SUSE Package Hub - openSUSE-2019-1013

Update Info

openSUSE-2019-1013

Security update for tryton

Type: security

Severity: moderate

Issued: 2019-03-23

Description:

This update for tryton to version 4.2.19 fixes the following issues:

Security issue fixed:

- CVE-2018-19443: Fixed an information leakage by attemping to initiate an
  unencrypted connection, which would fail eventually, but might leak session
  information of the user (boo#1117105)

This update also contains newer versions of tryton related packages with general bug fixes and updates:
    
- trytond 4.2.17
- trytond_account 4.2.10
- trytond_account_invoice 4.2.7
- trytond_purchase_request 4.2.4
- trytond_stock 4.2.8
- trytond_stock_supply 4.2.3

References

CVE: CVE-2018-19443
Bugzilla: 1117105 VUL-1: CVE-2018-19443: tryton: The client tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances

Packages

tryton-4.2.19-bp150.2.6.1

trytond-4.2.17-bp150.2.6.1

trytond_account-4.2.10-bp150.3.3.1

trytond_account_invoice-4.2.7-bp150.3.3.1

trytond_purchase_request-4.2.4-bp150.3.3.1

trytond_stock-4.2.8-bp150.3.3.1

trytond_stock_supply-4.2.3-bp150.3.6.1