SUSE 5009 Published by

The following updates has been released for openSUSE:

openSUSE-SU-2019:1324-1: important: Security update for chromium
openSUSE-SU-2019:1325-1: important: Security update for chromium
openSUSE-SU-2019:1327-1: moderate: Security update for java-11-openjdk
openSUSE-SU-2019:1331-1: moderate: Security update for ImageMagick



openSUSE-SU-2019:1324-1: important: Security update for chromium

openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1324-1
Rating: important
References: #1133313
Cross-References: CVE-2019-5805 CVE-2019-5806 CVE-2019-5807
CVE-2019-5808 CVE-2019-5809 CVE-2019-5810
CVE-2019-5811 CVE-2019-5813 CVE-2019-5814
CVE-2019-5815 CVE-2019-5818 CVE-2019-5819
CVE-2019-5820 CVE-2019-5821 CVE-2019-5822
CVE-2019-5823
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes 16 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

Security update to version 74.0.3729.108 (boo#1133313).

Security issues fixed:

- CVE-2019-5805: Use after free in PDFium
- CVE-2019-5806: Integer overflow in Angle
- CVE-2019-5807: Memory corruption in V8
- CVE-2019-5808: Use after free in Blink
- CVE-2019-5809: Use after free in Blink
- CVE-2019-5810: User information disclosure in Autofill
- CVE-2019-5811: CORS bypass in Blink
- CVE-2019-5813: Out of bounds read in V8
- CVE-2019-5814: CORS bypass in Blink
- CVE-2019-5815: Heap buffer overflow in Blink
- CVE-2019-5818: Uninitialized value in media reader
- CVE-2019-5819: Incorrect escaping in developer tools
- CVE-2019-5820: Integer overflow in PDFium
- CVE-2019-5821: Integer overflow in PDFium
- CVE-2019-5822: CORS bypass in download manager
- CVE-2019-5823: Forced navigation from service worker


Bug fixes:

- Update to 73.0.3686.103:
* Various feature fixes
- Update to 73.0.3683.86:
* Various feature fixes
- Update conditions to use system harfbuzz on TW+
- Require java during build
- Enable using pipewire when available
- Rebase chromium-vaapi.patch to match up the Fedora one


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1324=1



Package List:

- openSUSE Leap 42.3 (x86_64):

chromedriver-74.0.3729.108-208.1
chromedriver-debuginfo-74.0.3729.108-208.1
chromium-74.0.3729.108-208.1
chromium-debuginfo-74.0.3729.108-208.1
chromium-debugsource-74.0.3729.108-208.1


References:

https://www.suse.com/security/cve/CVE-2019-5805.html
https://www.suse.com/security/cve/CVE-2019-5806.html
https://www.suse.com/security/cve/CVE-2019-5807.html
https://www.suse.com/security/cve/CVE-2019-5808.html
https://www.suse.com/security/cve/CVE-2019-5809.html
https://www.suse.com/security/cve/CVE-2019-5810.html
https://www.suse.com/security/cve/CVE-2019-5811.html
https://www.suse.com/security/cve/CVE-2019-5813.html
https://www.suse.com/security/cve/CVE-2019-5814.html
https://www.suse.com/security/cve/CVE-2019-5815.html
https://www.suse.com/security/cve/CVE-2019-5818.html
https://www.suse.com/security/cve/CVE-2019-5819.html
https://www.suse.com/security/cve/CVE-2019-5820.html
https://www.suse.com/security/cve/CVE-2019-5821.html
https://www.suse.com/security/cve/CVE-2019-5822.html
https://www.suse.com/security/cve/CVE-2019-5823.html
https://bugzilla.suse.com/1133313

--


openSUSE-SU-2019:1325-1: important: Security update for chromium

openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1325-1
Rating: important
References: #1133313
Cross-References: CVE-2019-5805 CVE-2019-5806 CVE-2019-5807
CVE-2019-5808 CVE-2019-5809 CVE-2019-5810
CVE-2019-5811 CVE-2019-5812 CVE-2019-5813
CVE-2019-5814 CVE-2019-5815 CVE-2019-5816
CVE-2019-5817 CVE-2019-5818 CVE-2019-5819
CVE-2019-5820 CVE-2019-5821 CVE-2019-5822
CVE-2019-5823
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes 19 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

Chromium was updated to 74.0.3729.108 boo#1133313:

* CVE-2019-5805: Use after free in PDFium
* CVE-2019-5806: Integer overflow in Angle
* CVE-2019-5807: Memory corruption in V8
* CVE-2019-5808: Use after free in Blink
* CVE-2019-5809: Use after free in Blink
* CVE-2019-5810: User information disclosure in Autofill
* CVE-2019-5811: CORS bypass in Blink
* CVE-2019-5813: Out of bounds read in V8
* CVE-2019-5814: CORS bypass in Blink
* CVE-2019-5815: Heap buffer overflow in Blink
* CVE-2019-5818: Uninitialized value in media reader
* CVE-2019-5819: Incorrect escaping in developer tools
* CVE-2019-5820: Integer overflow in PDFium
* CVE-2019-5821: Integer overflow in PDFium
* CVE-2019-5822: CORS bypass in download manager
* CVE-2019-5823: Forced navigation from service worker
* CVE-2019-5812: URL spoof in Omnibox on iOS
* CVE-2019-5816: Exploit persistence extension on Android
* CVE-2019-5817: Heap buffer overflow in Angle on Windows

- Update conditions to use system harfbuzz on TW+
- Require java during build
- Enable using pipewire when available


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1325=1



Package List:

- openSUSE Leap 15.0 (x86_64):

chromedriver-74.0.3729.108-lp150.209.2
chromedriver-debuginfo-74.0.3729.108-lp150.209.2
chromium-74.0.3729.108-lp150.209.2
chromium-debuginfo-74.0.3729.108-lp150.209.2
chromium-debugsource-74.0.3729.108-lp150.209.2


References:

https://www.suse.com/security/cve/CVE-2019-5805.html
https://www.suse.com/security/cve/CVE-2019-5806.html
https://www.suse.com/security/cve/CVE-2019-5807.html
https://www.suse.com/security/cve/CVE-2019-5808.html
https://www.suse.com/security/cve/CVE-2019-5809.html
https://www.suse.com/security/cve/CVE-2019-5810.html
https://www.suse.com/security/cve/CVE-2019-5811.html
https://www.suse.com/security/cve/CVE-2019-5812.html
https://www.suse.com/security/cve/CVE-2019-5813.html
https://www.suse.com/security/cve/CVE-2019-5814.html
https://www.suse.com/security/cve/CVE-2019-5815.html
https://www.suse.com/security/cve/CVE-2019-5816.html
https://www.suse.com/security/cve/CVE-2019-5817.html
https://www.suse.com/security/cve/CVE-2019-5818.html
https://www.suse.com/security/cve/CVE-2019-5819.html
https://www.suse.com/security/cve/CVE-2019-5820.html
https://www.suse.com/security/cve/CVE-2019-5821.html
https://www.suse.com/security/cve/CVE-2019-5822.html
https://www.suse.com/security/cve/CVE-2019-5823.html
https://bugzilla.suse.com/1133313

--


openSUSE-SU-2019:1327-1: moderate: Security update for java-11-openjdk

openSUSE Security Update: Security update for java-11-openjdk
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1327-1
Rating: moderate
References: #1132728 #1132732
Cross-References: CVE-2019-2602 CVE-2019-2684
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for java-11-openjdk to version 11.0.3+7 fixes the following
issues:

Security issues fixed:

- CVE-2019-2602: Fixed excessive use of CPU time in the BigDecimal
implementation (bsc#1132728).
- CVE-2019-2684: Fixed a flaw in the RMI registry implementation which
could lead to selection of an incorrect skeleton class (bsc#1132732).

Non-security issues fixed:

- Multiple bug fixes and improvements.

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1327=1



Package List:

- openSUSE Leap 15.0 (noarch):

java-11-openjdk-javadoc-11.0.3.0-lp150.2.16.1

- openSUSE Leap 15.0 (x86_64):

java-11-openjdk-11.0.3.0-lp150.2.16.1
java-11-openjdk-accessibility-11.0.3.0-lp150.2.16.1
java-11-openjdk-accessibility-debuginfo-11.0.3.0-lp150.2.16.1
java-11-openjdk-debuginfo-11.0.3.0-lp150.2.16.1
java-11-openjdk-debugsource-11.0.3.0-lp150.2.16.1
java-11-openjdk-demo-11.0.3.0-lp150.2.16.1
java-11-openjdk-devel-11.0.3.0-lp150.2.16.1
java-11-openjdk-headless-11.0.3.0-lp150.2.16.1
java-11-openjdk-jmods-11.0.3.0-lp150.2.16.1
java-11-openjdk-src-11.0.3.0-lp150.2.16.1


References:

https://www.suse.com/security/cve/CVE-2019-2602.html
https://www.suse.com/security/cve/CVE-2019-2684.html
https://bugzilla.suse.com/1132728
https://bugzilla.suse.com/1132732

--


openSUSE-SU-2019:1331-1: moderate: Security update for ImageMagick

openSUSE Security Update: Security update for ImageMagick
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1331-1
Rating: moderate
References: #1122033 #1130330 #1131317 #1132054 #1132060

Cross-References: CVE-2019-10650 CVE-2019-11007 CVE-2019-11008
CVE-2019-9956
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves four vulnerabilities and has one
errata is now available.

Description:

This update for ImageMagick fixes the following issues:

Security issues fixed:

- CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel()
(bsc#1130330).
- CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage()
(bsc#1131317).
- CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage()
(bsc#1132060).
- CVE-2019-11008: Fixed a heap-based buffer overflow in WriteXWDImage()
(bsc#1132054).

- Added extra -config- packages with Postscript/EPS/PDF readers still
enabled.

Removing the PS decoders is used to harden ImageMagick against security
issues within ghostscript. Enabling them might impact security.
(bsc#1122033)

These are two packages that can be selected:

- ImageMagick-config-7-SUSE: This has the PS decoders disabled.
- ImageMagick-config-7-upstream: This has the PS decoders enabled.

Depending on your local needs install either one of them. The default is
the -SUSE configuration.

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1331=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

ImageMagick-7.0.7.34-lp150.2.29.1
ImageMagick-config-7-SUSE-7.0.7.34-lp150.2.29.1
ImageMagick-config-7-upstream-7.0.7.34-lp150.2.29.1
ImageMagick-debuginfo-7.0.7.34-lp150.2.29.1
ImageMagick-debugsource-7.0.7.34-lp150.2.29.1
ImageMagick-devel-7.0.7.34-lp150.2.29.1
ImageMagick-extra-7.0.7.34-lp150.2.29.1
ImageMagick-extra-debuginfo-7.0.7.34-lp150.2.29.1
libMagick++-7_Q16HDRI4-7.0.7.34-lp150.2.29.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-lp150.2.29.1
libMagick++-devel-7.0.7.34-lp150.2.29.1
libMagickCore-7_Q16HDRI6-7.0.7.34-lp150.2.29.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-lp150.2.29.1
libMagickWand-7_Q16HDRI6-7.0.7.34-lp150.2.29.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-lp150.2.29.1
perl-PerlMagick-7.0.7.34-lp150.2.29.1
perl-PerlMagick-debuginfo-7.0.7.34-lp150.2.29.1

- openSUSE Leap 15.0 (noarch):

ImageMagick-doc-7.0.7.34-lp150.2.29.1

- openSUSE Leap 15.0 (x86_64):

ImageMagick-devel-32bit-7.0.7.34-lp150.2.29.1
libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp150.2.29.1
libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-lp150.2.29.1
libMagick++-devel-32bit-7.0.7.34-lp150.2.29.1
libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.29.1
libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-lp150.2.29.1
libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.29.1
libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-lp150.2.29.1


References:

https://www.suse.com/security/cve/CVE-2019-10650.html
https://www.suse.com/security/cve/CVE-2019-11007.html
https://www.suse.com/security/cve/CVE-2019-11008.html
https://www.suse.com/security/cve/CVE-2019-9956.html
https://bugzilla.suse.com/1122033
https://bugzilla.suse.com/1130330
https://bugzilla.suse.com/1131317
https://bugzilla.suse.com/1132054
https://bugzilla.suse.com/1132060

--