Download PDF
Download page Security Fixes 11.03.100.
Security Fixes 11.03.100
Firefox
- Updated Mozilla Firefox to 68.2.0esr
Fixes for mfsa2019-33.
More...CVE-2019-15903, CVE-2019-11757, CVE-2019-11758, CVE-2019-11759,
CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763,
CVE-2019-11764.
Fixes for mfsa2019-26.
More...CVE-2019-11746, CVE-2019-11744, CVE-2019-11742, CVE-2019-11752,
CVE-2019-9812, CVE-2019-11743, CVE-2019-11748, CVE-2019-11749,
CVE-2019-11750, CVE-2019-11738, CVE-2019-11747, CVE-2019-11735,
CVE-2019-11740.
Base system
- Added cryptographic signatures to OS 11 firmware files to prevent reading from corrupt images or disks.
- Updates to firmwares without valid signatures are blocked.
- When a signature error on the system partition is detected, the system is halted immediately. For system recovery a reinstallation via the OS Creator tool (OSC) is required.
A signature error during early boot is signalized by a beep sequence. When a signature error in another partition is detected the partition is removed and a firmware update is triggered to reinstall the corrupt partition.
- Added user visible notification about partition signature errors.
- Fixed admin logout from rescue shell after suspend.
- Fixed security issue CVE-2019-15902 in 4.19.x kernel.
- Updated Intel microcodes to version 20191115 to fix various security issues (CVE-2019-11135, CVE-2019-0117 and CVE-2019-11139).
- Fixed cups security issues CVE-2019-8696, CVE-2019-8675 and CVE-2019-86.
- Fixed openjpeg2 security issues CVE-2018-6616, CVE-2018-5785, CVE-2018-18088, CVE-2018-14423 and CVE-2017-17480.
- Fixed xorg-server security issue CVE-2018-14665.
- Fixed expat security issue CVE-2019-15903.
- Fixed freetype security issue CVE-2015-9383.
Fixed ghostscript security issues.
More...CVE-2019-14817, CVE-2019-14813, CVE-2019-14812,
CVE-2019-14811, CVE-2019-10216 and CVE-2019-14869.
Fixed python2.7 security issues.
More...CVE-2019-9948, CVE-2019-9947, CVE-2019-9740, CVE-2019-9636,
CVE-2019-5010, CVE-2019-10160 , CVE-2018-20852, CVE-2019-16935 and CVE-2019-16056.
Fixed python3.5 security issues.
More...CVE-2019-9948, CVE-2019-9947, CVE-2019-9740, CVE-2019-9636,
CVE-2019-5010, CVE-2019-10160, CVE-2018-20852, CVE-2018-20406, CVE-2019-16935 and CVE-2019-16056.
- Fixed giflib security issues CVE-2019-15133 and CVE-2018-11490.
Fixed libvirt security issues.
More...CVE-2019-3886, CVE-2019-11091, CVE-2019-10168, CVE-2019-10167,
CVE-2019-10166, CVE-2019-10161, CVE-2019-10132, CVE-2018-6764,
CVE-2018-5748, CVE-2018-12130, CVE-2018-12127, CVE-2018-12126,
CVE-2018-1064, CVE-2017-2635, CVE-2017-1000256 and CVE-2016-5008.
- Fixed e2fsprogs security issue CVE-2019-5094.
- Fixed rpcbind security issues CVE-2017-8779 and CVE-2015-7236.
- Fixed wpa security issues CVE-2019-16275 and CVE-2019-13377.
- Fixed tiff security issues CVE-2019-17546 and CVE-2019-14973.
- Fixed aspell security issue CVE-2019-17544.
Fixed libsdl1.2 security issues.
More...CVE-2019-7638, CVE-2019-7637, CVE-2019-7636,
CVE-2019-7635, CVE-2019-7578, CVE-2019-7577,
CVE-2019-7576, CVE-2019-7575, CVE-2019-7574,
CVE-2019-7573, CVE-2019-7572 and CVE-2019-13616.
- Fixed libsoup2.4 security issues CVE-2019-17266, CVE-2018-12910 and CVE-2017-2885.
- Fixed rtlwifi driver security issue CVE-2019-17666 .
- Fixed libxslt security issues CVE-2019-18197, CVE-2019-13118 and CVE-2019-13117.
- Fixed opus security issue CVE-2017-0381.
- Fixed curl security issues CVE-2019-5482 and CVE-2019-5481.
- Fixed libidn2 security issues CVE-2019-18224 and CVE-2019-12290.
- Fixed libarchive security issue CVE-2019-18408.
- Fixed samba security issues CVE-2019-14847 and CVE-2019-10218.
- Fixed file security issue CVE-2019-18218.
Fixed imagemagick security issues.
More...CVE-2019-16713, CVE-2019-16711, CVE-2019-16710, CVE-2019-16709,
CVE-2019-16708, CVE-2019-15140, CVE-2019-15139,
CVE-2019-14981, CVE-2019-13454, CVE-2019-13391,
CVE-2019-13311, CVE-2019-13310, CVE-2019-13309, CVE-2019-13307,
CVE-2019-13306, CVE-2019-13305, CVE-2019-13304, CVE-2019-13301,
CVE-2019-13300, CVE-2019-13297, CVE-2019-13295, CVE-2019-13137,
CVE-2019-13135, CVE-2019-12979, CVE-2019-12978, CVE-2019-12977,
CVE-2019-12976, CVE-2019-12975 and CVE-2019-12974.
- Fixed libjpeg-turbo security issues CVE-2019-2201, CVE-2018-20330 and CVE-2018-19664.
- Fixed python-ecdsa security issues CVE-2019-14859, CVE-2019-14853 and CVE-2019-1485.
- Restricted access to journalctl log file for root only.
Limit list of allowed TLS ciphers according to the Germany BSI recommendation (TR-0210202 Version 2019-01). The functionality is controlled by a parameter.
More...Registry system.security.remote_management.tls_policy
Value Default / BSI The limited cipher list is applied on TLS (SSL) connections in:
- IGEL RM Agent
- Secure Shadowing
- Secure Terminal
- Firmware Update
- Custom Partition