openSUSE-2015-683 moderate openSUSE Leap 42.1 Update wireshark was updated to version 1.12.8 to fix ten security issues. These security issues were fixed: - CVE-2015-6247: The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 did not validate a certain offset value, which allowed remote attackers to cause a denial of service (infinite loop) via a crafted packet (bsc#941500). - CVE-2015-6246: The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500). - CVE-2015-6245: epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 used incorrect integer data types, which allowed remote attackers to cause a denial of service (infinite loop) via a crafted packet (bsc#941500). - CVE-2015-6244: The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500). - CVE-2015-6243: The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions (bsc#941500). - CVE-2015-6242: The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 did not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allowed remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet (bsc#941500). - CVE-2015-6241: The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 did not properly terminate a data structure after a failure to locate a number within a string, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500). - CVE-2015-7830: pcapng file parser could crash while copying an interface filter (bsc#950437). - CVE-2015-6249: The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 did not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500). - CVE-2015-6248: The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 did not check whether the expected amount of data is available, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500). wireshark-1.12.8-9.1.i586.rpm wireshark-1.12.8-9.1.src.rpm wireshark-debuginfo-1.12.8-9.1.i586.rpm wireshark-debugsource-1.12.8-9.1.i586.rpm wireshark-devel-1.12.8-9.1.i586.rpm wireshark-ui-gtk-1.12.8-9.1.i586.rpm wireshark-ui-gtk-debuginfo-1.12.8-9.1.i586.rpm wireshark-ui-qt-1.12.8-9.1.i586.rpm wireshark-ui-qt-debuginfo-1.12.8-9.1.i586.rpm wireshark-1.12.8-9.1.x86_64.rpm wireshark-debuginfo-1.12.8-9.1.x86_64.rpm wireshark-debugsource-1.12.8-9.1.x86_64.rpm wireshark-devel-1.12.8-9.1.x86_64.rpm wireshark-ui-gtk-1.12.8-9.1.x86_64.rpm wireshark-ui-gtk-debuginfo-1.12.8-9.1.x86_64.rpm wireshark-ui-qt-1.12.8-9.1.x86_64.rpm wireshark-ui-qt-debuginfo-1.12.8-9.1.x86_64.rpm openSUSE-2015-681 moderate openSUSE Leap 42.1 Update libressl was updated to fix two security issues. These security issues were fixed: - CVE-2015-5333: Memory leak when decoding X.509 certificates (boo#950707) - CVE-2015-5334: Buffer overflow when decoding X.509 certificates (boo#950708) libcrypto36-2.3.0-3.1.i586.rpm libcrypto36-32bit-2.3.0-3.1.x86_64.rpm libcrypto36-debuginfo-2.3.0-3.1.i586.rpm libcrypto36-debuginfo-32bit-2.3.0-3.1.x86_64.rpm libressl-2.3.0-3.1.i586.rpm libressl-2.3.0-3.1.src.rpm libressl-debuginfo-2.3.0-3.1.i586.rpm libressl-debugsource-2.3.0-3.1.i586.rpm libressl-devel-2.3.0-3.1.i586.rpm libressl-devel-32bit-2.3.0-3.1.x86_64.rpm libressl-devel-doc-2.3.0-3.1.noarch.rpm libssl37-2.3.0-3.1.i586.rpm libssl37-32bit-2.3.0-3.1.x86_64.rpm libssl37-debuginfo-2.3.0-3.1.i586.rpm libssl37-debuginfo-32bit-2.3.0-3.1.x86_64.rpm libtls9-2.3.0-3.1.i586.rpm libtls9-32bit-2.3.0-3.1.x86_64.rpm libtls9-debuginfo-2.3.0-3.1.i586.rpm libtls9-debuginfo-32bit-2.3.0-3.1.x86_64.rpm libcrypto36-2.3.0-3.1.x86_64.rpm libcrypto36-debuginfo-2.3.0-3.1.x86_64.rpm libressl-2.3.0-3.1.x86_64.rpm libressl-debuginfo-2.3.0-3.1.x86_64.rpm libressl-debugsource-2.3.0-3.1.x86_64.rpm libressl-devel-2.3.0-3.1.x86_64.rpm libssl37-2.3.0-3.1.x86_64.rpm libssl37-debuginfo-2.3.0-3.1.x86_64.rpm libtls9-2.3.0-3.1.x86_64.rpm libtls9-debuginfo-2.3.0-3.1.x86_64.rpm openSUSE-2015-680 low openSUSE Leap 42.1 Update * boo#948602/cve#2015-7384: HTTP Denial of Service Vulnerability * boo#948045: addon-rpm.gypi wasn't installed * Leap: update nodejs to 4.2.1 from 0.12.7 nodejs-4.2.1-6.1.i586.rpm nodejs-4.2.1-6.1.src.rpm nodejs-debuginfo-4.2.1-6.1.i586.rpm nodejs-debugsource-4.2.1-6.1.i586.rpm nodejs-devel-4.2.1-6.1.i586.rpm nodejs-docs-4.2.1-6.1.noarch.rpm nodejs-npm-4.2.1-6.1.i586.rpm nodejs-4.2.1-6.1.x86_64.rpm nodejs-debuginfo-4.2.1-6.1.x86_64.rpm nodejs-debugsource-4.2.1-6.1.x86_64.rpm nodejs-devel-4.2.1-6.1.x86_64.rpm nodejs-npm-4.2.1-6.1.x86_64.rpm openSUSE-2015-684 moderate openSUSE Leap 42.1 Update squid was updated to fix one security issue. This security issue was fixed: - CVE-2014-9749: Nonce replay vulnerability in Digest authentication (bsc#949942). squid-3.3.13-3.1.i586.rpm squid-3.3.13-3.1.src.rpm squid-debuginfo-3.3.13-3.1.i586.rpm squid-debugsource-3.3.13-3.1.i586.rpm squid-3.3.13-3.1.x86_64.rpm squid-debuginfo-3.3.13-3.1.x86_64.rpm squid-debugsource-3.3.13-3.1.x86_64.rpm openSUSE-2015-702 moderate openSUSE Leap 42.1 Update util-linux was updated to fix one security issue. This security issue was fixed: - CVE-2015-5218: Prevent colcrt buffer overflow (bsc#949754). This non-security issue was fixed: - bsc#903440: Calendar "cal" crash with segmentation fault when execute in background. python-libmount-2.25-9.5.i586.rpm python-libmount-2.25-9.5.src.rpm python-libmount-debuginfo-2.25-9.5.i586.rpm python-libmount-debugsource-2.25-9.5.i586.rpm util-linux-systemd-2.25-9.1.i586.rpm util-linux-systemd-2.25-9.1.src.rpm util-linux-systemd-debuginfo-2.25-9.1.i586.rpm util-linux-systemd-debugsource-2.25-9.1.i586.rpm uuidd-2.25-9.1.i586.rpm uuidd-debuginfo-2.25-9.1.i586.rpm libblkid-devel-2.25-9.4.i586.rpm libblkid-devel-32bit-2.25-9.4.x86_64.rpm libblkid1-2.25-9.4.i586.rpm libblkid1-32bit-2.25-9.4.x86_64.rpm libblkid1-debuginfo-2.25-9.4.i586.rpm libblkid1-debuginfo-32bit-2.25-9.4.x86_64.rpm libmount-devel-2.25-9.4.i586.rpm libmount-devel-32bit-2.25-9.4.x86_64.rpm libmount1-2.25-9.4.i586.rpm libmount1-32bit-2.25-9.4.x86_64.rpm libmount1-debuginfo-2.25-9.4.i586.rpm libmount1-debuginfo-32bit-2.25-9.4.x86_64.rpm libsmartcols-devel-2.25-9.4.i586.rpm libsmartcols1-2.25-9.4.i586.rpm libsmartcols1-debuginfo-2.25-9.4.i586.rpm libuuid-devel-2.25-9.4.i586.rpm libuuid-devel-32bit-2.25-9.4.x86_64.rpm libuuid1-2.25-9.4.i586.rpm libuuid1-32bit-2.25-9.4.x86_64.rpm libuuid1-debuginfo-2.25-9.4.i586.rpm libuuid1-debuginfo-32bit-2.25-9.4.x86_64.rpm util-linux-2.25-9.4.i586.rpm util-linux-2.25-9.4.src.rpm util-linux-debuginfo-2.25-9.4.i586.rpm util-linux-debugsource-2.25-9.4.i586.rpm util-linux-lang-2.25-9.4.noarch.rpm python-libmount-2.25-9.5.x86_64.rpm python-libmount-debuginfo-2.25-9.5.x86_64.rpm python-libmount-debugsource-2.25-9.5.x86_64.rpm util-linux-systemd-2.25-9.1.x86_64.rpm util-linux-systemd-debuginfo-2.25-9.1.x86_64.rpm util-linux-systemd-debugsource-2.25-9.1.x86_64.rpm uuidd-2.25-9.1.x86_64.rpm uuidd-debuginfo-2.25-9.1.x86_64.rpm libblkid-devel-2.25-9.4.x86_64.rpm libblkid1-2.25-9.4.x86_64.rpm libblkid1-debuginfo-2.25-9.4.x86_64.rpm libmount-devel-2.25-9.4.x86_64.rpm libmount1-2.25-9.4.x86_64.rpm libmount1-debuginfo-2.25-9.4.x86_64.rpm libsmartcols-devel-2.25-9.4.x86_64.rpm libsmartcols1-2.25-9.4.x86_64.rpm libsmartcols1-debuginfo-2.25-9.4.x86_64.rpm libuuid-devel-2.25-9.4.x86_64.rpm libuuid1-2.25-9.4.x86_64.rpm libuuid1-debuginfo-2.25-9.4.x86_64.rpm util-linux-2.25-9.4.x86_64.rpm util-linux-debuginfo-2.25-9.4.x86_64.rpm util-linux-debugsource-2.25-9.4.x86_64.rpm openSUSE-2015-705 important openSUSE Leap 42.1 Update bouncycastle was updated to version 1.53 to fix one security issue. This security issue was fixed: - CVE-2015-7940: Invalid curve attack (bsc#951727). bouncycastle-1.53-16.1.noarch.rpm bouncycastle-1.53-16.1.src.rpm bouncycastle-javadoc-1.53-16.1.noarch.rpm openSUSE-2015-687 moderate openSUSE Leap 42.1 Update sudo was updated to fix one security issue. This security issue was fixed: - CVE-2014-9680: Unsafe handling of TZ environment variable (bsc#917806). sudo-1.8.10p3-5.1.i586.rpm sudo-1.8.10p3-5.1.src.rpm sudo-debuginfo-1.8.10p3-5.1.i586.rpm sudo-debugsource-1.8.10p3-5.1.i586.rpm sudo-devel-1.8.10p3-5.1.i586.rpm sudo-test-1.8.10p3-5.1.i586.rpm sudo-1.8.10p3-5.1.x86_64.rpm sudo-debuginfo-1.8.10p3-5.1.x86_64.rpm sudo-debugsource-1.8.10p3-5.1.x86_64.rpm sudo-devel-1.8.10p3-5.1.x86_64.rpm sudo-test-1.8.10p3-5.1.x86_64.rpm openSUSE-2015-704 moderate openSUSE Leap 42.1 Update potrace was updated to fix one security issue. This security issue was fixed: - CVE-2013-7437: Multiple integer overflows in potrace 1.11 allowed remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow (bsc#924904). libpotrace0-1.13-5.1.i586.rpm libpotrace0-debuginfo-1.13-5.1.i586.rpm potrace-1.13-5.1.i586.rpm potrace-1.13-5.1.src.rpm potrace-debuginfo-1.13-5.1.i586.rpm potrace-debugsource-1.13-5.1.i586.rpm potrace-devel-1.13-5.1.i586.rpm libpotrace0-1.13-5.1.x86_64.rpm libpotrace0-debuginfo-1.13-5.1.x86_64.rpm potrace-1.13-5.1.x86_64.rpm potrace-debuginfo-1.13-5.1.x86_64.rpm potrace-debugsource-1.13-5.1.x86_64.rpm potrace-devel-1.13-5.1.x86_64.rpm openSUSE-2015-685 low openSUSE Leap 42.1 Update This is the initial update to pullin bcm43xx-firmware and fluendo-mp3. (https://progress.opensuse.org/issues/9020) pullin-bcm43xx-firmware-1.0-4.1.noarch.rpm pullin-bcm43xx-firmware-1.0-4.1.src.rpm pullin-fluendo-mp3-13.2-4.1.noarch.rpm pullin-fluendo-mp3-13.2-4.1.src.rpm openSUSE-2015-698 low openSUSE Leap 42.1 Update audiofile was updated to fix one security issue. This security issue was fixed: - CVE-2015-7747: Overflow when changing both number of channels and sample format (bsc#949399). audiofile-0.3.6-9.1.i586.rpm audiofile-0.3.6-9.1.src.rpm audiofile-debuginfo-0.3.6-9.1.i586.rpm audiofile-debugsource-0.3.6-9.1.i586.rpm audiofile-devel-0.3.6-9.1.i586.rpm audiofile-devel-32bit-0.3.6-9.1.x86_64.rpm audiofile-doc-0.3.6-9.1.i586.rpm libaudiofile1-0.3.6-9.1.i586.rpm libaudiofile1-32bit-0.3.6-9.1.x86_64.rpm libaudiofile1-debuginfo-0.3.6-9.1.i586.rpm libaudiofile1-debuginfo-32bit-0.3.6-9.1.x86_64.rpm audiofile-0.3.6-9.1.x86_64.rpm audiofile-debuginfo-0.3.6-9.1.x86_64.rpm audiofile-debugsource-0.3.6-9.1.x86_64.rpm audiofile-devel-0.3.6-9.1.x86_64.rpm audiofile-doc-0.3.6-9.1.x86_64.rpm libaudiofile1-0.3.6-9.1.x86_64.rpm libaudiofile1-debuginfo-0.3.6-9.1.x86_64.rpm openSUSE-2015-711 moderate openSUSE Leap 42.1 Update polkit was updated to the 0.113 release, fixing security issues and bugs. Security issues fixed: * Fixes CVE-2015-4625, a local privilege escalation due to predictable authentication session cookie values. Thanks to Tavis Ormandy, Google Project Zero for reporting this issue. For the future, authentication agents are encouraged to use PolkitAgentSession instead of using the D-Bus agent response API directly. (bsc#935119) * Fixes CVE-2015-3256, various memory corruption vulnerabilities in use of the JavaScript interpreter, possibly leading to local privilege escalation. (bsc#943816) * Fixes CVE-2015-3255, a memory corruption vulnerability in handling duplicate action IDs, possibly leading to local privilege escalation. Thanks to Laurent Bigonville for reporting this issue. (bsc#939246) * Fixes CVE-2015-3218, which allowed any local user to crash polkitd. Thanks to Tavis Ormandy, Google Project Zero, for reporting this issue. (bsc#933922) Other issues fixed: * On systemd-213 and later, the "active" state is shared across all sessions of an user, instead of being tracked separately. * pkexec, when not given a program to execute, runs the users shell by default. * Fixed shutdown problems on powerpc64le (bsc#950114) * polkit had a memory leak (bsc#912889) libpolkit0-0.113-6.1.i586.rpm libpolkit0-32bit-0.113-6.1.x86_64.rpm libpolkit0-debuginfo-0.113-6.1.i586.rpm libpolkit0-debuginfo-32bit-0.113-6.1.x86_64.rpm polkit-0.113-6.1.i586.rpm polkit-0.113-6.1.src.rpm polkit-debuginfo-0.113-6.1.i586.rpm polkit-debugsource-0.113-6.1.i586.rpm polkit-devel-0.113-6.1.i586.rpm polkit-devel-debuginfo-0.113-6.1.i586.rpm polkit-doc-0.113-6.1.noarch.rpm typelib-1_0-Polkit-1_0-0.113-6.1.i586.rpm libpolkit0-0.113-6.1.x86_64.rpm libpolkit0-debuginfo-0.113-6.1.x86_64.rpm polkit-0.113-6.1.x86_64.rpm polkit-debuginfo-0.113-6.1.x86_64.rpm polkit-debugsource-0.113-6.1.x86_64.rpm polkit-devel-0.113-6.1.x86_64.rpm polkit-devel-debuginfo-0.113-6.1.x86_64.rpm typelib-1_0-Polkit-1_0-0.113-6.1.x86_64.rpm openSUSE-2015-712 low openSUSE Leap 42.1 Update phpMyAdmin was updated to fix one security issue. This security issue was fixed: - CVE-2015-7873: The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allowed remote attackers to spoof content via the url parameter (bsc#951960). phpMyAdmin-4.4.15.1-3.1.noarch.rpm phpMyAdmin-4.4.15.1-3.1.src.rpm openSUSE-2015-706 moderate openSUSE Leap 42.1 Update clamav database refresh for november 3rd. clamav-database-201511031116-3.1.noarch.rpm clamav-database-201511031116-3.1.src.rpm