bitcoin-qt5-0.21.1-2.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10654-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z bitcoin-qt5-0.21.1-2.2 on GA media These are all security issues fixed in the bitcoin-qt5-0.21.1-2.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10654 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-17144/ SUSE CVE CVE-2018-17144 page https://www.suse.com/security/cve/CVE-2021-3195/ SUSE CVE CVE-2021-3195 page openSUSE Tumbleweed bitcoin-qt5-0.21.1-2.2 bitcoin-test-0.21.1-2.2 bitcoin-utils-0.21.1-2.2 bitcoind-0.21.1-2.2 libbitcoinconsensus-devel-0.21.1-2.2 libbitcoinconsensus0-0.21.1-2.2 bitcoin-qt5-0.21.1-2.2 as a component of openSUSE Tumbleweed bitcoin-test-0.21.1-2.2 as a component of openSUSE Tumbleweed bitcoin-utils-0.21.1-2.2 as a component of openSUSE Tumbleweed bitcoind-0.21.1-2.2 as a component of openSUSE Tumbleweed libbitcoinconsensus-devel-0.21.1-2.2 as a component of openSUSE Tumbleweed libbitcoinconsensus0-0.21.1-2.2 as a component of openSUSE Tumbleweed Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash. CVE-2018-17144 openSUSE Tumbleweed:bitcoin-qt5-0.21.1-2.2 openSUSE Tumbleweed:bitcoin-test-0.21.1-2.2 openSUSE Tumbleweed:bitcoin-utils-0.21.1-2.2 openSUSE Tumbleweed:bitcoind-0.21.1-2.2 openSUSE Tumbleweed:libbitcoinconsensus-devel-0.21.1-2.2 openSUSE Tumbleweed:libbitcoinconsensus0-0.21.1-2.2 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17144.html CVE-2018-17144 https://bugzilla.suse.com/1108992 SUSE Bug 1108992 ** DISPUTED ** bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOTE: this reportedly does not violate the security model of Bitcoin Core, but can violate the security model of a fork that has implemented dumpwallet restrictions. CVE-2021-3195 openSUSE Tumbleweed:bitcoin-qt5-0.21.1-2.2 openSUSE Tumbleweed:bitcoin-test-0.21.1-2.2 openSUSE Tumbleweed:bitcoin-utils-0.21.1-2.2 openSUSE Tumbleweed:bitcoind-0.21.1-2.2 openSUSE Tumbleweed:libbitcoinconsensus-devel-0.21.1-2.2 openSUSE Tumbleweed:libbitcoinconsensus0-0.21.1-2.2 important 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-3195.html CVE-2021-3195 https://bugzilla.suse.com/1181784 SUSE Bug 1181784