SUSE 5008 Published by

The following updates has been released for openSUSE:

openSUSE-SU-2018:3796-1: moderate: Security update for LibreOffice and dependency libraries
openSUSE-SU-2018:3797-1: moderate: Security update for ImageMagick
openSUSE-SU-2018:3798-1: moderate: Security update for apache-pdfbox
openSUSE-SU-2018:3800-1: moderate: Security update for xorg-x11-server
openSUSE-SU-2018:3801-1: moderate: Security update for openssh
openSUSE-SU-2018:3802-1: Security update for libxkbcommon
openSUSE-SU-2018:3803-1: important: Security update for systemd
openSUSE-SU-2018:3804-1: moderate: Security update for amanda



openSUSE-SU-2018:3796-1: moderate: Security update for LibreOffice and dependency libraries

openSUSE Security Update: Security update for LibreOffice and dependency libraries
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3796-1
Rating: moderate
References: #1050305 #1088263 #1091606 #1094779 #1095601
#1095639 #1096360 #1098891 #1104876
Cross-References: CVE-2018-10583
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves one vulnerability and has 8 fixes is
now available.

Description:

This update for LibreOffice, libepubgen, liblangtag, libmwaw,
libnumbertext, libstaroffice, libwps, myspell-dictionaries, xmlsec1 fixes
the following issues:

LibreOffice was updated to 6.1.3.2 (fate#326624) and contains new features
and lots of bugfixes:

The full changelog can be found on:

https://wiki.documentfoundation.org/ReleaseNotes/6.1

Bugfixes:

- bsc#1095639 Exporting to PPTX results in vertical labels being shown
horizontally
- bsc#1098891 Table in PPTX misplaced and partly blue
- bsc#1088263 Labels in chart change (from white and other colors) to
black when saving as PPTX
- bsc#1095601 Exporting to PPTX shifts arrow shapes quite a bit

- Add more translations:
* Belarusian
* Bodo
* Dogri
* Frisian
* Gaelic
* Paraguayan_Guaran
* Upper_Sorbian
* Konkani
* Kashmiri
* Luxembourgish
* Monglolian
* Manipuri
* Burnese
* Occitan
* Kinyarwanda
* Santali
* Sanskrit
* Sindhi
* Sidamo
* Tatar
* Uzbek
* Upper Sorbian
* Venetian
* Amharic
* Asturian
* Tibetian
* Bosnian
* English GB
* English ZA
* Indonesian
* Icelandic
* Georgian
* Khmer
* Lao
* Macedonian
* Nepali
* Oromo
* Albanian
* Tajik
* Uyghur
* Vietnamese
* Kurdish

- Try to build all languages see bsc#1096360
- Make sure to install the KDE5/Qt5 UI/filepicker
- Try to implement safeguarding to avoid bsc#1050305
- Disable base-drivers-mysql as it needs mysqlcppcon that is only for
mysql and not mariadb, causes issues bsc#1094779
* Users can still connect using jdbc/odbc
- Fix java detection on machines with too many cpus

- CVE-2018-10583: An information disclosure vulnerability occured when
LibreOffice automatically processed and initiated an SMB connection
embedded in a malicious file, as demonstrated by
xlink:href=file://192.168.0.2/test.jpg within an office:document-content
element in a .odt XML document. (bsc#1091606)

libepubgen was updated to 0.1.1:

- Avoid inside or .
- Avoid writin vertical-align attribute without a value.
- Fix generation of invalid XHTML when there is a link starting at the
beginning of a footnote.
- Handle relative width for images.
- Fixed layout: write chapter names to improve navigation.
- Support writing mode.
- Start a new HTML file at every page span in addition to the splits
induced by the chosen split method. This is to ensure that specified
writing mode works correctly, as it is HTML attribute.

liblangtag was updated to 0.6.2:

- use standard function
- fix leak in test

libmwaw was updated to 0.3.14:

- Support MS Multiplan 1.1 files

libnumbertext was update to 1.0.5:

- Various fixes in numerical calculations and issues reported on
libreoffice tracker

libstaroffice was updated to 0.0.6:

- retrieve some StarMath's formula,
- retrieve some charts as graphic,
- retrieve some fields in sda/sdc/sdp text-boxes,
- .sdw: retrieve more attachments.

libwps was updated to 0.4.9:

- QuattroPro: add parser to .wb3 files
- Multiplan: add parser to DOS v1-v3 files
- charts: try to retrieve charts in .wk*, .wq* files
- QuattroPro: add parser to .wb[12] files

myspell-dictionaries was updated to 20181025:

- Turkish dictionary added
- Updated French dictionary

xmlsec1 was updated to 1.2.26:

- Added xmlsec-mscng module based on Microsoft Cryptography API: Next
Generation
- Added support for GOST 2012 and fixed CryptoPro CSP provider for GOST R
34.10-2001 in xmlsec-mscrypto


This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1417=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

libxmlsec1-1-1.2.26-lp150.2.3.1
libxmlsec1-1-debuginfo-1.2.26-lp150.2.3.1
libxmlsec1-gcrypt1-1.2.26-lp150.2.3.1
libxmlsec1-gcrypt1-debuginfo-1.2.26-lp150.2.3.1
libxmlsec1-gnutls1-1.2.26-lp150.2.3.1
libxmlsec1-gnutls1-debuginfo-1.2.26-lp150.2.3.1
libxmlsec1-nss1-1.2.26-lp150.2.3.1
libxmlsec1-nss1-debuginfo-1.2.26-lp150.2.3.1
libxmlsec1-openssl1-1.2.26-lp150.2.3.1
libxmlsec1-openssl1-debuginfo-1.2.26-lp150.2.3.1
myspell-dictionaries-20181025-lp150.2.6.1
myspell-lightproof-en-20181025-lp150.2.6.1
myspell-lightproof-hu_HU-20181025-lp150.2.6.1
myspell-lightproof-pt_BR-20181025-lp150.2.6.1
myspell-lightproof-ru_RU-20181025-lp150.2.6.1
xmlsec1-1.2.26-lp150.2.3.1
xmlsec1-debuginfo-1.2.26-lp150.2.3.1
xmlsec1-debugsource-1.2.26-lp150.2.3.1
xmlsec1-devel-1.2.26-lp150.2.3.1
xmlsec1-gcrypt-devel-1.2.26-lp150.2.3.1
xmlsec1-gnutls-devel-1.2.26-lp150.2.3.1
xmlsec1-nss-devel-1.2.26-lp150.2.3.1
xmlsec1-openssl-devel-1.2.26-lp150.2.3.1

- openSUSE Leap 15.0 (noarch):

libepubgen-devel-doc-0.1.1-lp150.2.3.1
liblangtag-doc-0.6.2-lp150.2.3.1
libmwaw-devel-doc-0.3.14-lp150.2.3.1
libreoffice-branding-upstream-6.1.3.2-lp150.2.6.2
libreoffice-gdb-pretty-printers-6.1.3.2-lp150.2.6.2
libreoffice-glade-6.1.3.2-lp150.2.6.2
libreoffice-icon-themes-6.1.3.2-lp150.2.6.2
libreoffice-l10n-af-6.1.3.2-lp150.2.6.2
libreoffice-l10n-am-6.1.3.2-lp150.2.6.2
libreoffice-l10n-ar-6.1.3.2-lp150.2.6.2
libreoffice-l10n-as-6.1.3.2-lp150.2.6.2
libreoffice-l10n-ast-6.1.3.2-lp150.2.6.2
libreoffice-l10n-be-6.1.3.2-lp150.2.6.2
libreoffice-l10n-bg-6.1.3.2-lp150.2.6.2
libreoffice-l10n-bn-6.1.3.2-lp150.2.6.2
libreoffice-l10n-bn_IN-6.1.3.2-lp150.2.6.2
libreoffice-l10n-bo-6.1.3.2-lp150.2.6.2
libreoffice-l10n-br-6.1.3.2-lp150.2.6.2
libreoffice-l10n-brx-6.1.3.2-lp150.2.6.2
libreoffice-l10n-bs-6.1.3.2-lp150.2.6.2
libreoffice-l10n-ca-6.1.3.2-lp150.2.6.2
libreoffice-l10n-ca_valencia-6.1.3.2-lp150.2.6.2
libreoffice-l10n-cs-6.1.3.2-lp150.2.6.2
libreoffice-l10n-cy-6.1.3.2-lp150.2.6.2
libreoffice-l10n-da-6.1.3.2-lp150.2.6.2
libreoffice-l10n-de-6.1.3.2-lp150.2.6.2
libreoffice-l10n-dgo-6.1.3.2-lp150.2.6.2
libreoffice-l10n-dz-6.1.3.2-lp150.2.6.2
libreoffice-l10n-el-6.1.3.2-lp150.2.6.2
libreoffice-l10n-en-6.1.3.2-lp150.2.6.2
libreoffice-l10n-en_GB-6.1.3.2-lp150.2.6.2
libreoffice-l10n-en_ZA-6.1.3.2-lp150.2.6.2
libreoffice-l10n-eo-6.1.3.2-lp150.2.6.2
libreoffice-l10n-es-6.1.3.2-lp150.2.6.2
libreoffice-l10n-et-6.1.3.2-lp150.2.6.2
libreoffice-l10n-eu-6.1.3.2-lp150.2.6.2
libreoffice-l10n-fa-6.1.3.2-lp150.2.6.2
libreoffice-l10n-fi-6.1.3.2-lp150.2.6.2
libreoffice-l10n-fr-6.1.3.2-lp150.2.6.2
libreoffice-l10n-fy-6.1.3.2-lp150.2.6.2
libreoffice-l10n-ga-6.1.3.2-lp150.2.6.2
libreoffice-l10n-gd-6.1.3.2-lp150.2.6.2
libreoffice-l10n-gl-6.1.3.2-lp150.2.6.2
libreoffice-l10n-gu-6.1.3.2-lp150.2.6.2
libreoffice-l10n-gug-6.1.3.2-lp150.2.6.2
libreoffice-l10n-he-6.1.3.2-lp150.2.6.2
libreoffice-l10n-hi-6.1.3.2-lp150.2.6.2
libreoffice-l10n-hr-6.1.3.2-lp150.2.6.2
libreoffice-l10n-hsb-6.1.3.2-lp150.2.6.2
libreoffice-l10n-hu-6.1.3.2-lp150.2.6.2
libreoffice-l10n-id-6.1.3.2-lp150.2.6.2
libreoffice-l10n-is-6.1.3.2-lp150.2.6.2
libreoffice-l10n-it-6.1.3.2-lp150.2.6.2
libreoffice-l10n-ja-6.1.3.2-lp150.2.6.2
libreoffice-l10n-ka-6.1.3.2-lp150.2.6.2
libreoffice-l10n-kab-6.1.3.2-lp150.2.6.2
libreoffice-l10n-kk-6.1.3.2-lp150.2.6.2
libreoffice-l10n-km-6.1.3.2-lp150.2.6.2
libreoffice-l10n-kmr_Latn-6.1.3.2-lp150.2.6.2
libreoffice-l10n-kn-6.1.3.2-lp150.2.6.2
libreoffice-l10n-ko-6.1.3.2-lp150.2.6.2
libreoffice-l10n-kok-6.1.3.2-lp150.2.6.2
libreoffice-l10n-ks-6.1.3.2-lp150.2.6.2
libreoffice-l10n-lb-6.1.3.2-lp150.2.6.2
libreoffice-l10n-lo-6.1.3.2-lp150.2.6.2
libreoffice-l10n-lt-6.1.3.2-lp150.2.6.2
libreoffice-l10n-lv-6.1.3.2-lp150.2.6.2
libreoffice-l10n-mai-6.1.3.2-lp150.2.6.2
libreoffice-l10n-mk-6.1.3.2-lp150.2.6.2
libreoffice-l10n-ml-6.1.3.2-lp150.2.6.2
libreoffice-l10n-mn-6.1.3.2-lp150.2.6.2
libreoffice-l10n-mni-6.1.3.2-lp150.2.6.2
libreoffice-l10n-mr-6.1.3.2-lp150.2.6.2
libreoffice-l10n-my-6.1.3.2-lp150.2.6.2
libreoffice-l10n-nb-6.1.3.2-lp150.2.6.2
libreoffice-l10n-ne-6.1.3.2-lp150.2.6.2
libreoffice-l10n-nl-6.1.3.2-lp150.2.6.2
libreoffice-l10n-nn-6.1.3.2-lp150.2.6.2
libreoffice-l10n-nr-6.1.3.2-lp150.2.6.2
libreoffice-l10n-nso-6.1.3.2-lp150.2.6.2
libreoffice-l10n-oc-6.1.3.2-lp150.2.6.2
libreoffice-l10n-om-6.1.3.2-lp150.2.6.2
libreoffice-l10n-or-6.1.3.2-lp150.2.6.2
libreoffice-l10n-pa-6.1.3.2-lp150.2.6.2
libreoffice-l10n-pl-6.1.3.2-lp150.2.6.2
libreoffice-l10n-pt_BR-6.1.3.2-lp150.2.6.2
libreoffice-l10n-pt_PT-6.1.3.2-lp150.2.6.2
libreoffice-l10n-ro-6.1.3.2-lp150.2.6.2
libreoffice-l10n-ru-6.1.3.2-lp150.2.6.2
libreoffice-l10n-rw-6.1.3.2-lp150.2.6.2
libreoffice-l10n-sa_IN-6.1.3.2-lp150.2.6.2
libreoffice-l10n-sat-6.1.3.2-lp150.2.6.2
libreoffice-l10n-sd-6.1.3.2-lp150.2.6.2
libreoffice-l10n-si-6.1.3.2-lp150.2.6.2
libreoffice-l10n-sid-6.1.3.2-lp150.2.6.2
libreoffice-l10n-sk-6.1.3.2-lp150.2.6.2
libreoffice-l10n-sl-6.1.3.2-lp150.2.6.2
libreoffice-l10n-sq-6.1.3.2-lp150.2.6.2
libreoffice-l10n-sr-6.1.3.2-lp150.2.6.2
libreoffice-l10n-ss-6.1.3.2-lp150.2.6.2
libreoffice-l10n-st-6.1.3.2-lp150.2.6.2
libreoffice-l10n-sv-6.1.3.2-lp150.2.6.2
libreoffice-l10n-sw_TZ-6.1.3.2-lp150.2.6.2
libreoffice-l10n-ta-6.1.3.2-lp150.2.6.2
libreoffice-l10n-te-6.1.3.2-lp150.2.6.2
libreoffice-l10n-tg-6.1.3.2-lp150.2.6.2
libreoffice-l10n-th-6.1.3.2-lp150.2.6.2
libreoffice-l10n-tn-6.1.3.2-lp150.2.6.2
libreoffice-l10n-tr-6.1.3.2-lp150.2.6.2
libreoffice-l10n-ts-6.1.3.2-lp150.2.6.2
libreoffice-l10n-tt-6.1.3.2-lp150.2.6.2
libreoffice-l10n-ug-6.1.3.2-lp150.2.6.2
libreoffice-l10n-uk-6.1.3.2-lp150.2.6.2
libreoffice-l10n-uz-6.1.3.2-lp150.2.6.2
libreoffice-l10n-ve-6.1.3.2-lp150.2.6.2
libreoffice-l10n-vec-6.1.3.2-lp150.2.6.2
libreoffice-l10n-vi-6.1.3.2-lp150.2.6.2
libreoffice-l10n-xh-6.1.3.2-lp150.2.6.2
libreoffice-l10n-zh_CN-6.1.3.2-lp150.2.6.2
libreoffice-l10n-zh_TW-6.1.3.2-lp150.2.6.2
libreoffice-l10n-zu-6.1.3.2-lp150.2.6.2
libstaroffice-devel-doc-0.0.6-lp150.2.3.1
myspell-af_NA-20181025-lp150.2.6.1
myspell-af_ZA-20181025-lp150.2.6.1
myspell-an-20181025-lp150.2.6.1
myspell-an_ES-20181025-lp150.2.6.1
myspell-ar-20181025-lp150.2.6.1
myspell-ar_AE-20181025-lp150.2.6.1
myspell-ar_BH-20181025-lp150.2.6.1
myspell-ar_DZ-20181025-lp150.2.6.1
myspell-ar_EG-20181025-lp150.2.6.1
myspell-ar_IQ-20181025-lp150.2.6.1
myspell-ar_JO-20181025-lp150.2.6.1
myspell-ar_KW-20181025-lp150.2.6.1
myspell-ar_LB-20181025-lp150.2.6.1
myspell-ar_LY-20181025-lp150.2.6.1
myspell-ar_MA-20181025-lp150.2.6.1
myspell-ar_OM-20181025-lp150.2.6.1
myspell-ar_QA-20181025-lp150.2.6.1
myspell-ar_SA-20181025-lp150.2.6.1
myspell-ar_SD-20181025-lp150.2.6.1
myspell-ar_SY-20181025-lp150.2.6.1
myspell-ar_TN-20181025-lp150.2.6.1
myspell-ar_YE-20181025-lp150.2.6.1
myspell-be_BY-20181025-lp150.2.6.1
myspell-bg_BG-20181025-lp150.2.6.1
myspell-bn_BD-20181025-lp150.2.6.1
myspell-bn_IN-20181025-lp150.2.6.1
myspell-bo-20181025-lp150.2.6.1
myspell-bo_CN-20181025-lp150.2.6.1
myspell-bo_IN-20181025-lp150.2.6.1
myspell-br_FR-20181025-lp150.2.6.1
myspell-bs-20181025-lp150.2.6.1
myspell-bs_BA-20181025-lp150.2.6.1
myspell-ca-20181025-lp150.2.6.1
myspell-ca_AD-20181025-lp150.2.6.1
myspell-ca_ES-20181025-lp150.2.6.1
myspell-ca_ES_valencia-20181025-lp150.2.6.1
myspell-ca_FR-20181025-lp150.2.6.1
myspell-ca_IT-20181025-lp150.2.6.1
myspell-cs_CZ-20181025-lp150.2.6.1
myspell-da_DK-20181025-lp150.2.6.1
myspell-de-20181025-lp150.2.6.1
myspell-de_AT-20181025-lp150.2.6.1
myspell-de_CH-20181025-lp150.2.6.1
myspell-de_DE-20181025-lp150.2.6.1
myspell-el_GR-20181025-lp150.2.6.1
myspell-en-20181025-lp150.2.6.1
myspell-en_AU-20181025-lp150.2.6.1
myspell-en_BS-20181025-lp150.2.6.1
myspell-en_BZ-20181025-lp150.2.6.1
myspell-en_CA-20181025-lp150.2.6.1
myspell-en_GB-20181025-lp150.2.6.1
myspell-en_GH-20181025-lp150.2.6.1
myspell-en_IE-20181025-lp150.2.6.1
myspell-en_IN-20181025-lp150.2.6.1
myspell-en_JM-20181025-lp150.2.6.1
myspell-en_MW-20181025-lp150.2.6.1
myspell-en_NA-20181025-lp150.2.6.1
myspell-en_NZ-20181025-lp150.2.6.1
myspell-en_PH-20181025-lp150.2.6.1
myspell-en_TT-20181025-lp150.2.6.1
myspell-en_US-20181025-lp150.2.6.1
myspell-en_ZA-20181025-lp150.2.6.1
myspell-en_ZW-20181025-lp150.2.6.1
myspell-es-20181025-lp150.2.6.1
myspell-es_AR-20181025-lp150.2.6.1
myspell-es_BO-20181025-lp150.2.6.1
myspell-es_CL-20181025-lp150.2.6.1
myspell-es_CO-20181025-lp150.2.6.1
myspell-es_CR-20181025-lp150.2.6.1
myspell-es_CU-20181025-lp150.2.6.1
myspell-es_DO-20181025-lp150.2.6.1
myspell-es_EC-20181025-lp150.2.6.1
myspell-es_ES-20181025-lp150.2.6.1
myspell-es_GT-20181025-lp150.2.6.1
myspell-es_HN-20181025-lp150.2.6.1
myspell-es_MX-20181025-lp150.2.6.1
myspell-es_NI-20181025-lp150.2.6.1
myspell-es_PA-20181025-lp150.2.6.1
myspell-es_PE-20181025-lp150.2.6.1
myspell-es_PR-20181025-lp150.2.6.1
myspell-es_PY-20181025-lp150.2.6.1
myspell-es_SV-20181025-lp150.2.6.1
myspell-es_UY-20181025-lp150.2.6.1
myspell-es_VE-20181025-lp150.2.6.1
myspell-et_EE-20181025-lp150.2.6.1
myspell-fr_BE-20181025-lp150.2.6.1
myspell-fr_CA-20181025-lp150.2.6.1
myspell-fr_CH-20181025-lp150.2.6.1
myspell-fr_FR-20181025-lp150.2.6.1
myspell-fr_LU-20181025-lp150.2.6.1
myspell-fr_MC-20181025-lp150.2.6.1
myspell-gd_GB-20181025-lp150.2.6.1
myspell-gl-20181025-lp150.2.6.1
myspell-gl_ES-20181025-lp150.2.6.1
myspell-gu_IN-20181025-lp150.2.6.1
myspell-gug-20181025-lp150.2.6.1
myspell-gug_PY-20181025-lp150.2.6.1
myspell-he_IL-20181025-lp150.2.6.1
myspell-hi_IN-20181025-lp150.2.6.1
myspell-hr_HR-20181025-lp150.2.6.1
myspell-hu_HU-20181025-lp150.2.6.1
myspell-id-20181025-lp150.2.6.1
myspell-id_ID-20181025-lp150.2.6.1
myspell-is-20181025-lp150.2.6.1
myspell-is_IS-20181025-lp150.2.6.1
myspell-it_IT-20181025-lp150.2.6.1
myspell-kmr_Latn-20181025-lp150.2.6.1
myspell-kmr_Latn_SY-20181025-lp150.2.6.1
myspell-kmr_Latn_TR-20181025-lp150.2.6.1
myspell-lo_LA-20181025-lp150.2.6.1
myspell-lt_LT-20181025-lp150.2.6.1
myspell-lv_LV-20181025-lp150.2.6.1
myspell-nb_NO-20181025-lp150.2.6.1
myspell-ne_NP-20181025-lp150.2.6.1
myspell-nl_BE-20181025-lp150.2.6.1
myspell-nl_NL-20181025-lp150.2.6.1
myspell-nn_NO-20181025-lp150.2.6.1
myspell-no-20181025-lp150.2.6.1
myspell-oc_FR-20181025-lp150.2.6.1
myspell-pl_PL-20181025-lp150.2.6.1
myspell-pt_AO-20181025-lp150.2.6.1
myspell-pt_BR-20181025-lp150.2.6.1
myspell-pt_PT-20181025-lp150.2.6.1
myspell-ro-20181025-lp150.2.6.1
myspell-ro_RO-20181025-lp150.2.6.1
myspell-ru_RU-20181025-lp150.2.6.1
myspell-si_LK-20181025-lp150.2.6.1
myspell-sk_SK-20181025-lp150.2.6.1
myspell-sl_SI-20181025-lp150.2.6.1
myspell-sq_AL-20181025-lp150.2.6.1
myspell-sr-20181025-lp150.2.6.1
myspell-sr_CS-20181025-lp150.2.6.1
myspell-sr_Latn_CS-20181025-lp150.2.6.1
myspell-sr_Latn_RS-20181025-lp150.2.6.1
myspell-sr_RS-20181025-lp150.2.6.1
myspell-sv_FI-20181025-lp150.2.6.1
myspell-sv_SE-20181025-lp150.2.6.1
myspell-sw_TZ-20181025-lp150.2.6.1
myspell-te-20181025-lp150.2.6.1
myspell-te_IN-20181025-lp150.2.6.1
myspell-th_TH-20181025-lp150.2.6.1
myspell-tr-20181025-lp150.2.6.1
myspell-tr_TR-20181025-lp150.2.6.1
myspell-uk_UA-20181025-lp150.2.6.1
myspell-vi-20181025-lp150.2.6.1
myspell-vi_VN-20181025-lp150.2.6.1
myspell-zu_ZA-20181025-lp150.2.6.1

- openSUSE Leap 15.0 (x86_64):

libepubgen-0_1-1-0.1.1-lp150.2.3.1
libepubgen-0_1-1-debuginfo-0.1.1-lp150.2.3.1
libepubgen-debugsource-0.1.1-lp150.2.3.1
libepubgen-devel-0.1.1-lp150.2.3.1
liblangtag-debugsource-0.6.2-lp150.2.3.1
liblangtag-devel-0.6.2-lp150.2.3.1
liblangtag1-0.6.2-lp150.2.3.1
liblangtag1-debuginfo-0.6.2-lp150.2.3.1
libmwaw-0_3-3-0.3.14-lp150.2.3.1
libmwaw-0_3-3-debuginfo-0.3.14-lp150.2.3.1
libmwaw-debuginfo-0.3.14-lp150.2.3.1
libmwaw-debugsource-0.3.14-lp150.2.3.1
libmwaw-devel-0.3.14-lp150.2.3.1
libmwaw-tools-0.3.14-lp150.2.3.1
libmwaw-tools-debuginfo-0.3.14-lp150.2.3.1
libnumbertext-1_0-0-1.0.5-lp150.2.1
libnumbertext-1_0-0-debuginfo-1.0.5-lp150.2.1
libnumbertext-data-1.0.5-lp150.2.1
libnumbertext-debuginfo-1.0.5-lp150.2.1
libnumbertext-debugsource-1.0.5-lp150.2.1
libnumbertext-devel-1.0.5-lp150.2.1
libnumbertext-tools-1.0.5-lp150.2.1
libnumbertext-tools-debuginfo-1.0.5-lp150.2.1
libreoffice-6.1.3.2-lp150.2.6.2
libreoffice-base-6.1.3.2-lp150.2.6.2
libreoffice-base-debuginfo-6.1.3.2-lp150.2.6.2
libreoffice-base-drivers-firebird-6.1.3.2-lp150.2.6.2
libreoffice-base-drivers-firebird-debuginfo-6.1.3.2-lp150.2.6.2
libreoffice-base-drivers-postgresql-6.1.3.2-lp150.2.6.2
libreoffice-base-drivers-postgresql-debuginfo-6.1.3.2-lp150.2.6.2
libreoffice-calc-6.1.3.2-lp150.2.6.2
libreoffice-calc-debuginfo-6.1.3.2-lp150.2.6.2
libreoffice-calc-extensions-6.1.3.2-lp150.2.6.2
libreoffice-debuginfo-6.1.3.2-lp150.2.6.2
libreoffice-debugsource-6.1.3.2-lp150.2.6.2
libreoffice-draw-6.1.3.2-lp150.2.6.2
libreoffice-draw-debuginfo-6.1.3.2-lp150.2.6.2
libreoffice-filters-optional-6.1.3.2-lp150.2.6.2
libreoffice-gnome-6.1.3.2-lp150.2.6.2
libreoffice-gnome-debuginfo-6.1.3.2-lp150.2.6.2
libreoffice-gtk2-6.1.3.2-lp150.2.6.2
libreoffice-gtk2-debuginfo-6.1.3.2-lp150.2.6.2
libreoffice-gtk3-6.1.3.2-lp150.2.6.2
libreoffice-gtk3-debuginfo-6.1.3.2-lp150.2.6.2
libreoffice-impress-6.1.3.2-lp150.2.6.2
libreoffice-impress-debuginfo-6.1.3.2-lp150.2.6.2
libreoffice-mailmerge-6.1.3.2-lp150.2.6.2
libreoffice-math-6.1.3.2-lp150.2.6.2
libreoffice-math-debuginfo-6.1.3.2-lp150.2.6.2
libreoffice-officebean-6.1.3.2-lp150.2.6.2
libreoffice-officebean-debuginfo-6.1.3.2-lp150.2.6.2
libreoffice-pyuno-6.1.3.2-lp150.2.6.2
libreoffice-pyuno-debuginfo-6.1.3.2-lp150.2.6.2
libreoffice-qt5-6.1.3.2-lp150.2.6.2
libreoffice-qt5-debuginfo-6.1.3.2-lp150.2.6.2
libreoffice-sdk-6.1.3.2-lp150.2.6.2
libreoffice-sdk-debuginfo-6.1.3.2-lp150.2.6.2
libreoffice-sdk-doc-6.1.3.2-lp150.2.6.2
libreoffice-writer-6.1.3.2-lp150.2.6.2
libreoffice-writer-debuginfo-6.1.3.2-lp150.2.6.2
libreoffice-writer-extensions-6.1.3.2-lp150.2.6.2
libreofficekit-6.1.3.2-lp150.2.6.2
libreofficekit-devel-6.1.3.2-lp150.2.6.2
libstaroffice-0_0-0-0.0.6-lp150.2.3.1
libstaroffice-0_0-0-debuginfo-0.0.6-lp150.2.3.1
libstaroffice-debuginfo-0.0.6-lp150.2.3.1
libstaroffice-debugsource-0.0.6-lp150.2.3.1
libstaroffice-devel-0.0.6-lp150.2.3.1
libstaroffice-tools-0.0.6-lp150.2.3.1
libstaroffice-tools-debuginfo-0.0.6-lp150.2.3.1
libwps-0_4-4-0.4.9-lp150.2.3.1
libwps-0_4-4-debuginfo-0.4.9-lp150.2.3.1
libwps-debuginfo-0.4.9-lp150.2.3.1
libwps-debugsource-0.4.9-lp150.2.3.1
libwps-devel-0.4.9-lp150.2.3.1
libwps-tools-0.4.9-lp150.2.3.1
libwps-tools-debuginfo-0.4.9-lp150.2.3.1


References:

https://www.suse.com/security/cve/CVE-2018-10583.html
https://bugzilla.suse.com/1050305
https://bugzilla.suse.com/1088263
https://bugzilla.suse.com/1091606
https://bugzilla.suse.com/1094779
https://bugzilla.suse.com/1095601
https://bugzilla.suse.com/1095639
https://bugzilla.suse.com/1096360
https://bugzilla.suse.com/1098891
https://bugzilla.suse.com/1104876

--


openSUSE-SU-2018:3797-1: moderate: Security update for ImageMagick

openSUSE Security Update: Security update for ImageMagick
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3797-1
Rating: moderate
References: #1106254 #1110746 #1111069 #1111072
Cross-References: CVE-2018-17966 CVE-2018-18016 CVE-2018-18024

Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves three vulnerabilities and has one
errata is now available.

Description:

This update for ImageMagick fixes the following issues:

Security issues fixed:

- CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function.
Remote attackers could leverage this vulnerability to cause a denial
of service via a crafted bmp file. (bsc#1111069)
- CVE-2018-18016: Fixed a memory leak in WritePCXImage (bsc#1111072).
- CVE-2018-17966: Fixed a memory leak in WritePDBImage (bsc#1110746).

Non security issues fixed:

- Fixed -morphology EdgeIn output (bsc#1106254)

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1424=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

ImageMagick-7.0.7.34-lp150.2.21.1
ImageMagick-debuginfo-7.0.7.34-lp150.2.21.1
ImageMagick-debugsource-7.0.7.34-lp150.2.21.1
ImageMagick-devel-7.0.7.34-lp150.2.21.1
ImageMagick-extra-7.0.7.34-lp150.2.21.1
ImageMagick-extra-debuginfo-7.0.7.34-lp150.2.21.1
libMagick++-7_Q16HDRI4-7.0.7.34-lp150.2.21.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-lp150.2.21.1
libMagick++-devel-7.0.7.34-lp150.2.21.1
libMagickCore-7_Q16HDRI6-7.0.7.34-lp150.2.21.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-lp150.2.21.1
libMagickWand-7_Q16HDRI6-7.0.7.34-lp150.2.21.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-lp150.2.21.1
perl-PerlMagick-7.0.7.34-lp150.2.21.1
perl-PerlMagick-debuginfo-7.0.7.34-lp150.2.21.1

- openSUSE Leap 15.0 (x86_64):

ImageMagick-devel-32bit-7.0.7.34-lp150.2.21.1
libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp150.2.21.1
libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-lp150.2.21.1
libMagick++-devel-32bit-7.0.7.34-lp150.2.21.1
libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.21.1
libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-lp150.2.21.1
libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.21.1
libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-lp150.2.21.1

- openSUSE Leap 15.0 (noarch):

ImageMagick-doc-7.0.7.34-lp150.2.21.1


References:

https://www.suse.com/security/cve/CVE-2018-17966.html
https://www.suse.com/security/cve/CVE-2018-18016.html
https://www.suse.com/security/cve/CVE-2018-18024.html
https://bugzilla.suse.com/1106254
https://bugzilla.suse.com/1110746
https://bugzilla.suse.com/1111069
https://bugzilla.suse.com/1111072

--


openSUSE-SU-2018:3798-1: moderate: Security update for apache-pdfbox

openSUSE Security Update: Security update for apache-pdfbox
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3798-1
Rating: moderate
References: #1111009
Cross-References: CVE-2018-11797
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:


This update for apache-pdfbox fixes the following security issue:

- CVE-2018-11797: A carefully crafted PDF file can trigger an extremely
long running computation when parsing the page tree. (bsc#1111009):

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1422=1



Package List:

- openSUSE Leap 15.0 (noarch):

apache-pdfbox-1.8.12-lp150.4.6.1
apache-pdfbox-javadoc-1.8.12-lp150.4.6.1


References:

https://www.suse.com/security/cve/CVE-2018-11797.html
https://bugzilla.suse.com/1111009

--


openSUSE-SU-2018:3800-1: moderate: Security update for xorg-x11-server

openSUSE Security Update: Security update for xorg-x11-server
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3800-1
Rating: moderate
References: #1112020
Cross-References: CVE-2018-14665
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for xorg-x11-server fixes the following issues:

- CVE-2018-14665: Disable -logfile and -modulepath when running with
elevated privileges (bsc#1112020,

Note that SUSE by default does not run with elevated privileges, so the
default installation is not affected by this problem.

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1420=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

xorg-x11-server-1.19.6-lp150.7.3.1
xorg-x11-server-debuginfo-1.19.6-lp150.7.3.1
xorg-x11-server-debugsource-1.19.6-lp150.7.3.1
xorg-x11-server-extra-1.19.6-lp150.7.3.1
xorg-x11-server-extra-debuginfo-1.19.6-lp150.7.3.1
xorg-x11-server-sdk-1.19.6-lp150.7.3.1
xorg-x11-server-source-1.19.6-lp150.7.3.1
xorg-x11-server-wayland-1.19.6-lp150.7.3.1
xorg-x11-server-wayland-debuginfo-1.19.6-lp150.7.3.1


References:

https://www.suse.com/security/cve/CVE-2018-14665.html
https://bugzilla.suse.com/1112020

--


openSUSE-SU-2018:3801-1: moderate: Security update for openssh

openSUSE Security Update: Security update for openssh
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3801-1
Rating: moderate
References: #1081947 #1091396 #1105010 #1106163 #964336

Cross-References: CVE-2018-15473 CVE-2018-15919
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves two vulnerabilities and has three
fixes is now available.

Description:

This update for openssh fixes the following issues:

- CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH
could be used by remote attackers to detect existence of users on a
target system when GSS2 is in use. OpenSSH developers do not want to
treat such a username enumeration (or "oracle") as a vulnerability.
(bsc#1106163)
- CVE-2018-15473: OpenSSH was prone to a user existance oracle
vulnerability due to not delaying bailout for an invalid authenticating
user until after the packet containing the request has been fully
parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
(bsc#1105010)

The following non-security issues were fixed:

- Stop leaking File descriptors (bsc#964336)
- sftp-client.c returns wrong error code upon failure (bsc#1091396)
- added pam_keyinit to pam configuration file (bsc#1081947)


This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1419=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

openssh-7.6p1-lp150.8.3.1
openssh-cavs-7.6p1-lp150.8.3.1
openssh-cavs-debuginfo-7.6p1-lp150.8.3.1
openssh-debuginfo-7.6p1-lp150.8.3.1
openssh-debugsource-7.6p1-lp150.8.3.1
openssh-fips-7.6p1-lp150.8.3.1
openssh-helpers-7.6p1-lp150.8.3.1
openssh-helpers-debuginfo-7.6p1-lp150.8.3.1

- openSUSE Leap 15.0 (x86_64):

openssh-askpass-gnome-7.6p1-lp150.8.3.1
openssh-askpass-gnome-debuginfo-7.6p1-lp150.8.3.1


References:

https://www.suse.com/security/cve/CVE-2018-15473.html
https://www.suse.com/security/cve/CVE-2018-15919.html
https://bugzilla.suse.com/1081947
https://bugzilla.suse.com/1091396
https://bugzilla.suse.com/1105010
https://bugzilla.suse.com/1106163
https://bugzilla.suse.com/964336

--


openSUSE-SU-2018:3802-1: Security update for libxkbcommon

openSUSE Security Update: Security update for libxkbcommon
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3802-1
Rating: low
References: #1105832
Cross-References: CVE-2018-15853 CVE-2018-15854 CVE-2018-15855
CVE-2018-15856 CVE-2018-15857 CVE-2018-15858
CVE-2018-15859 CVE-2018-15861 CVE-2018-15862
CVE-2018-15863 CVE-2018-15864
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes 11 vulnerabilities is now available.

Description:

This update for libxkbcommon to version 0.8.2 fixes the following issues:

- Fix a few NULL-dereferences, out-of-bounds access and undefined behavior
in the XKB text format parser.
- CVE-2018-15853: Endless recursion could have been used by local
attackers to crash xkbcommon users by supplying a crafted keymap file
that triggers boolean negation (bsc#1105832).
- CVE-2018-15854: Unchecked NULL pointer usage could have been used by
local attackers to crash (NULL pointer dereference) the xkbcommon parser
by supplying a crafted keymap file, because geometry tokens were
desupported incorrectly (bsc#1105832).
- CVE-2018-15855: Unchecked NULL pointer usage could have been used by
local attackers to crash (NULL pointer dereference) the xkbcommon parser
by supplying a crafted keymap file, because the XkbFile for an
xkb_geometry section was mishandled (bsc#1105832).
- CVE-2018-15856: An infinite loop when reaching EOL unexpectedly could be
used by local attackers to cause a denial of service during parsing of
crafted keymap files (bsc#1105832).
- CVE-2018-15857: An invalid free in ExprAppendMultiKeysymList could have
been used by local attackers to crash xkbcommon keymap parsers or
possibly have unspecified other impact by supplying a crafted keymap
file (bsc#1105832).
- CVE-2018-15858: Unchecked NULL pointer usage when handling invalid
aliases in CopyKeyAliasesToKeymap could have been used by local
attackers to crash (NULL pointer dereference) the xkbcommon parser by
supplying a crafted keymap file (bsc#1105832).
- CVE-2018-15859: Unchecked NULL pointer usage when parsing invalid atoms
in ExprResolveLhs could have been used by local attackers to crash (NULL
pointer dereference) the xkbcommon parser by supplying a crafted keymap
file, because lookup failures are mishandled (bsc#1105832).
- CVE-2018-15861: Unchecked NULL pointer usage in ExprResolveLhs could
have been used by local attackers to crash (NULL pointer dereference)
the xkbcommon parser by supplying a crafted keymap file that triggers an
xkb_intern_atom failure (bsc#1105832).
- CVE-2018-15862: Unchecked NULL pointer usage in LookupModMask could have
been used by local attackers to crash (NULL pointer dereference) the
xkbcommon parser by supplying a crafted keymap file with invalid virtual
modifiers (bsc#1105832).
- CVE-2018-15863: Unchecked NULL pointer usage in ResolveStateAndPredicate
could have been used by local attackers to crash (NULL pointer
dereference) the xkbcommon parser by supplying a crafted keymap file
with a no-op modmask expression (bsc#1105832).
- CVE-2018-15864: Unchecked NULL pointer usage in resolve_keysym could
have been used by local attackers to crash (NULL pointer dereference)
the xkbcommon parser by supplying a crafted keymap file, because a map
access attempt can
occur for a map that was never created (bsc#1105832).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1418=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

libxkbcommon-debugsource-0.8.2-lp150.2.3.1
libxkbcommon-devel-0.8.2-lp150.2.3.1
libxkbcommon-x11-0-0.8.2-lp150.2.3.1
libxkbcommon-x11-0-debuginfo-0.8.2-lp150.2.3.1
libxkbcommon-x11-devel-0.8.2-lp150.2.3.1
libxkbcommon0-0.8.2-lp150.2.3.1
libxkbcommon0-debuginfo-0.8.2-lp150.2.3.1

- openSUSE Leap 15.0 (x86_64):

libxkbcommon-devel-32bit-0.8.2-lp150.2.3.1
libxkbcommon-x11-0-32bit-0.8.2-lp150.2.3.1
libxkbcommon-x11-0-32bit-debuginfo-0.8.2-lp150.2.3.1
libxkbcommon-x11-devel-32bit-0.8.2-lp150.2.3.1
libxkbcommon0-32bit-0.8.2-lp150.2.3.1
libxkbcommon0-32bit-debuginfo-0.8.2-lp150.2.3.1


References:

https://www.suse.com/security/cve/CVE-2018-15853.html
https://www.suse.com/security/cve/CVE-2018-15854.html
https://www.suse.com/security/cve/CVE-2018-15855.html
https://www.suse.com/security/cve/CVE-2018-15856.html
https://www.suse.com/security/cve/CVE-2018-15857.html
https://www.suse.com/security/cve/CVE-2018-15858.html
https://www.suse.com/security/cve/CVE-2018-15859.html
https://www.suse.com/security/cve/CVE-2018-15861.html
https://www.suse.com/security/cve/CVE-2018-15862.html
https://www.suse.com/security/cve/CVE-2018-15863.html
https://www.suse.com/security/cve/CVE-2018-15864.html
https://bugzilla.suse.com/1105832

--


openSUSE-SU-2018:3803-1: important: Security update for systemd

openSUSE Security Update: Security update for systemd
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3803-1
Rating: important
References: #1106923 #1108835 #1109252 #1110445 #1111278
#1112024 #1113083 #1113632 #1113665
Cross-References: CVE-2018-15686 CVE-2018-15688
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves two vulnerabilities and has 7 fixes
is now available.

Description:

This update for systemd fixes the following issues:

Security issues fixed:

- CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of
systemd allowed a malicious dhcp6 server to overwrite heap memory in
systemd-networkd. (bsc#1113632)
- CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an
attacker to supply arbitrary state across systemd re-execution via
NotifyAccess. This can be used to improperly influence systemd execution
and possibly lead to root privilege escalation. (bsc#1113665)

Non-security issues fixed:

- dhcp6: split assert_return() to be more debuggable when hit
- core: skip unit deserialization and move to the next one when
unit_deserialize() fails
- core: properly handle deserialization of unknown unit types (#6476)
- core: don't create Requires for workdir if "missing ok" (bsc#1113083)
- logind: use manager_get_user_by_pid() where appropriate
- logind: rework manager_get_{user|session}_by_pid() a bit
- login: fix user@.service case, so we don't allow nested sessions (#8051)
(bsc#1112024)
- core: be more defensive if we can't determine per-connection socket peer
(#7329)
- socket-util: introduce port argument in sockaddr_port()
- service: fixup ExecStop for socket-activated shutdown (#4120)
- service: Continue shutdown on socket activated unit on termination
(#4108) (bsc#1106923)
- cryptsetup: build fixes for "add support for sector-size= option"
- udev-rules: IMPORT cmdline does not recognize keys with similar names
(bsc#1111278)
- core: keep the kernel coredump defaults when systemd-coredump is disabled
- core: shorten main() a bit, split out coredump initialization
- core: set RLIMIT_CORE to unlimited by default (bsc#1108835)
- core/mount: fstype may be NULL
- journald: don't ship systemd-journald-audit.socket (bsc#1109252)
- core: make "tmpfs" dependencies on swapfs a "default" dep, not an
"implicit" (bsc#1110445)
- mount: make sure we unmount tmpfs mounts before we deactivate swaps
(#7076)
- tmp.mount.hm4: After swap.target (#3087)

- Ship systemd-sysv-install helper via the main package This script was
part of systemd-sysvinit sub-package but it was wrong since
systemd-sysv-install is a script used to redirect enable/disable
operations to chkconfig when the unit targets are sysv init scripts.
Therefore it's never been a SySV init tool.

This update was imported from the SUSE:SLE-12-SP2:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1423=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

libsystemd0-228-62.1
libsystemd0-debuginfo-228-62.1
libsystemd0-mini-228-62.1
libsystemd0-mini-debuginfo-228-62.1
libudev-devel-228-62.1
libudev-mini-devel-228-62.1
libudev-mini1-228-62.1
libudev-mini1-debuginfo-228-62.1
libudev1-228-62.1
libudev1-debuginfo-228-62.1
nss-myhostname-228-62.1
nss-myhostname-debuginfo-228-62.1
nss-mymachines-228-62.1
nss-mymachines-debuginfo-228-62.1
systemd-228-62.1
systemd-debuginfo-228-62.1
systemd-debugsource-228-62.1
systemd-devel-228-62.1
systemd-logger-228-62.1
systemd-mini-228-62.1
systemd-mini-debuginfo-228-62.1
systemd-mini-debugsource-228-62.1
systemd-mini-devel-228-62.1
systemd-mini-sysvinit-228-62.1
systemd-sysvinit-228-62.1
udev-228-62.1
udev-debuginfo-228-62.1
udev-mini-228-62.1
udev-mini-debuginfo-228-62.1

- openSUSE Leap 42.3 (x86_64):

libsystemd0-32bit-228-62.1
libsystemd0-debuginfo-32bit-228-62.1
libudev1-32bit-228-62.1
libudev1-debuginfo-32bit-228-62.1
nss-myhostname-32bit-228-62.1
nss-myhostname-debuginfo-32bit-228-62.1
systemd-32bit-228-62.1
systemd-debuginfo-32bit-228-62.1

- openSUSE Leap 42.3 (noarch):

systemd-bash-completion-228-62.1
systemd-mini-bash-completion-228-62.1


References:

https://www.suse.com/security/cve/CVE-2018-15686.html
https://www.suse.com/security/cve/CVE-2018-15688.html
https://bugzilla.suse.com/1106923
https://bugzilla.suse.com/1108835
https://bugzilla.suse.com/1109252
https://bugzilla.suse.com/1110445
https://bugzilla.suse.com/1111278
https://bugzilla.suse.com/1112024
https://bugzilla.suse.com/1113083
https://bugzilla.suse.com/1113632
https://bugzilla.suse.com/1113665

--


openSUSE-SU-2018:3804-1: moderate: Security update for amanda

openSUSE Security Update: Security update for amanda
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3804-1
Rating: moderate
References: #1112916
Cross-References: CVE-2016-10729
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for amanda fixes the following security issue:

- CVE-2016-10729: Local privilege escalation from amanda user to root via
unsafe tar command options (bsc#1112916)


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1421=1



Package List:

- openSUSE Leap 42.3 (x86_64):

amanda-3.3.6-10.3.1
amanda-debuginfo-3.3.6-10.3.1
amanda-debugsource-3.3.6-10.3.1


References:

https://www.suse.com/security/cve/CVE-2016-10729.html
https://bugzilla.suse.com/1112916

--