SUSE 5009 Published by

The following updates has been released for openSUSE:

openSUSE-SU-2018:3687-1: important: Security update for MozillaThunderbird
openSUSE-SU-2018:3690-1: moderate: Security update for libarchive
openSUSE-SU-2018:3691-1: moderate: Security update for soundtouch
openSUSE-SU-2018:3692-1: important: Security update for soundtouch
openSUSE-SU-2018:3694-1: moderate: Security update for audiofile
openSUSE-SU-2018:3695-1: important: Security update for systemd
openSUSE-SU-2018:3696-1: Security update for ntfs-3g_ntfsprogs
openSUSE-SU-2018:3699-1: moderate: Security update for curl
openSUSE-SU-2018:3701-1: moderate: Security update for opensc
openSUSE-SU-2018:3703-1: moderate: Security update for python, python-base
openSUSE-SU-2018:3706-1: moderate: Security update for curl
openSUSE-SU-2018:3709-1: moderate: Security update for qemu
openSUSE-SU-2018:3710-1: moderate: Security update for accountsservice
openSUSE-SU-2018:3713-1: important: Security update for apache2
openSUSE-SU-2018:3716-1: moderate: Security update for opensc
openSUSE-SU-2018:3717-1: moderate: Security update for libarchive



openSUSE-SU-2018:3687-1: important: Security update for MozillaThunderbird

openSUSE Security Update: Security update for MozillaThunderbird
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3687-1
Rating: important
References: #1066489 #1084603 #1098998 #1107343 #1107772
#1109363 #1109379 #1112852
Cross-References: CVE-2017-16541 CVE-2018-12359 CVE-2018-12360
CVE-2018-12361 CVE-2018-12362 CVE-2018-12363
CVE-2018-12364 CVE-2018-12365 CVE-2018-12366
CVE-2018-12367 CVE-2018-12371 CVE-2018-12376
CVE-2018-12377 CVE-2018-12378 CVE-2018-12383
CVE-2018-12385 CVE-2018-12389 CVE-2018-12390
CVE-2018-12391 CVE-2018-12392 CVE-2018-12393
CVE-2018-16541 CVE-2018-5156 CVE-2018-5187
CVE-2018-5188
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________

An update that fixes 25 vulnerabilities is now available.

Description:

This update for Mozilla Thunderbird to version 60.2.1 fixes multiple
issues.

Multiple security issues were fixed in the Mozilla platform as advised in
MFSA 2018-25 and MFSA 2018-28. In general, these flaws cannot be exploited
through email in Thunderbird because scripting is disabled when reading
mail, but are potentially risks in browser or browser-like contexts:

- CVE-2018-12359: Prevent buffer overflow using computed size of canvas
element (bsc#1098998)
- CVE-2018-12360: Prevent use-after-free when using focus() (bsc#1098998)
- CVE-2018-12361: Prevent integer overflow in SwizzleData (bsc#1098998)
- CVE-2018-12362: Prevent integer overflow in SSSE3 scaler (bsc#1098998)
- CVE-2018-5156: Prevent media recorder segmentation fault when track type
is changed during capture (bsc#1098998)
- CVE-2018-12363: Prevent use-after-free when appending DOM nodes
(bsc#1098998)
- CVE-2018-12364: Prevent CSRF attacks through 307 redirects and NPAPI
plugins (bsc#1098998)
- CVE-2018-12365: Prevent compromised IPC child process listing local
filenames (bsc#1098998)
- CVE-2018-12371: Prevent integer overflow in Skia library during edge
builder allocation (bsc#1098998)
- CVE-2018-12366: Prevent invalid data handling during QCMS
transformations (bsc#1098998)
- CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming
(bsc#1098998)
- CVE-2018-5187: Various memory safety bugs (bsc#1098998)
- CVE-2018-5188: Various memory safety bugs (bsc#1098998)
- CVE-2018-12377: Use-after-free in refresh driver timers (bsc#1107343)
- CVE-2018-12378: Use-after-free in IndexedDB (bsc#1107343)
- CVE-2017-16541: Proxy bypass using automount and autofs (bsc#1066489)
- CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR
60.2 (bsc#1107343)
- CVE-2018-12385: Crash in TransportSecurityInfo due to cached data
(bsc#1109363)
- CVE-2018-12383: Setting a master password did not delete unencrypted
previously stored passwords (bsc#1107343)
- CVE-2018-12389: Fixed memory safety bugs (bsc#1112852)
- CVE-2018-12390: Fixed memory safety bugs (bsc#1112852)
- CVE-2018-12391: Fixed HTTP Live Stream audio data is accessible
cross-origin (bsc#1112852)
- CVE-2018-12392: Fixed crash with nested event loops (bsc#1112852)
- CVE-2018-12393: Fixed integer overflow during Unicode conversion while
loading JavaScript (bsc#1112852)

These non-security issues were fixed:

- Fix date display issues (bsc#1109379)
- Fix start-up crash due to folder name with special characters
(bsc#1107772)
- Storing of remote content settings fixed (bsc#1084603)
- Improved message handling and composing
- Improved handling of message templates
- Support for OAuth2 and FIDO U2F
- Various Calendar improvements
- Various fixes and changes to e-mail workflow
- Various IMAP fixes
- Native desktop notifications
- various theme fixes
- Shift+PageUp/PageDown in Write window
- Gloda attachment filtering
- Mailing list address auto-complete enter/return handling
- Thunderbird hung if HTML signature references non-existent image
- Filters not working for headers that appear more than once


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2018-1360=1



Package List:

- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):

MozillaThunderbird-60.3.0-74.2
MozillaThunderbird-buildsymbols-60.3.0-74.2
MozillaThunderbird-translations-common-60.3.0-74.2
MozillaThunderbird-translations-other-60.3.0-74.2


References:

https://www.suse.com/security/cve/CVE-2017-16541.html
https://www.suse.com/security/cve/CVE-2018-12359.html
https://www.suse.com/security/cve/CVE-2018-12360.html
https://www.suse.com/security/cve/CVE-2018-12361.html
https://www.suse.com/security/cve/CVE-2018-12362.html
https://www.suse.com/security/cve/CVE-2018-12363.html
https://www.suse.com/security/cve/CVE-2018-12364.html
https://www.suse.com/security/cve/CVE-2018-12365.html
https://www.suse.com/security/cve/CVE-2018-12366.html
https://www.suse.com/security/cve/CVE-2018-12367.html
https://www.suse.com/security/cve/CVE-2018-12371.html
https://www.suse.com/security/cve/CVE-2018-12376.html
https://www.suse.com/security/cve/CVE-2018-12377.html
https://www.suse.com/security/cve/CVE-2018-12378.html
https://www.suse.com/security/cve/CVE-2018-12383.html
https://www.suse.com/security/cve/CVE-2018-12385.html
https://www.suse.com/security/cve/CVE-2018-12389.html
https://www.suse.com/security/cve/CVE-2018-12390.html
https://www.suse.com/security/cve/CVE-2018-12391.html
https://www.suse.com/security/cve/CVE-2018-12392.html
https://www.suse.com/security/cve/CVE-2018-12393.html
https://www.suse.com/security/cve/CVE-2018-16541.html
https://www.suse.com/security/cve/CVE-2018-5156.html
https://www.suse.com/security/cve/CVE-2018-5187.html
https://www.suse.com/security/cve/CVE-2018-5188.html
https://bugzilla.suse.com/1066489
https://bugzilla.suse.com/1084603
https://bugzilla.suse.com/1098998
https://bugzilla.suse.com/1107343
https://bugzilla.suse.com/1107772
https://bugzilla.suse.com/1109363
https://bugzilla.suse.com/1109379
https://bugzilla.suse.com/1112852

--


openSUSE-SU-2018:3690-1: moderate: Security update for libarchive

openSUSE Security Update: Security update for libarchive
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3690-1
Rating: moderate
References: #1059100 #1059134 #1059139
Cross-References: CVE-2017-14501 CVE-2017-14502 CVE-2017-14503

Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:


This update for libarchive fixes the following issues:

- CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in
archive_read_support_format_iso9660.c when extracting a specially
crafted iso9660 iso file, related to
archive_read_format_iso9660_read_header. (bsc#1059139)
- CVE-2017-14502: read_header in archive_read_support_format_rar.c
suffered from an off-by-one error for UTF-16 names in RAR archives,
leading to an out-of-bounds read in archive_read_format_rar_read_header.
(bsc#1059134)
- CVE-2017-14503: libarchive suffered from an out-of-bounds read within
lha_read_data_none() in archive_read_support_format_lha.c when
extracting a specially crafted lha archive, related to lha_crc16.
(bsc#1059100)


This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1365=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

bsdtar-3.3.2-lp150.2.3.1
bsdtar-debuginfo-3.3.2-lp150.2.3.1
libarchive-debugsource-3.3.2-lp150.2.3.1
libarchive-devel-3.3.2-lp150.2.3.1
libarchive13-3.3.2-lp150.2.3.1
libarchive13-debuginfo-3.3.2-lp150.2.3.1

- openSUSE Leap 15.0 (x86_64):

libarchive13-32bit-3.3.2-lp150.2.3.1
libarchive13-32bit-debuginfo-3.3.2-lp150.2.3.1


References:

https://www.suse.com/security/cve/CVE-2017-14501.html
https://www.suse.com/security/cve/CVE-2017-14502.html
https://www.suse.com/security/cve/CVE-2017-14503.html
https://bugzilla.suse.com/1059100
https://bugzilla.suse.com/1059134
https://bugzilla.suse.com/1059139

--


openSUSE-SU-2018:3691-1: moderate: Security update for soundtouch

openSUSE Security Update: Security update for soundtouch
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3691-1
Rating: moderate
References: #1108630 #1108631 #1108632
Cross-References: CVE-2018-17096 CVE-2018-17097 CVE-2018-17098

Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for soundtouch fixes the following issues:

- CVE-2018-17098: The WavFileBase class allowed remote attackers to cause
a denial of service (heap corruption from size inconsistency) or
possibly have unspecified other impact, as demonstrated by SoundStretch.
(bsc#1108632)
- CVE-2018-17097: The WavFileBase class allowed remote attackers to cause
a denial of service (double free) or possibly have unspecified other
impact, as demonstrated by SoundStretch. (double free) (bsc#1108631)
- CVE-2018-17096: The BPMDetect class allowed remote attackers to cause a
denial of service (assertion failure and application exit), as
demonstrated by SoundStretch. (bsc#1108630)

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1362=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

libSoundTouch0-1.8.0-lp150.2.6.1
libSoundTouch0-debuginfo-1.8.0-lp150.2.6.1
soundtouch-1.8.0-lp150.2.6.1
soundtouch-debuginfo-1.8.0-lp150.2.6.1
soundtouch-debugsource-1.8.0-lp150.2.6.1
soundtouch-devel-1.8.0-lp150.2.6.1

- openSUSE Leap 15.0 (x86_64):

libSoundTouch0-32bit-1.8.0-lp150.2.6.1
libSoundTouch0-32bit-debuginfo-1.8.0-lp150.2.6.1


References:

https://www.suse.com/security/cve/CVE-2018-17096.html
https://www.suse.com/security/cve/CVE-2018-17097.html
https://www.suse.com/security/cve/CVE-2018-17098.html
https://bugzilla.suse.com/1108630
https://bugzilla.suse.com/1108631
https://bugzilla.suse.com/1108632

--


openSUSE-SU-2018:3692-1: important: Security update for soundtouch

openSUSE Security Update: Security update for soundtouch
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3692-1
Rating: important
References: #1103676 #1108630 #1108631 #1108632
Cross-References: CVE-2018-1000223 CVE-2018-17096 CVE-2018-17097
CVE-2018-17098
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for soundtouch fixes the following issues:

- CVE-2018-17098: The WavFileBase class allowed remote attackers to cause
a denial of service (heap corruption from size inconsistency) or
possibly have unspecified other impact, as demonstrated by SoundStretch.
(bsc#1108632)
- CVE-2018-17097: The WavFileBase class allowed remote attackers to cause
a denial of service (double free) or possibly have unspecified other
impact, as demonstrated by SoundStretch. (double free) (bsc#1108631)
- CVE-2018-17096: The BPMDetect class allowed remote attackers to cause a
denial of service (assertion failure and application exit), as
demonstrated by SoundStretch. (bsc#1108630)
- CVE-2018-1000223: soundtouch contained a Buffer Overflow vulnerability
in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() that can result
in arbitrary code execution. This attack appear to be exploitable via
victim must open maliocius file in soundstretch utility. (boo#1103676)


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1361=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

libSoundTouch0-1.8.0-6.3.1
libSoundTouch0-debuginfo-1.8.0-6.3.1
soundtouch-1.8.0-6.3.1
soundtouch-debuginfo-1.8.0-6.3.1
soundtouch-debugsource-1.8.0-6.3.1
soundtouch-devel-1.8.0-6.3.1

- openSUSE Leap 42.3 (x86_64):

libSoundTouch0-32bit-1.8.0-6.3.1
libSoundTouch0-debuginfo-32bit-1.8.0-6.3.1


References:

https://www.suse.com/security/cve/CVE-2018-1000223.html
https://www.suse.com/security/cve/CVE-2018-17096.html
https://www.suse.com/security/cve/CVE-2018-17097.html
https://www.suse.com/security/cve/CVE-2018-17098.html
https://bugzilla.suse.com/1103676
https://bugzilla.suse.com/1108630
https://bugzilla.suse.com/1108631
https://bugzilla.suse.com/1108632

--


openSUSE-SU-2018:3694-1: moderate: Security update for audiofile

openSUSE Security Update: Security update for audiofile
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3694-1
Rating: moderate
References: #1111586
Cross-References: CVE-2018-17095
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for audiofile fixes the following issues:

- CVE-2018-17095: A heap-based buffer overflow in Expand3To4Module::run
could occurred when running sfconvert leading to crashes or code
execution when handling untrusted soundfiles (bsc#1111586).

This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1375=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

audiofile-0.3.6-13.3.1
audiofile-debuginfo-0.3.6-13.3.1
audiofile-debugsource-0.3.6-13.3.1
audiofile-devel-0.3.6-13.3.1
audiofile-doc-0.3.6-13.3.1
libaudiofile1-0.3.6-13.3.1
libaudiofile1-debuginfo-0.3.6-13.3.1

- openSUSE Leap 42.3 (x86_64):

audiofile-devel-32bit-0.3.6-13.3.1
libaudiofile1-32bit-0.3.6-13.3.1
libaudiofile1-debuginfo-32bit-0.3.6-13.3.1


References:

https://www.suse.com/security/cve/CVE-2018-17095.html
https://bugzilla.suse.com/1111586

--


openSUSE-SU-2018:3695-1: important: Security update for systemd

openSUSE Security Update: Security update for systemd
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3695-1
Rating: important
References: #1089761 #1090944 #1091677 #1093753 #1101040
#1102908 #1105031 #1107640 #1107941 #1109197
#1109252 #1110445 #1112024 #1113083 #1113632
#1113665 #1114135 #991901
Cross-References: CVE-2018-15686 CVE-2018-15688
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves two vulnerabilities and has 16 fixes
is now available.

Description:

This update for systemd fixes the following issues:

Security issues fixed:

- CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of
systemd allowed a malicious dhcp6 server to overwrite heap memory in
systemd-networkd. (bsc#1113632)
- CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an
attacker to supply arbitrary state across systemd re-execution via
NotifyAccess. This can be used to improperly influence systemd execution
and possibly lead to root privilege escalation. (bsc#1113665)

Non security issues fixed:

- dhcp6: split assert_return() to be more debuggable when hit
- core: skip unit deserialization and move to the next one when
unit_deserialize() fails
- core: properly handle deserialization of unknown unit types (#6476)
- core: don't create Requires for workdir if "missing ok" (bsc#1113083)
- logind: use manager_get_user_by_pid() where appropriate
- logind: rework manager_get_{user|session}_by_pid() a bit
- login: fix user@.service case, so we don't allow nested sessions (#8051)
(bsc#1112024)
- core: be more defensive if we can't determine per-connection socket peer
(#7329)
- core: introduce systemd.early_core_pattern= kernel cmdline option
- core: add missing 'continue' statement
- core/mount: fstype may be NULL
- journald: don't ship systemd-journald-audit.socket (bsc#1109252)
- core: make "tmpfs" dependencies on swapfs a "default" dep, not an
"implicit" (bsc#1110445)
- mount: make sure we unmount tmpfs mounts before we deactivate swaps
(#7076)
- detect-virt: do not try to read all of /proc/cpuinfo (bsc#1109197)
- emergency: make sure console password agents don't interfere with the
emergency shell
- man: document that 'nofail' also has an effect on ordering
- journald: take leading spaces into account in syslog_parse_identifier
- journal: do not remove multiple spaces after identifier in syslog message
- syslog: fix segfault in syslog_parse_priority()
- journal: fix syslog_parse_identifier()
- install: drop left-over debug message (#6913)
- Ship systemd-sysv-install helper via the main package This script was
part of systemd-sysvinit sub-package but it was wrong since
systemd-sysv-install is a script used to redirect enable/disable
operations to chkconfig when the unit targets are sysv init scripts.
Therefore it's never been a SySV init tool.
- Add udev.no-partlabel-links kernel command-line option. This option can
be used to disable the generation of the by-partlabel symlinks
regardless of the name used. (bsc#1089761)
- man: SystemMaxUse= clarification in journald.conf(5). (bsc#1101040)
- systemctl: load unit if needed in "systemctl is-active" (bsc#1102908)
- core: don't freeze OnCalendar= timer units when the clock goes back a
lot (bsc#1090944)
- Enable or disable machines.target according to the presets (bsc#1107941)
- cryptsetup: add support for sector-size= option (fate#325697)
- nspawn: always use permission mode 555 for /sys (bsc#1107640)
- Bugfix for a race condition between daemon-reload and other commands
(bsc#1105031)
- Fixes an issue where login with root credentials was not possible in
init level 5 (bsc#1091677)
- Fix an issue where services of type "notify" harmless DENIED log
entries. (bsc#991901)
- Does no longer adjust qgroups on existing subvolumes (bsc#1093753)
- cryptsetup: add support for sector-size= option (#9936) (fate#325697
bsc#1114135)

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1382=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

libsystemd0-234-lp150.20.9.1
libsystemd0-debuginfo-234-lp150.20.9.1
libsystemd0-mini-234-lp150.20.9.1
libsystemd0-mini-debuginfo-234-lp150.20.9.1
libudev-devel-234-lp150.20.9.1
libudev-mini-devel-234-lp150.20.9.1
libudev-mini1-234-lp150.20.9.1
libudev-mini1-debuginfo-234-lp150.20.9.1
libudev1-234-lp150.20.9.1
libudev1-debuginfo-234-lp150.20.9.1
nss-myhostname-234-lp150.20.9.1
nss-myhostname-debuginfo-234-lp150.20.9.1
nss-mymachines-234-lp150.20.9.1
nss-mymachines-debuginfo-234-lp150.20.9.1
nss-systemd-234-lp150.20.9.1
nss-systemd-debuginfo-234-lp150.20.9.1
systemd-234-lp150.20.9.1
systemd-container-234-lp150.20.9.1
systemd-container-debuginfo-234-lp150.20.9.1
systemd-coredump-234-lp150.20.9.1
systemd-coredump-debuginfo-234-lp150.20.9.1
systemd-debuginfo-234-lp150.20.9.1
systemd-debugsource-234-lp150.20.9.1
systemd-devel-234-lp150.20.9.1
systemd-logger-234-lp150.20.9.1
systemd-mini-234-lp150.20.9.1
systemd-mini-container-mini-234-lp150.20.9.1
systemd-mini-container-mini-debuginfo-234-lp150.20.9.1
systemd-mini-coredump-mini-234-lp150.20.9.1
systemd-mini-coredump-mini-debuginfo-234-lp150.20.9.1
systemd-mini-debuginfo-234-lp150.20.9.1
systemd-mini-debugsource-234-lp150.20.9.1
systemd-mini-devel-234-lp150.20.9.1
systemd-mini-sysvinit-234-lp150.20.9.1
systemd-sysvinit-234-lp150.20.9.1
udev-234-lp150.20.9.1
udev-debuginfo-234-lp150.20.9.1
udev-mini-234-lp150.20.9.1
udev-mini-debuginfo-234-lp150.20.9.1

- openSUSE Leap 15.0 (noarch):

systemd-bash-completion-234-lp150.20.9.1
systemd-mini-bash-completion-234-lp150.20.9.1

- openSUSE Leap 15.0 (x86_64):

libsystemd0-32bit-234-lp150.20.9.1
libsystemd0-32bit-debuginfo-234-lp150.20.9.1
libudev-devel-32bit-234-lp150.20.9.1
libudev1-32bit-234-lp150.20.9.1
libudev1-32bit-debuginfo-234-lp150.20.9.1
nss-myhostname-32bit-234-lp150.20.9.1
nss-myhostname-32bit-debuginfo-234-lp150.20.9.1
nss-mymachines-32bit-234-lp150.20.9.1
nss-mymachines-32bit-debuginfo-234-lp150.20.9.1
systemd-32bit-234-lp150.20.9.1
systemd-32bit-debuginfo-234-lp150.20.9.1


References:

https://www.suse.com/security/cve/CVE-2018-15686.html
https://www.suse.com/security/cve/CVE-2018-15688.html
https://bugzilla.suse.com/1089761
https://bugzilla.suse.com/1090944
https://bugzilla.suse.com/1091677
https://bugzilla.suse.com/1093753
https://bugzilla.suse.com/1101040
https://bugzilla.suse.com/1102908
https://bugzilla.suse.com/1105031
https://bugzilla.suse.com/1107640
https://bugzilla.suse.com/1107941
https://bugzilla.suse.com/1109197
https://bugzilla.suse.com/1109252
https://bugzilla.suse.com/1110445
https://bugzilla.suse.com/1112024
https://bugzilla.suse.com/1113083
https://bugzilla.suse.com/1113632
https://bugzilla.suse.com/1113665
https://bugzilla.suse.com/1114135
https://bugzilla.suse.com/991901

--


openSUSE-SU-2018:3696-1: Security update for ntfs-3g_ntfsprogs

openSUSE Security Update: Security update for ntfs-3g_ntfsprogs
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3696-1
Rating: low
References: #1022500
Cross-References: CVE-2017-0358
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for ntfs-3g_ntfsprogs fixes the following issues:

- CVE-2017-0358: Missing sanitization of the environment during a call to
modprobe allowed local users to escalate fo root privilege (bsc#1022500)

This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1376=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

libntfs-3g-devel-2013.1.13-7.3.1
libntfs-3g84-2013.1.13-7.3.1
libntfs-3g84-debuginfo-2013.1.13-7.3.1
ntfs-3g-2013.1.13-7.3.1
ntfs-3g-debuginfo-2013.1.13-7.3.1
ntfs-3g_ntfsprogs-debugsource-2013.1.13-7.3.1
ntfsprogs-2013.1.13-7.3.1
ntfsprogs-debuginfo-2013.1.13-7.3.1


References:

https://www.suse.com/security/cve/CVE-2017-0358.html
https://bugzilla.suse.com/1022500

--


openSUSE-SU-2018:3699-1: moderate: Security update for curl

openSUSE Security Update: Security update for curl
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3699-1
Rating: moderate
References: #1112758 #1113660
Cross-References: CVE-2018-16840 CVE-2018-16842
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for curl fixes the following issues:

- CVE-2018-16840: A use after free in closing SASL handles was fixed
(bsc#1112758)
- CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which
could lead to crashes (bsc#1113660)

This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1383=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

curl-7.37.0-42.1
curl-debuginfo-7.37.0-42.1
curl-debugsource-7.37.0-42.1
libcurl-devel-7.37.0-42.1
libcurl4-7.37.0-42.1
libcurl4-debuginfo-7.37.0-42.1

- openSUSE Leap 42.3 (x86_64):

libcurl-devel-32bit-7.37.0-42.1
libcurl4-32bit-7.37.0-42.1
libcurl4-debuginfo-32bit-7.37.0-42.1


References:

https://www.suse.com/security/cve/CVE-2018-16840.html
https://www.suse.com/security/cve/CVE-2018-16842.html
https://bugzilla.suse.com/1112758
https://bugzilla.suse.com/1113660

--


openSUSE-SU-2018:3701-1: moderate: Security update for opensc

openSUSE Security Update: Security update for opensc
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3701-1
Rating: moderate
References: #1104812 #1106998 #1106999 #1107033 #1107034
#1107037 #1107038 #1107039 #1107097 #1107107
#1108318
Cross-References: CVE-2018-16391 CVE-2018-16392 CVE-2018-16393
CVE-2018-16418 CVE-2018-16419 CVE-2018-16420
CVE-2018-16422 CVE-2018-16423 CVE-2018-16426
CVE-2018-16427
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves 10 vulnerabilities and has one errata
is now available.

Description:

This update for opensc fixes the following issues:

- CVE-2018-16391: Fixed a denial of service when handling responses from a
Muscle Card (bsc#1106998)
- CVE-2018-16392: Fixed a denial of service when handling responses from a
TCOS Card (bsc#1106999)
- CVE-2018-16393: Fixed buffer overflows when handling responses from
Gemsafe V1 Smartcards (bsc#1108318)
- CVE-2018-16418: Fixed buffer overflow when handling string concatenation
in util_acl_to_str (bsc#1107039)
- CVE-2018-16419: Fixed several buffer overflows when handling responses
from a Cryptoflex card (bsc#1107107)
- CVE-2018-16420: Fixed buffer overflows when handling responses from an
ePass 2003 Card (bsc#1107097)
- CVE-2018-16422: Fixed single byte buffer overflow when handling
responses from an esteid Card (bsc#1107038)
- CVE-2018-16423: Fixed double free when handling responses from a
smartcard (bsc#1107037)
- CVE-2018-16426: Fixed endless recursion when handling responses from an
IAS-ECC card (bsc#1107034)
- CVE-2018-16427: Fixed out of bounds reads when handling responses in
OpenSC (bsc#1107033)


This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1384=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

opensc-0.13.0-9.3.1
opensc-debuginfo-0.13.0-9.3.1
opensc-debugsource-0.13.0-9.3.1


References:

https://www.suse.com/security/cve/CVE-2018-16391.html
https://www.suse.com/security/cve/CVE-2018-16392.html
https://www.suse.com/security/cve/CVE-2018-16393.html
https://www.suse.com/security/cve/CVE-2018-16418.html
https://www.suse.com/security/cve/CVE-2018-16419.html
https://www.suse.com/security/cve/CVE-2018-16420.html
https://www.suse.com/security/cve/CVE-2018-16422.html
https://www.suse.com/security/cve/CVE-2018-16423.html
https://www.suse.com/security/cve/CVE-2018-16426.html
https://www.suse.com/security/cve/CVE-2018-16427.html
https://bugzilla.suse.com/1104812
https://bugzilla.suse.com/1106998
https://bugzilla.suse.com/1106999
https://bugzilla.suse.com/1107033
https://bugzilla.suse.com/1107034
https://bugzilla.suse.com/1107037
https://bugzilla.suse.com/1107038
https://bugzilla.suse.com/1107039
https://bugzilla.suse.com/1107097
https://bugzilla.suse.com/1107107
https://bugzilla.suse.com/1108318

--


openSUSE-SU-2018:3703-1: moderate: Security update for python, python-base

openSUSE Security Update: Security update for python, python-base
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3703-1
Rating: moderate
References: #1086001 #1088004 #1088009 #1109663
Cross-References: CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061

Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves three vulnerabilities and has one
errata is now available.

Description:

This update for python, python-base fixes the following issues:

Security issues fixed:

- CVE-2018-1000802: Prevent command injection in shutil module
(make_archive function) via passage of unfiltered user input
(bsc#1109663).
- CVE-2018-1061: Fixed DoS via regular expression backtracking in
difflib.IS_LINE_JUNK method in difflib (bsc#1088004).
- CVE-2018-1060: Fixed DoS via regular expression catastrophic
backtracking in apop() method in pop3lib (bsc#1088009).

Bug fixes:

- bsc#1086001: python tarfile uses random order.

This update was imported from the SUSE:SLE-12-SP1:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1363=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

libpython2_7-1_0-2.7.13-27.9.1
libpython2_7-1_0-debuginfo-2.7.13-27.9.1
python-2.7.13-27.9.1
python-base-2.7.13-27.9.1
python-base-debuginfo-2.7.13-27.9.1
python-base-debugsource-2.7.13-27.9.1
python-curses-2.7.13-27.9.1
python-curses-debuginfo-2.7.13-27.9.1
python-debuginfo-2.7.13-27.9.1
python-debugsource-2.7.13-27.9.1
python-demo-2.7.13-27.9.1
python-devel-2.7.13-27.9.1
python-gdbm-2.7.13-27.9.1
python-gdbm-debuginfo-2.7.13-27.9.1
python-idle-2.7.13-27.9.1
python-tk-2.7.13-27.9.1
python-tk-debuginfo-2.7.13-27.9.1
python-xml-2.7.13-27.9.1
python-xml-debuginfo-2.7.13-27.9.1

- openSUSE Leap 42.3 (noarch):

python-doc-2.7.13-27.9.1
python-doc-pdf-2.7.13-27.9.1

- openSUSE Leap 42.3 (x86_64):

libpython2_7-1_0-32bit-2.7.13-27.9.1
libpython2_7-1_0-debuginfo-32bit-2.7.13-27.9.1
python-32bit-2.7.13-27.9.1
python-base-32bit-2.7.13-27.9.1
python-base-debuginfo-32bit-2.7.13-27.9.1
python-debuginfo-32bit-2.7.13-27.9.1


References:

https://www.suse.com/security/cve/CVE-2018-1000802.html
https://www.suse.com/security/cve/CVE-2018-1060.html
https://www.suse.com/security/cve/CVE-2018-1061.html
https://bugzilla.suse.com/1086001
https://bugzilla.suse.com/1088004
https://bugzilla.suse.com/1088009
https://bugzilla.suse.com/1109663

--


openSUSE-SU-2018:3706-1: moderate: Security update for curl

openSUSE Security Update: Security update for curl
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3706-1
Rating: moderate
References: #1112758 #1113660
Cross-References: CVE-2018-16839 CVE-2018-16840 CVE-2018-16842

Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for curl fixes the following issues:

- CVE-2018-16839: A SASL password overflow via integer overflow was fixed
which could lead to crashes (bsc#1112758)
- CVE-2018-16840: A use-after-free in SASL handle close was fixed which
could lead to crashes (bsc#1112758)
- CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which
could lead to crashes (bsc#1113660)


This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1379=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

curl-7.60.0-lp150.2.15.1
curl-debuginfo-7.60.0-lp150.2.15.1
curl-debugsource-7.60.0-lp150.2.15.1
curl-mini-7.60.0-lp150.2.15.1
curl-mini-debuginfo-7.60.0-lp150.2.15.1
curl-mini-debugsource-7.60.0-lp150.2.15.1
libcurl-devel-7.60.0-lp150.2.15.1
libcurl-mini-devel-7.60.0-lp150.2.15.1
libcurl4-7.60.0-lp150.2.15.1
libcurl4-debuginfo-7.60.0-lp150.2.15.1
libcurl4-mini-7.60.0-lp150.2.15.1
libcurl4-mini-debuginfo-7.60.0-lp150.2.15.1

- openSUSE Leap 15.0 (x86_64):

libcurl-devel-32bit-7.60.0-lp150.2.15.1
libcurl4-32bit-7.60.0-lp150.2.15.1
libcurl4-32bit-debuginfo-7.60.0-lp150.2.15.1


References:

https://www.suse.com/security/cve/CVE-2018-16839.html
https://www.suse.com/security/cve/CVE-2018-16840.html
https://www.suse.com/security/cve/CVE-2018-16842.html
https://bugzilla.suse.com/1112758
https://bugzilla.suse.com/1113660

--


openSUSE-SU-2018:3709-1: moderate: Security update for qemu

openSUSE Security Update: Security update for qemu
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3709-1
Rating: moderate
References: #1092885 #1094725 #1096223 #1098735
Cross-References: CVE-2018-11806 CVE-2018-12617 CVE-2018-3639

Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves three vulnerabilities and has one
errata is now available.

Description:

This update for qemu fixes the following issues:

These security issues were fixed:

- CVE-2018-12617: qmp_guest_file_read had an integer overflow that could
have been exploited by sending a crafted QMP command (including
guest-file-read with a large count value) to the agent via the listening
socket causing DoS (bsc#1098735).
- CVE-2018-11806: Prevent heap-based buffer overflow via incoming
fragmented datagrams (bsc#1096223).

With this release the mitigations for Spectre v4 are moved the the patches
from upstream (CVE-2018-3639, bsc#1092885).

This feature was added:

- Add support for block resize support for disks through the monitor
(bsc#1094725).

This update was imported from the SUSE:SLE-12-SP3:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1364=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

qemu-linux-user-2.9.1-47.1
qemu-linux-user-debuginfo-2.9.1-47.1
qemu-linux-user-debugsource-2.9.1-47.1

- openSUSE Leap 42.3 (noarch):

qemu-ipxe-1.0.0-47.1
qemu-seabios-1.10.2-47.1
qemu-sgabios-8-47.1
qemu-vgabios-1.10.2-47.1

- openSUSE Leap 42.3 (x86_64):

qemu-2.9.1-47.1
qemu-arm-2.9.1-47.1
qemu-arm-debuginfo-2.9.1-47.1
qemu-block-curl-2.9.1-47.1
qemu-block-curl-debuginfo-2.9.1-47.1
qemu-block-dmg-2.9.1-47.1
qemu-block-dmg-debuginfo-2.9.1-47.1
qemu-block-iscsi-2.9.1-47.1
qemu-block-iscsi-debuginfo-2.9.1-47.1
qemu-block-rbd-2.9.1-47.1
qemu-block-rbd-debuginfo-2.9.1-47.1
qemu-block-ssh-2.9.1-47.1
qemu-block-ssh-debuginfo-2.9.1-47.1
qemu-debugsource-2.9.1-47.1
qemu-extra-2.9.1-47.1
qemu-extra-debuginfo-2.9.1-47.1
qemu-guest-agent-2.9.1-47.1
qemu-guest-agent-debuginfo-2.9.1-47.1
qemu-ksm-2.9.1-47.1
qemu-kvm-2.9.1-47.1
qemu-lang-2.9.1-47.1
qemu-ppc-2.9.1-47.1
qemu-ppc-debuginfo-2.9.1-47.1
qemu-s390-2.9.1-47.1
qemu-s390-debuginfo-2.9.1-47.1
qemu-testsuite-2.9.1-47.2
qemu-tools-2.9.1-47.1
qemu-tools-debuginfo-2.9.1-47.1
qemu-x86-2.9.1-47.1
qemu-x86-debuginfo-2.9.1-47.1


References:

https://www.suse.com/security/cve/CVE-2018-11806.html
https://www.suse.com/security/cve/CVE-2018-12617.html
https://www.suse.com/security/cve/CVE-2018-3639.html
https://bugzilla.suse.com/1092885
https://bugzilla.suse.com/1094725
https://bugzilla.suse.com/1096223
https://bugzilla.suse.com/1098735

--


openSUSE-SU-2018:3710-1: moderate: Security update for accountsservice

openSUSE Security Update: Security update for accountsservice
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3710-1
Rating: moderate
References:
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that contains security fixes can now be installed.

Description:

This update for accountsservice fixes the following issues:

This security issue was fixed:

- CVE-2018-14036: Prevent directory traversal caused by an insufficient
path check in user_change_icon_file_authorized_cb() (bsc#1099699)

Thsese non-security issues were fixed:

- Don't abort loading users when an /etc/shadow entry is missing.
(bsc#1090003)
- When user session type is wayland, act_user_is_logged_in can return TRUE
if the user is logged in. (bsc#1095918)

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1380=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

accountsservice-0.6.45-lp150.3.3.1
accountsservice-debuginfo-0.6.45-lp150.3.3.1
accountsservice-debugsource-0.6.45-lp150.3.3.1
accountsservice-devel-0.6.45-lp150.3.3.1
libaccountsservice0-0.6.45-lp150.3.3.1
libaccountsservice0-debuginfo-0.6.45-lp150.3.3.1
typelib-1_0-AccountsService-1_0-0.6.45-lp150.3.3.1

- openSUSE Leap 15.0 (noarch):

accountsservice-lang-0.6.45-lp150.3.3.1


References:


--


openSUSE-SU-2018:3713-1: important: Security update for apache2

openSUSE Security Update: Security update for apache2
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3713-1
Rating: important
References: #1109961
Cross-References: CVE-2018-11763
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for apache2 fixes the following issues:

Security issues fixed:

- CVE-2018-11763: In Apache HTTP Server by sending continuous, large
SETTINGS frames a client can occupy a connection, server thread and CPU
time without any connection timeout coming to effect. This affects only
HTTP/2 connections. (bsc#1109961)


This update was imported from the SUSE:SLE-12-SP2:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1378=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

apache2-2.4.23-31.1
apache2-debuginfo-2.4.23-31.1
apache2-debugsource-2.4.23-31.1
apache2-devel-2.4.23-31.1
apache2-event-2.4.23-31.1
apache2-event-debuginfo-2.4.23-31.1
apache2-example-pages-2.4.23-31.1
apache2-prefork-2.4.23-31.1
apache2-prefork-debuginfo-2.4.23-31.1
apache2-utils-2.4.23-31.1
apache2-utils-debuginfo-2.4.23-31.1
apache2-worker-2.4.23-31.1
apache2-worker-debuginfo-2.4.23-31.1

- openSUSE Leap 42.3 (noarch):

apache2-doc-2.4.23-31.1


References:

https://www.suse.com/security/cve/CVE-2018-11763.html
https://bugzilla.suse.com/1109961

--


openSUSE-SU-2018:3716-1: moderate: Security update for opensc

openSUSE Security Update: Security update for opensc
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3716-1
Rating: moderate
References: #1104812 #1106998 #1106999 #1107033 #1107034
#1107035 #1107036 #1107037 #1107038 #1107039
#1107049 #1107097 #1107107 #1108318
Cross-References: CVE-2018-16391 CVE-2018-16392 CVE-2018-16393
CVE-2018-16418 CVE-2018-16419 CVE-2018-16420
CVE-2018-16421 CVE-2018-16422 CVE-2018-16423
CVE-2018-16424 CVE-2018-16425 CVE-2018-16426
CVE-2018-16427
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves 13 vulnerabilities and has one errata
is now available.

Description:

This update for opensc fixes the following security issues:

- CVE-2018-16391: Fixed a denial of service when handling responses from a
Muscle Card (bsc#1106998)
- CVE-2018-16392: Fixed a denial of service when handling responses from a
TCOS Card (bsc#1106999)
- CVE-2018-16393: Fixed buffer overflows when handling responses from
Gemsafe V1 Smartcards (bsc#1108318)
- CVE-2018-16418: Fixed buffer overflow when handling string concatenation
in util_acl_to_str (bsc#1107039)
- CVE-2018-16419: Fixed several buffer overflows when handling responses
from a Cryptoflex card (bsc#1107107)
- CVE-2018-16420: Fixed buffer overflows when handling responses from an
ePass 2003 Card (bsc#1107097)
- CVE-2018-16421: Fixed buffer overflows when handling responses from a
CAC Card (bsc#1107049)
- CVE-2018-16422: Fixed single byte buffer overflow when handling
responses from an esteid Card (bsc#1107038)
- CVE-2018-16423: Fixed double free when handling responses from a
smartcard (bsc#1107037)
- CVE-2018-16424: Fixed double free when handling responses in read_file
(bsc#1107036)
- CVE-2018-16425: Fixed double free when handling responses from an HSM
Card (bsc#1107035)
- CVE-2018-16426: Fixed endless recursion when handling responses from an
IAS-ECC card (bsc#1107034)
- CVE-2018-16427: Fixed out of bounds reads when handling responses in
OpenSC (bsc#1107033)


This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1385=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

opensc-0.18.0-lp150.2.9.1
opensc-debuginfo-0.18.0-lp150.2.9.1
opensc-debugsource-0.18.0-lp150.2.9.1

- openSUSE Leap 15.0 (x86_64):

opensc-32bit-0.18.0-lp150.2.9.1
opensc-32bit-debuginfo-0.18.0-lp150.2.9.1


References:

https://www.suse.com/security/cve/CVE-2018-16391.html
https://www.suse.com/security/cve/CVE-2018-16392.html
https://www.suse.com/security/cve/CVE-2018-16393.html
https://www.suse.com/security/cve/CVE-2018-16418.html
https://www.suse.com/security/cve/CVE-2018-16419.html
https://www.suse.com/security/cve/CVE-2018-16420.html
https://www.suse.com/security/cve/CVE-2018-16421.html
https://www.suse.com/security/cve/CVE-2018-16422.html
https://www.suse.com/security/cve/CVE-2018-16423.html
https://www.suse.com/security/cve/CVE-2018-16424.html
https://www.suse.com/security/cve/CVE-2018-16425.html
https://www.suse.com/security/cve/CVE-2018-16426.html
https://www.suse.com/security/cve/CVE-2018-16427.html
https://bugzilla.suse.com/1104812
https://bugzilla.suse.com/1106998
https://bugzilla.suse.com/1106999
https://bugzilla.suse.com/1107033
https://bugzilla.suse.com/1107034
https://bugzilla.suse.com/1107035
https://bugzilla.suse.com/1107036
https://bugzilla.suse.com/1107037
https://bugzilla.suse.com/1107038
https://bugzilla.suse.com/1107039
https://bugzilla.suse.com/1107049
https://bugzilla.suse.com/1107097
https://bugzilla.suse.com/1107107
https://bugzilla.suse.com/1108318

--


openSUSE-SU-2018:3717-1: moderate: Security update for libarchive

openSUSE Security Update: Security update for libarchive
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3717-1
Rating: moderate
References: #1032089 #1037008 #1037009 #1057514 #1059100
#1059134 #1059139
Cross-References: CVE-2016-10209 CVE-2016-10349 CVE-2016-10350
CVE-2017-14166 CVE-2017-14501 CVE-2017-14502
CVE-2017-14503
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes 7 vulnerabilities is now available.

Description:

This update for libarchive fixes the following issues:

- CVE-2016-10209: The archive_wstring_append_from_mbs function in
archive_string.c allowed remote attackers to cause a denial of service
(NULL pointer dereference and application crash) via a crafted archive
file. (bsc#1032089)
- CVE-2016-10349: The archive_le32dec function in archive_endian.h allowed
remote attackers to cause a denial of service (heap-based buffer
over-read and application crash) via a crafted file. (bsc#1037008)
- CVE-2016-10350: The archive_read_format_cab_read_header function in
archive_read_support_format_cab.c allowed remote attackers to cause a
denial of service (heap-based buffer over-read and application crash)
via a crafted file. (bsc#1037009)
- CVE-2017-14166: libarchive allowed remote attackers to cause a denial of
service (xml_data heap-based buffer over-read and application crash) via
a crafted xar archive, related to the mishandling of empty strings in
the atol8 function in archive_read_support_format_xar.c. (bsc#1057514)
- CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in
archive_read_support_format_iso9660.c when extracting a specially
crafted iso9660 iso file, related to
archive_read_format_iso9660_read_header. (bsc#1059139)
- CVE-2017-14502: read_header in archive_read_support_format_rar.c
suffered from an off-by-one error for UTF-16 names in RAR archives,
leading to an out-of-bounds read in archive_read_format_rar_read_header.
(bsc#1059134)
- CVE-2017-14503: libarchive suffered from an out-of-bounds read within
lha_read_data_none() in archive_read_support_format_lha.c when
extracting a specially crafted lha archive, related to lha_crc16.
(bsc#1059100)


This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1366=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

bsdtar-3.1.2-20.3.1
bsdtar-debuginfo-3.1.2-20.3.1
libarchive-debugsource-3.1.2-20.3.1
libarchive-devel-3.1.2-20.3.1
libarchive13-3.1.2-20.3.1
libarchive13-debuginfo-3.1.2-20.3.1

- openSUSE Leap 42.3 (x86_64):

libarchive13-32bit-3.1.2-20.3.1
libarchive13-debuginfo-32bit-3.1.2-20.3.1


References:

https://www.suse.com/security/cve/CVE-2016-10209.html
https://www.suse.com/security/cve/CVE-2016-10349.html
https://www.suse.com/security/cve/CVE-2016-10350.html
https://www.suse.com/security/cve/CVE-2017-14166.html
https://www.suse.com/security/cve/CVE-2017-14501.html
https://www.suse.com/security/cve/CVE-2017-14502.html
https://www.suse.com/security/cve/CVE-2017-14503.html
https://bugzilla.suse.com/1032089
https://bugzilla.suse.com/1037008
https://bugzilla.suse.com/1037009
https://bugzilla.suse.com/1057514
https://bugzilla.suse.com/1059100
https://bugzilla.suse.com/1059134
https://bugzilla.suse.com/1059139

--