SUSE 5008 Published by

The following updates has been released for openSUSE:

openSUSE-SU-2019:1444-1: important: Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork
openSUSE-SU-2019:1450-1: important: Security update for systemd
openSUSE-SU-2019:1455-1: Security update for transfig
openSUSE-SU-2019:1456-1: important: Security update for chromium



openSUSE-SU-2019:1444-1: important: Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork

openSUSE Security Update: Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1444-1
Rating: important
References: #1114209 #1114832 #1118897 #1118898 #1118899
#1121397 #1121967 #1123013 #1128376 #1128746
#1134068
Cross-References: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875
CVE-2019-5736 CVE-2019-6486
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that solves 5 vulnerabilities and has 6 fixes is
now available.

Description:

This update for containerd, docker, docker-runc, go, go1.11, go1.12,
golang-github-docker-libnetwork fixes the following issues:

Security issues fixed:

- CVE-2019-5736: containerd: Fixing container breakout vulnerability
(bsc#1121967).
- CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS
vulnerability affecting P-521 and P-384 (bsc#1123013).
- CVE-2018-16873: go secuirty release, fixing cmd/go remote command
execution (bsc#1118897).
- CVE-2018-16874: go security release, fixing cmd/go directory traversal
(bsc#1118898).
- CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of
service (bsc#1118899).

Other changes and bug fixes:

- Update to containerd v1.2.5, which is required for v18.09.5-ce
(bsc#1128376, bsc#1134068).
- Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce
(bsc#1128376, bsc#1134068).
- Update to Docker 18.09.5-ce see upstream changelog in the packaged
(bsc#1128376, bsc#1134068).
- docker-test: Improvements to test packaging (bsc#1128746).
- Move daemon.json file to /etc/docker directory (bsc#1114832).
- Revert golang(API) removal since it turns out this breaks >= requires in
certain cases (bsc#1114209).
- Fix go build failures (bsc#1121397).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1444=1



Package List:

- openSUSE Leap 15.1 (i586 x86_64):

go-1.12-lp151.2.3.1
go-doc-1.12-lp151.2.3.1

- openSUSE Leap 15.1 (x86_64):

containerd-1.2.5-lp151.2.3.1
containerd-ctr-1.2.5-lp151.2.3.1
docker-18.09.6_ce-lp151.2.3.1
docker-debuginfo-18.09.6_ce-lp151.2.3.1
docker-debugsource-18.09.6_ce-lp151.2.3.1
docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1
docker-libnetwork-debuginfo-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1
docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1
docker-runc-debuginfo-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1
docker-test-18.09.6_ce-lp151.2.3.1
docker-test-debuginfo-18.09.6_ce-lp151.2.3.1
go-race-1.12-lp151.2.3.1
go1.11-1.11.9-lp151.2.3.1
go1.11-doc-1.11.9-lp151.2.3.1
go1.11-race-1.11.9-lp151.2.3.1
go1.12-1.12.4-lp151.2.3.1
go1.12-doc-1.12.4-lp151.2.3.1
go1.12-race-1.12.4-lp151.2.3.1
golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1

- openSUSE Leap 15.1 (noarch):

containerd-test-1.2.5-lp151.2.3.1
docker-bash-completion-18.09.6_ce-lp151.2.3.1
docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1
docker-zsh-completion-18.09.6_ce-lp151.2.3.1


References:

https://www.suse.com/security/cve/CVE-2018-16873.html
https://www.suse.com/security/cve/CVE-2018-16874.html
https://www.suse.com/security/cve/CVE-2018-16875.html
https://www.suse.com/security/cve/CVE-2019-5736.html
https://www.suse.com/security/cve/CVE-2019-6486.html
https://bugzilla.suse.com/1114209
https://bugzilla.suse.com/1114832
https://bugzilla.suse.com/1118897
https://bugzilla.suse.com/1118898
https://bugzilla.suse.com/1118899
https://bugzilla.suse.com/1121397
https://bugzilla.suse.com/1121967
https://bugzilla.suse.com/1123013
https://bugzilla.suse.com/1128376
https://bugzilla.suse.com/1128746
https://bugzilla.suse.com/1134068


openSUSE-SU-2019:1450-1: important: Security update for systemd

openSUSE Security Update: Security update for systemd
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1450-1
Rating: important
References: #1080919 #1121563 #1125352 #1126056 #1127557
#1128657 #1130230 #1132348 #1132400 #1132721
#955942
Cross-References: CVE-2018-6954 CVE-2019-3842 CVE-2019-6454

Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves three vulnerabilities and has 8 fixes
is now available.

Description:

This update for systemd fixes the following issues:

Security issues fixed:

- CVE-2018-6954: Fixed a vulnerability in the symlink handling of
systemd-tmpfiles which allowed a local user to obtain ownership of
arbitrary files (bsc#1080919).
- CVE-2019-3842: Fixed a vulnerability in pam_systemd which allowed a
local user to escalate privileges (bsc#1132348).
- CVE-2019-6454: Fixed a denial of service caused by long dbus messages
(bsc#1125352).

Non-security issues fixed:

- systemd-coredump: generate a stack trace of all core dumps (jsc#SLE-5933)
- udevd: notify when max number value of children is reached only once per
batch of events (bsc#1132400)
- sd-bus: bump message queue size again (bsc#1132721)
- core: only watch processes when it's really necessary (bsc#955942
bsc#1128657)
- rules: load drivers only on "add" events (bsc#1126056)
- sysctl: Don't pass null directive argument to '%s' (bsc#1121563)
- Do not automatically online memory on s390x (bsc#1127557)

This update was imported from the SUSE:SLE-12-SP2:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1450=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

libsystemd0-228-71.1
libsystemd0-debuginfo-228-71.1
libsystemd0-mini-228-71.1
libsystemd0-mini-debuginfo-228-71.1
libudev-devel-228-71.1
libudev-mini-devel-228-71.1
libudev-mini1-228-71.1
libudev-mini1-debuginfo-228-71.1
libudev1-228-71.1
libudev1-debuginfo-228-71.1
nss-myhostname-228-71.1
nss-myhostname-debuginfo-228-71.1
nss-mymachines-228-71.1
nss-mymachines-debuginfo-228-71.1
systemd-228-71.1
systemd-debuginfo-228-71.1
systemd-debugsource-228-71.1
systemd-devel-228-71.1
systemd-logger-228-71.1
systemd-mini-228-71.1
systemd-mini-debuginfo-228-71.1
systemd-mini-debugsource-228-71.1
systemd-mini-devel-228-71.1
systemd-mini-sysvinit-228-71.1
systemd-sysvinit-228-71.1
udev-228-71.1
udev-debuginfo-228-71.1
udev-mini-228-71.1
udev-mini-debuginfo-228-71.1

- openSUSE Leap 42.3 (noarch):

systemd-bash-completion-228-71.1
systemd-mini-bash-completion-228-71.1

- openSUSE Leap 42.3 (x86_64):

libsystemd0-32bit-228-71.1
libsystemd0-debuginfo-32bit-228-71.1
libudev1-32bit-228-71.1
libudev1-debuginfo-32bit-228-71.1
nss-myhostname-32bit-228-71.1
nss-myhostname-debuginfo-32bit-228-71.1
systemd-32bit-228-71.1
systemd-debuginfo-32bit-228-71.1


References:

https://www.suse.com/security/cve/CVE-2018-6954.html
https://www.suse.com/security/cve/CVE-2019-3842.html
https://www.suse.com/security/cve/CVE-2019-6454.html
https://bugzilla.suse.com/1080919
https://bugzilla.suse.com/1121563
https://bugzilla.suse.com/1125352
https://bugzilla.suse.com/1126056
https://bugzilla.suse.com/1127557
https://bugzilla.suse.com/1128657
https://bugzilla.suse.com/1130230
https://bugzilla.suse.com/1132348
https://bugzilla.suse.com/1132400
https://bugzilla.suse.com/1132721
https://bugzilla.suse.com/955942

--


openSUSE-SU-2019:1455-1: Security update for transfig

openSUSE Security Update: Security update for transfig
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1455-1
Rating: low
References: #1106531
Cross-References: CVE-2018-16140
Affected Products:
openSUSE Leap 15.1
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for transfig fixes the following issues:

Security issue fixed:

- CVE-2018-16140: Fixed a buffer underwrite vulnerability in get_line() in
read.c, which allowed an attacker to write prior to the beginning of the
buffer via specially crafted .fig file (bsc#1106531)

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1455=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1455=1



Package List:

- openSUSE Leap 15.1 (x86_64):

transfig-3.2.6a-lp151.4.3.1
transfig-debuginfo-3.2.6a-lp151.4.3.1
transfig-debugsource-3.2.6a-lp151.4.3.1

- openSUSE Leap 15.0 (x86_64):

transfig-3.2.6a-lp150.3.3.2
transfig-debuginfo-3.2.6a-lp150.3.3.2
transfig-debugsource-3.2.6a-lp150.3.3.2


References:

https://www.suse.com/security/cve/CVE-2018-16140.html
https://bugzilla.suse.com/1106531

--


openSUSE-SU-2019:1456-1: important: Security update for chromium

openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1456-1
Rating: important
References: #1134218
Cross-References: CVE-2019-5824 CVE-2019-5827
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.1
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

Chromium was updated to 74.0.3729.157:

- Various security fixes from internal audits, fuzzing and other
initiatives

Includes security fixes from 74.0.3729.131 (boo#1134218):

- CVE-2019-5827: Out-of-bounds access in SQLite
- CVE-2019-5824: Parameter passing error in media player


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1456=1

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1456=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1456=1



Package List:

- openSUSE Leap 42.3 (x86_64):

chromedriver-74.0.3729.157-211.1
chromedriver-debuginfo-74.0.3729.157-211.1
chromium-74.0.3729.157-211.1
chromium-debuginfo-74.0.3729.157-211.1
chromium-debugsource-74.0.3729.157-211.1

- openSUSE Leap 15.1 (x86_64):

chromedriver-74.0.3729.157-lp151.2.3.1
chromedriver-debuginfo-74.0.3729.157-lp151.2.3.1
chromium-74.0.3729.157-lp151.2.3.1
chromium-debuginfo-74.0.3729.157-lp151.2.3.1
chromium-debugsource-74.0.3729.157-lp151.2.3.1

- openSUSE Leap 15.0 (x86_64):

chromedriver-74.0.3729.157-lp150.212.1
chromedriver-debuginfo-74.0.3729.157-lp150.212.1
chromium-74.0.3729.157-lp150.212.1
chromium-debuginfo-74.0.3729.157-lp150.212.1
chromium-debugsource-74.0.3729.157-lp150.212.1


References:

https://www.suse.com/security/cve/CVE-2019-5824.html
https://www.suse.com/security/cve/CVE-2019-5827.html
https://bugzilla.suse.com/1134218

--