Signing-Party, Wireshark, Webkit2GTK3, NMAP, Freeradius, Python-Jinja2 Updates for openSUSE
Posted on: 05/13/2019 07:01 PM

The following updates has been released for openSUSE:

openSUSE-SU-2019:1388-1: moderate: Security update for signing-party
openSUSE-SU-2019:1390-1: moderate: Security update for wireshark
openSUSE-SU-2019:1391-1: important: Security update for webkit2gtk3
openSUSE-SU-2019:1392-1: Security update for nmap
openSUSE-SU-2019:1394-1: important: Security update for freeradius-server
openSUSE-SU-2019:1395-1: important: Security update for python-Jinja2

openSUSE-SU-2019:1388-1: moderate: Security update for signing-party
openSUSE Security Update: Security update for signing-party
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1388-1
Rating: moderate
References: #1134040
Cross-References: CVE-2019-11627
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for signing-party fixes the following issues:

- CVE-2019-11627: The gpg-key2ps tool in signing-party contained an unsafe
shell call enabling shell injection via a User ID.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1388=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1388=1



Package List:

- openSUSE Leap 42.3 (noarch):

signing-party-2.1-10.3.1

- openSUSE Leap 15.0 (x86_64):

signing-party-2.7-lp150.5.1
signing-party-debuginfo-2.7-lp150.5.1
signing-party-debugsource-2.7-lp150.5.1


References:

https://www.suse.com/security/cve/CVE-2019-11627.html
https://bugzilla.suse.com/1134040

--



openSUSE-SU-2019:1390-1: moderate: Security update for wireshark
openSUSE Security Update: Security update for wireshark
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1390-1
Rating: moderate
References: #1127367 #1127369 #1127370 #1131945
Cross-References: CVE-2019-10894 CVE-2019-10895 CVE-2019-10896
CVE-2019-10899 CVE-2019-10901 CVE-2019-10903
CVE-2019-9208 CVE-2019-9209 CVE-2019-9214

Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes 9 vulnerabilities is now available.

Description:

This update for wireshark to version 2.4.14 fixes the following issues:

Security issues fixed:

- CVE-2019-10895: NetScaler file parser crash.
- CVE-2019-10899: SRVLOC dissector crash.
- CVE-2019-10894: GSS-API dissector crash.
- CVE-2019-10896: DOF dissector crash.
- CVE-2019-10901: LDSS dissector crash.
- CVE-2019-10903: DCERPC SPOOLSS dissector crash.
- CVE-2019-9214: Avoided a dereference of a null coversation which could
make RPCAP dissector crash (bsc#1127367).
- CVE-2019-9209: Fixed a buffer overflow in time values which could make
ASN.1 BER and related dissectors crash (bsc#1127369).
- CVE-2019-9208: Fixed a null pointer dereference which could make TCAP
dissector crash (bsc#1127370).

Non-security issue fixed:

- Update to version 2.4.14 (bsc#1131945).

This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1390=1



Package List:

- openSUSE Leap 42.3 (x86_64):

libwireshark9-2.4.14-52.1
libwireshark9-debuginfo-2.4.14-52.1
libwiretap7-2.4.14-52.1
libwiretap7-debuginfo-2.4.14-52.1
libwscodecs1-2.4.14-52.1
libwscodecs1-debuginfo-2.4.14-52.1
libwsutil8-2.4.14-52.1
libwsutil8-debuginfo-2.4.14-52.1
wireshark-2.4.14-52.1
wireshark-debuginfo-2.4.14-52.1
wireshark-debugsource-2.4.14-52.1
wireshark-devel-2.4.14-52.1
wireshark-gtk-2.4.14-52.1
wireshark-gtk-debuginfo-2.4.14-52.1
wireshark-ui-qt-2.4.14-52.1
wireshark-ui-qt-debuginfo-2.4.14-52.1


References:

https://www.suse.com/security/cve/CVE-2019-10894.html
https://www.suse.com/security/cve/CVE-2019-10895.html
https://www.suse.com/security/cve/CVE-2019-10896.html
https://www.suse.com/security/cve/CVE-2019-10899.html
https://www.suse.com/security/cve/CVE-2019-10901.html
https://www.suse.com/security/cve/CVE-2019-10903.html
https://www.suse.com/security/cve/CVE-2019-9208.html
https://www.suse.com/security/cve/CVE-2019-9209.html
https://www.suse.com/security/cve/CVE-2019-9214.html
https://bugzilla.suse.com/1127367
https://bugzilla.suse.com/1127369
https://bugzilla.suse.com/1127370
https://bugzilla.suse.com/1131945

--



openSUSE-SU-2019:1391-1: important: Security update for webkit2gtk3
openSUSE Security Update: Security update for webkit2gtk3
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1391-1
Rating: important
References: #1132256
Cross-References: CVE-2019-11070 CVE-2019-6201 CVE-2019-6251
CVE-2019-7285 CVE-2019-7292 CVE-2019-8503
CVE-2019-8506 CVE-2019-8515 CVE-2019-8524
CVE-2019-8535 CVE-2019-8536 CVE-2019-8544
CVE-2019-8551 CVE-2019-8558 CVE-2019-8559
CVE-2019-8563
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes 16 vulnerabilities is now available.

Description:

This update for webkit2gtk3 to version 2.24.1 fixes the following issues:

Security issues fixed:

- CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292,
CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8524,
CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551,
CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070
(bsc#1132256).

This update was imported from the SUSE:SLE-12-SP2:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1391=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

libjavascriptcoregtk-4_0-18-2.24.1-27.1
libjavascriptcoregtk-4_0-18-debuginfo-2.24.1-27.1
libwebkit2gtk-4_0-37-2.24.1-27.1
libwebkit2gtk-4_0-37-debuginfo-2.24.1-27.1
typelib-1_0-JavaScriptCore-4_0-2.24.1-27.1
typelib-1_0-WebKit2-4_0-2.24.1-27.1
typelib-1_0-WebKit2WebExtension-4_0-2.24.1-27.1
webkit-jsc-4-2.24.1-27.1
webkit-jsc-4-debuginfo-2.24.1-27.1
webkit2gtk-4_0-injected-bundles-2.24.1-27.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.24.1-27.1
webkit2gtk3-debugsource-2.24.1-27.1
webkit2gtk3-devel-2.24.1-27.1
webkit2gtk3-minibrowser-2.24.1-27.1
webkit2gtk3-minibrowser-debuginfo-2.24.1-27.1
webkit2gtk3-plugin-process-gtk2-2.24.1-27.1
webkit2gtk3-plugin-process-gtk2-debuginfo-2.24.1-27.1

- openSUSE Leap 42.3 (noarch):

libwebkit2gtk3-lang-2.24.1-27.1

- openSUSE Leap 42.3 (x86_64):

libjavascriptcoregtk-4_0-18-32bit-2.24.1-27.1
libjavascriptcoregtk-4_0-18-debuginfo-32bit-2.24.1-27.1
libwebkit2gtk-4_0-37-32bit-2.24.1-27.1
libwebkit2gtk-4_0-37-debuginfo-32bit-2.24.1-27.1


References:

https://www.suse.com/security/cve/CVE-2019-11070.html
https://www.suse.com/security/cve/CVE-2019-6201.html
https://www.suse.com/security/cve/CVE-2019-6251.html
https://www.suse.com/security/cve/CVE-2019-7285.html
https://www.suse.com/security/cve/CVE-2019-7292.html
https://www.suse.com/security/cve/CVE-2019-8503.html
https://www.suse.com/security/cve/CVE-2019-8506.html
https://www.suse.com/security/cve/CVE-2019-8515.html
https://www.suse.com/security/cve/CVE-2019-8524.html
https://www.suse.com/security/cve/CVE-2019-8535.html
https://www.suse.com/security/cve/CVE-2019-8536.html
https://www.suse.com/security/cve/CVE-2019-8544.html
https://www.suse.com/security/cve/CVE-2019-8551.html
https://www.suse.com/security/cve/CVE-2019-8558.html
https://www.suse.com/security/cve/CVE-2019-8559.html
https://www.suse.com/security/cve/CVE-2019-8563.html
https://bugzilla.suse.com/1132256

--



openSUSE-SU-2019:1392-1: Security update for nmap
openSUSE Security Update: Security update for nmap
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1392-1
Rating: low
References: #1104139
Cross-References: CVE-2018-15173
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for nmap fixes the following issues:

Security issue fixed:

- CVE-2018-15173: Fixed remote denial of service via a crafted TCP-based
service (boo#1104139).


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1392=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

ncat-6.47-13.3.1
ndiff-6.47-13.3.1
nmap-6.47-13.3.1
nmap-debuginfo-6.47-13.3.1
nmap-debugsource-6.47-13.3.1
nping-6.47-13.3.1
zenmap-6.47-13.3.1


References:

https://www.suse.com/security/cve/CVE-2018-15173.html
https://bugzilla.suse.com/1104139

--



openSUSE-SU-2019:1394-1: important: Security update for freeradius-server
openSUSE Security Update: Security update for freeradius-server
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1394-1
Rating: important
References: #1132549 #1132664
Cross-References: CVE-2019-11234 CVE-2019-11235
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for freeradius-server fixes the following issues:

Security issues fixed:

- CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD
Commit frame and insufficent validation of elliptic curve points
(bsc#1132549).
- CVE-2019-11234: Fixed an authentication bypass caused by reflecting
privous values back to the server (bsc#1132664).

This update was imported from the SUSE:SLE-12-SP3:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1394=1



Package List:

- openSUSE Leap 42.3 (x86_64):

freeradius-server-3.0.15-9.1
freeradius-server-debuginfo-3.0.15-9.1
freeradius-server-debugsource-3.0.15-9.1
freeradius-server-devel-3.0.15-9.1
freeradius-server-doc-3.0.15-9.1
freeradius-server-krb5-3.0.15-9.1
freeradius-server-krb5-debuginfo-3.0.15-9.1
freeradius-server-ldap-3.0.15-9.1
freeradius-server-ldap-debuginfo-3.0.15-9.1
freeradius-server-libs-3.0.15-9.1
freeradius-server-libs-debuginfo-3.0.15-9.1
freeradius-server-mysql-3.0.15-9.1
freeradius-server-mysql-debuginfo-3.0.15-9.1
freeradius-server-perl-3.0.15-9.1
freeradius-server-perl-debuginfo-3.0.15-9.1
freeradius-server-postgresql-3.0.15-9.1
freeradius-server-postgresql-debuginfo-3.0.15-9.1
freeradius-server-python-3.0.15-9.1
freeradius-server-python-debuginfo-3.0.15-9.1
freeradius-server-sqlite-3.0.15-9.1
freeradius-server-sqlite-debuginfo-3.0.15-9.1
freeradius-server-utils-3.0.15-9.1
freeradius-server-utils-debuginfo-3.0.15-9.1


References:

https://www.suse.com/security/cve/CVE-2019-11234.html
https://www.suse.com/security/cve/CVE-2019-11235.html
https://bugzilla.suse.com/1132549
https://bugzilla.suse.com/1132664

--



openSUSE-SU-2019:1395-1: important: Security update for python-Jinja2
openSUSE Security Update: Security update for python-Jinja2
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1395-1
Rating: important
References: #1125815 #1132174 #1132323
Cross-References: CVE-2016-10745 CVE-2019-10906 CVE-2019-8341

Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for python-Jinja2 to version 2.10.1 fixes the following issues:

Security issues fixed:

- CVE-2019-8341: Fixed a command injection in from_string() (bsc#1125815).
- CVE-2019-10906: Fixed a sandbox escape due to information disclosure via
str.format (bsc#1132323).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1395=1



Package List:

- openSUSE Leap 15.0 (noarch):

python-Jinja2-emacs-2.10.1-lp150.2.3.1
python-Jinja2-vim-2.10.1-lp150.2.3.1
python2-Jinja2-2.10.1-lp150.2.3.1
python3-Jinja2-2.10.1-lp150.2.3.1


References:

https://www.suse.com/security/cve/CVE-2016-10745.html
https://www.suse.com/security/cve/CVE-2019-10906.html
https://www.suse.com/security/cve/CVE-2019-8341.html
https://bugzilla.suse.com/1125815
https://bugzilla.suse.com/1132174
https://bugzilla.suse.com/1132323

--






Printed from Linux Compatible (https://www.linuxcompatible.org/news/story/signing_partywiresharkwebkit2gtk3nmapfreeradiuspython_jinja2_updates_for_opensuse.html)