Product:

Leap

(Opensuse)
Repositories https://github.com/phpmyadmin/phpmyadmin
https://github.com/ImageMagick/ImageMagick
https://github.com/torvalds/linux
https://github.com/madler/zlib
https://github.com/libgd/libgd
https://github.com/ceph/ceph
https://github.com/libarchive/libarchive
https://github.com/roundcube/roundcubemail
https://github.com/golang/go
https://github.com/file/file
https://github.com/tats/w3m
https://github.com/dosfstools/dosfstools
https://github.com/atheme/atheme
https://github.com/quassel/quassel
https://github.com/git/git
https://github.com/dbry/WavPack
https://git.kernel.org/pub/scm/git/git.git
https://github.com/heimdal/heimdal
https://github.com/opencontainers/runc
https://github.com/WebKit/webkit
https://github.com/libjpeg-turbo/libjpeg-turbo
https://github.com/liblouis/liblouis
https://github.com/lavv17/lftp
https://github.com/viewvc/viewvc
https://github.com/moinwiki/moin-1.9
https://github.com/ClusterLabs/pacemaker
https://github.com/curl/curl
https://github.com/vadz/libtiff
https://github.com/uclouvain/openjpeg
https://github.com/libimobiledevice/libimobiledevice
https://github.com/esnet/iperf
https://github.com/krb5/krb5
https://github.com/FFmpeg/FFmpeg
https://github.com/fragglet/lhasa
https://github.com/TigerVNC/tigervnc
https://github.com/mm2/Little-CMS
https://github.com/mysql/mysql-server
https://github.com/stedolan/jq
https://github.com/Matroska-Org/libmatroska
https://github.com/mdadams/jasper
https://github.com/ntp-project/ntp
https://github.com/the-tcpdump-group/tcpdump
https://github.com/FreeRDP/FreeRDP
#Vulnerabilities 619
Date ID Summary Products Score Patch
2019-11-06 CVE-2019-14833 A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it... Fedora, Leap, Samba N/A
2019-11-05 CVE-2016-1000002 gdm3 3.14.2 and possibly later has an information leak before screen lock Debian_linux, Gnome_display_manager, Leap, Enterprise_linux N/A
2019-11-06 CVE-2019-14847 A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue. Fedora, Leap, Samba N/A
2019-11-04 CVE-2017-5333 Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. Ubuntu_linux, Debian_linux, Icoutils, Leap, Opensuse, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation N/A
2019-11-05 CVE-2016-4983 A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. Dovecot, Leap, Opensuse, Enterprise_linux N/A
2019-11-01 CVE-2019-6470 There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party... Bind, Dhcpd, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation N/A
2019-11-04 CVE-2017-5332 The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. Ubuntu_linux, Debian_linux, Icoutils, Leap, Opensuse, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation N/A
2019-02-04 CVE-2019-1000020 libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file. Ubuntu_linux, Debian_linux, Fedora, Libarchive, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation N/A
2019-02-04 CVE-2019-1000019 libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file. Ubuntu_linux, Debian_linux, Fedora, Libarchive, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation N/A
2018-12-20 CVE-2018-1000879 libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file. Fedora, Libarchive, Leap N/A