc#1049323). - CVE-2017-10105: Fix unspecified vulnerability in subcomponent deployment (bsc#1049317). - CVE-2017-10086: Fix unspecified in subcomponent JavaFX (bsc#1049310). - CVE-2017-10198: Fix incorrect enforcement of certificate path restrictions (bsc#1049331). - CVE-2017-10193: Fix incorrect key size constraint check (bsc#1049330). Bug fixes: - Drop Exec Shield workaround to fix crashes on recent kernels, where Exec Shield is gone (bsc#1052318). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1049305 SUSE bug 1049306 SUSE bug 1049307 SUSE bug 1049309 SUSE bug 1049310 SUSE bug 1049311 SUSE bug 1049312 SUSE bug 1049313 SUSE bug 1049314 SUSE bug 1049315 SUSE bug 1049316 SUSE bug 1049317 SUSE bug 1049318 SUSE bug 1049319 SUSE bug 1049320 SUSE bug 1049321 SUSE bug 1049322 SUSE bug 1049323 SUSE bug 1049324 SUSE bug 1049325 SUSE bug 1049326 SUSE bug 1049327 SUSE bug 1049328 SUSE bug 1049329 SUSE bug 1049330 SUSE bug 1049331 SUSE bug 1049332 SUSE bug 1052318 SUSE bug 1064071 SUSE bug 1064072 SUSE bug 1064073 SUSE bug 1064075 SUSE bug 1064077 SUSE bug 1064078 SUSE bug 1064079 SUSE bug 1064080 SUSE bug 1064081 SUSE bug 1064082 SUSE bug 1064083 SUSE bug 1064084 SUSE bug 1064085 SUSE bug 1064086 CVE-2016-10165 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10086 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10114 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10125 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243 CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 openSUSE Leap 42.2 This update for libvorbis fixes the following issues: - CVE-2017-14633: out-of-bounds array read vulnerability exists in function mapping0_forward() could lead to remote denial of service (bsc#1059811) - CVE-2017-14632: Remote Code Execution upon freeing uninitialized memory in function vorbis_analysis_headerout(bsc#1059809) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1059809 SUSE bug 1059811 CVE-2017-14632 CVE-2017-14633 openSUSE Leap 42.2 This update for irssi to version 1.0.6 fixes several issues that may affect the stability of irssi: - CVE-2018-5205: Data access beyond the end of the string when using incomplete escape codes - CVE-2018-5206: NULL pointer dereference when the channel topic is set without specifying a sender - CVE-2018-5207: When using an incomplete variable argument, Irssi may access data beyond the end of the string - CVE-2018-5208: Heap buffer overflow when completing certain strings Moderate SUSE bug 1074958 CVE-2018-5205 CVE-2018-5206 CVE-2018-5207 CVE-2018-5208 openSUSE Leap 42.2 This update for qemu fixes the following issues: This update for qemu fixes the following issues: A mitigation for a security flaw has been applied: - CVE-2017-5715: QEMU was updated to allow passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling branch prediction features in the Intel CPU. (bsc#1068032) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1068032 CVE-2017-5715 openSUSE Leap 42.2 This update for clamav-database refreshes the database. This update was imported from the SUSE:SLE-12:Update update project. Moderate openSUSE Leap 42.2 The openSUSE Leap 42.2 kernel was updated to 4.4.104 to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753 / "SpectreAttack": Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. - CVE-2017-5715 / "SpectreAttack": Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. Please also check with your CPU / Hardware vendor on updated firmware or BIOS images regarding this issue. As this feature can have a performance impact, it can be disabled using the "nospec" kernel commandline option. - CVE-2017-5754 / "MeltdownAttack": Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory, an attack similar to CVE-2017-5753. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called "KAISER". The terms used here are "KAISER" / "Kernel Address Isolation" and "PTI" / "Page Table Isolation". Note that this is only done on affected platforms. This feature can be enabled / disabled by the "pti=[on|off|auto]" or "nopti" commandline options. The following security bugs were fixed: - CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux kernel did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874). - CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792). The following non-security bugs were fixed: - Add undefine _unique_build_ids (bsc#964063) - alsa: hda - Add HP ZBook 15u G3 Conexant CX20724 GPIO mute leds (bsc#1031717). - alsa: hda - Add MIC_NO_PRESENCE fixup for 2 HP machines (bsc#1031717). - alsa: hda - Add mute led support for HP EliteBook 840 G3 (bsc#1031717). - alsa: hda - Add mute led support for HP ProBook 440 G4 (bsc#1031717). - alsa: hda - add support for docking station for HP 820 G2 (bsc#1031717). - alsa: hda - add support for docking station for HP 840 G3 (bsc#1031717). - alsa: hda - change the location for one mic on a Lenovo machine (bsc#1031717). - alsa: hda: Drop useless WARN_ON() (bsc#1031717). - alsa: hda - Fix click noises on Samsung Ativ Book 8 (bsc#1031717). - alsa: hda - fix headset mic detection issue on a Dell machine (bsc#1031717). - alsa: hda - fix headset mic problem for Dell machines with alc274 (bsc#1031717). - alsa: hda - Fix headset microphone detection for ASUS N551 and N751 (bsc#1031717). - alsa: hda - Fix mic regression by ASRock mobo fixup (bsc#1031717). - alsa: hda - Fix missing COEF init for ALC225/295/299 (bsc#1031717). - alsa: hda - Fix surround output pins for ASRock B150M mobo (bsc#1031717). - alsa: hda - On-board speaker fixup on ACER Veriton (bsc#1031717). - alsa: hda/realtek - Add ALC256 HP depop function (bsc#1031717). - alsa: hda/realtek - Add default procedure for suspend and resume state (bsc#1031717). - alsa: hda/realtek - Add support for Acer Aspire E5-475 headset mic (bsc#1031717). - alsa: hda/realtek - Add support for ALC1220 (bsc#1031717). - alsa: hda/realtek - Add support for headset MIC for ALC622 (bsc#1031717). - alsa: hda/realtek - ALC891 headset mode for Dell (bsc#1031717). - alsa: hda/realtek - change the location for one of two front microphones (bsc#1031717). - alsa: hda/realtek - Enable jack detection function for Intel ALC700 (bsc#1031717). - alsa: hda/realtek - Fix ALC275 no sound issue (bsc#1031717). - alsa: hda/realtek - Fix Dell AIO LineOut issue (bsc#1031717). - alsa: hda/realtek - Fix headset and mic on several Asus laptops with ALC256 (bsc#1031717). - alsa: hda/realtek - Fix headset mic and speaker on Asus X441SA/X441UV (bsc#1031717). - alsa: hda/realtek - fix headset mic detection for MSI MS-B120 (bsc#1031717). - alsa: hda/realtek - Fix headset mic on several Asus laptops with ALC255 (bsc#1031717). - alsa: hda/realtek - Fix pincfg for Dell XPS 13 9370 (bsc#1031717). - alsa: hda/realtek - Fix speaker support for Asus AiO ZN270IE (bsc#1031717). - alsa: hda/realtek - Fix typo of pincfg for Dell quirk (bsc#1031717). - alsa: hda/realtek - New codec device ID for ALC1220 (bsc#1031717). - alsa: hda/realtek - New codecs support for ALC215/ALC285/ALC289 (bsc#1031717). - alsa: hda/realtek - New codec support for ALC257 (bsc#1031717). - alsa: hda/realtek - New codec support of ALC1220 (bsc#1031717). - alsa: hda/realtek - No loopback on ALC225/ALC295 codec (bsc#1031717). - alsa: hda/realtek - Remove ALC285 device ID (bsc#1031717). - alsa: hda/realtek - Support Dell headset mode for ALC3271 (bsc#1031717). - alsa: hda/realtek - Support headset mode for ALC234/ALC274/ALC294 (bsc#1031717). - alsa: hda/realtek - There is no loopback mixer in the ALC234/274/294 (bsc#1031717). - alsa: hda/realtek - Update headset mode for ALC225 (bsc#1031717). - alsa: hda/realtek - Update headset mode for ALC298 (bsc#1031717). - alsa: hda - Skip Realtek SKU check for Lenovo machines (bsc#1031717). - alsa: pcm: prevent UAF in snd_pcm_info (bsc#1031717). - alsa: rawmidi: Avoid racy info ioctl via ctl device (bsc#1031717). - alsa: seq: Remove spurious WARN_ON() at timer check (bsc#1031717). - alsa: usb-audio: Add check return value for usb_string() (bsc#1031717). - alsa: usb-audio: Fix out-of-bound error (bsc#1031717). - alsa: usb-audio: Fix the missing ctl name suffix at parsing SU (bsc#1031717). - Always sign validate_negotiate_info reqs (bsc#1071009, fate#324404). - apei / ERST: Fix missing error handling in erst_reader() (bsc#1072556). - arm: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio (bnc#1012382). - arm: Hide finish_arch_post_lock_switch() from modules (bsc#1068032). - asoc: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure (bsc#1031717). - asoc: twl4030: fix child-node lookup (bsc#1031717). - asoc: wm_adsp: Fix validation of firmware and coeff lengths (bsc#1031717). - autofs: fix careless error in recent commit (bnc#1012382 bsc#1065180). - bcache: Fix building error on MIPS (bnc#1012382). - bpf: prevent speculative execution in eBPF interpreter (bnc#1068032). - btrfs: clear space cache inode generation always (bnc#1012382). - carl9170: prevent speculative execution (bnc#1068032). - Check cmdline_find_option() retval properly and use boot_cpu_has(). - cw1200: prevent speculative execution (bnc#1068032). - drm/radeon: fix atombios on big endian (bnc#1012382). - e1000e: Avoid receiver overrun interrupt bursts (bsc#969470 FATE#319819). - e1000e: Fix e1000_check_for_copper_link_ich8lan return value (bsc#1073809). - eeprom: at24: check at24_read/write arguments (bnc#1012382). - Fix leak of validate_negotiate_info resp (bsc#1071009, fate#324404). - Fix NULL pointer deref in SMB2_tcon() (bsc#1071009, fate#324404). - Fix validate_negotiate_info uninitialized mem (bsc#1071009, fate#324404). - fs: prevent speculative execution (bnc#1068032). - genwqe: Take R/W permissions into account when dealing with memory pages (bsc#1073090). - ibmvnic: Include header descriptor support for ARP packets (bsc#1073912). - ibmvnic: Increase maximum number of RX/TX queues (bsc#1073912). - ibmvnic: Rename IBMVNIC_MAX_TX_QUEUES to IBMVNIC_MAX_QUEUES (bsc#1073912). - ipv6: prevent speculative execution (bnc#1068032). - kabi fix for new hash_cred function (bsc#1012917). - kaiser: add "nokaiser" boot option, using ALTERNATIVE. - kaiser: align addition to x86/mm/Makefile. - kaiser: asm/tlbflush.h handle noPGE at lower level. - kaiser: cleanups while trying for gold link. - kaiser: Disable on Xen PV. - kaiser: do not set _PAGE_NX on pgd_none. - kaiser: drop is_atomic arg to kaiser_pagetable_walk(). - kaiser: enhanced by kernel and user PCIDs. - kaiser: ENOMEM if kaiser_pagetable_walk() NULL. - kaiser: fix build and FIXME in alloc_ldt_struct(). - kaiser: fix perf crashes. - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER. - kaiser: fix unlikely error in alloc_ldt_struct(). - kaiser: KAISER depends on SMP. - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID. - kaiser: kaiser_remove_mapping() move along the pgd. - kaiser: Kernel Address Isolation. - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush. - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user. - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET. - kaiser: paranoid_entry pass cr3 need to paranoid_exit. - kaiser: PCID 0 for kernel and 128 for user. - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls. - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE. - kaiser: tidied up asm/kaiser.h somewhat. - kaiser: tidied up kaiser_add/remove_mapping slightly. - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - kaiser: vmstat show NR_KAISERTABLE as nr_overhead. - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user. - kvm: SVM: Do not intercept new speculative control MSRs (bsc#1068032). - kvm: x86: Add speculative control CPUID support for guests (bsc#1068032). - kvm: x86: Exit to user-mode on #UD intercept when emulator requires (bnc#1012382). - kvm: x86: inject exceptions produced by x86_decode_insn (bnc#1012382). - kvm: x86: pvclock: Handle first-time write to pvclock-page contains random junk (bnc#1012382). - locking/barriers: introduce new memory barrier gmb() (bnc#1068032). - mmc: core: Do not leave the block driver in a suspended state (bnc#1012382). - mm/mmu_context, sched/core: Fix mmu_context.h assumption (bsc#1068032). - mtd: nand: Fix writing mtdoops to nand flash (bnc#1012382). - netlink: add a start callback for starting a netlink dump (bnc#1012382). - net: mpls: prevent speculative execution (bnc#1068032). - nfsd: Fix another OPEN stateid race (bnc#1012382). - nfsd: Fix stateid races between OPEN and CLOSE (bnc#1012382). - nfsd: Make init_open_stateid() a bit more whole (bnc#1012382). - nfs: improve shinking of access cache (bsc#1012917). - nfs: revalidate "." etc correctly on "open" (bsc#1068951). - nfs: revalidate "." etc correctly on "open" (git-fixes). Fix References tag. - nfsv4: always set NFS_LOCK_LOST when a lock is lost (bsc#1068951). - p54: prevent speculative execution (bnc#1068032). - powerpc/barrier: add gmb. - powerpc: Secure memory rfi flush (bsc#1068032). - ptrace: Add a new thread access check (bsc#1068032). - qla2xxx: prevent speculative execution (bnc#1068032). - Redo encryption backport to fix pkt signing (bsc#1071009, fate#324404). - Revert "drm/radeon: dont switch vt on suspend" (bnc#1012382). - Revert "ipsec: Fix aborted xfrm policy dump crash" (kabi). - Revert "netlink: add a start callback for starting a netlink dump" (kabi). - s390: add ppa to system call and program check path (bsc#1068032). - s390: introduce CPU alternatives. - s390: introduce CPU alternatives (bsc#1068032). - s390/spinlock: add gmb memory barrier - s390/spinlock: add gmb memory barrier (bsc#1068032). - s390/spinlock: add ppa to system call path Signoff the s390 patches. - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (bsc#1068032). - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off() (bsc#1068032). - sched/rt: Do not pull from current CPU if only one CPU to pull (bnc#1022476). - scsi_dh_alua: skip RTPG for devices only supporting active/optimized (bsc#1064311). - scsi_scan: Exit loop if TUR to LUN0 fails with 0x05/0x25 (bsc#1063043). This is specific to FUJITSU ETERNUS_DX* targets. They can return "Illegal Request - Logical unit not supported" and processing should leave the timeout loop in this case. - scsi: ses: check return code from ses_recv_diag() (bsc#1039616). - scsi: ses: Fixup error message 'failed to get diagnostic page 0xffffffea' (bsc#1039616). - scsi: ses: Fix wrong page error (bsc#1039616). - scsi: ses: make page2 support optional (bsc#1039616). - smb2: Fix share type handling (bnc#1074392). - sunrpc: add auth_unix hash_cred() function (bsc#1012917). - sunrpc: add generic_auth hash_cred() function (bsc#1012917). - sunrpc: add hash_cred() function to rpc_authops struct (bsc#1012917). - sunrpc: add RPCSEC_GSS hash_cred() function (bsc#1012917). - sunrpc: replace generic auth_cred hash with auth-specific function (bsc#1012917). - sunrpc: use supplimental groups in auth hash (bsc#1012917). - Thermal/int340x: prevent speculative execution (bnc#1068032). - udf: prevent speculative execution (bnc#1068032). - usb: host: fix incorrect updating of offset (bsc#1047487). - userns: prevent speculative execution (bnc#1068032). - uvcvideo: prevent speculative execution (bnc#1068032). - vxlan: correctly handle ipv6.disable module parameter (bsc#1072962). - x86/boot: Add early cmdline parsing for options with arguments. - x86/CPU/AMD: Add speculative control support for AMD (bsc#1068032). - x86/CPU/AMD: Make the LFENCE instruction serialized (bsc#1068032). - x86/CPU/AMD: Remove now unused definition of MFENCE_RDTSC feature (bsc#1068032). - x86/CPU: Check speculation control CPUID bit (bsc#1068032). - x86/efi-bgrt: Fix kernel panic when mapping BGRT data (bnc#1012382). - x86/efi-bgrt: Replace early_memremap() with memremap() (bnc#1012382). - x86/efi: Build our own page table structures (bnc#1012382). - x86/efi: Hoist page table switching code into efi_call_virt() (bnc#1012382). - x86/enter: Add macros to set/clear IBRS and set IBPB (bsc#1068032). - x86/entry: Add a function to overwrite the RSB (bsc#1068032). - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (bsc#1068032). - x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - x86/feature: Enable the x86 feature to control Speculation (bsc#1068032). - x86/idle: Disable IBRS when offlining a CPU and re-enable on wakeup (bsc#1068032). - x86/idle: Toggle IBRS when going idle (bsc#1068032). - x86/kaiser: Check boottime cmdline params. - x86/kaiser: Move feature detection up (bsc#1068032). - x86/kaiser: Reenable PARAVIRT. - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - x86/kvm: Add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm (bsc#1068032). - x86/kvm: Flush IBP when switching VMs (bsc#1068032). - x86/kvm: Pad RSB on VM transition (bsc#1068032). - x86/kvm: Toggle IBRS on VM entry and exit (bsc#1068032). - x86/mm/64: Fix reboot interaction with CR4.PCIDE (bsc#1068032). - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (bsc#1068032). - x86/mm: Add INVPCID helpers (bsc#1068032). - x86/mm: Add the 'nopcid' boot option to turn off PCID (bsc#1068032). - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (bsc#1068032). - x86/mm: Enable CR4.PCIDE on supported systems (bsc#1068032). - x86/mm: Fix INVPCID asm constraint (bsc#1068032). - x86/mm: If INVPCID is available, use it to flush global mappings (bsc#1068032). - x86/mm: Make flush_tlb_mm_range() more predictable (bsc#1068032). - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (bsc#1068032). - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (bnc#1012382). - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() (bsc#1068032). - x86/mm: Remove flush_tlb() and flush_tlb_current_task() (bsc#1068032). - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (bsc#1068032). - x86/mm, sched/core: Turn off IRQs in switch_mm() (bsc#1068032). - x86/mm, sched/core: Uninline switch_mm() (bsc#1068032). - x86/mm: Set IBPB upon context switch (bsc#1068032). - x86/MSR: Move native_*msr(.. u64) to msr.h (bsc#1068032). - x86/paravirt: Dont patch flush_tlb_single (bsc#1068032). - x86/spec: Add IBRS control functions (bsc#1068032). - x86/spec: Add "nospec" chicken bit (bsc#1068032). - x86/spec: Check CPUID direclty post microcode reload to support IBPB feature (bsc#1068032). - x86/spec_ctrl: Add an Indirect Branch Predictor barrier (bsc#1068032). - x86/spec_ctrl: Check whether IBPB is enabled before using it (bsc#1068032). - x86/spec_ctrl: Check whether IBRS is enabled before using it (bsc#1068032). - x86/svm: Add code to clear registers on VM exit (bsc#1068032). - x86/svm: Clobber the RSB on VM exit (bsc#1068032). - x86/svm: Set IBPB when running a different VCPU (bsc#1068032). - x86/svm: Set IBRS value on VM entry and exit (bsc#1068032). Important SUSE bug 1012382 SUSE bug 1012917 SUSE bug 1022476 SUSE bug 1031717 SUSE bug 1039616 SUSE bug 1047487 SUSE bug 1063043 SUSE bug 1064311 SUSE bug 1065180 SUSE bug 1068032 SUSE bug 1068951 SUSE bug 1071009 SUSE bug 1072556 SUSE bug 1072962 SUSE bug 1073090 SUSE bug 1073792 SUSE bug 1073809 SUSE bug 1073874 SUSE bug 1073912 SUSE bug 1074392 SUSE bug 1074562 SUSE bug 1074578 SUSE bug 964063 SUSE bug 969470 CVE-2017-17805 CVE-2017-17806 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 openSUSE Leap 42.2 This update for glibc fixes the following issues: - A privilege escalation bug in the realpath() function has been fixed. [CVE-2018-1000001, bsc#1074293] - A memory leak and a buffer overflow in the dynamic ELF loader has been fixed. [CVE-2017-1000408, CVE-2017-1000409, bsc#1071319] - An issue in the code handling RPATHs was fixed that could have been exploited by an attacker to execute code loaded from arbitrary libraries. [CVE-2017-16997, bsc#1073231] - A potential crash caused by a use-after-free bug in pthread_create() has been fixed. [bsc#1053188] - A bug that prevented users to build shared objects which use the optimized libmvec.so API has been fixed. [bsc#1070905] - A memory leak in the glob() function has been fixed. [CVE-2017-15670, CVE-2017-15671, CVE-2017-15804, bsc#1064569, bsc#1064580, bsc#1064583] - A bug that would lose the syscall error code value in case of crashes has been fixed. [bsc#1063675] This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1051042 SUSE bug 1053188 SUSE bug 1063675 SUSE bug 1064569 SUSE bug 1064580 SUSE bug 1064583 SUSE bug 1070905 SUSE bug 1071319 SUSE bug 1073231 SUSE bug 1074293 CVE-2017-1000408 CVE-2017-1000409 CVE-2017-15670 CVE-2017-15671 CVE-2017-15804 CVE-2017-16997 CVE-2018-1000001 openSUSE Leap 42.2 This update for tiff to version 4.0.9 fixes the following issues: Security issues fixed: - CVE-2014-8128: Fix out-of-bounds read with malformed TIFF image in multiple tools (bsc#969783). - CVE-2015-7554: Fix invalid write in tiffsplit / _TIFFVGetField (bsc#960341). - CVE-2016-10095: Fix stack-based buffer overflow in _TIFFVGetField (tif_dir.c) (bsc#1017690). - CVE-2016-5318: Fix stackoverflow in thumbnail (bsc#983436). - CVE-2017-16232: Fix memory-based DoS in tiff2bw (bsc#1069213). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1017690 SUSE bug 1069213 SUSE bug 960341 SUSE bug 969783 SUSE bug 983436 CVE-2014-8128 CVE-2015-7554 CVE-2016-10095 CVE-2016-5318 CVE-2017-16232 openSUSE Leap 42.2 This update for wireshark to version 2.2.12 fixes the following issues: - CVE-2018-5334: IxVeriWave file could crash (boo#1075737) - CVE-2018-5335: WCP dissector could crash (boo#1075738) - CVE-2018-5336: Multiple dissector crashes (boo#1075739) - CVE-2017-17997: MRDISC dissector could crash (boo#1074171) This release no longers enable the Linux kernel BPF JIT compiler via the net.core.bpf_jit_enable sysctl, as this would make systems more vulnerable to Spectre variant 1 CVE-2017-5753 - (boo#1075748) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.12.html Moderate SUSE bug 1074171 SUSE bug 1075737 SUSE bug 1075738 SUSE bug 1075739 SUSE bug 1075748 CVE-2017-17997 CVE-2018-5334 CVE-2018-5335 CVE-2018-5336 openSUSE Leap 42.2 This update for mariadb fixes several issues. These security issues were fixed: - CVE-2017-3636: Client programs had an unspecified vulnerability that could lead to unauthorized access and denial of service (bsc#1049399) - CVE-2017-3641: DDL unspecified vulnerability could lead to denial of service (bsc#1049404) - CVE-2017-3653: DML Unspecified vulnerability could lead to unauthorized database access (bsc#1049417) These non-security issues were fixed: - Add ODBC support for Connect engine (bsc#1039034) - Relax required version for mariadb-errormessages (bsc#1072665) This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1039034 SUSE bug 1049399 SUSE bug 1049404 SUSE bug 1049417 SUSE bug 1054591 SUSE bug 1072665 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 openSUSE Leap 42.2 This update for rsync fixes the several issues. These security issues were fixed: - CVE-2017-17434: The daemon in rsync did not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also did not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allowed remote attackers to bypass intended access restrictions" (bsc#1071460). - CVE-2017-17433: The recv_files function in receiver.c in the daemon in rsync, proceeded with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allowed remote attackers to bypass intended access restrictions (bsc#1071459). - CVE-2017-16548: The receive_xattr function in xattrs.c in rsync did not check for a trailing '\\0' character in an xattr name, which allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon (bsc#1066644). - CVE-2014-9512: Prevent attackers to write to arbitrary files via a symlink attack on a file in the synchronization path (bsc#915410). These non-security issues were fixed: - Stop file upload after errors like a full disk (boo#1062063) - Ensure -X flag works even when setting owner/group (boo#1028842) Moderate SUSE bug 1028842 SUSE bug 1062063 SUSE bug 1066644 SUSE bug 1071459 SUSE bug 1071460 SUSE bug 915410 SUSE bug 999847 CVE-2014-9512 CVE-2017-16548 CVE-2017-17433 CVE-2017-17434 openSUSE Leap 42.2 This update for GraphicsMagick fixes the following issues: Security issues fixed: - CVE-2017-12672: Memory leak vulnerability allowed DoS via MAT image files (bsc#1052720) - CVE-2017-13060: Memory leak vulnerability allowed DoS via MAT image files (bsc#1055065) - CVE-2017-12670: Specially crafted MAT images may lead to an assertion failure and DoS (bsc#1052731) - CVE-2017-10800: Specially crafted MAT images may lead to memory denial of service (bsc#1047044) - CVE-2017-13648: Memory leak vulnerability allowed DoS via MAT image files (bsc#1055434) - CVE-2017-12564: Memory leak vulnerability allowed DoS via MAT image files (bsc#1052468) - CVE-2017-12675: Memory leak vulnerability allowed DoS via MAT image files (bsc#1052710) - CVE-2017-14326: Memory leak vulnerability allowed DoS via MAT image files (bsc#1058640) - CVE-2017-17881: Memory leak vulnerability allowed DoS via MAT image files (bsc#1074123) - CVE-2017-11449: coders/mpc.c in ImageMagick before 7.0.6-1 remote denial of service (boo#1049373) - CVE-2017-11532: Memory Leak in WriteMPCImage() in coders/mpc.c (boo#1050129) - CVE-2017-16547: Incorrect memory management in DrawImage function in magick/render.c could lead to denial of service (boo#1067177) - CVE-2017-18022: Fixed memory leak vulnerability in MontageImageCommand in MagickWand/montage.c (bsc#1074975) - Memory leak in pwp.c (boo#1051412) Moderate SUSE bug 1047044 SUSE bug 1049373 SUSE bug 1050129 SUSE bug 1051412 SUSE bug 1052468 SUSE bug 1052710 SUSE bug 1052720 SUSE bug 1052731 SUSE bug 1055065 SUSE bug 1055434 SUSE bug 1058640 SUSE bug 1067177 SUSE bug 1074123 SUSE bug 1074975 CVE-2017-10800 CVE-2017-11449 CVE-2017-11532 CVE-2017-12564 CVE-2017-12670 CVE-2017-12672 CVE-2017-12675 CVE-2017-13060 CVE-2017-13648 CVE-2017-14326 CVE-2017-16547 CVE-2017-17881 CVE-2017-18022 openSUSE Leap 42.2 This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2017-1000476: A CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allowed attackers to cause a denial of service (bsc#1074610). - CVE-2017-9409: The ReadMPCImage function in mpc.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1042948). - CVE-2017-1000445: A NULL pointer dereference in the MagickCore component might have lead to denial of service (bsc#1074425). - CVE-2017-17680: Prevent a memory leak in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted XPM image file (a different vulnerability than CVE-2017-17882) (bsc#1072902). - CVE-2017-17882: Prevent a memory leak in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted XPM image file (a different vulnerability than CVE-2017-17680) (bsc#1074122). - CVE-2017-11449: coders/mpc did not enable seekable streams and thus could not validate blob sizes, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin (bsc#1049373). - CVE-2017-12430: A memory exhaustion in the function ReadMPCImage in coders/mpc.c allowed attackers to cause DoS (bsc#1052252). - CVE-2017-12642: Prevent a memory leak vulnerability in ReadMPCImage in coders\mpc.c via crafted file allowing for DoS (bsc#1052771). - CVE-2017-14249: A mishandled EOF check in ReadMPCImage in coders/mpc.c that lead to a division by zero in GetPixelCacheTileSize in MagickCore/cache.c allowed remote attackers to cause a denial of service via a crafted file (bsc#1058082). - Prevent memory leak via crafted file in pwp.c allowing for DoS (bsc#1051412) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1042948 SUSE bug 1049373 SUSE bug 1051412 SUSE bug 1052252 SUSE bug 1052771 SUSE bug 1058082 SUSE bug 1072902 SUSE bug 1074122 SUSE bug 1074425 SUSE bug 1074610 CVE-2017-1000445 CVE-2017-1000476 CVE-2017-11449 CVE-2017-11751 CVE-2017-12430 CVE-2017-12642 CVE-2017-14249 CVE-2017-17680 CVE-2017-17882 CVE-2017-9409 openSUSE Leap 42.2 This update for gwenhywfar fixes the following issues: Security issue fixed: - CVE-2015-7542: Make use of the system's default trusted CAs. Also remove the upstream provided ca-bundle.crt file and require ca-certificates so the /etc/ssl/certs directory is populated (bsc#958331). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 958331 CVE-2015-7542 openSUSE Leap 42.2 This update for postgresql94 fixes the following issues: Security issues fixed: - CVE-2017-15098: Fix crash due to rowtype mismatch in json{b}_populate_recordset() (bsc#1067844). - CVE-2017-12172: Start scripts permit database administrator to modify root-owned files. This issue did not affect SUSE (bsc#1062538). Bug fixes: - Update to version 9.4.15 * https://www.postgresql.org/docs/9.4/static/release-9-4-15.html * https://www.postgresql.org/docs/9.4/static/release-9-4-14.html This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1062538 SUSE bug 1067844 CVE-2017-12172 CVE-2017-15098 openSUSE Leap 42.2 This update for libetpan fixes the following issues: - CVE-2017-8825: Segmentation faults in mime handling were fixed. Moderate SUSE bug 1038061 CVE-2017-8825 openSUSE Leap 42.2 This update for gifsicle to version 1.91 fixes several issues. These security issues were fixed: - Prevent double free by setting last_name to NULL - Prevent NULL pointer dereference for crafted images This non-security issue was fixed: - Add thread support for resizing For other changes please see the upstream changelog. Moderate openSUSE Leap 42.2 This update for pngcrush fixes the following issues: - CVE-2015-7700: Fix for a double-free vulnerability in the sPLT chunk structure and png.c (boo#1056770) Moderate SUSE bug 1056770 CVE-2015-7700 openSUSE Leap 42.2 This update for python-openpyxl fixes one issue. This security issue was fixed: - CVE-2017-5992: Prevent resolving external entities by default, which allowed remote attackers to conduct XXE attacks via a crafted .xlsx document (bsc#1025592). Moderate SUSE bug 1025592 CVE-2017-5992 openSUSE Leap 42.2 This update for syncthing brings a new version and fixes the following issues: - Update to version 0.14.42: * Discovering new files in a deleted directory does not resurrect the directory (gh#syncthing/syncthing#4475). * "Panic: interface conversion: *errors.errorString is not net.Error" after restart (gh#syncthing/syncthing#4561). * Auto-accept shared directories from trusted devices (gh#syncthing/syncthing#2299). * Empty directories in .stversions should be removed (gh#syncthing/syncthing#4406). * Human readable errors on attempted deletion of a non-empty directory (gh#syncthing/syncthing#4476). * Add confirmation on the Remove Folder / Device button (gh#syncthing/syncthing#4543). - Update to version 0.14.41: * Devices with ignored files stay "synchronising" forever (gh#syncthing/syncthing#623). * No Global Discovery without Synch Protocol Listen Address (gh#syncthing/syncthing#4418). * Local network classification doesn't always work (gh#syncthing/syncthing#4421). * Hashed GUI password should not be rehashed (gh#syncthing/syncthing#4458). * Pulls not triggered correctly on reconnection (gh#syncthing/syncthing#4504). * A symlink/file replacement doesn't work properly (gh#syncthing/syncthing#4505). * File/directory replacement doesn't work properly (gh#syncthing/syncthing#4506). * Logging at info level and above should always include context (gh#syncthing/syncthing#4510). * Panic in "pfilter" package on 32 bit architectures (gh#syncthing/syncthing#4537). * Allow synchronising read-only directories as "Master Directories" (gh#syncthing/syncthing#1126). * "Global Changes" button is confusing, retitle to "Recent Changes" (gh#syncthing/syncthing#4326). * Dial device addresses in parallel (gh#syncthing/syncthing#4456). * Avoid lots and lots of announced addresses in the presence of symmetric NAT (gh#syncthing/syncthing#4519). * Split transport usage reporting per stack (gh#syncthing/syncthing#4463). - Update to version 0.14.40: - Report more data part of the anonymous usage report (gh#syncthing/syncthing#3628) - Better report synchronisation errors (gh#syncthing/syncthing#4392). - Removing paused directories no longer causes a panic (gh#syncthing/syncthing#4405). - Make local IPv4 discovery more resilient against write failures (gh#syncthing/syncthing#4414). - Clearer logging around config failures at startup (gh#syncthing/syncthing#4431). - Do not complain about inability to fsync files (gh#syncthing/syncthing#4432). - Improve KCP connections (gh#syncthing/syncthing#4446). - Improve directory health checking (gh#syncthing/syncthing#4451). - Include built-in support for file system notifications, although it is disabled by default. - Enable by default the UDP based "KCP" protocol. - Update to version 0.14.39: * Removing paused directories no longer triggers a crash (gh#syncthing/syncthing#4357). * Add further security related HTTP headers (gh#syncthing/syncthing#4360). * Improve info level logging in some cases (gh#syncthing/syncthing#4375). * Improve GUI tooltips in chromium based browsers (gh#syncthing/syncthing#4377). * Add -device-id command line switch (gh#syncthing/syncthing#4387). * Failure to upgrade directory markers from file to directory type is no longer fatal. - Update to version 0.14.38: * KCP connections are now more stable (gh#syncthing/syncthing#4063, gh#syncthing/syncthing#4343) * Hashing benchmarks are skipped if a manual selection has been forced (gh#syncthing/syncthing#4348). * Relay server RAM usage has been reduced (gh#syncthing/syncthing#4245). - Update to version 0.14.37 (changes since 0.14.32): * Relative version paths are now correctly relative to the directory path (gh#syncthing/syncthing#4188). * Remote devices now show bytes remaining to synchronise (gh#syncthing/syncthing#4227). * Editing ignore patterns no longer incorrectly shows included patterns (gh#syncthing/syncthing#4249). * The new directory dialogue now suggests a default path. Adjustable via advanced config defaultFolderPath (gh#syncthing/syncthing#2157). * The build script no longer sets -installsuffix by default (gh#syncthing/syncthing#4272). * Prevent a vulnerability that allows file overwrite via versioned symlinks (CVE-2017-1000420, boo#1074428, gh#syncthing/syncthing#4286). * Symlinks are deleted from versioned directories on startup (gh#syncthing/syncthing#4288). * Directory paths are no longer reset when editing a directory without a label (gh#syncthing/syncthing#4297). * Better detect synchronisation conflicts that happen while synchronising (gh#syncthing/syncthing#3742, gh#syncthing/syncthing#4305). * Fix a crash related to a nil reference in ignore handling (gh#syncthing/syncthing#4300). - Stop requiring golang.org/x/net/context. - Update to version 0.14.32: * "Nearby devices" are now shown in the add device dialogue, avoiding the need to type their device ID (gh#syncthing/syncthing#4157). * Directories that were once ignored in a sharing request now actually work properly when later added manually (gh#syncthing/syncthing#4219). - Update to version 0.14.31 (changes since 0.14.29): * Correctly clear warning "path is a subdirectory of other folder" in directory dialogue (gh#syncthing/syncthing#3433). * Conflict copies filename now includes the ID of the last device to change the file (gh#syncthing/syncthing#3524). * Directories offered by other devices can now be ignored (gh#syncthing/syncthing#3993). * Changed device name takes effect with restart; device name is not sent to unknown devices (gh#syncthing/syncthing#4164). * Correctly show CPU usage when started with -no-restart option (gh#syncthing/syncthing#4183). * Icons and directory information in local device summary is consistent with that in directories (gh#syncthing/syncthing#4100). * Fix a data race in KCP & STUN (gh#syncthing/syncthing#4177). * Ignore patterns on newly accepted directories are no longer erroneously inherited from an earlier added directory (gh#syncthing/syncthing#4203). - Update to version 0.14.29: * The layout of the global changes dialogue is improved (gh#syncthing/syncthing#3895). * Running as root or SYSTEM now triggers a warning recommending against it (gh#syncthing/syncthing#4123). * Changing the theme no longer causes an HTTP error (gh#syncthing/syncthing#4127). - Update to version 0.14.28: * It is now possible to create custom event subscriptions via the REST API (gh#syncthing/syncthing#1879). * Removing large directories now uses less memory (gh#syncthing/syncthing#2250). * The minimum disc space (per directory and for the home drive) can now be set to an absolute value (gh#syncthing/syncthing#3307). * Pausing or reconfiguring a directory will no longer start extra scans. Pausing a directory stops scanning (gh#syncthing/syncthing#3965). * Ignore patterns can now be set at directory creation time, and for paused directories (gh#syncthing/syncthing#3996). * It is no longer possible to configure the GUI/API to listen on a privileged port using the standard settings dialogue (gh#syncthing/syncthing#4020). * The device allowed subnet list can now include negative ("!") entries to disallow subnets (gh#syncthing/syncthing#4096). * Doing "Override changes" now uses less memory (gh#syncthing/syncthing#4112). - Require golang.org/x/net/context on openSUSE older than openSUSE Leap 15.x. - Update to version 0.14.27: * Devices can now have a list of allowed subnets (advanced config) (gh#syncthing/syncthing#219). * The transfer rate units can now be changed by clicking on the value (gh#syncthing/syncthing#234). * UI text explaining "Introducer" is improved (gh#syncthing/syncthing#1819). * Advanced config editor can now edit lists of things (gh#syncthing/syncthing#2267). * Directories created for new directories now obey the user umask setting (gh#syncthing/syncthing#2519). * Incoming index updates are consistency checked better (gh#syncthing/syncthing#4053). - Update to version 0.14.26: * Discovery errors are more clearly displayed in the GUI (gh#syncthing/syncthing#2344). * The language dropdown menu in the GUI is now correctly sorted (gh#syncthing/syncthing#3913). * When there are items that could not be synced, their full path is displayed in the GUI. - Update to version 0.14.25: * Improve "Pause All"/"Resume All" icons (gh#syncthing/syncthing#4003). * There are now mips and mipsle builds by default (gh#syncthing/syncthing#3959). * The "overwriting protected files" warning now correctly handles relative paths to the config directory (gh#syncthing/syncthing#3183). * The experimental KCP protocol for transfers over UDP has been merged, although it's not currently enabled by default (gh#syncthing/syncthing#804). - Update to version 0.14.24: * lib/sync: Fix a race in unlocker logging (gh#syncthing/syncthing#3884). * Make links and log messages refer to https instead of http where possible (gh#syncthing/syncthing#3976). * The default number of parallel file processing routines per directory is now two (previously one), and the number of simultaneously outstanding network requests has been increased. * The UI now contains buttons to pause or resume all directories with a single action. - Update to version 0.14.23 (changes since 0.14.21): * Leading and trailing spaces are no longer stripped in the GUI password field (gh#syncthing/syncthing#3935) * The GUI shows remaining amount of data to sync per directory (gh#syncthing/syncthing#3908). * There should no longer be empty entries in the global log (gh#syncthing/syncthing#3933). * Weak hashing is now by default only enabled when it makes sense from a performance point of view (gh#syncthing/syncthing#3938). - Update to version 0.14.21 (changes since 0.14.19): * There is now a warning when adding a directory that is a parent of an existing directory (gh#syncthing/syncthing#3197). * Using -logfile flag together with -no-restart now causes an error instead of silently failing (gh#syncthing/syncthing#3912). * Weak hashing is now disabled completely when the threshold percentage is > 100 (gh#syncthing/syncthing#3891). * Rate limiting now actually works on ARM64 builds again (gh#syncthing/syncthing#3921). * Fix an issue where UPnP port allocations would be incorrect under some circumstances (gh#syncthing/syncthing#3924). * Weak hashing is a bit faster and allocates less memory. * The hashing performance reported at startup now includes weak hashing. * The GUI "network error" dialogue no longer shows up as easily in some scenarios when using Syncthing behind a reverse proxy. - Update to version 0.14.19: * Changing bandwidth rate limits now takes effect immediately without restart (gh#syncthing/syncthing#3846) * The event log (-audit) can now be directed to stderr for piping into an another application (gh#syncthing/syncthing#3859). * A panic on directory listing at startup has been fixed (gh#syncthing/syncthing#3584). * When a directory is deleted, the .stfolder marker is also removed. The ignore file and .stversions directory are retained, if present (gh#syncthing/syncthing#3857). * Several scenarios where a device would get stuck with 'not a directory' errors are now handled again (gh#syncthing/syncthing#3819). * Third party copyrights in the about box are now more up to date (gh#syncthing/syncthing#3839). * Hashing performance has been improved (gh#syncthing/syncthing#3861) - Update to version 0.14.18: * Fix connections to older Syncthing versions being no longer closed due to an unmarshalling message: 'proto: wrong wireType = 2 for field BlockIndexes' (gh#syncthing/syncthing#3855). - Update to version 0.14.17: * Panics caused by corrupt on disc database are now better explained in the panic message (gh#syncthing/syncthing#3689). * Statically configured device addresses without port number now correctly defaulted to port 22000 again (gh#syncthing/syncthing#3817). * Inotify clients no longer cause 'invalid subpath' errors to be displayed (gh#syncthing/syncthing#3829). * Directories can now be paused (gh#syncthing/syncthing#215). * "Master" directories are now called "send only" in order to standardise on a terminology of sending and receiving changes (gh#syncthing/syncthing#2679). * Pausing devices and directories now persists across restarts (gh#syncthing/syncthing#3407). * A rolling checksum is used to identify and reuse blocks that have moved within a file (gh#syncthing/syncthing#3527). * Syncthing allows setting the type-of-service field on outgoing packets, configured by the advanced setting "trafficClass" (gh#syncthing/syncthing#3790). * Which device introduced another device is now visible in the GUI (gh#syncthing/syncthing#3809). Moderate SUSE bug 1074428 CVE-2017-1000420 openSUSE Leap 42.2 This update for nodejs4 fixes the following issues: Security issues fixed: - CVE-2017-15896: Vulnerable to CVE-2017-3737 due to embedded OpenSSL (bsc#1072322). - CVE-2017-14919: Embedded zlib issue could cause a DoS via specific windowBits value. - CVE-2017-3738: Embedded OpenSSL is vulnerable to rsaz_1024_mul_avx2 overflow bug on x86_64. - CVE-2017-3736: Embedded OpenSSL is vulnerable to bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242). - CVE-2017-3735: Embedded OpenSSL is vulnerable to malformed X.509 IPAdressFamily that could cause OOB read (bsc#1056058). Bug fixes: - Update to release 4.8.7 (bsc#1072322): * https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ * https://nodejs.org/en/blog/release/v4.8.7/ * https://nodejs.org/en/blog/release/v4.8.6/ * https://nodejs.org/en/blog/release/v4.8.5/ This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1056058 SUSE bug 1066242 SUSE bug 1072322 CVE-2017-14919 CVE-2017-15896 CVE-2017-3735 CVE-2017-3736 CVE-2017-3738 openSUSE Leap 42.2 This update for lxterminal fixes the following security issue: - CVE-2016-10369: insecure /tmp usage for a socket file (boo#1038127) Moderate SUSE bug 1038127 CVE-2016-10369 openSUSE Leap 42.2 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-13728: Fix infinite loop in the next_char function in comp_scan.c (bsc#1056136). - CVE-2017-13730: Fix illegal address access in the function _nc_read_entry_source() (bsc#1056131). - CVE-2017-13733: Fix illegal address access in the fmt_entry function (bsc#1056127). - CVE-2017-13729: Fix illegal address access in the _nc_save_str (bsc#1056132). - CVE-2017-13732: Fix illegal address access in the function dump_uses() (bsc#1056128). - CVE-2017-13731: Fix illegal address access in the function postprocess_termcap() (bsc#1056129). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1056127 SUSE bug 1056128 SUSE bug 1056129 SUSE bug 1056131 SUSE bug 1056132 SUSE bug 1056136 CVE-2017-13728 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 CVE-2017-13732 CVE-2017-13733 openSUSE Leap 42.2 This update for curl fixes the following issues: Security issues fixed: - CVE-2017-8816: Buffer overrun flaw in the NTLM authentication code (bsc#1069226). - CVE-2017-8817: Read out of bounds flaw in the FTP wildcard function (bsc#1069222). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1069222 SUSE bug 1069226 CVE-2017-8816 CVE-2017-8817 openSUSE Leap 42.2 This update refreshes the clamav-database. This update was imported from the SUSE:SLE-12:Update update project. Moderate openSUSE Leap 42.2 This update for perl-XML-LibXML fixes the following issues: Security issue fixed: - CVE-2017-10672: Fix use-after-free that allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call (bsc#1046848). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1046848 CVE-2017-10672 openSUSE Leap 42.2 This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2018-5246: Fixed memory leak vulnerability in ReadPATTERNImage in coders/pattern.c (bsc#1074973) - CVE-2017-18022: Fixed memory leak vulnerability in MontageImageCommand in MagickWand/montage.c (bsc#1074975) - CVE-2018-5247: Fixed memory leak vulnerability in ReadRLAImage in coders/rla.c (bsc#1074969) - CVE-2017-12672: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (bsc#1052720) - CVE-2017-13060: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1055065) - CVE-2017-11724: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c involving the quantum_info and clone_info data structures (bsc#1051446) - CVE-2017-12670: Added validation in coders/mat.c to prevent an assertion failure in the function DestroyImage in MagickCore/image.c, which allowed attackers to cause a denial of service (bsc#1052731) - CVE-2017-12667: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1052732) - CVE-2017-13146: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1055323) - CVE-2017-10800: Processing MATLAB images in coders/mat.c could have lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object was larger than the actual amount of data (bsc#1047044) - CVE-2017-13648: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1055434) - CVE-2017-11141: Fixed a memory leak vulnerability in the function ReadMATImage in coders\mat.c that could have caused memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call (bsc#1047898) - CVE-2017-11529: The ReadMATImage function in coders/mat.c allowed remote attackers to cause a denial of service (memory leak) via a crafted file (bsc#1050120) - CVE-2017-12564: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (bsc#1052468) - CVE-2017-12434: Added a missing NULL check in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c (bsc#1052550) - CVE-2017-12675: Added a missing check for multidimensional data coders/mat.c, that could have lead to a memory leak in the function ReadImage in MagickCore/constitute.c, which allowed attackers to cause a denial of service (bsc#1052710) - CVE-2017-14326: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1058640) - CVE-2017-11644: Processesing a crafted file in convert could have lead to a memory leak in the ReadMATImage() function in coders/mat.c (bsc#1050606) - CVE-2017-13658: Added a missing NULL check in the ReadMATImage function in coders/mat.c, which could have lead to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c (bsc#1055855) - CVE-2017-14533: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1059751) - CVE-2017-17881: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted MAT image file (bsc#1074123) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1047044 SUSE bug 1047898 SUSE bug 1050120 SUSE bug 1050606 SUSE bug 1051446 SUSE bug 1052468 SUSE bug 1052550 SUSE bug 1052710 SUSE bug 1052720 SUSE bug 1052731 SUSE bug 1052732 SUSE bug 1055065 SUSE bug 1055323 SUSE bug 1055434 SUSE bug 1055855 SUSE bug 1058640 SUSE bug 1059751 SUSE bug 1074123 SUSE bug 1074969 SUSE bug 1074973 SUSE bug 1074975 CVE-2017-10800 CVE-2017-11141 CVE-2017-11529 CVE-2017-11644 CVE-2017-11724 CVE-2017-12434 CVE-2017-12564 CVE-2017-12667 CVE-2017-12670 CVE-2017-12672 CVE-2017-12675 CVE-2017-13060 CVE-2017-13146 CVE-2017-13648 CVE-2017-13658 CVE-2017-14326 CVE-2017-14533 CVE-2017-17881 CVE-2017-18022 CVE-2018-5246 CVE-2018-5247 openSUSE Leap 42.2 This update for newsbeuter fixes one issues. This security issue was fixed: - CVE-2017-12904: Improper neutralization of special elements allowed remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL (bsc#1054578). Important SUSE bug 1054578 CVE-2017-12904 openSUSE Leap 42.2 This update for gd fixes one issues. This security issue was fixed: - CVE-2017-6362: Prevent double-free in gdImagePngPtr() that potentially allowed for DoS or remote code execution (bsc#1056993). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1056993 CVE-2017-6362 openSUSE Leap 42.2 This update for xmltooling fixes the following issues: - CVE-2018-0486: Fixed a security bug when xmltooling mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD (bsc#1075975) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1075975 CVE-2018-0486 openSUSE Leap 42.2 This update for ImageMagick fixes the following issues: - security update (xcf.c): * CVE-2017-14343: Memory leak vulnerability in ReadXCFImage could lead to denial of service via a crafted file. CVE-2017-12691: The ReadOneLayer function in coders/xcf.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file. [bsc#1058422] - security update (pnm.c): * CVE-2017-14042: A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c and could lead to remote denial of service [bsc#1056550] - security update (psd.c): * CVE-2017-15281: ReadPSDImage allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file [bsc#1063049] * CVE-2017-13061: A length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file. [bsc#1055063] * CVE-2017-12563: A Memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service. [bsc#1052460] * CVE-2017-14174: Due to a lack of an EOF check (End of File) in ReadPSDLayersInternal could cause huge CPU consumption, when a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over \"length\" would consume huge CPU resources, since there is no EOF check inside the loop.[bsc#1057723] - security update (meta.c): * CVE-2017-13062: Amemory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file [bsc#1055053] - security update (gif.c): * CVE-2017-15277: ReadGIFImage in coders/gif.c leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.[bsc#1063050] This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1052460 SUSE bug 1055053 SUSE bug 1055063 SUSE bug 1056550 SUSE bug 1057723 SUSE bug 1058422 SUSE bug 1063049 SUSE bug 1063050 CVE-2017-12563 CVE-2017-12691 CVE-2017-13061 CVE-2017-13062 CVE-2017-14042 CVE-2017-14174 CVE-2017-14343 CVE-2017-15277 CVE-2017-15281 openSUSE Leap 42.2 This update for virtualbox to version 5.1.32 fixes the following issues: The following vulnerabilities were fixed (boo#1076372): - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, also known as "Spectre", bsc#1068032. - CVE-2018-2676: Local authenticated attacker may gain elevated privileges - CVE-2018-2685: Local authenticated attacker may gain elevated privileges - CVE-2018-2686: Local authenticated attacker may gain elevated privileges - CVE-2018-2687: Local authenticated attacker may gain elevated privileges - CVE-2018-2688: Local authenticated attacker may gain elevated privileges - CVE-2018-2689: Local authenticated attacker may gain elevated privileges - CVE-2018-2690: Local authenticated attacker may gain elevated privileges - CVE-2018-2693: Local authenticated attacker may gain elevated privileges via guest additions - CVE-2018-2694: Local authenticated attacker may gain elevated privileges - CVE-2018-2698: Local authenticated attacker may gain elevated privileges The following bug fixes are included: - fix occasional screen corruption when host screen resolution is changed - increase proposed disk size when creating new VMs for Windows 7 and newer - fix broken communication with certain devices on Linux hosts - Fix problems using 256MB VRAM in raw-mode VMs - add HDA support for more exotic guests (e.g. Haiku) - fix playback with ALSA backend (5.1.28 regression) - fix a problem where OHCI emulation might sporadically drop data transfers Important SUSE bug 1068032 SUSE bug 1076372 CVE-2017-5715 CVE-2018-2676 CVE-2018-2685 CVE-2018-2686 CVE-2018-2687 CVE-2018-2688 CVE-2018-2689 CVE-2018-2690 CVE-2018-2693 CVE-2018-2694 CVE-2018-2698 openSUSE Leap 42.2 This update for clamav-database updates the database. This update was imported from the SUSE:SLE-12:Update update project. Moderate openSUSE Leap 42.2 This update for MozillaFirefox fixes the following issues: - update to Firefox 52.6esr (boo#1077291) MFSA 2018-01 * Speculative execution side-channel attack ("Spectre") MFSA 2018-03 * CVE-2018-5091 (bmo#1423086) Use-after-free with DTMF timers * CVE-2018-5095 (bmo#1418447) Integer overflow in Skia library during edge builder allocation * CVE-2018-5096 (bmo#1418922) Use-after-free while editing form elements * CVE-2018-5097 (bmo#1387427) Use-after-free when source document is manipulated during XSLT * CVE-2018-5098 (bmo#1399400) Use-after-free while manipulating form input elements * CVE-2018-5099 (bmo#1416878) Use-after-free with widget listener * CVE-2018-5102 (bmo#1419363) Use-after-free in HTML media elements * CVE-2018-5103 (bmo#1423159) Use-after-free during mouse event handling * CVE-2018-5104 (bmo#1425000) Use-after-free during font face manipulation * CVE-2018-5117 (bmo#1395508) URL spoofing with right-to-left text aligned left-to-right * CVE-2018-5089 Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 - Added additional patches and configurations to fix builds on s390 and PowerPC. * Added firefox-glibc-getrandom.patch effecting builds on s390 and PowerPC * Added mozilla-s390-bigendian.patch along with icudt58b.dat bigendian ICU data file for running Firefox on bigendian architectures (bmo#1322212 and bmo#1264836) * Added mozilla-s390-nojit.patch to enable atomic operations used by the JS engine when JIT is disabled on s390 * Build configuration options specific to s390 * Requires NSS >= 3.29.5 Important SUSE bug 1077291 CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 openSUSE Leap 42.2 This update for libexif fixes several issues. These security issues were fixed: - CVE-2016-6328: Fixed integer overflow in parsing MNOTE entry data of the input file (bsc#1055857) - CVE-2017-7544: Fixed out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure (bsc#1059893) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1055857 SUSE bug 1059893 CVE-2016-6328 CVE-2017-7544 openSUSE Leap 42.2 This update for libvpx fixes one issues. This security issue was fixed: - CVE-2017-13194: Fixed incorrect memory allocation related to odd frame width (bsc#1075992). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1075992 CVE-2017-13194 openSUSE Leap 42.2 This update for GraphicsMagick fixes several issues. These security issues were fixed: - CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043353) - CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043354) - CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1051442) - CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052708) - CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052717) - CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage in coders\png.c (bsc#1052777) - CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c (bsc#1054600) - CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value (bsc#1055374) - CVE-2017-13142: Added additional checks for short files to prevent a crafted PNG file from triggering a crash (bsc#1055455) - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in coders/png.c did not properly manage image pointers after certain error conditions, which allowed remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call (bsc#1057000) - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c (bsc#1062752) Moderate SUSE bug 1043353 SUSE bug 1043354 SUSE bug 1051442 SUSE bug 1052708 SUSE bug 1052717 SUSE bug 1052777 SUSE bug 1054600 SUSE bug 1055374 SUSE bug 1055455 SUSE bug 1057000 SUSE bug 1062752 CVE-2017-11750 CVE-2017-12641 CVE-2017-12673 CVE-2017-12676 CVE-2017-12935 CVE-2017-13142 CVE-2017-13147 CVE-2017-14103 CVE-2017-15218 CVE-2017-9261 CVE-2017-9262 openSUSE Leap 42.2 This update for mupdf to version 1.12.0 fixes several issues. These security issues were fixed: - CVE-2018-5686: Prevent infinite loop in pdf_parse_array function because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file (bsc#1075936). - CVE-2017-15369: The build_filter_chain function in pdf/pdf-stream.c mishandled a case where a variable may reside in a register, which allowed remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document (bsc#1063413). - CVE-2017-15587: Prevent integer overflow in pdf_read_new_xref_section that allowed for DoS (bsc#1064027). - CVE-2017-17866: Fixed mishandling of length changes when a repair operation occured during a clean operation, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document (bsc#1074116). - CVE-2017-17858: Fixed a heap-based buffer overflow in the ensure_solid_xref function which allowed a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers were unrestricted (bsc#1077161). For non-security changes please refer to the changelog. Moderate SUSE bug 1063413 SUSE bug 1064027 SUSE bug 1074116 SUSE bug 1075936 SUSE bug 1077161 CVE-2017-15369 CVE-2017-15587 CVE-2017-17858 CVE-2017-17866 CVE-2018-5686 openSUSE Leap 42.2 This update for kernel-firmware fixes the following issues: - Add microcode_amd_fam17h.bin (bsc#1068032 CVE-2017-5715) This new firmware disables branch prediction on AMD family 17h processor to mitigate an attack on the branch predictor that could lead to information disclosure from e.g. kernel memory (bsc#1068032 CVE-2017-5715). This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1068032 CVE-2017-5715 openSUSE Leap 42.2 This update for mysql-community-server to version 5.6.39 fixes several issues. These security issues were fixed: - CVE-2018-2622: Vulnerability in the subcomponent: Server: DDL. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2562: Vulnerability in the subcomponent: Server : Partition. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (bsc#1076369). - CVE-2018-2640: Vulnerability in the subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2665: Vulnerability in the subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2668: Vulnerability in the subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2696: Vulnerability in the subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2583: Vulnerability in the subcomponent: Stored Procedure. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2612: Vulnerability in the subcomponent: InnoDB. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2703: Vulnerability in the subcomponent: Server : Security : Privileges. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2573: Vulnerability in the subcomponent: Server: GIS. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2017-3737: OpenSSL introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it did not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error - CVE-2018-2647: Vulnerability in the subcomponent: Server: Replication. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (bsc#1076369). - CVE-2018-2591: Vulnerability in the subcomponent: Server : Partition. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2590: Vulnerability in the subcomponent: Server: Performance Schema. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2645: Vulnerability in the subcomponent: Server: Performance Schema. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data (bsc#1076369). For additional details please see http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-39.html Important SUSE bug 1076369 CVE-2017-3737 CVE-2018-2562 CVE-2018-2573 CVE-2018-2583 CVE-2018-2590 CVE-2018-2591 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2645 CVE-2018-2647 CVE-2018-2665 CVE-2018-2668 CVE-2018-2696 CVE-2018-2703 openSUSE Leap 42.2 This update for tre fixes one issue. This security issue was fixed: - CVE-2016-8859: Fixed multiple integer overflows which allowed attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggered an out-of-bounds write (boo#1005483) Moderate SUSE bug 1005483 CVE-2016-8859 openSUSE Leap 42.2 This update for newsbeuter fixes one issues. This security issue was fixed: - CVE-2017-14500: Improper Neutralization of special elements allowed remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure that includes shell metacharacters in its filename (bsc#1059057). Important SUSE bug 1059057 CVE-2017-14500 openSUSE Leap 42.2 This update for redis to version 4.0.6 fixes security issues and bugs. The following vulnerabilities were fixed: - CVE-2017-15047: Buffer overflows occurring reading redis.conf (bsc#1061967) The following bugs are fixed: - Several PSYNC2 bugs could cause data corruption Moderate SUSE bug 1061967 CVE-2017-15047 openSUSE Leap 42.2 This update for libevent fixes the following security issues: - CVE-2016-10195: DNS remote stack overread vulnerability (bsc#1022917) - CVE-2016-10196: stack/buffer overflow in evutil_parse_sockaddr_port() (bsc#1022918) - CVE-2016-10197: out-of-bounds read in search_make_new() (bsc#1022919) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1022917 SUSE bug 1022918 SUSE bug 1022919 CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 openSUSE Leap 42.2 This update for curl fixes one issues. This security issue was fixed: - CVE-2018-1000007: Prevent leaking authentication data to third parties when following redirects (bsc#1077001) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1077001 CVE-2018-1000007 openSUSE Leap 42.2 This update for php5 fixes several issues. These security issues were fixed: - CVE-2018-5712: Prevent reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file that allowed for information disclosure (bsc#1076220) - CVE-2018-5711: Prevent integer signedness error that could have lead to an infinite loop via a crafted GIF file allowing for DoS (bsc#1076391) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1076220 SUSE bug 1076391 CVE-2018-5711 CVE-2018-5712