openSUSE Update for the openSUSE-SU-2019:2173-1 (the)

The remote host is missing an update for the 'the' package(s) announced via the openSUSE-SU-2019:2173_1 advisory.

The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163). - CVE-2018-20976: A use after free exists, related to xfs_fs_fill_super failure (bnc#1146285). - CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591). - CVE-2019-14814: A heap overflow in mwifiex_set_uap_rates() function of Marvell was fixed. (bnc#1146512). - CVE-2019-14815: A heap overflow in mwifiex_set_wmm_params() function of Marvell Wifi Driver was fixed. (bnc#1146514). - CVE-2019-14816: A heap overflow in mwifiex_update_vs_ie() function of Marvell Wifi Driver was fixed. (bnc#1146516). - CVE-2019-14835: A vhost/vhost_net kernel buffer overflow could lead to guest to host kernel escape during live migration (bnc#1150112). - CVE-2019-15030: In the Linux kernel on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check (bnc#1149713). - CVE-2019-15031: In the Linux kernel on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c (bnc#1149713). - CVE-2019-15090: In the qedi_dbg_* family of functions, there was an out-of-bounds read (bnc#1146399). - CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor (bnc#1146378). - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel mishandled a short descriptor, leading to out-of-bounds memory access (bnc#1145920). - CVE-2019-15118: check_input_term in sound/usb/mixer.c in the Linux kernel mishandled recursion, leading to kernel stack exhaustion (bnc#1145922). - CVE-2019-1 ... Description truncated. Please see the references for more information.

'the' package(s) on openSUSE Leap 15.0.

Checks if a vulnerable package version is present on the target host.

Please install the updated package(s).