Packages changed: clamav (0.99.2 -> 0.99.3) libdvdnav (5.0.3 -> 6.0.0) libdvdread (5.0.3 -> 6.0.0) vm-install (0.9.04 -> 0.10.01) xen yast2-http-server (3.2.2 -> 4.0.0) === Details === ==== clamav ==== Version update (0.99.2 -> 0.99.3) Subpackages: libclamav7 - Update to security release 0.99.3 (bsc#1077732) * CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability) * CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability) * CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. * CVE-2017-12374 (ClamAV use-after-free Vulnerabilities) * CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability) * CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability) * CVE-2017-12380 (ClamAV Null Dereference Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. * CVE-2017-6420 (bsc#1052448) - this vulnerability allowed remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. * CVE-2017-6419 (bsc#1052449) - ClamAV allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. * CVE-2017-11423 (bsc#1049423) - The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha allowed remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. * CVE-2017-6418 (bsc#1052466) - ClamAV 0.99.2 allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. - drop clamav-0.99.2-openssl-1.1.patch (upstream) ==== libdvdnav ==== Version update (5.0.3 -> 6.0.0) - Update to version 6.0.0: * fix crashes on some DVD on describe_title call * fix various crashes related to PGC validity * fix compilation issues * fix API return codes - Add gpg signature ==== libdvdread ==== Version update (5.0.3 -> 6.0.0) Subpackages: libdvdread-devel libdvdread4 - Update to version 6.0.0: * restrict the number of symbols to be exposed to the shared-object * remove dvdinput_error function * improve compatibility with some DVDs (notably the eOne ones) * fix write after free in ifoFree functions * fix possible buffer overflow in open * additional checks on DVDReadBytes arguments * fix leaks - Removed libdvdread-no-internal-crypto.patch because it's not applied anymore. ==== vm-install ==== Version update (0.9.04 -> 0.10.01) - Full conversion of source to python3 from python2. (bsc#1047602) - Graphical components now require Gtk3 - Version 0.10.01 ==== xen ==== Subpackages: xen-doc-html xen-libs xen-tools xen-tools-domU - Fix python3 deprecated atoi call (bsc#1067224) pygrub-python3-conversion.patch - Drop xenmon-python3-conversion.patch ==== yast2-http-server ==== Version update (3.2.2 -> 4.0.0) - Replace SuSEFirewall2 by firewalld. (fate#323460) - 4.0.0