openSUSE-2017-835 important openSUSE Leap 42.3 Update This update for rubygem-puppet fixes the following issues: - CVE-2017-2295: A remote attacker could have forced unsafe YAML deserialization which could have led to code execution (bsc#1040151) ruby2.1-rubygem-puppet-3.8.7-20.1.i586.rpm ruby2.1-rubygem-puppet-doc-3.8.7-20.1.i586.rpm ruby2.1-rubygem-puppet-testsuite-3.8.7-20.1.i586.rpm ruby2.2-rubygem-puppet-3.8.7-20.1.i586.rpm ruby2.2-rubygem-puppet-doc-3.8.7-20.1.i586.rpm ruby2.2-rubygem-puppet-testsuite-3.8.7-20.1.i586.rpm ruby2.3-rubygem-puppet-3.8.7-20.1.i586.rpm ruby2.3-rubygem-puppet-doc-3.8.7-20.1.i586.rpm ruby2.3-rubygem-puppet-testsuite-3.8.7-20.1.i586.rpm ruby2.4-rubygem-puppet-3.8.7-20.1.i586.rpm ruby2.4-rubygem-puppet-doc-3.8.7-20.1.i586.rpm ruby2.4-rubygem-puppet-testsuite-3.8.7-20.1.i586.rpm rubygem-puppet-3.8.7-20.1.i586.rpm rubygem-puppet-3.8.7-20.1.src.rpm rubygem-puppet-emacs-3.8.7-20.1.noarch.rpm rubygem-puppet-master-3.8.7-20.1.i586.rpm rubygem-puppet-master-unicorn-3.8.7-20.1.noarch.rpm rubygem-puppet-vim-3.8.7-20.1.noarch.rpm ruby2.1-rubygem-puppet-3.8.7-20.1.x86_64.rpm ruby2.1-rubygem-puppet-doc-3.8.7-20.1.x86_64.rpm ruby2.1-rubygem-puppet-testsuite-3.8.7-20.1.x86_64.rpm ruby2.2-rubygem-puppet-3.8.7-20.1.x86_64.rpm ruby2.2-rubygem-puppet-doc-3.8.7-20.1.x86_64.rpm ruby2.2-rubygem-puppet-testsuite-3.8.7-20.1.x86_64.rpm ruby2.3-rubygem-puppet-3.8.7-20.1.x86_64.rpm ruby2.3-rubygem-puppet-doc-3.8.7-20.1.x86_64.rpm ruby2.3-rubygem-puppet-testsuite-3.8.7-20.1.x86_64.rpm ruby2.4-rubygem-puppet-3.8.7-20.1.x86_64.rpm ruby2.4-rubygem-puppet-doc-3.8.7-20.1.x86_64.rpm ruby2.4-rubygem-puppet-testsuite-3.8.7-20.1.x86_64.rpm rubygem-puppet-3.8.7-20.1.x86_64.rpm rubygem-puppet-master-3.8.7-20.1.x86_64.rpm openSUSE-2017-826 moderate openSUSE Leap 42.3 Update This update for xorg-x11-server fixes the following issues: - Improve retrieval of entropy for generating random authentication cookies (bsc#1025084) - Fix rendering with glamor acceleration. (bsc#1047154) xorg-x11-server-7.6_1.18.3-22.1.i586.rpm True xorg-x11-server-7.6_1.18.3-22.1.src.rpm True xorg-x11-server-debuginfo-7.6_1.18.3-22.1.i586.rpm True xorg-x11-server-debugsource-7.6_1.18.3-22.1.i586.rpm True xorg-x11-server-extra-7.6_1.18.3-22.1.i586.rpm True xorg-x11-server-extra-debuginfo-7.6_1.18.3-22.1.i586.rpm True xorg-x11-server-sdk-7.6_1.18.3-22.1.i586.rpm True xorg-x11-server-source-7.6_1.18.3-22.1.i586.rpm True xorg-x11-server-7.6_1.18.3-22.1.x86_64.rpm True xorg-x11-server-debuginfo-7.6_1.18.3-22.1.x86_64.rpm True xorg-x11-server-debugsource-7.6_1.18.3-22.1.x86_64.rpm True xorg-x11-server-extra-7.6_1.18.3-22.1.x86_64.rpm True xorg-x11-server-extra-debuginfo-7.6_1.18.3-22.1.x86_64.rpm True xorg-x11-server-sdk-7.6_1.18.3-22.1.x86_64.rpm True xorg-x11-server-source-7.6_1.18.3-22.1.x86_64.rpm True openSUSE-2017-836 low openSUSE Leap 42.3 Update This update provides a new version of smartmontools with various improvements and bug fixes: - Experimental support for NVMe devices on FreeBSD, Linux and Windows. (boo#999541) - smartctl '-i', '-c', '-H' and '-l error': NVMe support. - smartctl '-l nvmelog': New option for NVMe. - smartd.conf '-H', '-l error' and '-W': NVMe support. - Optional NVMe device scanning support on Linux and Windows. - Configure option '--with-nvme-devicescan' to include NVMe in default device scanning result. - Drop systemd dependency on syslog.target (boo#983938). - SCSI: Improved support of modern disks (SAS SSDs). - AACRAID fixes, SMART STATUS should work now. - '/dev/megaraid_sas_ioctl_node' fd leak fix. - Re-add /usr/sbin/rcsmards symlink (boo#900099). - Fix service restart in smartmontools.generate_smartd_opts.in (boo#900099). - re-add sysvinit support in specfile. - HDD, SSD and USB additions to drive database. - Build with large file support in 32 bit systems. smartmontools-6.5-8.1.i586.rpm smartmontools-6.5-8.1.src.rpm smartmontools-debuginfo-6.5-8.1.i586.rpm smartmontools-debugsource-6.5-8.1.i586.rpm smartmontools-6.5-8.1.x86_64.rpm smartmontools-debuginfo-6.5-8.1.x86_64.rpm smartmontools-debugsource-6.5-8.1.x86_64.rpm openSUSE-2017-833 important openSUSE Leap 42.3 Update This update for ucode-intel brings newer revisions of microcode firmwares for many Intel devices: - BDX-ML B0/M0/R0 (06-4f-01:ef): b00001f -> b000021 - Skylake D0 (06-4e-03:c0): 9e -> ba - Broadwell ULT/ULX E/F-step (06-3d-04:c0): 24 -> 25 - ULT Cx/Dx (06-45-01:72): 1f -> 20 - Crystalwell Cx (06-46-01:32): 16 -> 17 - Broadwell Halo E/G-step (06-47-01:22): 16 -> 17 - HSX EX E0 (06-3f-04:80): d -> f - Skylake R0 (06-5e-03:36): 9e -> ba - Haswell Cx/Dx (06-3c-03:32): 20 -> 22 - HSX C0 (06-3f-02:6f): 39 -> 3a - KBL H0 (06-8e-09:c0): -> 62 - KBL Y0 (06-8e-0a:c0): -> 66 - KBL B0 (06-9e-09:2a): -> 5e - SKX H0 (06-55-04:97): -> 2000022 The updated CPU microcode addresses the following bugs: - Intel Skylake AVX/ FMA3 issue. (bsc#993639) - Intel Skylake HyperThreading issue. (bsc#1046431) ucode-intel-20170707-10.1.i586.rpm ucode-intel-20170707-10.1.src.rpm ucode-intel-blob-20170707-10.1.i586.rpm ucode-intel-debuginfo-20170707-10.1.i586.rpm ucode-intel-debugsource-20170707-10.1.i586.rpm ucode-intel-20170707-10.1.x86_64.rpm ucode-intel-blob-20170707-10.1.x86_64.rpm ucode-intel-debuginfo-20170707-10.1.x86_64.rpm ucode-intel-debugsource-20170707-10.1.x86_64.rpm openSUSE-2017-829 low openSUSE Leap 42.3 Update This update supplies access library and tools for the Kernel Crypto API. The libkcapi0 library and the libkcapi-tools are used to access the cryptographic interface of the kernel over the AF_ALG socket interface. (FATE#323554 bsc#1045948) libkcapi-0.13.0-2.1.src.rpm libkcapi-devel-0.13.0-2.1.i586.rpm libkcapi-tools-0.13.0-2.1.i586.rpm libkcapi-tools-debuginfo-0.13.0-2.1.i586.rpm libkcapi0-0.13.0-2.1.i586.rpm libkcapi0-debuginfo-0.13.0-2.1.i586.rpm libkcapi-devel-0.13.0-2.1.x86_64.rpm libkcapi-tools-0.13.0-2.1.x86_64.rpm libkcapi-tools-debuginfo-0.13.0-2.1.x86_64.rpm libkcapi0-0.13.0-2.1.x86_64.rpm libkcapi0-debuginfo-0.13.0-2.1.x86_64.rpm openSUSE-2017-840 moderate openSUSE Leap 42.3 Update This update to Wireshark 2.2.8 fixes some minor vulnerabilities could be used to trigger dissector crashes, infinite loops, or cause excessive use of memory resources by making Wireshark read specially crafted packages from the network or a capture file: - CVE-2017-7702,CVE-2017-11410: WBMXL dissector infinite loop (wnpa-sec-2017-13) - CVE-2017-9350,CVE-2017-11411: openSAFETY dissector memory exhaustion (wnpa-sec-2017-28) - CVE-2017-11408: AMQP dissector crash (wnpa-sec-2017-34) - CVE-2017-11407: MQ dissector crash (wnpa-sec-2017-35) - CVE-2017-11406: DOCSIS infinite loop (wnpa-sec-2017-36) wireshark-2.2.8-17.1.src.rpm wireshark-2.2.8-17.1.x86_64.rpm wireshark-debuginfo-2.2.8-17.1.x86_64.rpm wireshark-debugsource-2.2.8-17.1.x86_64.rpm wireshark-devel-2.2.8-17.1.x86_64.rpm wireshark-ui-gtk-2.2.8-17.1.x86_64.rpm wireshark-ui-gtk-debuginfo-2.2.8-17.1.x86_64.rpm wireshark-ui-qt-2.2.8-17.1.x86_64.rpm wireshark-ui-qt-debuginfo-2.2.8-17.1.x86_64.rpm openSUSE-2017-841 moderate openSUSE Leap 42.3 Update This update for catdoc fixes the following issues: - CVE-2017-11110: Attackers may have used specially crafted files to cause a denial of service through a heap-based buffer under-flow and application crash, or have unspecified other impact (boo#1047877) catdoc-0.95-10.1.i586.rpm catdoc-0.95-10.1.src.rpm catdoc-debuginfo-0.95-10.1.i586.rpm catdoc-debugsource-0.95-10.1.i586.rpm catdoc-0.95-10.1.x86_64.rpm catdoc-debuginfo-0.95-10.1.x86_64.rpm catdoc-debugsource-0.95-10.1.x86_64.rpm openSUSE-2017-842 moderate openSUSE Leap 42.3 Update This update for gsoap fixes the following security issue: - CVE-2017-9765: A remote attacker may have triggered a buffer overflow to cause a server crash (denial of service) after sending 2GB of a specially crafted XML message, or possibly have unspecified futher impact. (bsc#1049348) gsoap-2.8.46-3.1.src.rpm gsoap-debugsource-2.8.46-3.1.i586.rpm gsoap-devel-2.8.46-3.1.i586.rpm gsoap-devel-debuginfo-2.8.46-3.1.i586.rpm gsoap-doc-2.8.46-3.1.noarch.rpm libgsoap-2_8_46-2.8.46-3.1.i586.rpm libgsoap-2_8_46-debuginfo-2.8.46-3.1.i586.rpm gsoap-debugsource-2.8.46-3.1.x86_64.rpm gsoap-devel-2.8.46-3.1.x86_64.rpm gsoap-devel-debuginfo-2.8.46-3.1.x86_64.rpm libgsoap-2_8_46-2.8.46-3.1.x86_64.rpm libgsoap-2_8_46-debuginfo-2.8.46-3.1.x86_64.rpm openSUSE-2017-844 moderate openSUSE Leap 42.3 Update This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-9262: Multiple integer overflows in the jas_realloc function in base/jas_malloc.c and mem_resize function in base/jas_stream.c allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities. (bsc#1009994) - CVE-2016-9388: The ras_getcmap function in ras_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010975) - CVE-2016-9389: The jpc_irct and jpc_iict functions in jpc_mct.c allow remote attackers to cause a denial of service (assertion failure). (bsc#1010968) - CVE-2016-9390: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010774) - CVE-2016-9391: The jpc_bitstream_getbits function in jpc_bs.c allows remote attackers to cause a denial of service (assertion failure) via a very large integer. (bsc#1010782) - CVE-2017-1000050: The jp2_encode function in jp2_enc.c allows remote attackers to cause a denial of service. (bsc#1047958) CVEs already fixed with previous update: - CVE-2016-9392: The calcstepsizes function in jpc_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010757) - CVE-2016-9393: The jpc_pi_nextrpcl function in jpc_t2cod.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010766) - CVE-2016-9394: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010756) This update was imported from the SUSE:SLE-12:Update update project. jasper-1.900.14-179.1.i586.rpm jasper-1.900.14-179.1.src.rpm jasper-debuginfo-1.900.14-179.1.i586.rpm jasper-debugsource-1.900.14-179.1.i586.rpm libjasper-devel-1.900.14-179.1.i586.rpm libjasper1-1.900.14-179.1.i586.rpm libjasper1-32bit-1.900.14-179.1.x86_64.rpm libjasper1-debuginfo-1.900.14-179.1.i586.rpm libjasper1-debuginfo-32bit-1.900.14-179.1.x86_64.rpm jasper-1.900.14-179.1.x86_64.rpm jasper-debuginfo-1.900.14-179.1.x86_64.rpm jasper-debugsource-1.900.14-179.1.x86_64.rpm libjasper-devel-1.900.14-179.1.x86_64.rpm libjasper1-1.900.14-179.1.x86_64.rpm libjasper1-debuginfo-1.900.14-179.1.x86_64.rpm openSUSE-2017-838 moderate openSUSE Leap 42.3 Update This update for virtualbox fixes the following issues: - VirtualBox would fail to start VMs "Kernel driver not installed (rc=-1908)" (boo#1037291) - Issues building kernel modules and guest additions (boo#1042726, boo#1044931) - Issue with configuring host-only network parameters (boo#1027742) - Revise warning screen concerning USB passthru - boo#1041137. Various upstream fixes are included in the 5.1.24 release: - VMM: mask the VME CPUID capability on AMD Ryzen processors for now to make certain guests works, for example Windows XP - VMM: emulate more SSE2 instructions - VMM: properly clear the TF and AC flags when dispatching real-mode interrupts - GUI: fixes to make the mini-toolbar work with recent versions of KDE / Plasma (bug #16325) - GUI: fixed a potential crash when a VM with multiple screens is running in full screen / seamless mode and a host screen is removed, for example when connecting to the host via RDP - GUI: fixed initial size hints for guests which set intermediate sizes before responding (bug #16593) - GUI: prevent stopped screen updates or black screen on reboot in a multi-screen setup under certain conditions - Audio: many improvements for Windows 10 guests (bugs #15189, #15925, #16170, #16682, #16794 and others) - Storage: fixed possible crash when using Intels SPDK - API: use the correct file name of the VM machine state if the VM settings directory is renamed, for example during grouping / ungrouping a VM (bugs #16075 and #16745) - API: return the correct error code if powering up a VM fails - API: video recording did not automatically start at VM start when enabled in the VM settings (bug #16803) - API: when relocating a medium, check that the target path is fully qualified - EFI: fix for VMs with more than 3504MB RAM (bug #11103) - Host-only adapter: correctly determine IPv4 netmasks on Windows hosts (bug #16826) - NAT network: properly do the refcounting for starting / stopping the NAT / DHCP services if the NAT network is changed while the adapter network connection type is anything else but NAT network - VBoxManage: fixed controlvm videocapfile (bug #16779) - Linux / Mac OS X hosts: more fixes for loading shared libraries (5.1.20 regression; bugs #16778, #16693) - Linux hosts / guests: Linux 4.12 fixes (bugs #16725, #16800) - Linux hosts / guests: reduce the kernel stack consumption for Linux kernels with CONFIG_CPUMASK_OFFSTACK defined - Linux hosts / guests: fixes for kernel modules built with gcc-7 (bug #16772) - Linux hosts / guests: Linux 4.13 fix (bug #16887) - Linux hosts: don't depend on net-tools on newer distributions as this package is deprecated in favour of iproute (bug #16764) - Linux hosts: make 2D video acceleration available for older Linux distributions (5.1 regression; bug #16858) - Linux Additions: fix for dynamic resizing with Oracle Linux 6 with UEK4 - Linux Additions: make Fedora 25 and 26 Alpha work when 3D pass-through is enabled - Linux Additions: no longer recommend removing distribution- installed Additions if they are updated to our guidelines python-virtualbox-5.1.24-22.1.x86_64.rpm python-virtualbox-debuginfo-5.1.24-22.1.x86_64.rpm virtualbox-5.1.24-22.1.src.rpm virtualbox-5.1.24-22.1.x86_64.rpm virtualbox-debuginfo-5.1.24-22.1.x86_64.rpm virtualbox-debugsource-5.1.24-22.1.x86_64.rpm virtualbox-devel-5.1.24-22.1.x86_64.rpm virtualbox-guest-desktop-icons-5.1.24-22.1.noarch.rpm virtualbox-guest-kmp-default-5.1.24_k4.4.76_1-22.1.x86_64.rpm virtualbox-guest-kmp-default-debuginfo-5.1.24_k4.4.76_1-22.1.x86_64.rpm virtualbox-guest-source-5.1.24-22.1.noarch.rpm virtualbox-guest-tools-5.1.24-22.1.x86_64.rpm virtualbox-guest-tools-debuginfo-5.1.24-22.1.x86_64.rpm virtualbox-guest-x11-5.1.24-22.1.x86_64.rpm virtualbox-guest-x11-debuginfo-5.1.24-22.1.x86_64.rpm virtualbox-host-kmp-default-5.1.24_k4.4.76_1-22.1.x86_64.rpm virtualbox-host-kmp-default-debuginfo-5.1.24_k4.4.76_1-22.1.x86_64.rpm virtualbox-host-source-5.1.24-22.1.noarch.rpm virtualbox-qt-5.1.24-22.1.x86_64.rpm virtualbox-qt-debuginfo-5.1.24-22.1.x86_64.rpm virtualbox-vnc-5.1.24-22.1.x86_64.rpm virtualbox-websrv-5.1.24-22.1.x86_64.rpm virtualbox-websrv-debuginfo-5.1.24-22.1.x86_64.rpm openSUSE-2017-831 important openSUSE Leap 42.3 Update This update for libXi fixes the following issues: - many X clients would crash with SIGSEGV on tablet devices or some GTK applications (bsc#1049681) libXi-1.7.5-8.1.src.rpm libXi-debugsource-1.7.5-8.1.i586.rpm libXi-devel-1.7.5-8.1.i586.rpm libXi-devel-32bit-1.7.5-8.1.x86_64.rpm libXi6-1.7.5-8.1.i586.rpm libXi6-32bit-1.7.5-8.1.x86_64.rpm libXi6-debuginfo-1.7.5-8.1.i586.rpm libXi6-debuginfo-32bit-1.7.5-8.1.x86_64.rpm libXi-debugsource-1.7.5-8.1.x86_64.rpm libXi-devel-1.7.5-8.1.x86_64.rpm libXi6-1.7.5-8.1.x86_64.rpm libXi6-debuginfo-1.7.5-8.1.x86_64.rpm openSUSE-2017-839 moderate openSUSE Leap 42.3 Update This update for coolkey provides fixes and enhancements, including: - PK15 support. - Fix CAC card support. - Fix card removal issues. - Add PKCS11 module to p11-kit-32bit. This update was imported from the SUSE:SLE-12:Update update project. coolkey-1.1.0-156.1.i586.rpm coolkey-1.1.0-156.1.src.rpm coolkey-32bit-1.1.0-156.1.x86_64.rpm coolkey-debuginfo-1.1.0-156.1.i586.rpm coolkey-debuginfo-32bit-1.1.0-156.1.x86_64.rpm coolkey-debugsource-1.1.0-156.1.i586.rpm coolkey-devel-1.1.0-156.1.i586.rpm coolkey-1.1.0-156.1.x86_64.rpm coolkey-debuginfo-1.1.0-156.1.x86_64.rpm coolkey-debugsource-1.1.0-156.1.x86_64.rpm coolkey-devel-1.1.0-156.1.x86_64.rpm