Image summary for SUSE:SLE-15-SP5:Update:QR:QU3

• Update to version 1.0.2

• Update to version 0.6.0 + Support incomplete month date. + Rely on duck typing when doing duration maths. + Support ':' as separator in fractional time zones.

This update for iotop provides the following fix:

• Fix a crash when /proc/*/status doesn't have the tab character or when it has invalid lines. (bsc#1094823, bsc#1094694)

This update for timezone, timezone-java fixes the following issues:
The timezone database was updated to 2018f:

• Volgograd moves from +03 to +04 on 2018-10-28.
• Fiji ends DST 2019-01-13, not 2019-01-20.
• Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
• Corrections to past timestamps of DST transitions
• Use 'PST' and 'PDT' for Philippine time
• minor code changes to zic handling of the TZif format
• documentation updates

• Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)

This update for audiofile fixes the following issues:

• CVE-2018-17095: A heap-based buffer overflow in Expand3To4Module::run could occurred when running sfconvert leading to crashes or code execution when handling untrusted soundfiles (bsc#1111586).

This update for s3fs fixes the following issues:

• Add fuse package as required in runtime to allow mounting with systemd, mount command or /etc/fstab (bsc#1111267)

This update for sysstat fixes the following issues:
Sysstat was updated to 12.0.2, bringing new features and bugfixes (fate#326576, bsc#1089883)

• It contains lots of improvements in SVG output.
• New metric additions for hugepages.
• New options

This update for nfs4-acl-tools fixes the following issues:

• Allow recursive set_acl to set inheritance flags. (bsc#967251, bsc#1104803)

This update for dapl fixes the following issues:

• Fix a 'deadlock' that causes socket connection to timeout when net.ipv4.tcp_syncookies=0. (bsc#1094657)

This update provides the latest time zone definitions (2018g), including the following change:

• Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)

This update for soundtouch fixes the following issues:

• CVE-2018-17098: The WavFileBase class allowed remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch. (bsc#1108632)
• CVE-2018-17097: The WavFileBase class allowed remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch. (double free) (bsc#1108631)
• CVE-2018-17096: The BPMDetect class allowed remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. (bsc#1108630)

This update for pam fixes the following issues:

• Remove limits for nproc from /etc/security/limits.conf (bsc#1110700)

The GNU Compiler GCC 8 is being added to the Development Tools Module by this update.
The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15.
Various optimizers have been improved in GCC 8, several of bugs fixed, quite some new warnings added and the error pin-pointing and fix-suggestions have been greatly improved.
The GNU Compiler page for GCC 8 contains a summary of all the changes that have happened:
https://gcc.gnu.org/gcc-8/changes.html
Also changes needed or common pitfalls when porting software are described on:
https://gcc.gnu.org/gcc-8/porting_to.html

This update for LibreOffice, libepubgen, liblangtag, libmwaw, libnumbertext, libstaroffice, libwps, myspell-dictionaries, xmlsec1 fixes the following issues:
LibreOffice was updated to 6.1.3.2 (fate#326624) and contains new features and lots of bugfixes:
The full changelog can be found on:
https://wiki.documentfoundation.org/ReleaseNotes/6.1
Bugfixes:

• bsc#1095639 Exporting to PPTX results in vertical labels being shown horizontally
• bsc#1098891 Table in PPTX misplaced and partly blue
• bsc#1088263 Labels in chart change (from white and other colors) to black when saving as PPTX
• bsc#1095601 Exporting to PPTX shifts arrow shapes quite a bit

• Add more translations: * Belarusian * Bodo * Dogri * Frisian * Gaelic * Paraguayan_Guaran * Upper_Sorbian * Konkani * Kashmiri * Luxembourgish * Monglolian * Manipuri * Burnese * Occitan * Kinyarwanda * Santali * Sanskrit * Sindhi * Sidamo * Tatar * Uzbek * Upper Sorbian * Venetian * Amharic * Asturian * Tibetian * Bosnian * English GB * English ZA * Indonesian * Icelandic * Georgian * Khmer * Lao * Macedonian * Nepali * Oromo * Albanian * Tajik * Uyghur * Vietnamese * Kurdish

• Try to build all languages see bsc#1096360
• Make sure to install the KDE5/Qt5 UI/filepicker
• Try to implement safeguarding to avoid bsc#1050305
• Disable base-drivers-mysql as it needs mysqlcppcon that is only for mysql and not mariadb, causes issues bsc#1094779 * Users can still connect using jdbc/odbc
• Fix java detection on machines with too many cpus

• CVE-2018-10583: An information disclosure vulnerability occured when LibreOffice automatically processed and initiated an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. (bsc#1091606)

• Avoid
  inside

  or .

• Avoid writin vertical-align attribute without a value.
• Fix generation of invalid XHTML when there is a link starting at the beginning of a footnote.
• Handle relative width for images.
• Fixed layout: write chapter names to improve navigation.
• Support writing mode.
• Start a new HTML file at every page span in addition to the splits induced by the chosen split method. This is to ensure that specified writing mode works correctly, as it is HTML attribute.

• use standard function
• fix leak in test

• Support MS Multiplan 1.1 files

• Various fixes in numerical calculations and issues reported on libreoffice tracker

• retrieve some StarMath's formula,
• retrieve some charts as graphic,
• retrieve some fields in sda/sdc/sdp text-boxes,
• .sdw: retrieve more attachments.

• QuattroPro: add parser to .wb3 files
• Multiplan: add parser to DOS v1-v3 files
• charts: try to retrieve charts in .wk*, .wq* files
• QuattroPro: add parser to .wb[12] files

• Turkish dictionary added
• Updated French dictionary

• Added xmlsec-mscng module based on Microsoft Cryptography API: Next Generation
• Added support for GOST 2012 and fixed CryptoPro CSP provider for GOST R 34.10-2001 in xmlsec-mscrypto

This update for java-11-openjdk fixes the following issues:
Merge into the JDK following modules from github.com/javaee:

• com.sum.xml.fastinfoset
• org.jvnet.staxex
• com.sun.istack.runtime
• com.sun.xml.txw2
• com.sun.xml.bind

This update for nfsidmap fixes the following issues:

• Improve support for SAMBA with Active Directory. (bsc#1098217)

• The patch fixes a coredump when using guile with japanese locales

This update for llvm5 fixes the following issues:

• Build TableGen component as its own shared library because it is not included in the libLLVM library and is needed for ldc. (bsc#1111190)

This update for rpcbind fixes the following issues:

• Fix tool stack buffer overflow aborting (bsc#969953)

This update for libwpd fixes the following issues:
Security issue fixed:

• CVE-2018-19208: Fixed illegal address access inside libwpd at function WP6ContentListener:defineTable (bsc#1115713).

java-1_8_0-ibm was updated to Java 8.0 Service Refresh 5 Fix Pack 25 (bsc#1116574)

• Class Libraries:

• Java Virtual Machine

• ORB

• Reliability and Serviceability

• Security

• z/OS Extentions

• Java Virtual Machine

• JIT Compiler

• z/OS Extentions

• Class Libraries

• Java Virtual Machine

• JIT Compiler

This update for autofs fixes the following issues:

• Fix file descriptor leak (bsc#1093436)

This update for tiff fixes the following issues:
Security issues fixed:

• CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257).
• CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672).
• CVE-2018-18557: Fixed JBIG decode can lead to out-of-bounds write (bsc#1113094).

• asan_build: build ASAN included
• debug_build: build more suitable for debugging

This update for rubygem-loofah fixes the following issues:
Security issue fixed:

• CVE-2018-16468: Fixed XXS by removing the svg animate attribute `from` from the allowlist (bsc#1113969).

This update for make fixes the following issues:

• Use a non-blocking read with pselect to avoid hangs (bsc#1100504)

This update for skopeo to version 0.1.32 adds the following feature:

• implement `skopeo sync` command (bsc#1115165)

This update for pam fixes the following issue:
Security issue fixed:

• CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640).

This update for rubygem-activejob-5_1 fixes the following issues:
Security issue fixed:

• CVE-2018-16476: Fixed broken access control vulnerability (bsc#1117632).

This update for ncurses fixes the following issues:
Security issue fixed:

• CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929).

• Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320).

This update for openssl-1_0_0 fixes the following issues:
Security issues fixed:

• CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).
• CVE-2018-5407: Added elliptic curve scalar multiplication timing attack defenses that fixes 'PortSmash' (bsc#1113534).

• Added missing timing side channel patch for DSA signature generation (bsc#1113742).
• Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078).
• Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209)

This update for tiff fixes the following issues:
Security issues fixed:

• CVE-2018-19210: Fixed NULL pointer dereference in the TIFFWriteDirectorySec function (bsc#1115717).
• CVE-2017-12944: Fixed denial of service issue in the TIFFReadDirEntryArray function (bsc#1054594).
• CVE-2016-10094: Fixed heap-based buffer overflow in the _tiffWriteProc function (bsc#1017693).
• CVE-2016-10093: Fixed heap-based buffer overflow in the _TIFFmemcpy function (bsc#1017693).
• CVE-2016-10092: Fixed heap-based buffer overflow in the TIFFReverseBits function (bsc#1017693).
• CVE-2016-6223: Fixed out-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() (bsc#990460).

This update provides helm-mirror to the Containers module.
This utility mirrors Helm repositories to a local directory and it can extract used container images.

This update for cups fixes the following issues:
Security issue fixed:

• CVE-2018-4700: Fixed extremely predictable cookie generation that is effectively breaking the CSRF protection of the CUPS web interface (bsc#1115750).

This update for susefirewall2-to-firewalld fixes the following issues:

• Add input and forward zone to the known ones (bsc#1115001)
• Stop guessing firewall service from port/proto

This update for ghostscript to version 9.26 fixes the following issues:
Security issues fixed:

• CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327)
• CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313)
• CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274)
• CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022)
• CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229)
• CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480)
• CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479)
• CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105)

• Security issues have been the primary focus
• Minor bug fixes and improvements
• For release summary see: http://www.ghostscript.com/doc/9.26/News.htm

This update for java-1_8_0-ibm fixes the following issues:

• Update to Java 8.0 Service Refresh 5 Fix Pack 26 [bsc#1119213] * Fixes several crashes that could have caused problems with SUSE Manager installations

This update for libcdio fixes the following issues:

• Remove API/ABI breaking changes from libcdio patch (bsc#1108134).

This update for psmisc provides the following fix:

• Make the fuser option -m work even with mountinfo. (bsc#1098697)
• Support also btrFS entries in mountinfo, that is use stat(2) to determine the device of the mounted subvolume (bsc#1098697, bsc#1112780)

This update for libmtp fixes the following issues:

• Adjusted udev rules for new kernel versions (bsc#1110868)
• Added lots of new USB ids
• Some more small bug fixes

This update for enigmail to version 2.0.9 fixes the following issues:
Security issue fixed:

• When using Web Key Discovery, a HTTP authentication may be triggered. This may trick users into possibly sending e-mail credentials (bsc#1118935).

• pEp - PGP/MIME signed-only messages are ignored
• Autocrypt overrules manually created Per-Recipient Rules
• 'Re:' prefix on subject line disappears when editing encrypted, saved draft

This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues:
Issues fixed in MozillaFirefox:

• Update to Firefox ESR 60.4 (bsc#1119105)
• CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11
• CVE-2018-18492: Fixed a use-after-free with select element
• CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia
• CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
• CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images
• CVE-2018-12405: Fixed a few memory safety bugs

• Update to NSS 3.40.1 (bsc#1119105)
• CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069)
• CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873)
• CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410)
• Fixed a decryption failure during FFDHE key exchange
• Various security fixes in the ASN.1 code

• Update mozilla-nspr to 4.20 (bsc#1119105)

This update for containerd, docker and go fixes the following issues:
containerd and docker:

• Add backport for building containerd (bsc#1102522, bsc#1113313)
• Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. (bsc#1102522)
• Enable seccomp support on SLE12 (fate#325877)
• Update to containerd v1.1.1, which is the required version for the Docker v18.06.0-ce upgrade. (bsc#1102522)
• Put containerd under the podruntime slice (bsc#1086185)
• 3rd party registries used the default Docker certificate (bsc#1084533)
• Handle build breakage due to missing 'export GOPATH' (caused by resolution of boo#1119634). I believe Docker is one of the only packages with this problem.

• golang: arbitrary command execution via VCS path (bsc#1081495, CVE-2018-7187)
• Make profile.d/go.sh no longer set GOROOT=, in order to make switching between versions no longer break. This ends up removing the need for go.sh entirely (because GOPATH is also set automatically) (boo#1119634)
• Fix a regression that broke go get for import path patterns containing '...' (bsc#1119706)

This update for wireshark fixes the following issues:
Update to Wireshark 2.4.11 (bsc#1117740).
Security issues fixed:

• CVE-2018-19625: The Wireshark dissection engine could crash (wnpa-sec-2018-51)
• CVE-2018-19626: The DCOM dissector could crash (wnpa-sec-2018-52)
• CVE-2018-19623: The LBMPDM dissector could crash (wnpa-sec-2018-53)
• CVE-2018-19622: The MMSE dissector could go into an infinite loop (wnpa-sec-2018-54)
• CVE-2018-19627: The IxVeriWave file parser could crash (wnpa-sec-2018-55)
• CVE-2018-19624: The PVFS dissector could crash (wnpa-sec-2018-56)

• https://www.wireshark.org/docs/relnotes/wireshark-2.4.11.html

This update for libraw fixes the following issues:
Security issues fixed:
The following security vulnerabilities were addressed:

• CVE-2018-5813: Fixed an error within the 'parse_minolta()' function (dcraw/dcraw.c) that could be exploited to trigger an infinite loop via a specially crafted file. This could be exploited to cause a DoS.(boo#1103200).
• CVE-2018-5815: Fixed an integer overflow in the internal/dcraw_common.cpp:parse_qt() function, that could be exploited to cause an infinite loop via a specially crafted Apple QuickTime file. (boo#1103206)
• CVE-2018-5804,CVE-2018-5816: Fixed a type confusion error in the identify function (bsc#1097975)

GCC 7 was updated to the GCC 7.4 release.

• Fix AVR configuration to not use __cxa_atexit or libstdc++ headers. Point to /usr/avr/sys-root/include as system header include directory.
• Includes fix for build with ISL 0.20.
• Pulls fix for libcpp lexing bug on ppc64le manifesting during build with gcc8. [bsc#1099119]
• Pulls fix for forcing compile-time tuning even when building with -march=z13 on s390x. [bsc#1099192]
• Fixes support for 32bit ASAN with glibc 2.27+

This update for mirror provides the following fix:

• Check if a directory must be removed. In case all the previous content of a directory is removed, but new content for the directory was downloaded, do not remove it. (bsc#1117110)

This update ships librdkafka 0.11.6 to SUSE Linux Enterprise Server 15.
librdkafka is a C library implementation of the Apache Kafka protocol, containing both Producer and Consumer support.

This update for acl fixes the following issues:

• test: Add helper library to fake passwd/group files.
• quote: Escape literal backslashes. (bsc#953659)

This update for helm-mirror to version 0.2.1 fixes the following issues:

Security issues fixed:

• CVE-2018-16873: Fixed a remote command execution (bsc#1118897)
• CVE-2018-16874: Fixed a directory traversal in 'go get' via curly braces in import path (bsc#1118898)
• CVE-2018-16875: Fixed a CPU denial of service (bsc#1118899)

• Update to v0.2.1 (bsc#1120762)
• Include helm-mirror into the containers module (bsc#1116182)

This update for java-1_8_0-openjdk to version 8u191 fixes the following issues:
Security issues fixed:

• CVE-2018-3136: Manifest better support (bsc#1112142)
• CVE-2018-3139: Better HTTP Redirection (bsc#1112143)
• CVE-2018-3149: Enhance JNDI lookups (bsc#1112144)
• CVE-2018-3169: Improve field accesses (bsc#1112146)
• CVE-2018-3180: Improve TLS connections stability (bsc#1112147)
• CVE-2018-3214: Better RIFF reading support (bsc#1112152)
• CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153)
• CVE-2018-3183: Improve script engine support (bsc#1112148)
• CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile

This update for azure-li-services, python-Cerberus fixes the following issues:
azure-li-services and its dependency python-Cerberus were added to the Public Cloud Module. (fate#326575 bsc#1103542)
'azure-li-services' is a package providing services to setup a system suitable to run SAP workloads on it.

This update for lifecycle-data-sle-module-live-patching adds lifecycle data for following live patches:

• 4_12_14-23, 4_12_14-25_13, 4_12_14-25_16, 4_12_14-25_19, 4_12_14-25_22, 4_12_14-25_25, 4_12_14-25_3, 4_12_14-25_6. (bsc#1020320)

This update for suse-build-key fixes the following issues:

• Include the SUSE PTF GPG key in the key directory to avoid it being stripped via %doc stripping in CAASP. (bsc#1044232)

This update for python3-susepubliccloudinfo fixes the following issues:
Update to version 1.1.0 (bsc#1121151, bsc#1121150)
+ Support new inactive state + Remove awscvsgen and associated subpackage

This update for regionServiceClientConfigEC2 2.1.0 fixes the following issues:
Add the SUSE server IP 34.197.223.242 to the configuration. (bsc#1121114)

This update for wget fixes the following issues:
Security issue fixed:

• CVE-2018-20483: Fixed an information disclosure through file metadata (bsc#1120382)

This update for rpmlint fixes the following issues:

• Update rpmlint-checks to version master (bsc#1116686)
• whitelist boltd dbus service (bsc#1119975)
• whitelist pam_slurm_adopt (bsc#1116758)
• Add user/group 'slurm' for package slurm (FATE#316379)
• whitelist keepalived dbus service (bsc#1015141)
• remove openswan whitelisting (bsc#1089340)
• whitelist systemd-timesyncd (bsc#1111254)
• whitelist NetworkManager-fortisslvpn (bsc#1109938)
• whitelist iwd D-Bus service (bsc#1108037)
• whitelist xpra D-Bus service (bsc#1102836)
• adjust maximum valid suse_version to 1550 (bsc#1104110)
• whitelist ratbagd D-Bus service (bsc#1076467)
• whitelist pam_oath PAM module after audit (bsc#1089114)
• Update rpmlint-checks to version master (bsc#1097339)
• whitelisting NetworkManager-libreswan plugin (bsc#1089340)
• add Lua/NodeJS related groups to list of valid groups (bsc#1095769)

This update for timezone fixes the following issues:

• Update 2018i: São Tomé and Príncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
• Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090

This update for zeromq fixes the following issues:
Security issue fixed:

• CVE-2019-6250: fix a remote execution vulnerability due to pointer arithmetic overflow (bsc#1121717)

This update for soundtouch fixes the following issues:
Security issues fixed:

• CVE-2018-17098: Fixed a heap corruption from size inconsistency, which allowed remote attackers to cause a denial of service or possibly have other unspecified impact (bsc#1108632)
• CVE-2018-17097: Fixed a double free, which allowed remote attackers to cause a denial of service or possibly have other unspecified impact (bsc#1108631)

This update for wireshark to version 2.4.12 fixes the following issues:
Security issues fixed:

• CVE-2019-5717: Fixed a denial of service in the P_MUL dissector (bsc#1121232)
• CVE-2019-5718: Fixed a denial of service in the RTSE dissector and other dissectors (bsc#1121233)
• CVE-2019-5719: Fixed a denial of service in the ISAKMP dissector (bsc#1121234)
• CVE-2019-5721: Fixed a denial of service in the ISAKMP dissector (bsc#1121235)

This update for libraw fixes the following issues:
Security issues fixed:

• CVE-2018-20337: Fixed a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp (bsc#1120519)
• CVE-2018-20365: Fixed a heap-based buffer overflow in the raw2image function of libraw_cxx.cpp (bsc#1120500)
• CVE-2018-20364: Fixed a NULL pointer dereference in the copy_bayer function of libraw_cxx.cpp (bsc#1120499)
• CVE-2018-20363: Fixed a NULL pointer dereference in the raw2image function of libraw_cxx.cpp (bsc#1120498)
• CVE-2018-5817: Fixed an infinite loop in the unpacked_load_raw function of dcraw_common.cpp (bsc#1120515)
• CVE-2018-5818: Fixed an infinite loop in the parse_rollei function of dcraw_common.cpp (bsc#1120516)
• CVE-2018-5819: Fixed a denial of service in the parse_sinar_ia function of dcraw_common.cpp (bsc#1120517)

This update for ghostscript version 9.26a fixes the following issues:
Security issue fixed:

• CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators (bsc#1122319)

This update for csync fixes the following issues:

• Fix a compile error on Leap 15.1 (bsc#1113889)

This update for google-compute-engine provides the following fixes:

• Fixes from version 20181206 (bsc#1119029, bsc#1119110): + Google Compute Engine * Support enabling OS Login two factor authentication. * Improve accounts support for FreeBSD. + Google Compute Engine OS Login * Support OS Login two factor authentication (Alpha). * Improve SELinux support.
• Fixes from version 20181023: + Google Compute Engine * Fix: Update sudoer group membership without overriding local groups.
• Fixes from version 20181018: + Google Compute Engine * Fix: Remove users from sudoers group on account removal.
• Fixes from version 20181011: + Google Compute Engine * Revert: Remove users from sudoers group on account removal.
• Fixes from version 20181008: + Google Compute Engine * Remove users from sudoers group on account removal. * Remove gsutil dependency for metadata scripts.
• Fixes from version 20180905: + Google Compute Engine * Remove ntp package dependency. * Support Debian 10 Buster. * Restart the network daemon if networking is restarted. * Prevent setup of the default ethernet interface. * Accounts daemon verifies username is 32 characters or less. + Google Compute Engine OS Login * Add user name validation to pam modules. * Return false on failed final load. * Support FreeBSD. * Support Debian 10 Buster.
• Fixes from version 20180611: + Google Compute Engine * Prevent IP forwarding daemon log spam. * Make default shell configurable when executing metadata scripts. * Rename distro directory to distro_lib.

This update for container-suseconnect fixes the following issues:
container-suseconnect was updated to 2.0.0 (bsc#1119496):

• Added command line interface
• Added `ADDITIONAL_MODULES` capability to enable further extension modules during image build and run
• Added documentation about how to build docker images on non SLE distributions
• Improve documentation to clarify how container-suseconnect works in a Dockerfile
• Improve error handling on non SLE hosts
• Fix bug which makes container-suseconnect work on SLE15 based distributions

This update for java-11-openjdk to version 11.0.2+7 fixes the following issues:
Security issues fixed:

• CVE-2019-2422: Better FileChannel transfer performance (bsc#1122293)
• CVE-2019-2426: Improve web server connections
• CVE-2018-11212: Improve JPEG processing (bsc#1122299)
• Better route routing
• Better interface enumeration
• Better interface lists
• Improve BigDecimal support
• Improve robot support
• Better icon support
• Choose printer defaults
• Proper allocation handling
• Initial class initialization
• More reliable p11 transactions
• Improve NIO stability
• Better loading of classloader classes
• Strengthen Windows Access Bridge Support
• Improved data set handling
• Improved LSA authentication
• Libsunmscapi improved interactions

• Do not resolve by default the added JavaEE modules (bsc#1120431)
• ~2.5% regression on compression benchmark starting with 12-b11
• java.net.http.HttpClient hangs on 204 reply without Content-length 0
• Add additional TeliaSonera root certificate
• Add more ld preloading related info to hs_error file on Linux
• Add test to exercise server-side client hello processing
• AES encrypt performance regression in jdk11b11
• AIX: ProcessBuilder: Piping between created processes does not work.
• AIX: Some class library files are missing the Classpath exception
• AppCDS crashes for some uses with JRuby
• Automate vtable/itable stub size calculation
• BarrierSetC1::generate_referent_check() confuses register allocator
• Better HTTP Redirection
• Catastrophic size_t underflow in BitMap::*_large methods
• Clip.isRunning() may return true after Clip.stop() was called
• Compiler thread creation should be bounded by available space in memory and Code Cache
• com.sun.net.httpserver.HttpServer returns Content-length header for 204 response code
• Default mask register for avx512 instructions
• Delayed starting of debugging via jcmd
• Disable all DES cipher suites
• Disable anon and NULL cipher suites
• Disable unsupported GCs for Zero
• Epsilon alignment adjustments can overflow max TLAB size
• Epsilon elastic TLAB sizing may cause misalignment
• HotSpot update for vm_version.cpp to recognise updated VS2017
• HttpClient does not retrieve files with large sizes over HTTP/1.1
• IIOException 'tEXt chunk length is not proper' on opening png file
• Improve TLS connection stability again
• InitialDirContext ctor sometimes throws NPE if the server has sent a disconnection
• Inspect stack during error reporting
• Instead of circle rendered in appl window, but ellipse is produced JEditor Pane
• Introduce diagnostic flag to abort VM on failed JIT compilation
• Invalid assert(HeapBaseMinAddress > 0) in ReservedHeapSpace::initialize_compressed_heap
• jar has issues with UNC-path arguments for the jar -C parameter [windows]
• java.net.http HTTP client should allow specifying Origin and Referer headers
• java.nio.file.Files.writeString writes garbled UTF-16 instead of UTF-8
• JDK 11.0.1 l10n resource file update
• JDWP Transport Listener: dt_socket thread crash
• JVMTI ResourceExhausted should not be posted in CompilerThread
• LDAPS communication failure with jdk 1.8.0_181
• linux: Poor StrictMath performance due to non-optimized compilation
• Missing synchronization when reading counters for live threads and peak thread count
• NPE in SupportedGroupsExtension
• OpenDataException thrown when constructing CompositeData for StackTraceElement
• Parent class loader may not have a referred ClassLoaderData instance when obtained in Klass::class_in_module_of_loader
• Populate handlers while holding streamHandlerLock
• ppc64: Enable POWER9 CPU detection
• print_location is not reliable enough (printing register info)
• Reconsider default option for ClassPathURLCheck change done in JDK-8195874
• Register to register spill may use AVX 512 move instruction on unsupported platform.
• s390: Use of shift operators not covered by cpp standard
• serviceability/sa/TestUniverse.java#id0 intermittently fails with assert(get_instanceKlass()->is_loaded()) failed: must be at least loaded
• SIGBUS in CodeHeapState::print_names()
• SIGSEGV in MethodArityHistogram() with -XX:+CountCompiledCalls
• Soft reference reclamation race in com.sun.xml.internal.stream.util.ThreadLocalBufferAllocator
• Swing apps are slow if displaying from a remote source to many local displays
• switch jtreg to 4.2b13
• Test library OSInfo.getSolarisVersion cannot determine Solaris version
• TestOptionsWithRanges.java is very slow
• TestOptionsWithRanges.java of '-XX:TLABSize=2147483648' fails intermittently
• The Japanese message of FileNotFoundException garbled
• The 'supported_groups' extension in ServerHellos
• ThreadInfoCompositeData.toCompositeData fails to map ThreadInfo to CompositeData
• TimeZone.getDisplayName given Locale.US doesn't always honor the Locale.
• TLS 1.2 Support algorithm in SunPKCS11 provider
• TLS 1.3 handshake server name indication is missing on a session resume
• TLS 1.3 server fails if ClientHello doesn't have pre_shared_key and psk_key_exchange_modes
• TLS 1.3 interop problems with OpenSSL 1.1.1 when used on the client side with mutual auth
• tz: Upgrade time-zone data to tzdata2018g
• Undefined behaviour in ADLC
• Update avx512 implementation
• URLStreamHandler initialization race
• UseCompressedOops requirement check fails fails on 32-bit system
• windows: Update OS detection code to recognize Windows Server 2019
• x86: assert on unbound assembler Labels used as branch targets
• x86: jck tests for ldc2_w bytecode fail
• x86: sharedRuntimeTrig/sharedRuntimeTrans compiled without optimization
• '-XX:OnOutOfMemoryError' uses fork instead of vfork

This update for hmaccalc fixes the following issues:

• require libfreebl3-hmac and libsoftokn3-hmac during building (bsc#1122491)

This update for lua53 fixes the following issues:
Security issue fixed:

• CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043)

This update for man-pages-posix fixes the following issues:
- Supplements the package 'man' in order to install some missing man pages. (bnc#1116987)

This update for mariadb-connector-c fixes the following issues:

• Update to version 3.0.7 (bsc#1116686)
• Fixed installation issue where libmysqlclient.so.18 link was missing (bsc#1097938).

This update for rollback-helper fixes the following issues:

• Added handling for separate /var subvolumes (bsc#1115555)
• Run before any other services calling zypper (bsc#1113048)
• Retry network connection if it doesn't work yet (bsc#1108618)

This update for containerd, docker, docker-runc and golang-github-docker-libnetwork fixes the following issues:
Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork:

• CVE-2018-16873: cmd/go: remote command execution during 'go get -u' (bsc#1118897)
• CVE-2018-16874: cmd/go: directory traversal in 'go get' via curly braces in import paths (bsc#1118898)
• CVE-2018-16875: crypto/x509: CPU denial of service (bsc#1118899)

• Disable leap based builds for kubic flavor (bsc#1121412)
• Allow users to explicitly specify the NIS domainname of a container (bsc#1001161)
• Update docker.service to match upstream and avoid rlimit problems (bsc#1112980)
• Allow docker images larger then 23GB (bsc#1118990)
• Docker version update to version 18.09.0-ce (bsc#1115464)

This update for sendmail addresses the following issues:

• Fixes an issue with symlink creation on package installation. In order for the wrong symlink to be removed, the service needs to be disabled and re-enabled. (bsc#1116675)

This update for docker-runc fixes the following issues: Security issue fixed:

• CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967)

This update for wireless-regdb provides the following fixes:

• Changes in version 2018.10.24 (bsc#1121466): * Remove dependency to python attr. * Sync DE with ETSI EN 301 893 V2.1.1. * Sync FR with ETSI EN 301 893 V2.1.1.

• Changes in version 2018.09.07: * Update source of info for CU and ES. * Update regulatory rules for Switzerland (CH), and Liechtenstein. * Update regulatory rules for Finland (FI) on 5GHz (SRD devices). * Update rules for Hungary (HU) on 2.4/5/60G, 5725-5875MHz.

This update for ypbind fixes the following issues:

• Fixes crash on reload. (bsc#1114640)
• Enhanced yp.conf manual page

This update for xrdb fixes the following issues:

• Now no warnings will be shown when parsing valid comments. (bsc#1120004)

This update for google-compute-engine fixes the following issues:
Google Compute Engine was updated to version 20190124 (bsc#1123671, bsc#1123672)

• Fix metadata script retrieval to support Python 3.

This update for xkeyboard-config fixes the following issues:

• Fixes missing mappings for evdev keys KEY_RFKILL and KEY_WWAN. (bsc#1123784)

This update for cloud-regionsrv-client fixes the following issues:
Updated to version 8.1.3

• Fix file permissions for generated credentials rw root only
• Generate instance data as string as expected by zypper plugin handling
• Write the proper credentials file when switching back to RIS service
• Support registration against RMT
• Implement URL resolver to facilitate instance verification for zypper access
• Fixes related to bsc#1120980 also need server side support
• IPv6 support
• Fix handling of older cached SMT objects loaded from cached file

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues:
Security issues fixed:

• CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899).
• CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898).
• CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897).
• CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967).

• Update shell completion to use Group: System/Shells.
• Add daemon.json file with rotation logs configuration (bsc#1114832)
• Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md.
• Update go requirements to >= go1.10
• Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429).
• Remove the usage of 'cp -r' to reduce noise in the build logs.

This update for lifecycle-data-sle-module-live-patching fixes the following issues:

• Fixed package names in the data file. (bsc#1126443)
• Added data for 4_12_14-25_28. (bsc#1020320)

This update for cloud-netconfig provides the following fixes:

• Run cloud-netconfig periodically. (bsc#1118783, bsc#1122013)
• Do not treat eth0 special with regard to routing policies. (bsc#1123008)
• Reduce the timeout on metadata read. (bsc#1112822)

This update for mirror provides the following fix:

• Remove a warning that dump() will no longer be available in Perl 5.30. (bsc#1123661)

This update for sapconf fixes the following issues:

• Source /etc/sysconfig/sapconf entries correctly, even if the /etc filesystem is read-only. (bsc#1122741)
• log skipping of existing /etc/systemd/logind.conf.d/sap.conf file during package installation. (bsc#1111243)

This update for arpwatch provides the following fix:

• Prevent a memory leak in gethname. (bsc#1119851)

This update for file fixes the following issues:
The following security vulnerabilities were addressed:

• CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974)
• CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118)
• CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119)
• CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117)

This update for java-1_8_0-openjdk to version jdk8u201 (icedtea 3.11.0) fixes the following issues: Security issues fixed:

• CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293).
• CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299).

This update for java-1_8_0-ibm to version 8.0.5.30 fixes the following issues:
Security issues fixed:

• CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293).
• CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299).
• CVE-2018-1890: Fixed a local privilege escalation via RPATHs (bsc#1128158).
• CVE-2019-2449: Fixed a vulnerabilit which could allow remote atackers to delete arbitrary files (bsc#1122292).

This update for openssl-1_0_0 fixes the following issues:
Security issues fixed:

• The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951)
• CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080).

This update for azure-li-services to version 1.1.27 provides the following:

• Azure Large instances password reset and MAC based ifnames support (bsc#1127924)
• Azure Very Large instances support for bonding (bsc#1127924)

This update for cups fixes the following issues:

• Fixed validation of UTF-8 filenames to avoid crashes (bsc#1118118)

This update for wireshark to version 2.4.13 fixes the following issues:
Security issues fixed:

• CVE-2019-9214: Avoided a dereference of a null coversation which could make RPCAP dissector crash (bsc#1127367).
• CVE-2019-9209: Fixed a buffer overflow in time values which could make ASN.1 BER and related dissectors crash (bsc#1127369).
• CVE-2019-9208: Fixed a null pointer dereference which could make TCAP dissector crash (bsc#1127370).

This update for libssh2_org fixes the following issues:
Security issues fixed:

• CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490).
• CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492).
• CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481).
• CVE-2019-3863: Fixed an Integer overflow in user authenicate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493).
• CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472).
• CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480).
• CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471).
• CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476).
• CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474).

This update for openwsman fixes the following issues:
Security issues fixed:

• CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623).
• CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623).

• Added OpenSSL 1.1 compatibility
• Compilation in debug mode fixed
• Directory listing without authentication fixed (bsc#1092206).

This update for unzip fixes the following issues:

• CVE-2018-18384: Fixed a buffer overflow when listing archives (bsc#1110194)

This update for ghostscript fixes the following issue:
Security issue fixed:

• CVE-2019-3838: Fixed a vulnerability which made forceput operator in DefineResource to be still accessible which could allow access to file system outside of the constraints of -dSAFER (bsc#1129186).

This update for libgxps fixes the following issues:

• CVE-2018-10733: Fixed a heap-based buffer over-read issue in ft_font_face_hash (bsc#1092125).

This update for libmspack fixes the following issues:
Security issues fixed:

• CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. (bsc#1113038)
• CVE-2018-18585: chmd_read_headers accepted a filename that has '\0' as its first or second character (such as the '/\0' name). (bsc#1113039)
• Fix off-by-one bounds check on CHM PMGI/PMGL chunk numbers and reject empty filenames.

This update for wavpack fixes the following issues:
Security issues fixed:

• CVE-2018-19840: Fixed a denial-of-service in the WavpackPackInit function from pack_utils.c (bsc#1120930)
• CVE-2018-19841: Fixed a denial-of-service in the WavpackVerifySingleBlock function from open_utils.c (bsc#1120929)

This update for ntp fixes the following issues:
Security issue fixed:

• CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525).

• Fixed several bugs in the BANCOMM reclock driver.
• Fixed ntp_loopfilter.c snprintf compilation warnings.
• Fixed spurious initgroups() error message.
• Fixed STA_NANO struct timex units.
• Fixed GPS week rollover in libparse.
• Fixed incorrect poll interval in packet.
• Added a missing check for ENABLE_CMAC.

This update for tiff fixes the following issues:
Security issues fixed:

• CVE-2018-19210: Fixed a NULL pointer dereference in TIFFWriteDirectorySec function (bsc#1115717).
• CVE-2018-17000: Fixed a NULL pointer dereference in the _TIFFmemcmp function (bsc#1108606).
• CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c (bsc#1121626).
• CVE-2019-7663: Fixed an invalid address dereference in the TIFFWriteDirectoryTagTransfer function in libtiff/tif_dirwrite.c (bsc#1125113)

This update for sqlite3 to version 3.27.2 fixes the following issue:
Security issue fixed:

• CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687).

This update for timezone fixes the following issues:
timezone was updated 2019a:

• Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
• Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
• Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
• zic now has an -r option to limit the time range of output data

This update for sysstat fixes the following issues:
Security issues fixed:

• CVE-2018-19416: Fixed out-of-bounds read during a memmove call inside the remap_struct function (bsc#1117001).
• CVE-2018-19517: Fixed out-of-bounds read during a memset call inside the remap_struct function (bsc#1117260).

This update for netpbm fixes the following issues:

• CVE-2018-8975: The pm_mallocarray2 function allowed remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file (bsc#1086777).

This update for clamav to version 0.100.3 fixes the following issues:
Security issues fixed (bsc#1130721):

• CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents.
• CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files).
• CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents.

This update for mariadb-connector-c fixes the following issues:

• Bugfix: libmariadb.pc installed in seemingly wrong location (bsc#1126088)

This update for zypper-docker to version 2.0.0 contains the following changes:
Features:
* Allow inspection of stopped containers Using zypper-docker luc,lpc or pchkc on a stopped container is now possible. * Analyze container instead of base image by default Note: This is a backwards incompatible change. If the base image of a container needs to be analyzed, which was the former default a new --base flag can be used. e.g. zypper-docker pchkc --base
Minor Improvements / Fixes:
* Add short forms of commands to help section (bsc#1022052) * Fix bug that caused images not to be removed properly in some cases * Fix bug that caused lpc command to log to stdout * Fix bug that caused force flag not to work with zypper-docker images * Fix zypper-docker ps command * Fix bug with zypper-docker up/patch --no-recommends * Fix update behavior when getting a zypper update
Other:
* Update and use zypper exit codes (bsc#1018823) * Support recent version of the docker API

This update for speech-dispatcher fixes the following issues:

• set includedir to fix the entries in the pkg-config file (bsc#1129586)

This update for gcc fixes the following issues:

• Fix gcc-PIE spec to properly honor -no-pie at link time. (bsc#1096008)

This update for SDL fixes the following issues:
Security issues fixed:

• CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806).
• CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099).
• CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799).
• CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805).
• CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827).
• CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826).
• CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824).
• CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803).
• CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802).
• CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825).
• CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800).

This update for blktrace fixes the following issues:

• CVE-2018-10689: Prevent buffer overflow in the dev_map_read function because the device and devno arrays were too small (bsc#1091942)

This update for flac fixes the following issues:

• CVE-2017-6888: An error in the 'read_metadata_vorbiscomment_()' function could be exploited to cause a memory leak via a specially crafted FLAC file (bsc#1091045).

This update for wget fixes the following issues:
Security issue fixed:

• CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution (bsc#1131493).

This update for tar fixes the following issues:
Security issues fixed:

• CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496).
• CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610).

This update for audiofile fixes the following issues:
Security issue fixed:

• CVE-2018-13440: Return AF_FAIL instead of causing NULL pointer dereferences later (bsc#1100523).

This update for openexr fixes the following issues:
Security issue fixed:

• CVE-2018-18444: Fixed Out-of-bounds write in makeMultiView.cpp (bsc#1113455).

This update for ntfs-3g_ntfsprogs fixes the following issues:
Security issues fixed:

• CVE-2019-9755: Fixed a heap-based buffer overflow which could lead to local privilege escalation (bsc#1130165).

This update for jasper fixes the following issues:
Security issues fixed:

• CVE-2018-19542: Fixed a denial of service in jp2_decode (bsc#1117505).
• CVE-2018-19539: Fixed a denial of service in jas_image_readcmpt (bsc#1117511).
• CVE-2016-9396: Fixed a denial of service in jpc_cox_getcompparms (bsc#1010783).

This update for hwdata fixes the following issues:
Update to version 0.320 (bsc#1121410):

• Updated the pci, usb and vendor ids vendor and product databases.

This update for docker-runc fixes the following issues:

• Backport various upstream patches to fix some kernel regression related to O_TMPFILE. bsc#1131314 bsc#1131553

This update for wireshark to version 2.4.14 fixes the following issues:
Security issues fixed:

• CVE-2019-10895: NetScaler file parser crash.
• CVE-2019-10899: SRVLOC dissector crash.
• CVE-2019-10894: GSS-API dissector crash.
• CVE-2019-10896: DOF dissector crash.
• CVE-2019-10901: LDSS dissector crash.
• CVE-2019-10903: DCERPC SPOOLSS dissector crash.

• Update to version 2.4.14 (bsc#1131945).

This update for samba fixes the following issues:
Security issue fixed:

• CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060).

• Out of bound read in ldb_wildcard_compare
• Hold at most 10 outstanding paged result cookies
• Put 'results_store' into a doubly linked list
• Refuse to build Samba against a newer minor version of ldb

• Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377).
• Abide to the load_printers parameter in smb.conf (bsc#1124223).
• Provide the 32bit samba winbind PAM module and its dependend 32bit libraries.

This update for java-11-openjdk to version 11.0.3+7 fixes the following issues:
Security issues fixed:

• CVE-2019-2602: Fixed excessive use of CPU time in the BigDecimal implementation (bsc#1132728).
• CVE-2019-2684: Fixed a flaw in the RMI registry implementation which could lead to selection of an incorrect skeleton class (bsc#1132732).

• Multiple bug fixes and improvements.

This update for libssh2_org fixes the following issues:
- Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103]

This update for rubygem-actionpack-5_1 fixes the following issues:
Security issues fixed:

• CVE-2019-5418: Fixed a file content disclosure vulnerability in Action View which could be exploited via specially crafted accept headers in combination with calls to render file (bsc#1129272).
• CVE-2019-5419: Fixed a resource exhaustion issue in Action View which could make the server unable to process requests (bsc#1129271).

This update for gcc7 fixes the following issues:
Update to gcc-7-branch head (r270528).

• Disables switch jump-tables when retpolines are used. This restores some lost performance for kernel builds with retpolines. (bsc#1131264, jsc#SLE-6738)
• Fix ICE compiling tensorflow on aarch64. (bsc#1129389)
• Fix for aarch64 FMA steering pass use-after-free. (bsc#1128794)
• Fix for s390x FP load-and-test issue. (bsc#1124644)
• Improve build reproducability by disabling address-space randomization during build.
• Adjust gnat manual entries in the info directory. (bsc#1114592)
• Includes fix to no longer try linking -lieee with -mieee-fp. (bsc#1084842)

This update for python-pycurl fixes the following issues:

• bsc#1128355: update to the Factory package to get multibuild and better working tests.

• Update to 7.43.0.2: * Added perform_rb and perform_rs methods to Curl objects to return response body as byte string and string, respectively. * Added OPT_COOKIELIST constant for consistency with other option constants. * PycURL is now able to report errors triggered by libcurl via CURLOPT_FAILONERROR mechanism when the error messages are not decodable in Python's default encoding (GitHub issue #259). * Added getinfo_raw method to Curl objects to return byte strings as is from libcurl without attempting to decode them (GitHub issue #493). * When adding a Curl easy object to CurlMulti via add_handle, the easy objects now have their reference counts increased so that the application is no longer required to keep references to them to keep them from being garbage collected (GitHub issue #171). * PycURL easy, multi and share objects can now be weak referenced. * set_ca_certs now accepts byte strings as it should have been all along. * Use OpenSSL 1.1 and 1.0 specific APIs for controlling thread locks depending on OpenSSL version (patch by Vitaly Murashev). * Fixed a crash when closesocket callback failed (patch by Gisle Vanem and toddrme2178). * Added CURLOPT_PROXY_SSLCERT, CURLOPT_PROXY_SSLCERTTYPE, CURLOPT_PROXY_SSLKEY, CURLOPT_PROXY_SSLKEYTYPE, CURLOPT_PROXY_SSL_VERIFYPEER (libcurl 7.52.0+, patch by Casey Miller). * Added CURLOPT_PRE_PROXY (libcurl 7.52.0+, patch by ziggy). * Added SOCKET_BAD constant and it is now recognized as a valid return value from OPENSOCKET callback.

This update for sqlite3 to version 3.28.0 fixes the following issues:
Security issues fixed:

• CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction (bsc#1130326).
• CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in a single transaction with an fts5 virtual table (bsc#1130325).

This update for azure-li-services fixes the following issues:

• Create /etc/sysconfig/sbd configuration

• Add support for iSCSI SBD device setup

This update for quota fixes the following issues:
Quota was updated to 4.05 release jsc#SLE-5734 bsc#1131513:

• This release includes mostly various smaller cleanups and fixes in various areas.
• Most visible changes are addition of f2fs and exfs among recognized filesystems.

• Remove quot binary functionality could be achieved by using repquota instead

This update for java-11-openjdk fixes the following issues:

• Require update-ca-certificates by the headless subpackage (bsc#1131378)
• Removed a font rendering patch with broke related to other font changes.

This update for python-Jinja2 to version 2.10.1 fixes the following issues:
Security issues fixed:

• CVE-2019-8341: Fixed a command injection in from_string() (bsc#1125815).
• CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format (bsc#1132323).

This update for rpmlint fixes the following issues:

• fix rpmlint-tests build by reverting changes to reference output that do not apply on SLE15 (bsc#1132530)

This update for nvmetcli fixes the following issues:

• Add ANA support to nvmetcli (bsc#1130981)

This update for java-1_8_0-openjdk to version 8u212 fixes the following issues:
Security issues fixed:

• CVE-2019-2602: Better String parsing (bsc#1132728).
• CVE-2019-2684: More dynamic RMI interactions (bsc#1132732).
• CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729).
• CVE-2018-3639: fix revision to prefer PR_SPEC_DISABLE_NOEXEC to PR_SPEC_DISABLE

• Disable LTO (bsc#1133135).
• Added Japanese new era name.

This update for sensors fixes the following issues:
sensors was updated to version 3.5.0:
The following changes were done:

• soname was bumped due to commit dcf2367 which introduced an ABI change. (This was reverted for the SUSE packages, as it was not necessary)

• Fixed disappearance of certain hwmon chips with 4.19+ kernels (bsc#1116021).
• Add the find-driver script for debugging.
• Various documentation and man page improvements.
• Fix various issues found by Coverity Scan.
• Updated links in documentation to reflect the new home of lm_sensors.
• sensors.1: Add reference to sensors-detect and document -j option (json output).
• sensors: Add support for json output, add support for power min, lcrit, min_alarm, lcrit_alarm.
• sensors-detect changes:

• configs: Add sample configuration files.
• sensors.conf.default:

• vt1211_pwm: replaced deprecated sub shell syntax, run with bash instead of sh.
• pwmconfig: replaced deprecated sub shell syntax.
• fancontrol: replaced deprecated sub shell syntax, save original pwm values.
• fancontrol.8: replaced deprecated sub shell syntax.
• libsensors:

• Undo unnecessary libsensors version bump.
• Undo the SENSORS_API_VERSION change, to stay source-compatible with upstream.

This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues:
Security issues fixed:

• CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967).
• CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013).
• CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897).
• CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898).
• CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899).

• Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068).
• Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068).
• Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068).
• docker-test: Improvements to test packaging (bsc#1128746).
• Move daemon.json file to /etc/docker directory (bsc#1114832).
• Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209).
• Fix go build failures (bsc#1121397).

This update for azure-li-services to 1.1.31 fixes the following issues:

• Umount LUN only on cleanup

• Load softdog module when STONITH is set up

• Fixup system-setup service dependencies

This update for transfig fixes the following issues:
Security issue fixed:

• CVE-2018-16140: Fixed a buffer underwrite vulnerability in get_line() in read.c, which allowed an attacker to write prior to the beginning of the buffer via specially crafted .fig file (bsc#1106531)

This update for monitoring-plugins fixes the following issues:

• update AppArmor profiles for usrMerge (related to bsc#1132350) - grep in check_cups - ps in check_procs and check_procs.sle15

• update usr.lib.nagios.plugins.check_procs to bash in /usr

• support IPv4 ping for dual stacked host again (bsc#1132903)

• update usr.lib.nagios.plugins.check_procs again for sle15 and above so that ptrace is allowed (bsc#1133107)

• add /etc/nrpe.d/*.cfg snipplets

• copy usr.lib.nagios.plugins.check_procs as usr.lib.nagios.plugins.check_procs.sle15 and use that for sle15 and above. 'ptrace' to enable ptrace globally is needed here.

This update for java-1_8_0-ibm fixes the following issues:
Update to Java 8.0 Service Refresh 5 Fix Pack 35.
Security issues fixed:

• CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718).
• CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729).
• CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734).
• CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728).
• CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732).

This update for orc does not fix any customer visible issues and does only address an issue with its test suite (bsc#1130085)

This update for speech-dispatcher fixes the following issues:

• Remove a work-around that was necessary in previous versions but since speech-dispatcher 0.8.4 no longer is. (bsc#1129586)

This update for lifecycle-data-sle-module-live-patching fixes the following issues:

• Added data for 4_12_14-150_14. (bsc#1020320)

This update for libu2f-host fixes the following issues: Security issue fixed:

• CVE-2018-20340: Fixed an unchecked buffer, which could allow a buffer overflow with a custom made malicious USB device (bsc#1124781).

This update for google-compute-engine fixes the following issues:
google-compute-engine was updated to version 20190416 (bsc#1128392, bsc#1134179):

• Google Compute Engine OS Login

• Google Compute Engine OS Login

• Google Compute Engine

• Google Compute Engine OS Login

• Include systemd service file to run google_optimize_local_ssd command
• Include systemd service file to run google_set_multiqueue command
• Install journald configuration files into /usr/lib/systemd/journald.conf.d

This update for tcsh fixes the following issues:

• Incorrect postcmd handling could have caused miscalculation of a while loop start resulting in an infinite loop (bsc#1129112)

This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues:

• CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524)

This update for libtasn1 fixes the following issues:
Security issue fixed:

• CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).

This update for taglib fixes the following issues:

• CVE-2018-11439: The TagLib::Ogg::FLAC::File::scan function allowed remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file (bsc#1096180)

This update for openal-soft provides the following fixes:

• Remove an unused file licensed under Apache-2.0 (and thus incompatible with the rest of the stack). (bsc#1131808)

This update for ipa-ex-fonts fixes the following issues:

• Update to version 004.01 * new glyph U+32FF 'SQUARE ERA NAME REIWA' (boo#1112183) * add standardized variation sequences of 93 characters * update spaces of the two glyphs (U+26FF8, U+663B)
• remove old Obsoletes and Provides for the past naming rule change

This update for pesign fixes the following issues:

• Enable build on %arm as we can sign kernel on %arm (bsc#1134670)

• Require shadow instead of old pwdutils (bsc#192328)

This update for libpng16 fixes the following issues:
Security issues fixed:

• CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when png_image_free() was called under png_safe_execute (bsc#1124211).
• CVE-2018-13785: Fixed a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c, which could haved triggered and integer overflow and result in an divide-by-zero while processing a crafted PNG file, leading to a denial of service (bsc#1100687)

This update ships the performance measurement tool 'fio' to the SUSE Linux Enterprise 15 Module for Basesystem. (bsc#1129706)

This update for lifecycle-data-sle-module-live-patching fixes the following issues:

• Added data 4_12_14_-150_17 for lifecycle-data-sle-live-patching. (bsc#1020320)

This update for wireless-regdb provides the following fixes:

• Update to version 2019.03.01: (bsc#1134213) * Sync IN with G.S.R. 1048(E). * Update regulatory rules for Sweden (SE) on 2.4/5/60 GHz. * Update 60ghz band rules for US. * Add 5725-5875 MHz rule for Portugal (PT). * Add URLs in README. * Delete outdated comment for DE. * Update source of info for CU and ES.

This update for fping fixes the following issues:

• Fix fping on servers with disabled IPv6 [bsc#1133988]

This update for libselinux, policycoreutils, setools fixes the following issues:
This update provides policycoreutils-python that contains binaries necessary for SELinux administration. (bsc#1130097)
Also necessary dependencies for this package have been included in the update.
python2-setools and python3-setools are shipped instead of python-setools.

This update for sap-suse-cluster-connector fixes the following issues:

• Support groups and primitives names containing dashes. (bsc#1135487)

• Adjust detection of cluster resources, if multiple SAPInstance resource are found.
• Fix smm function, add set_maintenance_mode function and split function list_sap_resources into a frontend (list_sap_resources) and a backend (get_resource_and_status) to get a proper smm handling in sap_suse_cluster_connector. (bsc#1119137)

This update for libidn fixes the following issue:

• The missing libidn11-32bit compat library package was provided. (bsc#1132869)

This update for netpbm fixes the following issues:
Security issues fixed:

• CVE-2017-2579: Fixed out-of-bounds read in expandCodeOntoStack() (bsc#1024288).
• CVE-2017-2580: Fixed out-of-bounds write of heap data in addPixelToRaster() function (bsc#1024291).
• create netpbm-vulnerable subpackage and move pstopnm there, as ghostscript is used to convert (bsc#1136936)

This update for cloud-netconfig fixes the following issues:

• cloud-netconfig will now pause and retry if API call throttling is detected in Azure (bsc#1135257, bsc#1135263)

This update for docker fixes the following issues:
Security issue fixed:

• CVE-2018-15664: Fixed an issue which could make docker cp vulnerable to symlink-exchange race attacks (bsc#1096726).

This update for google-compute-engine fixes the following issues:
Update to version 20190522 (bsc#1136266, bsc#1136267)

• Google Compute Engine

• Google Compute Engine OS Login

• Google Compute Engine

This update for enigmail to version 2.0.11 fixes the following issues:
Security issue fixed:

• CVE-2019-12269: Fixed an issue where a specially crafted inline PGP messages could spoof a 'correctly signed' message (bsc#1135855).

This update for exempi fixes the following issues:

• CVE-2018-12648: Fixed a NULL pointer dereference (crash) issue when processing webp files (bsc#1098946).

This update for wireshark to version 2.4.15 fixes the following issues:
Security issue fixed:

• Fixed a denial of service in the dissection engine (bsc#1136021).

This update for rpcbind fixes the following issues:

• Change rpcbind locking path from /var/run/rpcbind.lock to /run/rpcbind.lock. (bsc#1134659)
• Change the order of socket/service in the %postun scriptlet to avoid an error from rpcbind.socket when rpcbind is running during package update.

This update for xz fixes the following issues:
Add SUSE-Public-Domain licence as some parts of xz utils (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) are in public domain licence [bsc#1135709]

This update for openssl-1_0_0 fixes the following issues:

• Add back the steam subpackage on openSUSE Leap 15 whose openssl-1_0_0 package is inherited from this package (bsc#1130041)

This update for perl-Tk fixes the following issues:

• Tk::Photo importer fails on some XPM files. (bsc#1134134)

This update for libu2f-host and pam_u2f to version 1.0.8 fixes the following issues:
Security issues fixed for libu2f-host:

• CVE-2019-9578: Fixed a memory leak due to a wrong parse of init's response (bsc#1128140).

• CVE-2019-12209: Fixed an issue where symlinks in the user's directory were followed (bsc#1135729).
• CVE-2019-12210: Fixed file descriptor leaks (bsc#1135727).

This update for zeromq fixes the following issues:

• CVE-2019-13132: An unauthenticated remote attacker could have exploited a stack overflow vulnerability on a server that is supposed to be protected by encryption and authentication to potentially gain a remote code execution. (bsc#1140255)

• Correctly mark license files as licence instead of documentation (bsc#1082318)

This update for icewm fixes the following issues:

• Disabled icewm's suspend function in order to allow systemd the handling of power key events (bsc#1076817)

This update for saptune fixes the following issues:

• Resetting all values to clean the system during package removal

• Fix saptune issues with /etc/security/limits.conf. (bsc#1124485)

• Add deprecated message to the description of some notes set scheduler for note SUSE-GUIDE-01 correctly.(bsc#1123808)

• Ship both versions of saptune in one package to support a smooth migration controlled by the customer. See man saptune-migrate(5) for more information.

• Support note name changes and note deletion during update of saptune v2 from SLE12 to SLE15.

• Support different SAP Note definitions and solution definitions related to the used operation system version (distinguish between SLE12 and SLE15 at the moment)

• Remove calculation of optimized values, only set the values from the configuration file irrespective of the current system value. Current system value can be increase or decrease. ATTENTION: saptune no longer respects higher system values. Use the override option to change the values of the Note definition files, if needed. (bsc#1124488)
• Mark the Notes SUSE-GUIDE-01 and SUSE-GUIDE-02 as deprecated in saptune v1 and remove these Note definitions from saptune v2. (bsc#1116799)

• Add bash-completion for saptune.

• Add action 'show' to the 'note' operation to print content of the note definition file to stdout.

• Add new action 'create' to support the customer/vendor while creating a vendor or customer specific file in /etc/saptune/extra using the template file /usr/share/saptune/NoteTemplate.conf

• Simplify file name syntax for the vendor files available in /etc/saptune/extra. Old file names still valid and supported.

• Add header support (version, date, description) for the vendor files available in /etc/saptune/extra as already available for the note definition files in /usr/share/saptune/notes

• No longer write or remove entries from /etc/security/limits.conf. Instead add or remove drop-in files in /etc/security/limits.d The filename syntax for the drop-in files /etc/security/limits.d is saptune---.conf. The limits entry syntax inside the Note definition files changed to support more than one limits settings in the definition file. (bsc#1128322)
• Preserve comment sections of the security limits file /etc/security/limits.conf. Especially, if this is the only content of the file. (bsc#1124485)

• Work with the current Note definition file to define the pagecache settings. (bsc#1126220)

• Setting of UserTaskMax by applying the related SAP Notes in the postinstall of the package. (bsc#1124489)

• Starting to support severities INFO, WARNING, ERROR and DEBUG for the logging and add a defined format for the log messages.

• Remove saptune as active tuned profile during action 'saptune daemon stop' - start/stop services, if requested by SAP Notes, but do not enable/disable these services. (bsc#1128325)

• Adapt the parameter oriented save state file handling (store and revert) to the special needs of the security limits parameter. (bsc#1124485)

• Disable parameter settings using an override file. (bsc#1124486)

• Store the order of the note as they are applied to get the same system tuning result after a system reboot as before.

• Correct the revert of the vm.dirty parameters by handling their counterpart parameters in addition. (bsc#1124487)

• Adjust operation customize to the new configuration files and override location and enable customize option for vendor and customer specific files in /etc/saptune/extra. (bsc#1124487)

• Change output format of the operations list, verify and simulate. (bsc#1124487)

• Display footnotes during 'verify' and 'simulate'. (bsc#1124487)

• Remove Netweaver formula for page cache calculation. Use the HANA approach '2% system memory' for both.

• Display a warning message, if a [block] section is found in the Note definition file because on systems with a huge number of block devices this operation may take some time.

• Add force_latency handling to 'cpu' section. Use the files in /sys/devices/system/cpu/cpu* instead of /dev/cpu_dma_latency.

• Add action 'saptune revert all' and add parameter based saved state files to support proper revert functionality. (bsc#1124487)

• Add override file handling for the solution definition using /etc/saptune/override/solution. (bsc#1124486)

• Read solution definition from file /usr/share/saptune/solution instead of static coding inside of saptune. (bsc#1124486)

• Make sure a note, which is part of an applied solution definition, but was reverted manually later, will NOT applied again after a system reboot.

• One configuration file per SAP Note. (bsc#1124486)

• Add new SAP Notes and adapt content of SAP Notes.

• Handle different locations of the new configuration files (/usr/share/saptune/note, /etc/saptune/extra). (bsc#1124486)

• Allow parameter override by the customer. (bsc#1124486)

• Expand section handling of the 'ini file' handler to handle the new configuration file entries. Supported sections: version, reminder, login, mem, vm, block, limits, sysctl, pagecache, cpu, service, rpm, grub. (bsc#1124486)

This update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the following issues:
Changes in ruby2.5:
Update to 2.5.5 and 2.5.4:
https://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/ https://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/
Security issues fixed:

• CVE-2019-8320: Delete directory using symlink when decompressing tar (bsc#1130627)
• CVE-2019-8321: Escape sequence injection vulnerability in verbose (bsc#1130623)
• CVE-2019-8322: Escape sequence injection vulnerability in gem owner (bsc#1130622)
• CVE-2019-8323: Escape sequence injection vulnerability in API response handling (bsc#1130620)
• CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution (bsc#1130617)
• CVE-2019-8325: Escape sequence injection vulnerability in errors (bsc#1130611)

• CVE-2018-16396: Tainted flags are not propagated in Array#pack and String#unpack with some directives (bsc#1112532)
• CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly (bsc#1112530)

• CVE-2017-17742: HTTP response splitting in WEBrick (bsc#1087434)
• CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir (bsc#1087441)
• CVE-2018-8777: DoS by large request in WEBrick (bsc#1087436)
• CVE-2018-8778: Buffer under-read in String#unpack (bsc#1087433)
• CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket (bsc#1087440)
• CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir (bsc#1087437)

• Multiple vulnerabilities in RubyGems were fixed:

• Fixed Net::POPMail methods modify frozen literal when using default arg
• ruby: change over of the Japanese Era to the new emperor May 1st 2019 (bsc#1133790)
• build with PIE support (bsc#1130028)

• Add a new helper for bundled ruby gems.

This update ships the OpenJDK LTS version 11 in the java-11-openjdk packages. (FATE#326347 bsc#1137264)

This update for timezone fixes the following issues:

• Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation.

This update for osc fixes the following issues:

• Version update to version 0.165.1 (bsc#1138165)

This update for openslp fixes the following issues:

• Use tcp connects to talk with other directory agents (DAs) (bsc#1117969)
• Fix segfault in predicate match if a registered service has a malformed attribute list (bsc#1136136)

This update for libreoffice and libraries fixes the following issues:
LibreOffice was updated to 6.2.5.2 (fate#327121 bsc#1128845 bsc#1123455), bringing lots of bug and stability fixes.
Additional bugfixes:

• If there is no firebird engine we still need java to run hsqldb (bsc#1135189)
• PPTX: Rectangle turns from green to blue and loses transparency when transparency is set (bsc#1135228)
• Slide deck compression doesn't, hmm, compress too much (bsc#1127760)
• Psychedelic graphics in LibreOffice (but not PowerPoint) (bsc#1124869)
• Image from PPTX shown in a square, not a circle (bsc#1121874)

• Updated for new orcus

• Boost 1.67 support
• Various cell handling issues fixed